Package: isync Version: 1.3.0-2.2+deb11u1 Severity: normal X-Debbugs-Cc: d...@alexconst.sh
Dear Maintainer, There is a problem with the version of isync that is packaged in Debian Bullseye. Q: What led up to the situation? A: I used PassCmd option in the configuration file and specified the command that returns the corresponding password. Q: What was the outcome of this action? What outcome did you expect instead? A: Authentication failed. I expected successful authentication and subsequent download of my mail. Q: My analysis. A: I learned that the buffer for PassCmd command output is limited to 80 characters. My password is longer. I concluded this is the reason for authentication failure. When I removed PassCmd option and inserted the password via prompt, everything worked as expected. Q: Who is affected? A: Users that have long passwords (especially relevant for those who use password managers since they don't have to remember them and can still enjoy the improved security) and users of "XOAUTH2 tokens" (note that I am not sure whether XOAUTH2 is supported in the Bullseye version of the package). Q: Proposed solution. A: Newer versions of isync have very trivial patches[1][2] that increase the length of the buffer used for PassCmd. Please, consider backporting those patches so that users of long passwords and (possibly) XOAUTH2 could benefit from PassCmd feature on Debian Bullseye. If this is not possible due to versions being frozen after the release, it would be nice to at least have it in the bullseye-backports repository. [1]: https://sourceforge.net/p/isync/mailman/message/36721460/ [2]: https://sourceforge.net/p/isync/mailman/message/37077329/ Note: I am running Devuan Chimaera which is a fork of Debian Bullseye, but this package comes directly from Debian repositories and I have confirmed this issue exists in Debian by inspecting the source code from https://packages.debian.org/bullseye/isync. Thanks, Alex -- System Information: Debian Release: 11.0 Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: OpenRC (via /run/openrc), PID 1: init LSM: AppArmor: enabled Versions of packages isync depends on: ii libc6 2.31-13 ii libdb5.3 5.3.28+dfsg1-0.8 ii libsasl2-2 2.1.27+dfsg-2.1 ii libssl1.1 1.1.1k-1 ii zlib1g 1:1.2.11.dfsg-2 isync recommends no packages. Versions of packages isync suggests: pn mutt <none> -- no debconf information
