Control: tag -1 +pending On Fri, Mar 27, 2026 at 07:45:18PM +0100, Andreas Weigand wrote: > Hi, > > I observed the same problem as the original submitter. > > After digging into the issue here are my observations and a possible > solution: > > /etc/Muttrc.d/smime.rc contains the line/setting > set smime_pk7out_command="openssl smime -verify -in %f -noverify -pk7out" > > That command fails on Debian 13: > $ openssl smime -verify -in file -noverify -pk7out > smime: Cannot use -pk7out together with -verify > > This is (now) also written in the openssl-smime(1) man page: > There are six operation options that set the type of operation to be > performed: -encrypt, -decrypt, -sign, -resign, -verify, and -pk7out. > These are mutually exclusive. The meaning of the other options varies > according to the operation type. > > This limitation does not exist in Debian 12 or earlier and the > smime_pk7out_command works there. The openssl-smime(1) on Deb12 does not > mention any "... mutually exclusive". > > Based on the man-page I altered the command: > $ openssl smime -pk7out -in file -noverify > produces the same output on Debian 13 as the old command on Debian 12 > > I put that into mutt: > :set smime_pk7out_command="openssl smime -pk7out -in %f -noverify" > and I can extract the keys again. > > > My proposed solution: > Please change the "set smime_pk7out_command ..." in the shipped > /etc/Muttrc.d/smime.rc and prepare a package update for the next > minor release: >
Thanks for your patch, I will prepare an upload for the next point release (and also fix it in unstable).
