commit: eae858a281422f8a226c3cfe7412ce18c635d081 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Wed Oct 1 07:12:38 2025 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Wed Oct 1 07:39:35 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eae858a2
dev-python/passlib: Patch dev-python/bcrypt-5.0.0 incompatibility Disable the wraparound bug check that triggers an exception since bcrypt no longer permits implicit truncation. The bug probably does not apply to any recent dev-python/bcrypt versions anyway (it returned False with 4.0.1). Bug: https://foss.heptapod.net/python-libs/passlib/-/issues/196 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> dev-python/passlib/files/passlib-1.7.4-bcrypt.patch | 21 +++++++++++++++++++++ ...slib-1.7.4-r3.ebuild => passlib-1.7.4-r4.ebuild} | 16 +++++++++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/dev-python/passlib/files/passlib-1.7.4-bcrypt.patch b/dev-python/passlib/files/passlib-1.7.4-bcrypt.patch new file mode 100644 index 000000000000..19bb604dbef4 --- /dev/null +++ b/dev-python/passlib/files/passlib-1.7.4-bcrypt.patch @@ -0,0 +1,21 @@ +diff -r 7aafcc60b4f5 passlib/handlers/bcrypt.py +--- a/passlib/handlers/bcrypt.py Thu Oct 08 15:01:32 2020 -0400 ++++ b/passlib/handlers/bcrypt.py Wed Oct 01 09:04:12 2025 +0200 +@@ -366,6 +366,8 @@ + NOTE: if in future we need to deliberately create hashes which have this bug, + can use something like 'hashpw(repeat_string(secret[:((1+secret) % 256) or 1]), 72)' + """ ++ return False ++ + # check if it exhibits wraparound bug + secret = (b"0123456789"*26)[:255] + bug_hash = ident.encode("ascii") + b"04$R1lJ2gkNaoPGdafE.H.16.nVyh2niHsGJhayOHLMiXlI45o8/DU.6" +@@ -609,7 +611,7 @@ + except ImportError: # pragma: no cover + return False + try: +- version = _bcrypt.__about__.__version__ ++ version = _bcrypt.__version__ + except: + log.warning("(trapped) error reading bcrypt version", exc_info=True) + version = '<unknown>' diff --git a/dev-python/passlib/passlib-1.7.4-r3.ebuild b/dev-python/passlib/passlib-1.7.4-r4.ebuild similarity index 74% rename from dev-python/passlib/passlib-1.7.4-r3.ebuild rename to dev-python/passlib/passlib-1.7.4-r4.ebuild index 0647bd4ffec3..f52dbcd80c82 100644 --- a/dev-python/passlib/passlib-1.7.4-r3.ebuild +++ b/dev-python/passlib/passlib-1.7.4-r4.ebuild @@ -28,12 +28,17 @@ BDEPEND=" ) )" +EPYTEST_PLUGINS=() +EPYTEST_XDIST=1 distutils_enable_tests pytest src_prepare() { - # fix compatibility with >=dev-python/bcrypt-4.1 - # https://foss.heptapod.net/python-libs/passlib/-/issues/190 - sed -i -e '/bcrypt/s:__about__\.::' passlib/handlers/bcrypt.py || die + local PATCHES=( + # combined bcrypt compatibility fixes + # https://foss.heptapod.net/python-libs/passlib/-/issues/190 + # https://foss.heptapod.net/python-libs/passlib/-/issues/196 + "${FILESDIR}/${P}-bcrypt.patch" + ) distutils-r1_src_prepare } @@ -42,6 +47,11 @@ python_test() { local EPYTEST_DESELECT=( # broken all the time by new django releases passlib/tests/test_ext_django.py + + # bcrypt now disallows implicit password truncation + passlib/tests/test_handlers_bcrypt.py::bcrypt_bcrypt_test::test_70_hashes + passlib/tests/test_handlers_bcrypt.py::bcrypt_bcrypt_test::test_secret_w_truncate_size + passlib/tests/test_handlers_django.py::django_bcrypt_test::test_secret_w_truncate_size ) case ${EPYTHON} in
