From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: radicale broken in 7.8 due to py3-bcrypt changes
To: Vincent Lee <vincent@vincent-lee.net>
Cc: ports@openbsd.org
Date: Wed, 22 Oct 2025 22:56:30 +0100

On 2025/10/22 12:11, Vincent Lee wrote:
> Hey all,
> 
> Just upgraded to 7.8 to find that Radicale 2.1.12p9 is broken due to
> upstream changes in py3-bcrypt 5.0.0, which causes it to throw
> exceptions when the password is too long instead of silently
> truncating[1]. I'm using the bcrypt authentication backend, the only one
> deemed "secure" in the config file, and an exception gets thrown on
> startup, appended below.
> 
> This change has caused quite a few breakages around the Python
> ecosystem, for example here[2].
> 
> Just sending this as an FYI. I'm not sure what I'll do going forward,
> probably an attempt to locally patch the program to not go through
> passlib, directly call bcrypt (ignoring the configuration option),
> manually truncating the password before doing so.

Probably best to start by updating radicale to a recent version, they
already dropped passlib. The port is unmaintained and hasn't been
updated since 2020.