Download raw body.
security/py-passlib: fix broking logging
Good find.
Seeing https://github.com/ThirVondukr/passlib/pull/15#issuecomment-2844561564
do you think it might be worth waiting to see what gets committed
upstream first?
On 2025/05/01 10:14, Kirill A. Korinsky wrote:
> ports,
>
> I had narrowed down the issue with mitmproxy too verbose logging to a the
> root cause: update of security/py-passlib.
>
> The new fork includes
> https://github.com/ThirVondukr/passlib/commit/650121d0cd7a6da775b2f44573de4c165b80d93c
> which had switched the code to use logging in the way like logging.debug()
>
> One of the casses happens on import, and as documentation stated here
> https://docs.python.org/3/library/logging.html#logging.debug the call
> `logging.debug (or similar one) make implicit configuration of the logger
> and it dismiss the second configuration from user application like mitmproxy
>
> We had a few users for security/py-passlib:
> - productivity/radicale
> - productivity/radicale2
> - security/mitmproxy
> - sysutils/ansible-core
> - www/odoo
> - www/py-autobahn
> which might be impacted by this bug.
>
> I had backported this fix to upstream already, and I think that we need
> backport it to -stable as well.
>
> Ok for -current and -stable?
>
>
> Index: security/py-passlib/Makefile
> ===================================================================
> RCS file: /cvs/ports/security/py-passlib/Makefile,v
> diff -u -p -r1.30 Makefile
> --- security/py-passlib/Makefile 26 Mar 2025 09:42:19 -0000 1.30
> +++ security/py-passlib/Makefile 1 May 2025 08:04:17 -0000
> @@ -1,6 +1,7 @@
> COMMENT= Python module providing a password hashing framework
>
> MODPY_DISTV= 1.9.0
> +REVISION= 0
> DISTNAME= libpass-${MODPY_DISTV}
> # libpass is a maintained fork of passlib, providing the same namespace
> PKGNAME= py-passlib-${MODPY_DISTV}
> Index: security/py-passlib/patches/patch-passlib_registry_py
> ===================================================================
> RCS file: security/py-passlib/patches/patch-passlib_registry_py
> diff -N security/py-passlib/patches/patch-passlib_registry_py
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ security/py-passlib/patches/patch-passlib_registry_py 1 May 2025 08:04:17 -0000
> @@ -0,0 +1,36 @@
> +https://github.com/ThirVondukr/passlib/pull/15
> +
> +Index: passlib/registry.py
> +--- passlib/registry.py.orig
> ++++ passlib/registry.py
> +@@ -234,7 +234,7 @@ def register_crypt_handler_path(name, path):
> +
> + # store location
> + _locations[name] = path
> +- logging.debug("registered path to %r handler: %r", name, path)
> ++ logging.getLogger(__name__).debug("registered path to %r handler: %r", name, path)
> +
> +
> + def register_crypt_handler(handler, force=False, _attr=None):
> +@@ -278,10 +278,10 @@ def register_crypt_handler(handler, force=False, _attr
> + other = _handlers.get(name)
> + if other:
> + if other is handler:
> +- logging.debug("same %r handler already registered: %r", name, handler)
> ++ logging.getLogger(__name__).debug("same %r handler already registered: %r", name, handler)
> + return
> + if force:
> +- logging.warning(
> ++ logging.getLogger(__name__).warning(
> + "overriding previously registered %r handler: %r", name, other
> + )
> + else:
> +@@ -291,7 +291,7 @@ def register_crypt_handler(handler, force=False, _attr
> +
> + # register handler
> + _handlers[name] = handler
> +- logging.debug("registered %r handler: %r", name, handler)
> ++ logging.getLogger(__name__).debug("registered %r handler: %r", name, handler)
> +
> +
> + def get_crypt_handler(name, default=_UNSET):
>
>
> --
> wbr, Kirill
>
security/py-passlib: fix broking logging