Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#68335 - [opensmtpd] smtlctl encrypt does not properly encrypt passwords
Attached to Project:
Community Packages
Opened by Duy Truong (jimreynold2nd) - Monday, 19 October 2020, 16:45 GMT
Last edited by Morten Linderud (Foxboron) - Monday, 16 November 2020, 17:50 GMT
Opened by Duy Truong (jimreynold2nd) - Monday, 19 October 2020, 16:45 GMT
Last edited by Morten Linderud (Foxboron) - Monday, 16 November 2020, 17:50 GMT
|
DetailsDescription:
`smtpctl encrypt` has an upstream bug, where it encrypts the string "--" instead of whatever passwords given to it. This seems to have been fixed in their github mirror (https://github.com/OpenSMTPD/OpenSMTPD), but not yet incorporated into a release on opensmtpd.org. The patch to fix this (https://github.com/OpenSMTPD/OpenSMTPD/commit/0f8098518af277a62aa2658a0af7aa3fa5ac2120.patch) should probably be incorporated into Arch release until it is available in upstream release. As of right now, creds file authentication will not work in Arch, and so are basic authentication setup instructions in https://wiki.archlinux.org/index.php/OpenSMTPD, which I imagine will confuse quite a bit of people. Additional info: * package version(s): 6.7.1p1-6 * config and/or log files etc. * link to upstream bug report: https://github.com/OpenSMTPD/OpenSMTPD/issues/1069 Steps to reproduce: Case 1: trying to use just `smtpctl encrypt` to enter password interactively: 1. run `smtpctl encrypt` Expect: Password prompt Actual: no prompt; smtpctl outputs a sha-512 encrypted password for the string "--". Case 2: trying to encrypt a password as argument 1. run `smtpctl encrypt mypassword` Expect: encrypted string for "mypassword" is printed out Actual: encrypted string for "--" is printed out Case 3: trying to encrypt a password from stdin 1. run `echo -n "mypassword" | smtpctl encrypt` Expect: encrypted string for "mypassword" is printed out Actual: encrypted string for "--" is printed out |
This task depends upon