# HG changeset patch
# User Benjamin Peterson <benjamin@python.org>
# Date 1465676202 25200
# Node ID b3ce713fb9beebfff9848cefa0acbd59acc68fe9
# Parent  3017e41b0c99d24e88faf1de447f230e2f64d122
raise an error when STARTTLS fails

Upstream-status: Backport
CVE: CVE-2016-0772
Signed-off-by: Armin Kuster <akuster@mvista.com>

Index: Python-2.7.9/Lib/smtplib.py
===================================================================
--- Python-2.7.9.orig/Lib/smtplib.py
+++ Python-2.7.9/Lib/smtplib.py
@@ -656,6 +656,11 @@ class SMTP:
             self.ehlo_resp = None
             self.esmtp_features = {}
             self.does_esmtp = 0
+        else:
+            # RFC 3207:
+            # 501 Syntax error (no parameters allowed)
+            # 454 TLS not available due to temporary reason
+            raise SMTPResponseException(resp, reply)
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],
Index: Python-2.7.9/Misc/NEWS
===================================================================
--- Python-2.7.9.orig/Misc/NEWS
+++ Python-2.7.9/Misc/NEWS
@@ -5136,6 +5136,9 @@ Library
 
 - Issue #8140: Extend compileall to compile single files.  Add -i option.
 
+- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772.  Reported by Team
+  Oststrom
+
 - Issue #7356: ctypes.util: Make parsing of ldconfig output independent of the
   locale.