Debian Patches

Status for sogo/5.12.1-3+deb13u2

Patch Description Author Forwarded Bugs Origin Last update
0009-Omit-signedViewer-altogether-when-not-using-openssl.patch Omit signedViewer altogether when not using openssl Hanno Stock <hanno.stock@indurad.com> no 2019-07-30
python3.patch =================================================================== no
disable_isIpv4_test.patch Disable `isIPv4` test This test fails on still unknown scenarios (machines with default IPv6 routes?)
and generates lots of unwanted test failures in Debian.

===================================================================		 Jordi Mallach <jordi@debian.org> not-needed
cross.patch Fix FTCBFS. Yavor Doganov <yavor@gnu.org> no 2025-01-26
upstream_openid_fixes.patch commit c5fb3482e22f1bfc935213e8ed7208becd9bd1f4

fix(openid): make end_session_endpoint optional

diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc
index ae9951da9..372f6b4f8 100644		 Hivert Quentin <quentin.hivert.fr@gmail.com> no 2025-05-13
upstream_password_regex.patch commit e36d0d219baed8c7d57af0069fadb8d1bf7df072

fix(password): put correct regex for special char

diff --git a/SoObjects/SOGo/SOGoPasswordPolicy.m b/SoObjects/SOGo/SOGoPasswordPolicy.m
index 02bb8be07..5db36c4a5 100644		 Hivert Quentin <quentin.hivert.fr@gmail.com> no 2025-05-13
upstream_fix_evaluation_freebusy.patch commit 8766b7c6b32aedf37d7f8f350e461931b253a4fb

fix(calendar): properly evalute last occurance freebusy

diff --git a/SOPE/NGCards/iCalDailyRecurrenceCalculator.m b/SOPE/NGCards/iCalDailyRecurrenceCalculator.m
index 817f4629e..7ecc8f09c 100644		 Hivert Quentin <quentin.hivert.fr@gmail.com> no 2025-06-17
upstream_use_openid_libcurl.patch commit a782424a30cfe8e9c6f2769a45bcdd3498679237

feat(openid): swicth to libcurl for http request

It was using an internal library before and there were too much errors due to incomplete http's protocol implementation

diff --git a/SOPE/GDLContentStore/GCSOpenIdFolder.m b/SOPE/GDLContentStore/GCSOpenIdFolder.m
index dc6e90b64..a889a768f 100644		 Hivert Quentin <quentin.hivert.fr@gmail.com> no 2025-06-23
CVE-2025-63499.patch fix(vulnerability): prevent sogo to execute scripts pass in theme query Hivert Quentin <quentin.hivert.fr@gmail.com> yes debian upstream https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb 2025-11-26
CVE-2025-63498.patch fix(login): Only remember the login if the auth was successful Hivert Quentin <quentin.hivert.fr@gmail.com> yes upstream https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c 2025-10-02
CVE-2026-46445_CVE-2026-46446.patch fix(sql): use proper sql adaptor for usr source Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/1f7e5d2b2c2047c44a6a9e05f73c36491cb96d21.diff 2026-03-24
CVE-2025-71276.patch fix(vulnerability): prevent xss with events, tasks and contacts categories Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1.diff 2025-12-16
CVE-2026-3054.patch fix(vulnerability): prevent javascript njection with hint query Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/e821b20f87d1a9757f1d0aff7d1e31703f97054b.diff 2026-02-24
CVE-2026-33550.patch fix(vulnerability): properly change the totp code after disabling it Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2.diff 2026-02-25
CVE-2026-8496.patch fix(mail): sanitise mail with ics (invitation to event) Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/67ce01ec2a1a7854d8e9f615dd65afb949043e8.diff 2026-05-03
CVE-2026-8496_regression_fix.patch fix(pref): prevent onevent cleaning to remove legitimate words Hivert Quentin <quentin.hivert.fr@gmail.com> no backport, https://github.com/Alinto/sogo/commit/c45233c11e250a22fa1e1f3e47fee2d6e232045b.diff 2026-05-19
CVE-2026-8851_1.patch fix(acl): only add existing uid Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/f9b71059f4f382d7b337d16ce1257443ade43d02.diff 2026-04-15
CVE-2026-8851_2.patch fix(acl): fix folder path Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/d902756aaf955a9ade6061806bb372e15b673197.diff 2026-04-21
fix_openid_validation.patch fix(openid): check the userinfo mail + avoid infinite loop Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/93b82a0f60ce5d8b0938e3f03d86baee8d075162.diff 2026-05-05
fix_xss_message_subject_rendering_1.patch fix(UI): render properly the subject Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/b7641be5c80c0c02dc1b4742ce92e4de9a948b72.diff 2026-04-13
fix_xss_message_subject_rendering_2.patch fix(mail): render properly the subject v2 Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/29d0bbc9eb96c2b4a0ada4d93eac79a66c789b22.diff 2026-05-03
git_clean_import_event.patch commit b18f1a09f59424a36f6de5aa7c30e6f27405c15d

fix(event): clean import of event

diff --git a/SoObjects/Appointments/SOGoAppointmentFolder.m b/SoObjects/Appointments/SOGoAppointmentFolder.m
index f18c7ad77..f958eab51 100644		 Hivert Quentin <quentin.hivert.fr@gmail.com> no 2026-05-26
fix_message_rendering_1.patch fix(mail): correctly render mail when searching Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/alinto/sogo/commit/0cb21f8fb95d3fcb5da5112e3dcf082fa7cb1fe3.diff 2026-05-08
fix_message_rendering_2.patch fix(mail): render the subject without html when searching Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/Alinto/sogo/commit/be440baa23fd8b6ad5d8c947f60f9105ad717214.diff 2026-05-12
fix_message_rendering_3.patch fix(mail): do not encode non-html element Hivert Quentin <quentin.hivert.fr@gmail.com> no upstream, https://github.com/alinto/sogo/commit/6e590115fbce073847369495997228fba2fc3ce8.diff 2026-05-19
disable_is_localhost_test.patch =================================================================== no
libxml2.patch =================================================================== no
0002-Change-sogo-backup-location-and-update-cronjob.patch Change sogo-backup location and update cronjob
Change sogo-backup location to /var/backups/sogo and update
sogo-backup.sh location in cronjob to /usr/sbin/sogo-backup.		 Jeroen Dekkers <jeroen@dekkers.ch> no 2013-04-13
0003-Fix-may-be-used-uninitialized-in-this-function-warni.patch Fix "may be used uninitialized in this function" warnings.

===================================================================		 Jeroen Dekkers <jeroen@dekkers.ch> yes 2014-04-09
0005-Remove-build-date.patch Remove build date Jeroen Dekkers <jeroen@dekkers.ch> no 2014-10-05
0006-Update-unit-test-expected-failures.patch Update unit test expected failures Jeroen Dekkers <jeroen@dekkers.ch> no 2016-04-09
disable_test_rendering.patch Disable test_rendering test unit This test is known to fail on several Debian architectures:
mips, s390x, hppa, powerpc, powerpcspe, ppc64: all of them being big endian.

===================================================================		 Jordi Mallach <jordi@debian.org> no
0007-Do-not-use-OpenSSL-when-we-are-configured-to-use-Gnu.patch Do not use OpenSSL when we are configured to use GnuTLS Jeroen Dekkers <jeroen@dekkers.ch> no 2019-01-13
0008-Unset-MAKEFLAGS-and-MFLAGS-in-configure.patch Unset MAKEFLAGS and MFLAGS in configure
This fixes a build failure when building the package with parallel
make.		 Jeroen Dekkers <jeroen@dekkers.ch> no 2019-01-13

All known versions for source package 'sogo'

Links