From 2b37be9889ef5e36b7e827a2fffbe9d3c1e187a9 Mon Sep 17 00:00:00 2001
From: Michael Wyraz <michael@wyraz.de>
Date: Fri, 15 Jan 2021 10:53:46 +0100
Subject: [PATCH 1/7] Use alpine 3.13 to fix CVE-2020-25275 and CVE-2020-24386

---
 core/dovecot/Dockerfile             | 2 +-
 towncrier/newsfragments/1720.bugfix | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/1720.bugfix

diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile
index f6f8f2e2..e1c20eff 100644
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@@ -1,4 +1,4 @@
-ARG DISTRO=alpine:3.12
+ARG DISTRO=alpine:3.13
 FROM $DISTRO as builder
 WORKDIR /tmp
 RUN apk add git build-base automake autoconf libtool dovecot-dev xapian-core-dev icu-dev
diff --git a/towncrier/newsfragments/1720.bugfix b/towncrier/newsfragments/1720.bugfix
new file mode 100644
index 00000000..0bf2b8e6
--- /dev/null
+++ b/towncrier/newsfragments/1720.bugfix
@@ -0,0 +1,2 @@
+Fix CVE-2020-25275 and CVE-2020-24386 by using alpine 3.13 for
+dovecot which contains a fixed dovecot version.

From f56af3053aec9980d1b8b022307208b676c8bc06 Mon Sep 17 00:00:00 2001
From: Mordi Sacks <MordiSacks@users.noreply.github.com>
Date: Sun, 17 Jan 2021 01:28:25 +0200
Subject: [PATCH 2/7] Removed email address

---
 core/admin/mailu/translations/he/LC_MESSAGES/messages.po | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/translations/he/LC_MESSAGES/messages.po b/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
index 4fe58afc..e884b737 100644
--- a/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
+++ b/core/admin/mailu/translations/he/LC_MESSAGES/messages.po
@@ -9,7 +9,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n"
 "POT-Creation-Date: 2018-04-22 12:10+0200\n"
 "PO-Revision-Date: 2019-11-27 22:20+0000\n"
-"Last-Translator: Mordi Sacks <mordisacks@gmail.com>\n"
+"Last-Translator: Mordi Sacks \n"
 "Language-Team: Hebrew <https://translate.tedomum.net/projects/mailu/admin/he/"
 ">\n"
 "Language: he\n"

From 82b5920b160e8be37ab9b6b27311c19463739dee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Thu, 21 Jan 2021 19:54:47 +0100
Subject: [PATCH 3/7] typos

---
 CHANGELOG.md      | 4 ++--
 docs/releases.rst | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9c78f33..579f3e82 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ The Dovecot and Postfix overrides are moved in their own sub-directory.
 If there are local override files, they will need to be moved from overrides/ to overrides/dovecot and overrides/postfix/.
 See https://mailu.io/1.8/faq.html#how-can-i-override-settings for all the mappings.
 
-Please not that the shipped image for PostgreSQL database is deprecated.
+Please note that the shipped image for PostgreSQL database is deprecated.
 We advise to switch to an external database server.
 
 <!-- TOWNCRIER -->
@@ -66,7 +66,7 @@ configuration and upgrade your mailu.env.
 
 If you run the PostgreSQL server, the database was upgrade, so you will need to
 dump the database before upgrading and load the dump after the upgrade is
-complete. Please not that the shipped image for PostgreSQL database will be
+complete. Please note that the shipped image for PostgreSQL database will be
 deprecated before 1.8.0, you can switch to an external database server by then.
 
 - Deprecation: using the internal postgres image will be deprecated by 1.8.0
diff --git a/docs/releases.rst b/docs/releases.rst
index e5bd06c0..141b66fd 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -33,7 +33,7 @@ Upgrading
 Upgrade should run fine as long as you generate a new compose or stack
 configuration and upgrade your mailu.env.
 
-Please not that the shipped image for PostgreSQL database is deprecated.
+Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
 We recommend switching to an external database as soon as possible.
 
@@ -95,7 +95,7 @@ configuration and upgrade your mailu.env.
 
 If you run the PostgreSQL server, the database was upgrade, so you will need to
 dump the database before upgrading and load the dump after the upgrade is
-complete. Please not that the shipped image for PostgreSQL database will be
+complete. Please note that the shipped image for PostgreSQL database will be
 deprecated before 1.8.0, you can switch to an external database server by then.
 
 

From 444529b7df2fca33f7bd3cdc9a89c3bb51e4e0b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Thu, 21 Jan 2021 19:55:53 +0100
Subject: [PATCH 4/7] rewording in doc

---
 docs/releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index 141b66fd..f8b1c731 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -35,7 +35,7 @@ configuration and upgrade your mailu.env.
 
 Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
-We recommend switching to an external database as soon as possible.
+We recommend switching to another database as soon as possible (SQLite or MySQL).
 
 Override location changes
 ^^^^^^^^^^^^^^^^^^^^^^^^^

From 9e8183ee7193cffd42cd3e3ba9678a67e53a621e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20P=2E=20Barazzutti?= <raphael@barazzutti.net>
Date: Fri, 22 Jan 2021 05:29:54 +0100
Subject: [PATCH 5/7] rewording about the usage of PostgreSQL

Co-authored-by: lub <github@lubiland.de>
---
 docs/releases.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/releases.rst b/docs/releases.rst
index f8b1c731..7a15d1fa 100644
--- a/docs/releases.rst
+++ b/docs/releases.rst
@@ -35,7 +35,7 @@ configuration and upgrade your mailu.env.
 
 Please note that the shipped image for PostgreSQL database is deprecated.
 The shipped image for PostgreSQL is not maintained anymore from release 1.8.
-We recommend switching to another database as soon as possible (SQLite or MySQL).
+We recommend switching to an external PostgreSQL database as soon as possible.
 
 Override location changes
 ^^^^^^^^^^^^^^^^^^^^^^^^^

From 612632e4fc7b498d8fb1fc714af1a02d0e1a1859 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Sun, 31 Jan 2021 10:58:41 +0100
Subject: [PATCH 6/7] Need to docker login before pulling images To avoid
 triggering the Download rate limite

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index 467f6f5b..ae50eedb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,6 +34,7 @@ install:
 
 before_script:
   - docker-compose -v
+  - docker login -u $DOCKER_UN -p $DOCKER_PW
   - docker-compose -f tests/build.yml build
   - sudo -- sh -c 'mkdir -p /mailu && cp -r tests/certs /mailu && chmod 600 /mailu/certs/*'
 

From 788d069b5379b0ae86e5d955994e144cc4d246f8 Mon Sep 17 00:00:00 2001
From: ofthesun9 <olivier@ofthesun.net>
Date: Sun, 31 Jan 2021 15:39:32 +0100
Subject: [PATCH 7/7] Modify docker login cmd to use --password-stdin and avoid
 warning

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index ae50eedb..f2a85630 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,7 +34,7 @@ install:
 
 before_script:
   - docker-compose -v
-  - docker login -u $DOCKER_UN -p $DOCKER_PW
+  - echo "$DOCKER_PW" | docker login --username $DOCKER_UN --password-stdin 
   - docker-compose -f tests/build.yml build
   - sudo -- sh -c 'mkdir -p /mailu && cp -r tests/certs /mailu && chmod 600 /mailu/certs/*'