Red Hat Bugzilla – Full Text Bug Listing
|Summary:||ssmtp cannot parse AuthPass with '=' or ':' in it|
|Product:||[Fedora] Fedora||Reporter:||Andreas Dilger <adilger.redhat>|
|Component:||ssmtp||Assignee:||manuel wolfshant <wolfy>|
|Status:||CLOSED NEXTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-11-26 12:09:34 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Andreas Dilger 2008-01-28 19:04:53 EST
Description of problem: The ssmtp config file parser strips out the '=' and ':' characters from the AuthPass password. It appears this is done because the code is trying to be "generic" to pre-parse a port specified on the "MailHub" option, but this causes silent failure of SMTP authentication due to sending a truncated password. Version-Release number of selected component (if applicable): ssmtp-2.61-11.5.fc8.1 How reproducible: completely reproducible Steps to Reproduce: 1. in /etc/ssmtp/ssmtp.conf set "AuthPass=Pass:Word=in:middle" where the actual password is "Pass:Word=in:middle" 2. run ssmtp -d (+other sendmail options) to deliver an email 3. examine /var/log/maillog to see "Set AuthPass=Pass" Actual results: In /var/log/maillog "Set AuthPass=Pass" (and ssmtp delivery failure) Expected results: In /var/log/maillog "Set AuthPass=Pass:Word=in:middle" (and ssmtp delivery OK) Additional info: Patch to fix this for me to be attached. It might also be desirable to examine the other "values" to see if they can be similarly affected.
Comment 1 Andreas Dilger 2008-01-28 19:04:53 EST
Created attachment 293223 [details] don't use the parsed value, use the raw "rightside" value for password
Comment 2 manuel wolfshant 2008-01-28 20:01:09 EST
I'll announce upstream
Comment 3 manuel wolfshant 2008-01-28 21:24:36 EST
The problems seems to be already known upstream, but they have not yet released a patched version. Could you please test using the rpms available (for rawhide) at http://koji.fedoraproject.org/koji/getfile?taskID=379755&name=build.log ? In case you want to build your own, the src rpm is available at http://wolfy.fedorapeople.org/ssmtp-2.61-11.6.fc7.src.rpm
Comment 4 manuel wolfshant 2008-01-28 21:26:08 EST
Sorry, I meant rpms available at http://koji.fedoraproject.org/koji/taskinfo?taskID=379751
Comment 5 Andreas Dilger 2008-01-29 19:01:36 EST
(In reply to comment #3) > The problems seems to be already known upstream, but they have not yet released > a patched version. > > Could you please test using the rpms available (for rawhide) at > http://koji.fedoraproject.org/koji/getfile?taskID=379755&name=build.log ? > In case you want to build your own, the src rpm is available at > http://wolfy.fedorapeople.org/ssmtp-2.61-11.6.fc7.src.rpm The rawhide RPM doesn't install on my FC8 because of different library versions. I downloaded, built, and tested the .src.rpm and was able to reproduce the broken behaviour (password being truncated). Looking at the source code of this release shows no changes in the parsing or handling of the auth_pass value at all (it is still "tokenized" with = and : before being used), so I don't see any way that the problem could be fixed.
Comment 6 manuel wolfshant 2008-01-30 09:24:12 EST
Bug reported upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463196
Comment 7 Bug Zapper 2008-11-26 04:37:12 EST
This message is a reminder that Fedora 8 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 8. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '8'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 8's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 8 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 8 manuel wolfshant 2008-11-26 12:09:34 EST
patch applied in ssmtp-11.7 which show in the repos soon
Comment 9 Fedora Update System 2008-11-26 12:17:26 EST
ssmtp-2.61-11.7.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc8
Comment 10 Fedora Update System 2008-11-26 12:19:40 EST
ssmtp-2.61-11.7.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc9
Comment 11 Fedora Update System 2008-11-26 12:20:37 EST
ssmtp-2.61-11.7.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ssmtp-2.61-11.7.fc10
Comment 12 Fedora Update System 2008-11-26 21:09:10 EST
ssmtp-2.61-11.7.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2008-11-26 21:10:01 EST
ssmtp-2.61-11.7.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2008-11-26 21:11:00 EST
ssmtp-2.61-11.7.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.