mail/roundcube: update to 1.6.15

taca · taca · commit a2e0ab96476f · 2026-03-29T14:31:58.000Z
1.6.15 (2026-03-29)

This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to some regressions introduced in the previous release as
well a recently reported security vulnerability:

	SVG Animate FUNCIRI Attribute Bypass -- Remote Image Loading
		via fill/filter/stroke, reported by class_nzm.

This version is considered stable and we recommend to update all productive
installations of Roundcube 1.6.x with it.  Please do backup your data before
updating!  CHANGELOG

* Fix regression where mail search would fail on non-ascii search criteria
  (#10121)
* Fix regression where some data url images could get ignored/lost (#10128)
* Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via
  fill/filter/stroke
diff --git a/mail/roundcube-plugin-password/distinfo b/mail/roundcube-plugin-password/distinfo
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.44 2026/03/18 14:58:17 taca Exp $
+$NetBSD: distinfo,v 1.45 2026/03/29 14:31:59 taca Exp $
 
-BLAKE2s (roundcubemail-1.6.14-complete.tar.gz) = 311e2076bd3343acb18c1f5c93378c3580625f45a6db0a683cfa6d3e0a2f2b76
-SHA512 (roundcubemail-1.6.14-complete.tar.gz) = 55e3ee4674ac6257a80577b98295b972609b3a6bbb2d929841101132aa960ccbed56c3ddd127a417eb301433215fe8917c373df19da768b57844e1fadcbda525
-Size (roundcubemail-1.6.14-complete.tar.gz) = 5873247 bytes
+BLAKE2s (roundcubemail-1.6.15-complete.tar.gz) = 4cca817ff79802fd977c1df23002938feb1eae76eb597d2ed7338e2f61835c08
+SHA512 (roundcubemail-1.6.15-complete.tar.gz) = 8c99493c0008a5c498d9ad665881ce2a3d4368affb831e5af36ca65d37e643ba9aded1129ee41c576aa50d5bed2080e80ee7ec5d0f942b0f02fb48c5082f54fe
+Size (roundcubemail-1.6.15-complete.tar.gz) = 5872562 bytes
 SHA1 (patch-plugins_password_helpers_passwd-expect) = 15e427a3c90bf7c0437a023b3f099abb5a139165
diff --git a/mail/roundcube/Makefile b/mail/roundcube/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.102 2026/03/19 03:55:29 taca Exp $
+# $NetBSD: Makefile,v 1.103 2026/03/29 14:31:58 taca Exp $
 
 DISTNAME=	roundcubemail-${RC_VERS}
 PKGNAME=	${PHP_PKG_PREFIX}-${DISTNAME:S/mail-/-/:S/-complete//}
-PKGREVISION=	1
 
 MAINTAINER=	taca@NetBSD.org
 COMMENT=	Browser-based multilingual IMAP client
diff --git a/mail/roundcube/Makefile.common b/mail/roundcube/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.42 2026/03/18 14:58:17 taca Exp $
+# $NetBSD: Makefile.common,v 1.43 2026/03/29 14:31:58 taca Exp $
 #
 # used by mail/roundcube/Makefile
 # used by mail/roundcube/plugins.mk
@@ -10,7 +10,7 @@ GITHUB_PROJECT=	roundcubemail
 GITHUB_RELEASE=	${RC_VERS}
 HOMEPAGE=	https://roundcube.net/
 
-RC_VERS=	1.6.14
+RC_VERS=	1.6.15
 
 USE_LANGUAGES=		# none
 USE_TOOLS+=		pax
diff --git a/mail/roundcube/distinfo b/mail/roundcube/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.98 2026/03/19 03:53:55 taca Exp $
+$NetBSD: distinfo,v 1.99 2026/03/29 14:31:58 taca Exp $
 
-BLAKE2s (roundcubemail-1.6.14-complete.tar.gz) = 311e2076bd3343acb18c1f5c93378c3580625f45a6db0a683cfa6d3e0a2f2b76
-SHA512 (roundcubemail-1.6.14-complete.tar.gz) = 55e3ee4674ac6257a80577b98295b972609b3a6bbb2d929841101132aa960ccbed56c3ddd127a417eb301433215fe8917c373df19da768b57844e1fadcbda525
-Size (roundcubemail-1.6.14-complete.tar.gz) = 5873247 bytes
+BLAKE2s (roundcubemail-1.6.15-complete.tar.gz) = 4cca817ff79802fd977c1df23002938feb1eae76eb597d2ed7338e2f61835c08
+SHA512 (roundcubemail-1.6.15-complete.tar.gz) = 8c99493c0008a5c498d9ad665881ce2a3d4368affb831e5af36ca65d37e643ba9aded1129ee41c576aa50d5bed2080e80ee7ec5d0f942b0f02fb48c5082f54fe
+Size (roundcubemail-1.6.15-complete.tar.gz) = 5872562 bytes
 SHA1 (patch-config_config.inc.php.sample) = 92a48a97b16fe3f5f4b9441fce762a559d8daca7
 SHA1 (patch-program_include_iniset.php) = 8a6c13c0c87d583ed60e43c01a4173d9d802a6a1
 SHA1 (patch-program_lib_Roundcube_rcube__mime.php) = bfefc6850d3db230dd4224491e895fe25a32e87a
