FS#68335 - [opensmtpd] smtlctl encrypt does not properly encrypt passwords
Attached to Project:
Community Packages
Opened by Duy Truong (jimreynold2nd) - Monday, 19 October 2020, 16:45 GMT
Last edited by Bruno Pagani (ArchangeGabriel) - Sunday, 07 February 2021, 18:19 GMT
Opened by Duy Truong (jimreynold2nd) - Monday, 19 October 2020, 16:45 GMT
Last edited by Bruno Pagani (ArchangeGabriel) - Sunday, 07 February 2021, 18:19 GMT
|
Details
Description:
`smtpctl encrypt` has an upstream bug, where it encrypts the string "--" instead of whatever passwords given to it. This seems to have been fixed in their github mirror (https://github.com/OpenSMTPD/OpenSMTPD), but not yet incorporated into a release on opensmtpd.org. The patch to fix this (https://github.com/OpenSMTPD/OpenSMTPD/commit/0f8098518af277a62aa2658a0af7aa3fa5ac2120.patch) should probably be incorporated into Arch release until it is available in upstream release. As of right now, creds file authentication will not work in Arch, and so are basic authentication setup instructions in https://wiki.archlinux.org/index.php/OpenSMTPD, which I imagine will confuse quite a bit of people. Additional info: * package version(s): 6.7.1p1-6 * config and/or log files etc. * link to upstream bug report: https://github.com/OpenSMTPD/OpenSMTPD/issues/1069 Steps to reproduce: Case 1: trying to use just `smtpctl encrypt` to enter password interactively: 1. run `smtpctl encrypt` Expect: Password prompt Actual: no prompt; smtpctl outputs a sha-512 encrypted password for the string "--". Case 2: trying to encrypt a password as argument 1. run `smtpctl encrypt mypassword` Expect: encrypted string for "mypassword" is printed out Actual: encrypted string for "--" is printed out Case 3: trying to encrypt a password from stdin 1. run `echo -n "mypassword" | smtpctl encrypt` Expect: encrypted string for "mypassword" is printed out Actual: encrypted string for "--" is printed out |
This task depends upon
Closed by Bruno Pagani (ArchangeGabriel)
Sunday, 07 February 2021, 18:19 GMT
Reason for closing: Fixed
Additional comments about closing: Upstream bug, fixed in 6.8 that we have been packaging for a while now.
Sunday, 07 February 2021, 18:19 GMT
Reason for closing: Fixed
Additional comments about closing: Upstream bug, fixed in 6.8 that we have been packaging for a while now.