From: Nizamudeen A <nia@redhat.com>
Date: Thu, 30 Oct 2025 04:35:04 +0000 (+0530)
Subject: mgr/alerts: enforce ssl context to SMTP_SSL
X-Git-Tag: archive/raspbian/16.2.15+ds-0+deb12u2+rpi1^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1b7e5bce0e91392e70b0dd6d6ed51d5b6e0a3f15;p=ceph.git

mgr/alerts: enforce ssl context to SMTP_SSL

Origin: https://github.com/ceph/ceph/commit/5081933c9a0068fe9deba4fca2d943bda3168518
Bug-Debian: https://bugs.debian.org/1126573
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2024-31884

Fixes: https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 5f7fc5267e55089eeb1cfc87e9c1215c32439102)

Gbp-Pq: Name mgr-alerts-enforce-ssl-context-to-SMTP_SSL.patch
---

diff --git a/src/pybind/mgr/alerts/module.py b/src/pybind/mgr/alerts/module.py
index 3d299f0d4..d779ef6b2 100644
--- a/src/pybind/mgr/alerts/module.py
+++ b/src/pybind/mgr/alerts/module.py
@@ -9,6 +9,7 @@ from threading import Event
 import errno
 import json
 import smtplib
+import ssl
 
 class Alerts(MgrModule):
     COMMANDS = [
@@ -243,8 +244,9 @@ class Alerts(MgrModule):
 
         # send
         try:
+            context = ssl.create_default_context()
             if self.smtp_ssl:
-                server = smtplib.SMTP_SSL(self.smtp_host, self.smtp_port)
+                server = smtplib.SMTP_SSL(self.smtp_host, self.smtp_port, context=context)
             else:
                 server = smtplib.SMTP(self.smtp_host, self.smtp_port)
             if self.smtp_password: