From a6c969d4b7de174fb620c947eeae285aa3cd07d6 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <containers-bot@bitnami.com>
Date: Thu, 21 Jan 2021 10:11:37 +0000
Subject: [PATCH] 8.9.13-debian-10-r0 release

---
 bitnami/drupal/8/debian-10/Dockerfile         |   4 +-
 .../opt/bitnami/.bitnami_components.json      |   4 +-
 .../opt/bitnami/scripts/libmysqlclient.sh     | 145 ++++++++++++++----
 .../opt/bitnami/scripts/mysql-client-env.sh   |  21 ++-
 bitnami/drupal/README.md                      |  14 +-
 5 files changed, 142 insertions(+), 46 deletions(-)

diff --git a/bitnami/drupal/8/debian-10/Dockerfile b/bitnami/drupal/8/debian-10/Dockerfile
index ebe58f2202ec..b98078faab92 100644
--- a/bitnami/drupal/8/debian-10/Dockerfile
+++ b/bitnami/drupal/8/debian-10/Dockerfile
@@ -15,7 +15,7 @@ RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "mysql-client" "1
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "libphp" "7.3.26-0" --checksum 2011a6ddd6853afd60b0399ff5c334f7b6b131f90c0e326115d28a06de6b262b
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.0-3" --checksum 8179ad1371c9a7d897fe3b1bf53bbe763f94edafef19acad2498dd48b3674efe
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.12.0-2" --checksum 4d858ac600c38af8de454c27b7f65c0074ec3069880cb16d259a6e40a46bbc50
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "drupal" "8.9.12-0" --checksum 264681e52dec5d5d7a9d89ce2b3ce0aed7a3b13f184c9656dd84aa7ddb3cf531
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "drupal" "8.9.13-0" --checksum 09f9642c346843989e47350f0065111a0356e2e9ad99be27f618ca93731d3d84
 RUN apt-get update && apt-get upgrade -y && \
     rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
@@ -31,7 +31,7 @@ ENV ALLOW_EMPTY_PASSWORD="no" \
     APACHE_HTTPS_PORT_NUMBER="" \
     APACHE_HTTP_PORT_NUMBER="" \
     BITNAMI_APP_NAME="drupal" \
-    BITNAMI_IMAGE_VERSION="8.9.12-debian-10-r8" \
+    BITNAMI_IMAGE_VERSION="8.9.13-debian-10-r0" \
     MARIADB_HOST="mariadb" \
     MARIADB_PORT_NUMBER="3306" \
     MARIADB_ROOT_PASSWORD="" \
diff --git a/bitnami/drupal/8/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/drupal/8/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json
index 7fb8cb2243a0..381857b6e4da 100644
--- a/bitnami/drupal/8/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/drupal/8/debian-10/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -8,10 +8,10 @@
     },
     "drupal": {
         "arch": "amd64",
-        "digest": "264681e52dec5d5d7a9d89ce2b3ce0aed7a3b13f184c9656dd84aa7ddb3cf531",
+        "digest": "09f9642c346843989e47350f0065111a0356e2e9ad99be27f618ca93731d3d84",
         "distro": "debian-10",
         "type": "NAMI",
-        "version": "8.9.12-0"
+        "version": "8.9.13-0"
     },
     "gosu": {
         "arch": "amd64",
diff --git a/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh b/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh
index e7e95782e827..bcded330aff4 100644
--- a/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh
+++ b/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/libmysqlclient.sh
@@ -45,7 +45,7 @@ mysql_client_validate() {
     }
 
     # Only validate environment variables if any action needs to be performed
-    check_yes_no_value "DB_TLS_ENABLED"
+    check_yes_no_value "DB_ENABLE_SSL_WRAPPER"
 
     if [[ -n "$DB_CREATE_DATABASE_USER" || -n "$DB_CREATE_DATABASE_NAME" ]]; then
         if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
@@ -78,9 +78,9 @@ mysql_client_validate() {
 #   None
 #########################
 mysql_client_initialize() {
-    # Wrap binary to force the usage of TLS
-    if is_boolean_yes "$DB_TLS_ENABLED"; then
-        mysql_client_wrap_binary_for_tls
+    # Wrap binary to force the usage of SSL
+    if is_boolean_yes "$DB_ENABLE_SSL_WRAPPER"; then
+        mysql_client_wrap_binary_for_ssl
     fi
     # Wait for the database to be accessible if any action needs to be performed
     if [[ -n "$DB_CREATE_DATABASE_USER" || -n "$DB_CREATE_DATABASE_NAME" ]]; then
@@ -113,7 +113,7 @@ mysql_client_initialize() {
 }
 
 ########################
-# Wrap binary to force the usage of TLS
+# Wrap binary to force the usage of SSL
 # Globals:
 #   DB_*
 # Arguments:
@@ -121,14 +121,16 @@ mysql_client_initialize() {
 # Returns:
 #   None
 #########################
-mysql_client_wrap_binary_for_tls() {
+mysql_client_wrap_binary_for_ssl() {
     local -r wrapper_file="${DB_BIN_DIR}/mysql"
     local -r wrapped_binary_file="${DB_BASE_DIR}/.bin/mysql"
+    local -a ssl_opts=()
+    read -r -a ssl_opts <<< "$(mysql_client_extra_opts)"
 
     mv "$wrapper_file" "$wrapped_binary_file"
     cat >"$wrapper_file" <<EOF
 #!/bin/sh
-exec "${wrapped_binary_file}" "\$@" --ssl=1
+exec "${wrapped_binary_file}" "\$@" ${ssl_opts[@]:-}
 EOF
     chmod +x "$wrapper_file"
 }
@@ -209,8 +211,9 @@ mysql_execute_print_output() {
     local -r db="${1:-}"
     local -r user="${2:-root}"
     local -r pass="${3:-}"
-    local mysql_cmd opts
-    read -r -a opts <<<"${@:4}"
+    local -a opts extra_opts
+    read -r -a opts <<< "${@:4}"
+    read -r -a extra_opts <<< "$(mysql_client_extra_opts)"
 
     # Process mysql CLI arguments
     local -a args=()
@@ -219,9 +222,11 @@ mysql_execute_print_output() {
     fi
     args+=("-N" "-u" "$user" "$db")
     [[ -n "$pass" ]] && args+=("-p$pass")
-    [[ -n "${opts[*]:-}" ]] && args+=("${opts[@]:-}")
+    [[ "${#opts[@]}" -gt 0 ]] && args+=("${opts[@]}")
+    [[ "${#extra_opts[@]}" -gt 0 ]] && args+=("${extra_opts[@]}")
 
     # Obtain the command specified via stdin
+    local mysql_cmd
     mysql_cmd="$(</dev/stdin)"
     debug "Executing SQL command:\n$mysql_cmd"
     "$DB_BIN_DIR/mysql" "${args[@]}" <<<"$mysql_cmd"
@@ -245,6 +250,30 @@ mysql_execute() {
     debug_execute "mysql_execute_print_output" "$@"
 }
 
+########################
+# Execute an arbitrary query/queries against a remote MySQL/MariaDB service and print to stdout
+# Stdin:
+#   Query/queries to execute
+# Globals:
+#   BITNAMI_DEBUG
+#   DB_*
+# Arguments:
+#   $1 - Remote MySQL/MariaDB service hostname
+#   $2 - Remote MySQL/MariaDB service port
+#   $3 - Database where to run the queries
+#   $4 - User to run queries
+#   $5 - Password
+#   $6 - Extra MySQL CLI options
+# Returns:
+#   None
+mysql_remote_execute_print_output() {
+    local -r hostname="${1:?hostname is required}"
+    local -r port="${2:?port is required}"
+    local -a args=("-h" "$hostname" "-P" "$port" "--connect-timeout=5")
+    shift 2
+    "mysql_execute_print_output" "$@" "${args[@]}"
+}
+
 ########################
 # Execute an arbitrary query/queries against a remote MySQL/MariaDB service
 # Stdin:
@@ -262,11 +291,7 @@ mysql_execute() {
 # Returns:
 #   None
 mysql_remote_execute() {
-    local -r hostname="${1:?hostname is required}"
-    local -r port="${2:?port is required}"
-    local -a args=("-h" "$hostname" "-P" "$port" "--connect-timeout=5")
-    shift 2
-    debug_execute "mysql_execute_print_output" "$@" "${args[@]}"
+    debug_execute "mysql_remote_execute_print_output" "$@"
 }
 
 ########################
@@ -468,7 +493,7 @@ mysql_upgrade() {
 # Returns:
 #   None
 #########################
-migrate_old_configuration() {
+mysql_migrate_old_configuration() {
     local -r old_custom_conf_file="$DB_VOLUME_DIR/conf/my_custom.cnf"
     local -r custom_conf_file="$DB_CONF_DIR/bitnami/my_custom.cnf"
     debug "Persisted configuration detected. Migrating any existing 'my_custom.cnf' file to new location"
@@ -529,10 +554,6 @@ mysql_ensure_user_exists() {
             --use-ldap)
                 use_ldap="yes"
                 ;;
-            --ssl-ca)
-                shift
-                ssl_ca="${1:?missing path to ssl CA}"
-                ;;
             --host)
                 shift
                 db_host="${1:?missing database host}"
@@ -558,22 +579,26 @@ mysql_ensure_user_exists() {
         fi
     fi
     debug "creating database user \'$user\'"
-    local -a opts=()
-    [[ -n "$db_host" ]] && opts+=("-h" "${db_host}")
-    [[ -n "$db_port" ]] && opts+=("-P" "${db_port}")
-    [[ -n "$ssl_ca" ]] && opts+=("--ssl-ca" "$ssl_ca")
+
+    local -a mysql_execute_cmd=("mysql_execute")
+    local -a mysql_execute_print_output_cmd=("mysql_execute_print_output")
+    if [[ -n "$db_host" && -n "$db_port" ]]; then
+        mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
+        mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port")
+    fi
+
     local mysql_create_user_cmd
     [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists"
-    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "${opts[@]:-}" <<EOF
+    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 ${mysql_create_user_cmd} '${user}'@'%' ${auth_string};
 EOF
     debug "Removing all other hosts for the user"
-    hosts=$(mysql_execute_print_output "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "${opts[@]:-}" <<EOF
+    hosts=$("${mysql_execute_print_output_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 select Host from user where User='${user}' and Host!='%';
 EOF
 )
     for host in $hosts; do
-        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "${opts[@]:-}" <<EOF
+        "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 drop user '$user'@'$host';
 EOF
     done
@@ -713,16 +738,16 @@ mysql_ensure_database_exists() {
         shift
     done
 
-    local -a extra_args=()
-    [[ -n "$character_set" ]] && extra_args=("character set = '${character_set}'")
-    [[ -n "$collate" ]] && extra_args=("collate = '${collate}'")
-
     local -a mysql_execute_cmd=("mysql_execute")
     [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
 
+    local -a create_database_args=()
+    [[ -n "$character_set" ]] && create_database_args+=("character set = '${character_set}'")
+    [[ -n "$collate" ]] && create_database_args+=("collate = '${collate}'")
+
     debug "Creating database $database"
     "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-create database if not exists \`$database\` ${extra_args[@]:-};
+create database if not exists \`$database\` ${create_database_args[@]:-};
 EOF
 }
 
@@ -924,7 +949,7 @@ mysql_conf_set() {
 #########################
 mysql_update_custom_config() {
     # Persisted configuration files from old versions
-    ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && migrate_old_configuration
+    ! is_dir_empty "$DB_VOLUME_DIR" && [[ -d "$DB_VOLUME_DIR/conf" ]] && mysql_migrate_old_configuration
 
     # User injected custom configuration
     if [[ -f "$DB_CONF_DIR/my_custom.cnf" ]]; then
@@ -986,3 +1011,57 @@ mysql_healthcheck() {
 
     mysqladmin "${args[@]}" ping && mysqladmin "${args[@]}" status
 }
+
+########################
+# Prints flavor of 'mysql' client (useful to determine proper CLI flags that can be used)
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   mysql client flavor
+#########################
+mysql_client_flavor() {
+    if "${DB_BIN_DIR}/mysql" "--version" 2>&1 | grep -q MariaDB; then
+        echo "mariadb"
+    else
+        echo "mysql"
+    fi
+}
+
+########################
+# Prints extra options for MySQL client calls (i.e. SSL options)
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   List of options to pass to "mysql" CLI
+#########################
+mysql_client_extra_opts() {
+    # Helper to get the proper value for the MySQL client environment variable
+    mysql_client_env_value() {
+        local env_name="MYSQL_CLIENT_${1:?missing name}"
+        if [[ -n "${!env_name:-}" ]]; then
+            echo "${!env_name:-}"
+        else
+            env_name="DB_CLIENT_${1}"
+            echo "${!env_name:-}"
+        fi
+    }
+    local -a opts=()
+    local key value
+    if is_boolean_yes "$DB_ENABLE_SSL"; then
+        if [[ "$(mysql_client_flavor)" = "mysql" ]]; then
+            opts+=("--ssl-mode=REQUIRED")
+        else
+            opts+=("--ssl=TRUE")
+        fi
+        # Add "--ssl-ca", "--ssl-key" and "--ssl-cert" options if the env vars are defined
+        for key in ca key cert; do
+            value="$(mysql_client_env_value "SSL_${key^^}_FILE")"
+            [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}")
+        done
+    fi
+    echo "${opts[@]:-}"
+}
diff --git a/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh b/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh
index 2d364c1d33fb..ae42e8827305 100644
--- a/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh
+++ b/bitnami/drupal/8/debian-10/rootfs/opt/bitnami/scripts/mysql-client-env.sh
@@ -29,7 +29,12 @@ mysql_env_vars=(
     MYSQL_CLIENT_CREATE_DATABASE_PASSWORD
     MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET
     MYSQL_CLIENT_CREATE_DATABASE_COLLATE
-    MYSQL_CLIENT_TLS_ENABLED
+    MYSQL_CLIENT_ENABLE_SSL_WRAPPER
+    MYSQL_CLIENT_ENABLE_SSL
+    MYSQL_CLIENT_SSL_CA_FILE
+    MYSQL_CLIENT_SSL_CERT_FILE
+    MYSQL_CLIENT_SSL_KEY_FILE
+    MYSQL_CLIENT_EXTRA_FLAGS
 )
 for env_var in "${mysql_env_vars[@]}"; do
     file_env_var="${env_var}_FILE"
@@ -79,7 +84,17 @@ export MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET="${MYSQL_CLIENT_CREATE_DATABAS
 export DB_CREATE_DATABASE_CHARACTER_SET="$MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET"
 export MYSQL_CLIENT_CREATE_DATABASE_COLLATE="${MYSQL_CLIENT_CREATE_DATABASE_COLLATE:-}"
 export DB_CREATE_DATABASE_COLLATE="$MYSQL_CLIENT_CREATE_DATABASE_COLLATE"
-export MYSQL_CLIENT_TLS_ENABLED="${MYSQL_CLIENT_TLS_ENABLED:-no}"
-export DB_TLS_ENABLED="$MYSQL_CLIENT_TLS_ENABLED"
+export MYSQL_CLIENT_ENABLE_SSL_WRAPPER="${MYSQL_CLIENT_ENABLE_SSL_WRAPPER:-no}"
+export DB_ENABLE_SSL_WRAPPER="$MYSQL_CLIENT_ENABLE_SSL_WRAPPER"
+export MYSQL_CLIENT_ENABLE_SSL="${MYSQL_CLIENT_ENABLE_SSL:-no}"
+export DB_ENABLE_SSL="$MYSQL_CLIENT_ENABLE_SSL"
+export MYSQL_CLIENT_SSL_CA_FILE="${MYSQL_CLIENT_SSL_CA_FILE:-}"
+export DB_SSL_CA_FILE="$MYSQL_CLIENT_SSL_CA_FILE"
+export MYSQL_CLIENT_SSL_CERT_FILE="${MYSQL_CLIENT_SSL_CERT_FILE:-}"
+export DB_SSL_CERT_FILE="$MYSQL_CLIENT_SSL_CERT_FILE"
+export MYSQL_CLIENT_SSL_KEY_FILE="${MYSQL_CLIENT_SSL_KEY_FILE:-}"
+export DB_SSL_KEY_FILE="$MYSQL_CLIENT_SSL_KEY_FILE"
+export MYSQL_CLIENT_EXTRA_FLAGS="${MYSQL_CLIENT_EXTRA_FLAGS:-no}"
+export DB_EXTRA_FLAGS="$MYSQL_CLIENT_EXTRA_FLAGS"
 
 # Custom environment variables may be defined below
diff --git a/bitnami/drupal/README.md b/bitnami/drupal/README.md
index 70a363158372..cbce4f946bad 100644
--- a/bitnami/drupal/README.md
+++ b/bitnami/drupal/README.md
@@ -41,8 +41,8 @@ Bitnami containers can be used with [Kubeapps](https://kubeapps.com/) for deploy
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
 
 
-* [`9`, `9-debian-10`, `9.1.2`, `9.1.2-debian-10-r8`, `latest` (9/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-drupal/blob/9.1.2-debian-10-r8/9/debian-10/Dockerfile)
-* [`8`, `8-debian-10`, `8.9.12`, `8.9.12-debian-10-r8` (8/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-drupal/blob/8.9.12-debian-10-r8/8/debian-10/Dockerfile)
+* [`9`, `9-debian-10`, `9.1.3`, `9.1.3-debian-10-r-1`, `latest` (9/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-drupal/blob/9.1.3-debian-10-r-1/9/debian-10/Dockerfile)
+* [`8`, `8-debian-10`, `8.9.13`, `8.9.13-debian-10-r0` (8/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-drupal/blob/8.9.13-debian-10-r0/8/debian-10/Dockerfile)
 
 Subscribe to project updates by watching the [bitnami/drupal GitHub repo](https://github.com/bitnami/bitnami-docker-drupal).
 
@@ -244,12 +244,14 @@ Available environment variables:
 ##### Create a database for Drupal using mysql-client
 
 - `MYSQL_CLIENT_DATABASE_HOST`: Hostname for MariaDB server. Default: **mariadb**
-- `MYSQL_CLIENT_PORT_NUMBER`: Port used by MariaDB server. Default: **3306**
-- `MYSQL_CLIENT_ROOT_USER`: Database admin user. Default: **root**
-- `MYSQL_CLIENT_ROOT_PASSWORD`: Database password for the `MARIADB_ROOT_USER` user. No defaults.
+- `MYSQL_CLIENT_DATABASE_PORT_NUMBER`: Port used by MariaDB server. Default: **3306**
+- `MYSQL_CLIENT_DATABASE_ROOT_USER`: Database admin user. Default: **root**
+- `MYSQL_CLIENT_DATABASE_ROOT_PASSWORD`: Database password for the database admin user. No defaults.
 - `MYSQL_CLIENT_CREATE_DATABASE_NAME`: New database to be created by the mysql client module. No defaults.
 - `MYSQL_CLIENT_CREATE_DATABASE_USER`: New database user to be created by the mysql client module. No defaults.
 - `MYSQL_CLIENT_CREATE_DATABASE_PASSWORD`: Database password for the `MYSQL_CLIENT_CREATE_DATABASE_USER` user. No defaults.
+- `MYSQL_CLIENT_CREATE_DATABASE_CHARACTER_SET`: Character set to use for the new database. No defaults.
+- `MYSQL_CLIENT_CREATE_DATABASE_COLLATE`: Database collation to use for the new database. No defaults.
 - `ALLOW_EMPTY_PASSWORD`: It can be used to allow blank passwords. Default: **no**
 
 ##### SMTP Configuration
@@ -264,13 +266,13 @@ To configure Drupal to send email using SMTP you can set the following environme
 
 ##### PHP configuration
 
+- `PHP_EXPOSE_PHP`: Enables HTTP header with PHP version. No default.
 - `PHP_MAX_EXECUTION_TIME`: Maximum execution time for PHP scripts. No default.
 - `PHP_MAX_INPUT_TIME`: Maximum input time for PHP scripts. No default.
 - `PHP_MAX_INPUT_VARS`: Maximum amount of input variables for PHP scripts. No default.
 - `PHP_MEMORY_LIMIT`: Memory limit for PHP scripts. Default: **256M**
 - `PHP_POST_MAX_SIZE`: Maximum size for PHP POST requests. No default.
 - `PHP_UPLOAD_MAX_FILESIZE`: Maximum file size for PHP uploads. No default.
-- `PHP_EXPOSE_PHP`: Enables HTTP header with PHP version. No default.
 
 ##### Example