From d8f641207475ac9ab21f7db696b1b3d23de6227f Mon Sep 17 00:00:00 2001
From: Leonardo Robol <leo@robol.it>
Date: Tue, 23 Nov 2021 08:00:23 +0100
Subject: [PATCH 1/5] Bump the mailman-hyperkitty plugin to 1.2.0.

This new version sends the api_key as an Authorization header instead of
a GET parameter, which fixes a security vulnerability. The change is needed
since Hyperkitty has been upgraded to 1.3.5.
---
 core/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/Dockerfile b/core/Dockerfile
index 9b2cd53..32e7202 100644
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -15,7 +15,7 @@ RUN --mount=type=cache,target=/root/.cache \
         && python3 -m pip install psycopg2 \
                    gunicorn==19.9.0 \
                    mailman==3.3.5 \
-                   mailman-hyperkitty==1.1.0 \
+                   mailman-hyperkitty==1.2.0 \
                    pymysql \
                    'sqlalchemy<1.4.0' \
     && apk del build-deps \

From 231fb0b9fcb6d7184b85275a89c083f970c5d754 Mon Sep 17 00:00:00 2001
From: Pierre-Gildas MILLON <715479+pgmillon@users.noreply.github.com>
Date: Thu, 16 Dec 2021 22:08:43 +0100
Subject: [PATCH 2/5] Add py-cryptography

---
 core/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/Dockerfile b/core/Dockerfile
index 9b2cd53..6c2658d 100644
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -10,7 +10,7 @@ RUN --mount=type=cache,target=/root/.cache \
     && apk add --virtual build-deps gcc python3-dev musl-dev postgresql-dev \
        libffi-dev \
   # psutil needs linux-headers to compile on musl c library.
-    && apk add --no-cache bash su-exec postgresql-client mysql-client curl python3 py3-pip linux-headers \
+    && apk add --no-cache bash su-exec postgresql-client mysql-client curl python3 py3-pip linux-headers py-cryptography \
     && python3 -m pip install -U pip setuptools wheel \
         && python3 -m pip install psycopg2 \
                    gunicorn==19.9.0 \

From 37db88f1b203998d93ba12dec0d0067b020ddc57 Mon Sep 17 00:00:00 2001
From: Pierre-Gildas MILLON <715479+pgmillon@users.noreply.github.com>
Date: Sun, 2 Jan 2022 10:30:42 +0100
Subject: [PATCH 3/5] Update web & postorius images with similar changes as
 core

---
 core/Dockerfile.dev      | 2 +-
 postorius/Dockerfile     | 2 +-
 postorius/Dockerfile.dev | 2 +-
 web/Dockerfile           | 2 +-
 web/Dockerfile.dev       | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/core/Dockerfile.dev b/core/Dockerfile.dev
index 20a391f..15e19f8 100644
--- a/core/Dockerfile.dev
+++ b/core/Dockerfile.dev
@@ -15,7 +15,7 @@ RUN --mount=type=cache,target=/root/.cache \
     apk update \
 	&& apk add --no-cache --virtual build-deps gcc python3-dev musl-dev \
    	    postgresql-dev git libffi-dev  \
-    && apk add --no-cache bash su-exec postgresql-client mysql-client curl python3 py3-pip linux-headers \
+    && apk add --no-cache bash su-exec postgresql-client mysql-client curl python3 py3-pip linux-headers py-cryptography \
     && python3 -m pip install -U psycopg2 pymysql setuptools wheel \
     && python3 -m pip install \
         git+https://gitlab.com/mailman/mailman@${CORE_REF} \
diff --git a/postorius/Dockerfile b/postorius/Dockerfile
index f8d719b..4bc0b2f 100644
--- a/postorius/Dockerfile
+++ b/postorius/Dockerfile
@@ -15,7 +15,7 @@ RUN --mount=type=cache,target=/root/.cache \
 		postgresql-dev mariadb-dev python3-dev libffi-dev openldap-dev cargo rust \
 	&& apk add --no-cache --virtual .mailman-rundeps bash sassc \
 		postgresql-client mysql-client py3-mysqlclient curl mailcap gettext \
-		python3 py3-pip libffi libuuid pcre-dev \
+		python3 py3-pip libffi libuuid pcre-dev py-cryptography \
 	&& python3 -m pip install -U 'Django<3.2' pip setuptools wheel \
 	&& python3 -m pip install postorius==1.3.6 \
         uwsgi \
diff --git a/postorius/Dockerfile.dev b/postorius/Dockerfile.dev
index f1560cb..91409be 100644
--- a/postorius/Dockerfile.dev
+++ b/postorius/Dockerfile.dev
@@ -19,7 +19,7 @@ RUN --mount=type=cache,target=/root/.cache \
 		postgresql-dev mariadb-dev python3-dev libffi-dev git cargo rust \
 	&& apk add --no-cache --virtual .mailman-rundeps bash sassc \
 		postgresql-client mysql-client py3-mysqlclient curl mailcap \
-		python3 py3-pip libffi gettext \
+		python3 py3-pip libffi gettext py-cryptography \
     && python3 -m pip install -U pip setuptools wheel \
     && python3 -m pip install -U \
         git+https://gitlab.com/mailman/mailmanclient@${CLIENT_REF} \
diff --git a/web/Dockerfile b/web/Dockerfile
index 011b4c5..ccfa3b2 100644
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -15,7 +15,7 @@ RUN --mount=type=cache,target=/root/.cache \
            postgresql-dev mariadb-dev python3-dev libffi-dev openldap-dev cargo rust \
 	&& apk add --no-cache --virtual .mailman-rundeps bash sassc \
 	   postgresql-client mysql-client py3-mysqlclient curl mailcap gettext \
-	   python3 py3-pip xapian-core xapian-bindings-python3 libffi pcre-dev \
+	   python3 py3-pip xapian-core xapian-bindings-python3 libffi pcre-dev py-cryptography \
 	&& python3 -m pip install -U 'Django<3.2' pip setuptools wheel \
 	&& pip install mailmanclient==3.3.3 \
 		postorius==1.3.6 \
diff --git a/web/Dockerfile.dev b/web/Dockerfile.dev
index 2c5951c..8a969e4 100644
--- a/web/Dockerfile.dev
+++ b/web/Dockerfile.dev
@@ -20,7 +20,7 @@ RUN --mount=type=cache,target=/root/.cache \
         postgresql-dev mariadb-dev python3-dev libffi-dev openldap-dev cargo rust \
     && apk add --no-cache --virtual .mailman-rundeps bash sassc pcre-dev \
         python3 py3-pip postgresql-client mysql-client py3-mysqlclient \
-        curl mailcap xapian-core xapian-bindings-python3 libffi gettext \
+        curl mailcap xapian-core xapian-bindings-python3 libffi gettext py-cryptography \
     && python3 -m pip install -U pip setuptools wheel \
     && python3 -m pip install -U \
         git+https://gitlab.com/mailman/mailmanclient@${CLIENT_REF} \

From 85659b47efb1c1432eb877c0ad6010199b9d59aa Mon Sep 17 00:00:00 2001
From: Sven Roederer <sven@geroedel.de>
Date: Sun, 20 Mar 2022 16:14:46 +0100
Subject: [PATCH 4/5] docker-compose: backport "stop_grace_period" and
 "restart" option to mysql variant

* backport from 743bc8522cc24c8f7684c4671a2a29477fae73b6
* backport from 0b22a0da62c56f85076ca1999e81f224092e003a
* also whitespace fix and line reordering

Signed-off-by: Sven Roederer <sven@geroedel.de>
---
 docker-compose-mysql.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docker-compose-mysql.yaml b/docker-compose-mysql.yaml
index e97c602..5d8358e 100644
--- a/docker-compose-mysql.yaml
+++ b/docker-compose-mysql.yaml
@@ -7,6 +7,7 @@ services:
     hostname: mailman-core
     volumes:
     - /opt/mailman/core:/opt/mailman/
+    stop_grace_period: 30s
     links:
     - database:database
     depends_on:
@@ -34,8 +35,8 @@ services:
     volumes:
     - /opt/mailman/web:/opt/mailman-web-data
     environment:
+    - DATABASE_TYPE=mysql
     - DATABASE_URL=mysql://mailman:mailmanpass@database/mailmandb?charset=utf8mb4
-    - DATABASE_TYPE=mysql   
     - HYPERKITTY_API_KEY=someapikey
     - SECRET_KEY=thisisaverysecretkey
     - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
@@ -51,7 +52,6 @@ services:
       MYSQL_USER: mailman
       MYSQL_PASSWORD: mailmanpass
       MYSQL_RANDOM_ROOT_PASSWORD: "yes"
-    restart: always
     image: mariadb:10.5
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     volumes:
@@ -60,7 +60,7 @@ services:
       mailman:
 
 networks:
-   mailman:
+  mailman:
     driver: bridge
     ipam:
       driver: default

From 119f22b7c98b5024aadb1f067f7437413680d59c Mon Sep 17 00:00:00 2001
From: Sven Roederer <devel-sven@geroedel.de>
Date: Sun, 20 Mar 2022 18:43:42 +0100
Subject: [PATCH 5/5] core/entrypoint: fix typo

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
---
 core/docker-entrypoint.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/docker-entrypoint.sh b/core/docker-entrypoint.sh
index 38338ad..7c761b0 100755
--- a/core/docker-entrypoint.sh
+++ b/core/docker-entrypoint.sh
@@ -36,7 +36,7 @@ fi
 # SMTP_HOST defaults to the gateway
 if [[ ! -v SMTP_HOST ]]; then
 	export SMTP_HOST=$(/sbin/ip route | awk '/default/ { print $3 }')
-	echo "SMPT_HOST not specified, using the gateway ($SMTP_HOST) as default"
+	echo "SMTP_HOST not specified, using the gateway ($SMTP_HOST) as default"
 fi
 
 if [[ ! -v SMTP_PORT ]]; then