Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386

(cherry picked from commit 2b37be9889) # Conflicts: # core/dovecot/Dockerfile
2025-10-29 17:22:20 +00:00 · 2021-01-15 10:53:46 +01:00
parent 6b5bb5fcd1
commit 8fe32ee819
2 changed files with 16 additions and 0 deletions
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -1,4 +1,18 @@
+<<<<<<< HEAD
 # syntax=docker/dockerfile-upstream:1.4.3
+=======
+ARG DISTRO=alpine:3.13
+FROM $DISTRO as builder
+WORKDIR /tmp
+RUN apk add git build-base automake autoconf libtool dovecot-dev xapian-core-dev icu-dev
+RUN git clone https://github.com/grosjo/fts-xapian.git \
+  && cd fts-xapian \
+  && git checkout 1.2.7 \
+  && autoreconf -vi \
+  && PANDOC=false ./configure --with-dovecot=/usr/lib/dovecot \
+  && make \
+  && make install
+>>>>>>> 2b37be98 (Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386)

 # dovecot image
 FROM base
--- a/towncrier/newsfragments/1720.bugfix
+++ b/towncrier/newsfragments/1720.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2020-25275 and CVE-2020-24386 by using alpine 3.13 for
+dovecot which contains a fixed dovecot version.