• New roundcube 1.7 port

    From Michael Grimm@trashcan@ellael.org to muc.lists.freebsd.ports on Mon Jun 1 13:54:59 2026
    From Newsgroup: muc.lists.freebsd.ports

    Hi,
    the new roundcube-php84-1.7.1,1 port failed for me:
    +++++++++++++++++++
    roundcube[45571]: PHP Fatal error: Uncaught RuntimeException: GuzzleHttp requires cURL, the allow_url_fopen ini setting, or a custom HTTP handler. in /usr/local/www/roundcube/vendor/guzzlehttp/guzzle/src/Utils.php:105
    +++++++++++++++++++
    I have deactivated 'allow_url_fopen' in /usr/local/etc/php.ini due to security concerns ever since installing roundcube for the first time.
    Ok, I had had to install php84-curl-8.4.21 in addition to roundcube-php84-1.7.1,1 to get roundcube working as usual.
    Here are my questions:
    #) What is better w.r.t. security
    () allow_url_fopen?
    () curl?
    () "custom HTTP handler"? (whatever that might be)
    #) Am I the only one using roundcube with cURL while disabling 'allow_url_fopen'?
    #) If not, should I open a PR for adding curl to USE_PHP like for [1]?
    Regards,
    Michael
    [1] roundcube-carddav and roundcube-yubikey_auth
    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Alex Dupre@ale@FreeBSD.org to muc.lists.freebsd.ports on Wed Jun 3 18:14:22 2026
    From Newsgroup: muc.lists.freebsd.ports

    On 01/06/2026 13:54, Michael Grimm wrote:
    the new roundcube-php84-1.7.1,1 port failed for me:

    +++++++++++++++++++
    roundcube[45571]: PHP Fatal error: Uncaught RuntimeException: GuzzleHttp requires cURL, the allow_url_fopen ini setting, or a custom HTTP handler. in /usr/local/www/roundcube/vendor/guzzlehttp/guzzle/src/Utils.php:105
    +++++++++++++++++++

    I have deactivated 'allow_url_fopen' in /usr/local/etc/php.ini due to security concerns ever since installing roundcube for the first time.

    Ok, I had had to install php84-curl-8.4.21 in addition to roundcube-php84-1.7.1,1 to get roundcube working as usual.

    Here are my questions:

    #) What is better w.r.t. security
    () allow_url_fopen?
    () curl?
    () "custom HTTP handler"? (whatever that might be)

    #) Am I the only one using roundcube with cURL while disabling 'allow_url_fopen'?

    #) If not, should I open a PR for adding curl to USE_PHP like for [1]?
    If you are concerned about enabling "allow_url_fopen" then I think
    installing curl is better w.r.t security, since the latter is explicit.

    I cannot answer on the second question, but if you have a non-default
    setup I don't think there is anything wrong in directly installing
    additional dependencies. If you are using ports you can enable them in
    the php-extensions port options.
    --
    Alex Dupre



    --
    Posted automagically by a mail2news gateway at muc.de e.V.
    Please direct questions, flames, donations, etc. to news-admin@muc.de
    --- Synchronet 3.22a-Linux NewsLink 1.2