Bug#991409: unblock request: msmtp/1.8.11-2.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
Please unblock the package msmtp.
[ Reason ]
The version presently in bullseye does not understand lowercase SMTP
commands. It violates RFC821 [1] from 1982 and later applicable specs
such as RFC5321. [2]
[ Impact ]
Users of the version in bullseye cannot send emails via SMTP port 25
locally when software sends mixed or lowercase commands. The issue was
discovered when sending key expiration reminders to Debian
contributors via Python's smtplib [3][4] but probably affects
additional programs, modules and libraries. The faulty behavior is
further detailed in Bug#985468 [5] and the links provided therein.
[6][7]
[ Tests ]
I personally used the patched version on half a dozen machines since
March, and have had no issues with it.
[ Risks ]
The commit cherry-picked here [8] was accepted by upstream over a year
ago. It replaces several instances of 'strcmp' with the case
insensitive equivalent 'strcasecmp'. The risk of breakage is probably
low.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
The debdiff for the sources is shown at the bottom of this message.
For easier perusal I also attached the actual patch.
unblock thunderbird/1:78.12.0-1
[1] https://tools.ietf.org/html/rfc821
[2] https://tools.ietf.org/html/rfc5321
[3] https://bugs.debian.org/892058
[4] https://salsa.debian.org/lechner/key-expirations
[5] https://bugs.debian.org/985468
[6] https://bugs.python.org/issue29860
[7] https://github.com/marlam/msmtp-mirror/issues/45
[8] https://github.com/marlam/msmtp-mirror/commit/7d2222cfd522efc13fde4df448d834bc6ba2b205
* * *
$ debdiff msmtp_1.8.11-2.dsc msmtp_1.8.11-2.1.dsc
diff -Nru msmtp-1.8.11/debian/changelog msmtp-1.8.11/debian/changelog
--- msmtp-1.8.11/debian/changelog 2020-08-20 07:24:11.000000000 -0700
+++ msmtp-1.8.11/debian/changelog 2021-03-18 09:01:45.000000000 -0700
@@ -1,3 +1,12 @@
+msmtp (1.8.11-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Cherry-pick 7d2222cf from upstream for the bullseye release. Brings
+ msmtp into conformance with RFC821, which states that "Commands and
+ replies are not case sensitive." (Closes: #985468)
+
+ -- Felix Lechner <felix.lechner@lease-up.com> Thu, 18 Mar 2021 09:01:45 -0700
+
msmtp (1.8.11-2) unstable; urgency=medium
* Fix build options to re-enable TLS support via GnuTLS, IDN and SASL.
diff -Nru msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff
msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff
--- msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff
1969-12-31 16:00:00.000000000 -0800
+++ msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff
2021-03-18 09:01:45.000000000 -0700
@@ -0,0 +1,70 @@
+Description: Cherry-pick 7d2222cf from upstream for bullseye, adjusted
+Author: Felix Lechner <felix.lechner@lesae-up.com>
+Origin: https://github.com/marlam/msmtp-mirror/commit/7d2222cfd522efc13fde4df448d834bc6ba2b205.diff
+Bug: https://github.com/marlam/msmtp-mirror/issues/45
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/msmtpd.c
++++ b/src/msmtpd.c
+@@ -26,6 +26,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <strings.h>
+ #include <errno.h>
+ #include <unistd.h>
+ #include <signal.h>
+@@ -186,18 +187,18 @@ int msmtpd_session(FILE* in, FILE* out,
+ fprintf(out, "220 localhost ESMTP msmtpd\r\n");
+ if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
+ return 1;
+- if (strncmp(buf, "EHLO ", 5) != 0 && strncmp(buf, "HELO ", 5) != 0) {
++ if (strncasecmp(buf, "EHLO ", 5) != 0 && strncasecmp(buf, "HELO
", 5) != 0) {
+ fprintf(out, "500 Expected EHLO or HELO\r\n");
+ return 1;
+ }
+ fprintf(out, "250 localhost\r\n");
+ if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
+ return 1;
+- if (strncmp(buf, "MAIL FROM:", 10) != 0 && strcmp(buf, "QUIT") != 0) {
++ if (strncasecmp(buf, "MAIL FROM:", 10) != 0 && strcasecmp(buf,
"QUIT") != 0) {
+ fprintf(out, "500 Expected MAIL FROM:<addr> or QUIT\r\n");
+ return 1;
+ }
+- if (strcmp(buf, "QUIT") == 0) {
++ if (strcasecmp(buf, "QUIT") == 0) {
+ fprintf(out, "221 Bye\r\n");
+ return 0;
+ }
+@@ -235,19 +236,19 @@ int msmtpd_session(FILE* in, FILE* out,
+ return 1;
+ }
+ if (!recipient_was_seen) {
+- if (strncmp(buf, "RCPT TO:", 8) != 0) {
++ if (strncasecmp(buf, "RCPT TO:", 8) != 0) {
+ fprintf(out, "500 Expected RCPT TO:<addr>\r\n");
+ free(cmd);
+ return 1;
+ }
+ } else {
+- if (strncmp(buf, "RCPT TO:", 8) != 0 && strcmp(buf,
"DATA") != 0) {
++ if (strncasecmp(buf, "RCPT TO:", 8) != 0 &&
strcasecmp(buf, "DATA") != 0) {
+ fprintf(out, "500 Expected RCPT TO:<addr> or DATA\r\n");
+ free(cmd);
+ return 1;
+ }
+ }
+- if (strcmp(buf, "DATA") == 0) {
++ if (strcasecmp(buf, "DATA") == 0) {
+ break;
+ } else {
+ if (get_addr(buf + 8, addrbuf, 0, &addrlen) != 0) {
+@@ -302,7 +303,7 @@ int msmtpd_session(FILE* in, FILE* out,
+ fprintf(out, "250 Ok, mail was piped\r\n");
+ if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
+ return 0; /* ignore missing QUIT */
+- if (strcmp(buf, "QUIT") != 0) {
++ if (strcasecmp(buf, "QUIT") != 0) {
+ fprintf(out, "500 Expected QUIT\r\n");
+ return 1;
+ }
diff -Nru msmtp-1.8.11/debian/patches/series msmtp-1.8.11/debian/patches/series
--- msmtp-1.8.11/debian/patches/series 2020-04-23 07:36:12.000000000 -0700
+++ msmtp-1.8.11/debian/patches/series 2021-03-18 09:01:45.000000000 -0700
@@ -1 +1,2 @@
+7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff
fix_typo_manapge
Description: Cherry-pick 7d2222cf from upstream for bullseye, adjusted
Author: Felix Lechner <felix.lechner@lesae-up.com>
Origin: https://github.com/marlam/msmtp-mirror/commit/7d2222cfd522efc13fde4df448d834bc6ba2b205.diff
Bug: https://github.com/marlam/msmtp-mirror/issues/45
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/msmtpd.c
+++ b/src/msmtpd.c
@@ -26,6 +26,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
@@ -186,18 +187,18 @@ int msmtpd_session(FILE* in, FILE* out,
fprintf(out, "220 localhost ESMTP msmtpd\r\n");
if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
return 1;
- if (strncmp(buf, "EHLO ", 5) != 0 && strncmp(buf, "HELO ", 5) != 0) {
+ if (strncasecmp(buf, "EHLO ", 5) != 0 && strncasecmp(buf, "HELO ", 5) != 0) {
fprintf(out, "500 Expected EHLO or HELO\r\n");
return 1;
}
fprintf(out, "250 localhost\r\n");
if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
return 1;
- if (strncmp(buf, "MAIL FROM:", 10) != 0 && strcmp(buf, "QUIT") != 0) {
+ if (strncasecmp(buf, "MAIL FROM:", 10) != 0 && strcasecmp(buf, "QUIT") != 0) {
fprintf(out, "500 Expected MAIL FROM:<addr> or QUIT\r\n");
return 1;
}
- if (strcmp(buf, "QUIT") == 0) {
+ if (strcasecmp(buf, "QUIT") == 0) {
fprintf(out, "221 Bye\r\n");
return 0;
}
@@ -235,19 +236,19 @@ int msmtpd_session(FILE* in, FILE* out,
return 1;
}
if (!recipient_was_seen) {
- if (strncmp(buf, "RCPT TO:", 8) != 0) {
+ if (strncasecmp(buf, "RCPT TO:", 8) != 0) {
fprintf(out, "500 Expected RCPT TO:<addr>\r\n");
free(cmd);
return 1;
}
} else {
- if (strncmp(buf, "RCPT TO:", 8) != 0 && strcmp(buf, "DATA") != 0) {
+ if (strncasecmp(buf, "RCPT TO:", 8) != 0 && strcasecmp(buf, "DATA") != 0) {
fprintf(out, "500 Expected RCPT TO:<addr> or DATA\r\n");
free(cmd);
return 1;
}
}
- if (strcmp(buf, "DATA") == 0) {
+ if (strcasecmp(buf, "DATA") == 0) {
break;
} else {
if (get_addr(buf + 8, addrbuf, 0, &addrlen) != 0) {
@@ -302,7 +303,7 @@ int msmtpd_session(FILE* in, FILE* out,
fprintf(out, "250 Ok, mail was piped\r\n");
if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0)
return 0; /* ignore missing QUIT */
- if (strcmp(buf, "QUIT") != 0) {
+ if (strcasecmp(buf, "QUIT") != 0) {
fprintf(out, "500 Expected QUIT\r\n");
return 1;
}
Reply to: