Request: NUT 2.8.2

[electroflame]

NUT 2.8.2 was released on April 1, 2024.

2.8.2 has some updates to the USB drivers (including support for a Liebert UPS I've got), among other fixes, so it'd be great if the Docker image could be updated.

[instantlinux]

The build failed security scan (outdated core packages, as listed in the build log), so at least one more update needs to be made. Stay tuned.

[instantlinux]

There are about two dozen vulnerable packages in Alpine 3.19 base image, and I cannot figure out how to force the build to include only the new ones from edge. Instead I get two copies of each package:

# apk info lsblk
lsblk-2.39.3-r0 description:
Block device list tool from util-linux

lsblk-2.39.3-r0 webpage:
https://git.kernel.org/cgit/utils/util-linux/util-linux.git

lsblk-2.39.3-r0 installed size:
112 KiB

lsblk-2.40-r2 description:
Block device list tool from util-linux

lsblk-2.40-r2 webpage:
https://git.kernel.org/cgit/utils/util-linux/util-linux.git

lsblk-2.40-r2 installed size:
128 KiB

The security scanner complains about vulnerable lsblk version 2.39.3-r0 (and 25 other similar issues) and I don't know how to clobber those bits from the image.

Version 3.19 of the base image came out 7-Dec-2023; version 3.20 is not scheduled yet; historically these updates come out every 5 or 6 months. I hope the next one is expedited because this makes most builds vulnerable.

[electroflame]

Alright, no problem. If we have to wait for 3.20 that's fine -- it should hopefully only be a month or two at worst.

[electroflame]

Looks like 3.20 was released -- I'm not sure if it fixes the issue, though.
https://alpinelinux.org/posts/Alpine-3.20.0-released.html

[instantlinux]

This update is complete, in two stages:

• 7-May: PR SYS-622 disable trivy scanner until alpine:3.20 arrives #153 disabled vulnerability scan, image under 3.19 published with new nut version 2.8.2
• 1-Jul: PR SYS-622 alpine:3.20 image updates #160 update to 3.20.