GitLab

Alpine's curl package isn't vulnerable to CVE-2021-22897 - add it to the
secfixes list to reduce false positives from security scanners.

Cherry-pick the fix for CVE-2021-22898 from upstream:
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde

See http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

This is now handled by the build script itself so that it's able to skip
this step in case the size is larger than the limit.

See: #12668

it fails on all builders with the error:

======================================================================
ERROR: setUpClass (test.test_curses.TestCurses)
----------------------------------------------------------------------
Traceback (most recent call last):
  File
"/home/buildozer/aports/main/python3/src/Python-3.8.10/Lib/test/test_curses.py",
line 66, in setUpClass
    curses.setupterm(fd=stdout_fd)
_curses.error: setupterm: could not find terminal

Also bump community/python3-tkinter to 3.8.10.

* Remove ece5dfd403dac211f8d3c72701fe7ba7b7aa5b5f.patch,
  CVE-2020-14422.patch and test_nntplib.patch, since they have been
  merged upstream.
* Remove obsolete configure options --disable-rpath and --enable-threads.
* Skip test_asyncio due to hanging on all architectures (this test is
  constantly being patched upstream to fix this problem).

- CVE-2020-15078

explicitly locks the root account

There are no patches available from upstream for versionls < 1.9.5, so
instead of backporting our own patches, we choose to upgrade sudo.

- CVE-2021-23239
- CVE-2021-23240

See #12356

Backport of:

main/dnsmasq: upgrade to 2.85
main/dnsmasq: add coreutils to makedepends to fix --version option
main/dnsmasq: update url and secfixes

* fixes CVE-2021-20288

* add ceph-mgr-node subpackage