Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#68335 - [opensmtpd] smtlctl encrypt does not properly encrypt passwords

Attached to Project: Community Packages
Opened by Duy Truong (jimreynold2nd) - Monday, 19 October 2020, 16:45 GMT
Last edited by Morten Linderud (Foxboron) - Monday, 16 November 2020, 17:50 GMT
Task Type Bug Report
Category Upstream Bugs
Status Assigned
Assigned To Lukas Fleischer (lfleischer)
Bruno Pagani (ArchangeGabriel)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
`smtpctl encrypt` has an upstream bug, where it encrypts the string "--" instead of whatever passwords given to it.
This seems to have been fixed in their github mirror (https://github.com/OpenSMTPD/OpenSMTPD), but not yet incorporated into a release on opensmtpd.org.
The patch to fix this (https://github.com/OpenSMTPD/OpenSMTPD/commit/0f8098518af277a62aa2658a0af7aa3fa5ac2120.patch) should probably be incorporated into Arch release until it is available in upstream release.

As of right now, creds file authentication will not work in Arch, and so are basic authentication setup instructions in https://wiki.archlinux.org/index.php/OpenSMTPD, which I imagine will confuse quite a bit of people.

Additional info:
* package version(s): 6.7.1p1-6
* config and/or log files etc.
* link to upstream bug report: https://github.com/OpenSMTPD/OpenSMTPD/issues/1069

Steps to reproduce:

Case 1: trying to use just `smtpctl encrypt` to enter password interactively:
1. run `smtpctl encrypt`
Expect: Password prompt
Actual: no prompt; smtpctl outputs a sha-512 encrypted password for the string "--".

Case 2: trying to encrypt a password as argument
1. run `smtpctl encrypt mypassword`
Expect: encrypted string for "mypassword" is printed out
Actual: encrypted string for "--" is printed out

Case 3: trying to encrypt a password from stdin
1. run `echo -n "mypassword" | smtpctl encrypt`
Expect: encrypted string for "mypassword" is printed out
Actual: encrypted string for "--" is printed out
This task depends upon

Loading...