From 97df65e9efd1951639f2451d5eb99c9077fa8de0 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Fri, 11 Nov 2022 13:56:04 +0100
Subject: [PATCH] Switch to GrapheneOS's hardened_malloc

This was suggested during the dev meeting of the 18/09/22.

It may break things and it may make things unbearably slow
---
 core/base/Dockerfile                 | 3 ++-
 towncrier/newsfragments/2525.feature | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 towncrier/newsfragments/2525.feature

diff --git a/core/base/Dockerfile b/core/base/Dockerfile
index d5be6a90..242fd060 100644
--- a/core/base/Dockerfile
+++ b/core/base/Dockerfile
@@ -12,7 +12,8 @@ ARG MAILU_GID=1000
 RUN set -euxo pipefail \
   ; addgroup -Sg ${MAILU_GID} mailu \
   ; adduser -Sg ${MAILU_UID} -G mailu -h /app -g "mailu app" -s /bin/bash mailu \
-  ; apk add --no-cache bash ca-certificates curl python3 tzdata
+  ; apk add --no-cache bash ca-certificates curl python3 tzdata \
+  ; apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing hardened-malloc
 
 WORKDIR /app
 
diff --git a/towncrier/newsfragments/2525.feature b/towncrier/newsfragments/2525.feature
new file mode 100644
index 00000000..634733c7
--- /dev/null
+++ b/towncrier/newsfragments/2525.feature
@@ -0,0 +1 @@
+Switch to GrapheneOS's hardened_malloc