Package: msmtp-mta Severity: serious Justification: Does not work with Python's widely used smtplib
Hi, For release with bullseye, please apply the attached patch from upstream to version 1.8.11-2 in unstable. When patched, msmtpd also accepts SMTP commands in lowercase. Then, the program works with Python's widely used 'smtplib' module. The current behavior may be against RFC 821, which states that the commands "can be any syntax, such as mAiL FroM". [1] Please have a look at my bug report upstream. [2] I encountered the issue when sending reminders for expiring Debian keys. The attached patch was tested with this script [3] and fixes the issue. It would be nice to have the fix in bullseye. As an experiment, I also sent email with the patched version (although without Python's smtplib, and with the sendmail program). Perhaps it shows that the patch does not break the program for everyone else. I used the 'serious' level—normally only available to the maintainer—to bring the bug to the attention of the release team, who recommended this filing. Below is a debdiff for the resulting sources, in addition to the patch. Thanks for taking a look! Kind regards Felix Lechner [1] https://bugs.python.org/issue29860 [2] https://github.com/marlam/msmtp-mirror/issues/45 [3] https://salsa.debian.org/lechner/key-expirations/-/blob/master/upcoming-expirations#L72-74 * * *
diff -Nru msmtp-1.8.11/debian/changelog msmtp-1.8.11/debian/changelog --- msmtp-1.8.11/debian/changelog 2020-08-20 07:24:11.000000000 -0700 +++ msmtp-1.8.11/debian/changelog 2021-03-18 09:01:45.000000000 -0700 @@ -1,3 +1,13 @@ +msmtp (1.8.11-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * Cherry-pick 7d2222cf from upstream for bullseye. Fixes failure to work + with Python's widely used 'smtplib' as described here: + - https://github.com/marlam/msmtp-mirror/issues/45 + - https://bugs.python.org/issue29860 + + -- Felix Lechner <felix.lech...@lease-up.com> Thu, 18 Mar 2021 09:01:45 -0700 + msmtp (1.8.11-2) unstable; urgency=medium * Fix build options to re-enable TLS support via GnuTLS, IDN and SASL. diff -Nru msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff --- msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff 1969-12-31 16:00:00.000000000 -0800 +++ msmtp-1.8.11/debian/patches/7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff 2021-03-18 09:01:45.000000000 -0700 @@ -0,0 +1,70 @@ +Description: Cherry-pick 7d2222cf from upstream for bullseye, adjusted +Author: Felix Lechner <felix.lech...@lesae-up.com> +Origin: https://github.com/marlam/msmtp-mirror/commit/7d2222cfd522efc13fde4df448d834bc6ba2b205.diff +Bug: https://github.com/marlam/msmtp-mirror/issues/45 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/msmtpd.c ++++ b/src/msmtpd.c +@@ -26,6 +26,7 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <strings.h> + #include <errno.h> + #include <unistd.h> + #include <signal.h> +@@ -186,18 +187,18 @@ int msmtpd_session(FILE* in, FILE* out, + fprintf(out, "220 localhost ESMTP msmtpd\r\n"); + if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) + return 1; +- if (strncmp(buf, "EHLO ", 5) != 0 && strncmp(buf, "HELO ", 5) != 0) { ++ if (strncasecmp(buf, "EHLO ", 5) != 0 && strncasecmp(buf, "HELO ", 5) != 0) { + fprintf(out, "500 Expected EHLO or HELO\r\n"); + return 1; + } + fprintf(out, "250 localhost\r\n"); + if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) + return 1; +- if (strncmp(buf, "MAIL FROM:", 10) != 0 && strcmp(buf, "QUIT") != 0) { ++ if (strncasecmp(buf, "MAIL FROM:", 10) != 0 && strcasecmp(buf, "QUIT") != 0) { + fprintf(out, "500 Expected MAIL FROM:<addr> or QUIT\r\n"); + return 1; + } +- if (strcmp(buf, "QUIT") == 0) { ++ if (strcasecmp(buf, "QUIT") == 0) { + fprintf(out, "221 Bye\r\n"); + return 0; + } +@@ -235,19 +236,19 @@ int msmtpd_session(FILE* in, FILE* out, + return 1; + } + if (!recipient_was_seen) { +- if (strncmp(buf, "RCPT TO:", 8) != 0) { ++ if (strncasecmp(buf, "RCPT TO:", 8) != 0) { + fprintf(out, "500 Expected RCPT TO:<addr>\r\n"); + free(cmd); + return 1; + } + } else { +- if (strncmp(buf, "RCPT TO:", 8) != 0 && strcmp(buf, "DATA") != 0) { ++ if (strncasecmp(buf, "RCPT TO:", 8) != 0 && strcasecmp(buf, "DATA") != 0) { + fprintf(out, "500 Expected RCPT TO:<addr> or DATA\r\n"); + free(cmd); + return 1; + } + } +- if (strcmp(buf, "DATA") == 0) { ++ if (strcasecmp(buf, "DATA") == 0) { + break; + } else { + if (get_addr(buf + 8, addrbuf, 0, &addrlen) != 0) { +@@ -302,7 +303,7 @@ int msmtpd_session(FILE* in, FILE* out, + fprintf(out, "250 Ok, mail was piped\r\n"); + if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) + return 0; /* ignore missing QUIT */ +- if (strcmp(buf, "QUIT") != 0) { ++ if (strcasecmp(buf, "QUIT") != 0) { + fprintf(out, "500 Expected QUIT\r\n"); + return 1; + } diff -Nru msmtp-1.8.11/debian/patches/series msmtp-1.8.11/debian/patches/series --- msmtp-1.8.11/debian/patches/series 2020-04-23 07:36:12.000000000 -0700 +++ msmtp-1.8.11/debian/patches/series 2021-03-18 09:01:45.000000000 -0700 @@ -1 +1,2 @@ +7d2222cfd522efc13fde4df448d834bc6ba2b205-adjusted.diff fix_typo_manapge
Description: Cherry-pick 7d2222cf from upstream for bullseye, adjusted Author: Felix Lechner <felix.lech...@lesae-up.com> Origin: https://github.com/marlam/msmtp-mirror/commit/7d2222cfd522efc13fde4df448d834bc6ba2b205.diff Bug: https://github.com/marlam/msmtp-mirror/issues/45 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/src/msmtpd.c +++ b/src/msmtpd.c @@ -26,6 +26,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <strings.h> #include <errno.h> #include <unistd.h> #include <signal.h> @@ -186,18 +187,18 @@ int msmtpd_session(FILE* in, FILE* out, fprintf(out, "220 localhost ESMTP msmtpd\r\n"); if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) return 1; - if (strncmp(buf, "EHLO ", 5) != 0 && strncmp(buf, "HELO ", 5) != 0) { + if (strncasecmp(buf, "EHLO ", 5) != 0 && strncasecmp(buf, "HELO ", 5) != 0) { fprintf(out, "500 Expected EHLO or HELO\r\n"); return 1; } fprintf(out, "250 localhost\r\n"); if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) return 1; - if (strncmp(buf, "MAIL FROM:", 10) != 0 && strcmp(buf, "QUIT") != 0) { + if (strncasecmp(buf, "MAIL FROM:", 10) != 0 && strcasecmp(buf, "QUIT") != 0) { fprintf(out, "500 Expected MAIL FROM:<addr> or QUIT\r\n"); return 1; } - if (strcmp(buf, "QUIT") == 0) { + if (strcasecmp(buf, "QUIT") == 0) { fprintf(out, "221 Bye\r\n"); return 0; } @@ -235,19 +236,19 @@ int msmtpd_session(FILE* in, FILE* out, return 1; } if (!recipient_was_seen) { - if (strncmp(buf, "RCPT TO:", 8) != 0) { + if (strncasecmp(buf, "RCPT TO:", 8) != 0) { fprintf(out, "500 Expected RCPT TO:<addr>\r\n"); free(cmd); return 1; } } else { - if (strncmp(buf, "RCPT TO:", 8) != 0 && strcmp(buf, "DATA") != 0) { + if (strncasecmp(buf, "RCPT TO:", 8) != 0 && strcasecmp(buf, "DATA") != 0) { fprintf(out, "500 Expected RCPT TO:<addr> or DATA\r\n"); free(cmd); return 1; } } - if (strcmp(buf, "DATA") == 0) { + if (strcasecmp(buf, "DATA") == 0) { break; } else { if (get_addr(buf + 8, addrbuf, 0, &addrlen) != 0) { @@ -302,7 +303,7 @@ int msmtpd_session(FILE* in, FILE* out, fprintf(out, "250 Ok, mail was piped\r\n"); if (read_smtp_cmd(in, buf, SMTP_BUFSIZE) != 0) return 0; /* ignore missing QUIT */ - if (strcmp(buf, "QUIT") != 0) { + if (strcasecmp(buf, "QUIT") != 0) { fprintf(out, "500 Expected QUIT\r\n"); return 1; }
