From 8fe32ee819af6cdce00c282d71d8a2ff7e319071 Mon Sep 17 00:00:00 2001
From: Michael Wyraz <michael@wyraz.de>
Date: Fri, 15 Jan 2021 10:53:46 +0100
Subject: [PATCH] Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386

(cherry picked from commit 2b37be9889ef5e36b7e827a2fffbe9d3c1e187a9)

# Conflicts:
#	core/dovecot/Dockerfile
---
 core/dovecot/Dockerfile             | 14 ++++++++++++++
 towncrier/newsfragments/1720.bugfix |  2 ++
 2 files changed, 16 insertions(+)
 create mode 100644 towncrier/newsfragments/1720.bugfix

diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile
index 72753e1e..cecbac1c 100644
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -1,4 +1,18 @@
+<<<<<<< HEAD
 # syntax=docker/dockerfile-upstream:1.4.3
+=======
+ARG DISTRO=alpine:3.13
+FROM $DISTRO as builder
+WORKDIR /tmp
+RUN apk add git build-base automake autoconf libtool dovecot-dev xapian-core-dev icu-dev
+RUN git clone https://github.com/grosjo/fts-xapian.git \
+  && cd fts-xapian \
+  && git checkout 1.2.7 \
+  && autoreconf -vi \
+  && PANDOC=false ./configure --with-dovecot=/usr/lib/dovecot \
+  && make \
+  && make install
+>>>>>>> 2b37be98 (Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386)
 
 # dovecot image
 FROM base
diff --git a/towncrier/newsfragments/1720.bugfix b/towncrier/newsfragments/1720.bugfix
new file mode 100644
index 00000000..0bf2b8e6
--- /dev/null
+++ b/towncrier/newsfragments/1720.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2020-25275 and CVE-2020-24386 by using alpine 3.13 for
+dovecot which contains a fixed dovecot version.