From: Vincent Lee Subject: radicale broken in 7.8 due to py3-bcrypt changes To: ports@openbsd.org Date: Wed, 22 Oct 2025 12:11:48 -0700 Hey all, Just upgraded to 7.8 to find that Radicale 2.1.12p9 is broken due to upstream changes in py3-bcrypt 5.0.0, which causes it to throw exceptions when the password is too long instead of silently truncating[1]. I'm using the bcrypt authentication backend, the only one deemed "secure" in the config file, and an exception gets thrown on startup, appended below. This change has caused quite a few breakages around the Python ecosystem, for example here[2]. Just sending this as an FYI. I'm not sure what I'll do going forward, probably an attempt to locally patch the program to not go through passlib, directly call bcrypt (ignoring the configuration option), manually truncating the password before doing so. [1]: https://github.com/pyca/bcrypt/blob/main/CHANGELOG.rst#500 [2]: https://foss.heptapod.net/python-libs/passlib/-/issues/196 Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/radicale/__main__.py", line 138, in run serve(configuration, logger) File "/usr/local/lib/python3.12/site-packages/radicale/__main__.py", line 229, in serve application = Application(configuration, logger) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/radicale/__init__.py", line 251, in __init__ self.Auth = auth.load(configuration, logger) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/radicale/auth.py", line 85, in load return class_(configuration, logger) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/radicale/auth.py", line 174, in __init__ bcrypt.encrypt("test-bcrypt-backend") File "/usr/local/lib/python3.12/site-packages/passlib/utils/decor.py", line 172, in wrapper return func(*args, **kwds) ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/ifc.py", line 125, in encrypt return cls.hash(*args, **kwds) ^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 772, in hash self.checksum = self._calc_checksum(secret) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 588, in _calc_checksum self._stub_requires_backend() File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2168, in _stub_requires_backend cls.set_backend() File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2082, in set_backend return cls.set_backend(name, dryrun=dryrun) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2107, in set_backend cls._set_backend(name, dryrun) File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2216, in _set_backend super()._set_backend(name, dryrun) File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 2139, in _set_backend ok = loader(**kwds) ^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 617, in _load_backend_mixin return mixin_cls._finalize_backend_mixin(name, dryrun) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 422, in _finalize_backend_mixin if detect_wrap_bug(IDENT_2A): ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 375, in detect_wrap_bug if verify(secret, bug_hash): ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/utils/handlers.py", line 785, in verify return consteq(self._calc_checksum(secret), chk) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 646, in _calc_checksum hash = _bcrypt.hashpw(secret, config) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72])