Source: roundcube Version: 1.6.6+dfsg-1 Severity: normal Tags: patch upstream
Roundcube's OAuth2 code assumes that if oauth authentication is in place, the same scheme will apply to the SMTP credentials, but this is wrong: it's common that Roundcube will be installed in a host that simply has a smtp forwarder to a smarthost, and thus no authentication is needed. Upstream fixed this in https://github.com/roundcube/roundcubemail/commit/504cdb89a5ed2c0c3491f99abb206dfb42b1200b and the patch applies well to the bookworm branch. Would it be possible to add this fix in a future point release? For your convenience, here's a MR with the patch included: https://salsa.debian.org/roundcube-team/roundcube/-/merge_requests/1 Jordi -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.13-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), LANGUAGE=ca_ES:ca Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
