| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| dbconfig-common-support.patch | Adapt db.inc.php to the use of dbconfig-common package | Romain Beauxis <toots@rastageeks.org> | not-needed | 2007-03-13 | ||
| debianize-config.patch | Debianize sample config file * By default we do not have any plugins available (these are in roundcube-plugins). * Disable spellchecking, because it needs recommended packages. |
Sandro Knauß <bugs@sandroknauss.de> | not-needed | 2016-05-09 | ||
| fix-install-path.patch | Fix INSTALL_PATH for bin/*.sh and tests/bootstrap.php These scripts get installed to /usr/share/roundcube/bin, but INSTALL_PATH should be /var/lib/roundcube/. Fixed/updated with sed -ri "s#(\\s*define\\s*\\(\\s*(['\"])INSTALL_PATH\\2)\\s*,.*#\\1, '/var/lib/roundcube/');#" \ bin/*.sh program/include/iniset.php Excluding bin/install*.sh and bin/update*.sh. For bin/updatecss.sh we use the current directory. We also edit tests/bootstrap.php to use the RCUBE_INSTALL_PATH environment variable. |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2019-06-08 | ||
| update-script.patch | patch update scripts to work with Debian package | Sandro Knauß <bugs@sandroknauss.de> | not-needed | 2015-03-13 | ||
| use-pspell.patch | Use pspell by default to avoid to send each mail to Google… | Vincent Bernat <bernat@debian.org> | not-needed | 2009-07-05 | ||
| loginbox-size.patch | 'classic' skin: Fix login box size to accommodate sk_SK locale | Vincent Bernat <bernat@debian.org> | no | 2009-09-27 | ||
| default-charset-utf8.patch | Switch to UTF-8 as default charset | Vincent Bernat <bernat@debian.org> | not-needed | 2010-07-17 | ||
| debianize-password-plugin.patch | specify Debian path and group names in password plugin | Jérémy Bobbio <lunar@debian.org> | not-needed | 2011-06-20 | ||
| map-sqlite3-to-sqlite.patch | map dbconfig-common's "sqlite3" driver to "sqlite" | Vincent Bernat <bernat@luffy.cx> | not-needed | debian | 2013-07-12 | |
| use-embedded-jquery-for-http-authentication.patch | avoid fetching jQuery from Google, use the embedded one This page is also just an example. The user is expected to provide their own page. |
Vincent Bernat <vincent@bernat.im> | not-needed | 2015-08-22 | ||
| update-composer.patch | Update PHP pear dependencies The current dependencies that are published by upstream are too conservative, so: * replace ~ (that only allows minor versions changes) with >= as documented in the INSTALL file; * delete dependency to net_idna2, that is only needed for PHP < 5.3 (idn_to_utf8 and idn_to_ascii); and * replace pear/ with pear-pear.php.net/ to create current Debian package names. |
Sandro Knauß <bugs@sandroknauss.de> | not-needed | debian | Debian | 2019-12-18 |
| update-jsdeps.patch | Make it possible to download/install unminified sourcefiles We remove system libraries from this file so we easily notice updates (either of the version, or of the map). |
Sandro Knauß <hefee@debian.org> | not-needed | Debian | 2020-10-01 | |
| use-system-JQueryUI.patch | Use system JQueryUI We source jquery-ui-accessible-datepicker.min.js after libjs-jquery-ui's jquery-ui.min.js to avoid concatening these files (see the former's headers). Also libjs-jquery-ui's datepicker-* files don't have the ‘jquery.ui.’ prefix. |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2019-06-07 | ||
| rename-python-to-python3.patch | Rename `python` to `python3` | Guilhem Moulin <guilhem@debian.org> | not-needed | 2021-01-10 | ||
| fix-FTBFS-with-phpunit-8.5.13-1.patch | Fix FTBFS with phpunit 8.5.13-1 Changes: 1. Rename PHPUnit_Framework_TestCase class to \PHPUnit\Framework\TestCase 2. Set setUp() output type to void 3. Source ‘INSTALL_PATH . 'plugins/…’ rather than ‘__DIR__ . '/../…’ in setUp(). This doesn't cause FTBFS but we want to check installed code in DEP-8 tests. |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2021-01-10 | ||
| fix-file-list-in-phpunit-configuration.patch | Fix file list in phpunit configuration Remove <file/> that don't exist (this causes phpunit 9.5 to fail), and fix typos in those which do. |
Guilhem Moulin <guilhem@debian.org> | no | 2021-01-11 | ||
| fix-FTBFS-with-phpunit-9.5.0-1.patch | Fix FTBFS with phpunit 9.5.0-1 Changes: 1. Rename assertContains() to assertStringContainsString() 2. Rename assertNotContains() to assertStringNotContainsString() |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2021-01-11 | ||
| fix-FTBFS-with-phpunit-10.patch | Fix FTBFS with phpunit 10 Changes: 1. Migrate XML schema 2. Rename assertRegExp() to assertMatchesRegularExpression() 3. Rename assertNotRegExp() to assertDoesNotMatchRegularExpression() |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2021-01-11 | ||
| hint-at-which-packages-needs-installing-under-PHP8.patch | Hint at which packages needs installing under PHP8. An upgraded php-* doesn't necessarily mean a broken Roundcube as long as phpX.Y-* are still available for X.Y < 8.0. See https://alioth-lists.debian.net/pipermail/pkg-php-pear/2021-February/016060.html . This patch should be removed when the PHP 8.0 transition completes. |
Guilhem Moulin <guilhem@debian.org> | not-needed | 2021-02-26 | ||
| fix-Framework_Washtml-test_wash_xss_tests.patch | Fix Framework_Washtml::test_wash_xss_tests(). This merely prepends a comment to the expected HTML (in line with the other test vectors). Regression from b2400a4b592e3094b6c84e6000d512f99ae0eed8 and c998034d312ef04f1801c7df6ba649d51d749436. |
Guilhem Moulin <guilhem@debian.org> | no | 2022-01-03 | ||
| bump-upstream-version.patch | Bump upstream version Unfortunately upstream left the old version number in the tagged release… It's harmless in comments, but RCMAIL_VERSION shows in the about dialog, so it's best to patch it. |
Guilhem Moulin <guilhem@debian.org> | no | 2023-10-18 | ||
| CVE-2023-47272.patch | Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download Thanks to rehme.infosec for reporting the issues. |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/bf599fe1cfbb9a6a13681524fd27e85aeb1f549a | 2023-11-04 |
| CVE-2024-37384.patch | Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences Reported by Huy Nguyễn Phạm Nhật. |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/0d0bc61b139d6ca321d5923d769d03a3253596ed | 2024-05-19 |
| CVE-2024-37383.patch | Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes Reported by Valentin T. and Lutz Wolf of CrowdStrike. |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/43aaaa528646877789ec028d87924ba1accf5242 | 2024-05-19 |
| CVE-2024-42009.patch | Fix XSS vulnerability in post-processing of sanitized HTML content Credits to Oskar Zeino-Mahmalat (https://www.sonarsource.com) |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/a25e48e2daec522432fea3c37f3917366e2948d1 | 2024-08-03 |
| CVE-2024-42008.patch | Fix XSS vulnerability in serving of attachments other than HTML or SVG Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/c222ea8b99448ead20ab3864fcc29c84ed17403a | 2024-08-03 |
| Fix-regression-where-printing-scaling-rotating-image-atta.patch | Fix regression where printing/scaling/rotating image attachments was broken | Aleksander Machniak <alec@alec.pl> | yes | debian upstream | https://github.com/roundcube/roundcubemail/commit/44cec17e8f1b9a03af75f97a9cb6a77724586c47 | 2024-08-08 |
| CVE-2024-42010.patch | Fix information leak (access to remote content) via insufficient CSS filtering Credits to Oskar Zeino-Mahmalat (Sonar) https://www.sonarsource.com |
Aleksander Machniak <alec@alec.pl> | no | debian | https://github.com/roundcube/roundcubemail/commit/9f19b931e3b89c2fa577e2bf719f7db84492eb66 | 2024-08-03 |
| Fix-infinite-loop-when-parsing-malformed-Sieve-script.patch | Fix infinite loop when parsing malformed Sieve script | Aleksander Machniak <alec@alec.pl> | yes | upstream | https://github.com/roundcube/roundcubemail/commit/3567090a997e95aac6bb052bfb48bb301d0c03c3 | 2024-07-31 |