[Pkg-roundcube-maintainers] Bug#1062471: Does not handle OAuth2 + unauthenticated setups correctly
Jordi Mallach
jordi at debian.org
Thu Feb 1 16:08:39 GMT 2024
Source: roundcube
Version: 1.6.6+dfsg-1
Severity: normal
Tags: patch upstream
Roundcube's OAuth2 code assumes that if oauth authentication is in
place, the same scheme will apply to the SMTP credentials, but this
is wrong: it's common that Roundcube will be installed in a host
that simply has a smtp forwarder to a smarthost, and thus no
authentication is needed.
Upstream fixed this in https://github.com/roundcube/roundcubemail/commit/504cdb89a5ed2c0c3491f99abb206dfb42b1200b
and the patch applies well to the bookworm branch.
Would it be possible to add this fix in a future point release? For your
convenience, here's a MR with the patch included:
https://salsa.debian.org/roundcube-team/roundcube/-/merge_requests/1
Jordi
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), LANGUAGE=ca_ES:ca
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-roundcube-maintainers
mailing list