Stuart Henderson <stu@spacehopper.org> writes:

> On 2025/10/22 12:11, Vincent Lee wrote:
>> Hey all,
>> 
>> Just upgraded to 7.8 to find that Radicale 2.1.12p9 is broken due to
>> upstream changes in py3-bcrypt 5.0.0, which causes it to throw
>> exceptions when the password is too long instead of silently
>> truncating[1]. I'm using the bcrypt authentication backend, the only one
>> deemed "secure" in the config file, and an exception gets thrown on
>> startup, appended below.
>> 
>> This change has caused quite a few breakages around the Python
>> ecosystem, for example here[2].
>> 
>> Just sending this as an FYI. I'm not sure what I'll do going forward,
>> probably an attempt to locally patch the program to not go through
>> passlib, directly call bcrypt (ignoring the configuration option),
>> manually truncating the password before doing so.
>
> Probably best to start by updating radicale to a recent version, they
> already dropped passlib. The port is unmaintained and hasn't been
> updated since 2020.

Yeah, I just got the latest 3.5.7 working in a virtualenv, pretty
straightforward process. Once I have some free time, I'll figure out how
to get it into ports.

(sorry for the resend sthen@, forgot to CC the list and my client
doesn't recognize Mail-Followup-To)