Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-passlib for openSUSE:Factory checked in at 2025-10-08 18:12:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-passlib (Old) and /work/SRC/openSUSE:Factory/.python-passlib.new.11973 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-passlib" Wed Oct 8 18:12:48 2025 rev:31 rq:1309714 version:1.7.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-passlib/python-passlib.changes 2024-10-12 13:24:47.617959232 +0200 +++ /work/SRC/openSUSE:Factory/.python-passlib.new.11973/python-passlib.changes 2025-10-08 18:13:27.235716402 +0200 @@ -1,0 +2,6 @@ +Wed Oct 8 01:41:11 UTC 2025 - Steve Kowalik <[email protected]> + +- Add patch support-bcrypt-5.0.patch: + * Support changes required by bcrypt 5.0. + +------------------------------------------------------------------- New: ---- support-bcrypt-5.0.patch ----------(New B)---------- New: - Add patch support-bcrypt-5.0.patch: * Support changes required by bcrypt 5.0. ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-passlib.spec ++++++ --- /var/tmp/diff_new_pack.f4oqto/_old 2025-10-08 18:13:28.183756179 +0200 +++ /var/tmp/diff_new_pack.f4oqto/_new 2025-10-08 18:13:28.183756179 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-passlib # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,6 +38,8 @@ Patch0: no-pkg_resources.patch # PATCH-FIX-OPENSUSE Skip crypt tests under Python 3.13 Patch1: no-crypt-with-python-313.patch +# PATCH-FIX-OPENSUSE Support bcrypt 5.0+ changes https://foss.heptapod.net/python-libs/passlib/-/issues/196 +Patch2: support-bcrypt-5.0.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} ++++++ support-bcrypt-5.0.patch ++++++ Index: passlib-1.7.4/passlib/handlers/bcrypt.py =================================================================== --- passlib-1.7.4.orig/passlib/handlers/bcrypt.py +++ passlib-1.7.4/passlib/handlers/bcrypt.py @@ -652,6 +652,9 @@ class _BcryptBackend(_BcryptCommon): config = self._get_config(ident) if isinstance(config, unicode): config = config.encode("ascii") + # bcrypt 5.0 and above require secret to 72 bytes or less + if len(secret) > 72: + secret = secret[:72] hash = _bcrypt.hashpw(secret, config) assert isinstance(hash, bytes) if not hash.startswith(config) or len(hash) != len(config)+31: Index: passlib-1.7.4/passlib/tests/test_handlers_bcrypt.py =================================================================== --- passlib-1.7.4.orig/passlib/tests/test_handlers_bcrypt.py +++ passlib-1.7.4/passlib/tests/test_handlers_bcrypt.py @@ -13,7 +13,7 @@ from passlib import hash from passlib.handlers.bcrypt import IDENT_2, IDENT_2X from passlib.utils import repeat_string, to_bytes, is_safe_crypt_input from passlib.utils.compat import irange, PY3 -from passlib.tests.utils import HandlerCase, TEST_MODE +from passlib.tests.utils import HandlerCase, SkipTest, TEST_MODE from passlib.tests.test_handlers import UPASS_TABLE # module @@ -193,6 +193,16 @@ class _bcrypt_test(HandlerCase): #=================================================================== # fuzz testing #=================================================================== + def test_77_fuzz_input(self, threaded=False): + try: + import bcrypt + except ImportError: + return + bcrypt_version = tuple([int(x) for x in bcrypt.__version__.split('.')]) + if bcrypt_version >= (5, 0, 0): + raise SkipTest("requires bcrypt < 5.0") + super().test_77_fuzz_input(threaded=threaded) + def crypt_supports_variant(self, hash): """check if OS crypt is expected to support given ident""" from passlib.handlers.bcrypt import bcrypt, IDENT_2X, IDENT_2Y
