Download raw body.
radicale broken in 7.8 due to py3-bcrypt changes
Hey all,
Just upgraded to 7.8 to find that Radicale 2.1.12p9 is broken due to
upstream changes in py3-bcrypt 5.0.0, which causes it to throw
exceptions when the password is too long instead of silently
truncating[1]. I'm using the bcrypt authentication backend, the only one
deemed "secure" in the config file, and an exception gets thrown on
startup, appended below.
This change has caused quite a few breakages around the Python
ecosystem, for example here[2].
Just sending this as an FYI. I'm not sure what I'll do going forward,
probably an attempt to locally patch the program to not go through
passlib, directly call bcrypt (ignoring the configuration option),
manually truncating the password before doing so.
[1]: https://github.com/pyca/bcrypt/blob/main/CHANGELOG.rst#500
[2]: https://foss.heptapod.net/python-libs/passlib/-/issues/196
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/radicale/__main__.py", line 138, in run
serve(configuration, logger)
File "/usr/local/lib/python3.12/site-packages/radicale/__main__.py", line 229, in serve
application = Application(configuration, logger)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/radicale/__init__.py", line 251, in __init__
self.Auth = auth.load(configuration, logger)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/radicale/auth.py", line 85, in load
return class_(configuration, logger)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/radicale/auth.py", line 174, in __init__
bcrypt.encrypt("test-bcrypt-backend")
File "/usr/local/lib/python3.12/site-packages/passlib/utils/decor.py", line 172, in wrapper
return func(*args, **kwds)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/ifc.py", line 125, in encrypt
return cls.hash(*args, **kwds)
^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 772, in hash
self.checksum = self._calc_checksum(secret)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 588, in _calc_checksum
self._stub_requires_backend()
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2168, in _stub_requires_backend
cls.set_backend()
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2082, in set_backend
return cls.set_backend(name, dryrun=dryrun)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2107, in set_backend
cls._set_backend(name, dryrun)
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2216, in _set_backend
super()._set_backend(name, dryrun)
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2139, in _set_backend
ok = loader(**kwds)
^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 617, in _load_backend_mixin
return mixin_cls._finalize_backend_mixin(name, dryrun)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 422, in _finalize_backend_mixin
if detect_wrap_bug(IDENT_2A):
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 375, in detect_wrap_bug
if verify(secret, bug_hash):
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 785, in verify
return consteq(self._calc_checksum(secret), chk)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 646, in _calc_checksum
hash = _bcrypt.hashpw(secret, config)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72])
radicale broken in 7.8 due to py3-bcrypt changes