Merge pull request #1245 from erik-wramner/cve-2019-11500

Use Dovecot repo to fix cve-2019-11500 take two
This commit is contained in:
Felix Bartels 2019-08-31 09:06:59 +02:00 committed by GitHub
commit 697baed324
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -17,13 +17,14 @@ ENV SASLAUTHD_MECH_OPTIONS=""
SHELL ["/bin/bash", "-o", "pipefail", "-c"] SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Packages # Packages
# hadolint ignore=DL3015 # hadolint ignore=DL3015,SC2016
RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \
apt-get update -q --fix-missing && \ apt-get update -q --fix-missing && \
apt-get -y install postfix && \ apt-get -y install postfix && \
# TODO installing postfix with --no-install-recommends makes "checking ssl: generated default cert works correctly" fail # TODO installing postfix with --no-install-recommends makes "checking ssl: generated default cert works correctly" fail
apt-get -y install --no-install-recommends \ apt-get -y install --no-install-recommends \
amavisd-new \ amavisd-new \
apt-transport-https \
arj \ arj \
binutils \ binutils \
bzip2 \ bzip2 \
@ -76,7 +77,11 @@ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc
xz-utils \ xz-utils \
zoo \ zoo \
&& \ && \
apt-get -t stretch-backports -y install --no-install-recommends \ curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \
echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot.list && \
apt-get update -q --fix-missing && \
apt-get -y install --no-install-recommends \
dovecot-core \ dovecot-core \
dovecot-imapd \ dovecot-imapd \
dovecot-ldap \ dovecot-ldap \
@ -85,6 +90,9 @@ RUN echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc
dovecot-pop3d \ dovecot-pop3d \
dovecot-sieve \ dovecot-sieve \
&& \ && \
sed -i 's/CERTDIR=.*/CERTDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
sed -i 's/KEYDIR=.*/KEYDIR=\/etc\/dovecot\/ssl/g' /usr/share/dovecot/mkcert.sh && \
sed -i 's/KEYFILE=.*/KEYFILE=\$KEYDIR\/dovecot.key/g' /usr/share/dovecot/mkcert.sh && \
apt-get autoclean && \ apt-get autoclean && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
rm -rf /usr/share/locale/* && \ rm -rf /usr/share/locale/* && \