Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-bcrypt for openSUSE:Factory checked in at 2022-05-06 18:58:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-bcrypt (Old) and /work/SRC/openSUSE:Factory/.python-bcrypt.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-bcrypt" Fri May 6 18:58:09 2022 rev:11 rq:974991 version:3.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-bcrypt/python-bcrypt.changes 2020-10-29 09:47:11.396105355 +0100 +++ /work/SRC/openSUSE:Factory/.python-bcrypt.new.1538/python-bcrypt.changes 2022-05-06 18:58:12.749282648 +0200 @@ -1,0 +2,12 @@ +Wed May 4 19:20:18 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 3.2.2: + * Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. + * Added support for compilation on z/OS + * The next release of ``bcrypt`` with be 4.0 and it will require Rust at + compile time, for users building from source. There will be no additional + requirement for users who are installing from wheels. Users on most + platforms will be able to obtain a wheel by making sure they have an up to + date ``pip``. The minimum supported Rust version will be 1.56.0. + +------------------------------------------------------------------- Old: ---- bcrypt-3.2.0.tar.gz New: ---- bcrypt-3.2.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-bcrypt.spec ++++++ --- /var/tmp/diff_new_pack.CmuHvq/_old 2022-05-06 18:58:13.417283379 +0200 +++ /var/tmp/diff_new_pack.CmuHvq/_new 2022-05-06 18:58:13.421283383 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-bcrypt # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2016, Martin Hauke <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -20,7 +20,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-bcrypt -Version: 3.2.0 +Version: 3.2.2 Release: 0 Summary: BSD type 2a and 2b password hashing License: Apache-2.0 ++++++ bcrypt-3.2.0.tar.gz -> bcrypt-3.2.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/.coveragerc new/bcrypt-3.2.2/.coveragerc --- old/bcrypt-3.2.0/.coveragerc 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/.coveragerc 2022-05-01 19:55:56.000000000 +0200 @@ -1,5 +1,12 @@ [run] branch = True +parallel = True source = bcrypt tests/ + +[paths] +source = + src/bcrypt + .tox/*/lib/python*/site-packages/bcrypt + .tox/pypy/site-packages/bcrypt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/MANIFEST.in new/bcrypt-3.2.2/MANIFEST.in --- old/bcrypt-3.2.0/MANIFEST.in 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/MANIFEST.in 2022-05-01 19:56:00.000000000 +0200 @@ -5,9 +5,11 @@ include tox.ini .coveragerc include src/build_bcrypt.py +recursive-include src py.typed *.pyi recursive-include src/_csrc * recursive-include tests *.py -exclude requirements.txt release.py .travis.yml mypy.ini +exclude requirements.txt release.py mypy.ini -prune .travis +recursive-exclude .github * +recursive-exclude .circleci * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/PKG-INFO new/bcrypt-3.2.2/PKG-INFO --- old/bcrypt-3.2.0/PKG-INFO 2020-08-16 19:22:43.514992200 +0200 +++ new/bcrypt-3.2.2/PKG-INFO 2022-05-01 19:56:11.015187700 +0200 @@ -1,246 +1,269 @@ Metadata-Version: 2.1 Name: bcrypt -Version: 3.2.0 +Version: 3.2.2 Summary: Modern password hashing for your software and your servers Home-page: https://github.com/pyca/bcrypt/ Author: The Python Cryptographic Authority developers Author-email: [email protected] License: Apache License, Version 2.0 -Description: bcrypt - ====== - - .. image:: https://img.shields.io/pypi/v/bcrypt.svg - :target: https://pypi.org/project/bcrypt/ - :alt: Latest Version - - .. image:: https://travis-ci.org/pyca/bcrypt.svg?branch=master - :target: https://travis-ci.org/pyca/bcrypt - - .. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=master - :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amaster - - Good password hashing for your software and your servers - - - Installation - ============ - - To install bcrypt, simply: - - .. code:: bash - - $ pip install bcrypt - - Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. - - For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ sudo apt-get install build-essential libffi-dev python-dev - - For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ sudo yum install gcc libffi-devel python-devel - - For Alpine, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ apk add --update musl-dev gcc libffi-dev - - - Alternatives - ============ - - While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. - - Changelog - ========= - - - 3.2.0 - ----- - - * Added typehints for library functions. - * Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5). - * Shipped ``abi3`` Windows wheels (requires pip >= 20). - - 3.1.7 - ----- - - * Set a ``setuptools`` lower bound for PEP517 wheel building. - * We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce - them was a maintenance burden. - - 3.1.6 - ----- - - * Added support for compilation on Haiku. - - 3.1.5 - ----- - - * Added support for compilation on AIX. - * Dropped Python 2.6 and 3.3 support. - * Switched to using ``abi3`` wheels for Python 3. If you are not getting a - wheel on a compatible platform please upgrade your ``pip`` version. - - 3.1.4 - ----- - - * Fixed compilation with mingw and on illumos. - - 3.1.3 - ----- - * Fixed a compilation issue on Solaris. - * Added a warning when using too few rounds with ``kdf``. - - 3.1.2 - ----- - * Fixed a compile issue affecting big endian platforms. - * Fixed invalid escape sequence warnings on Python 3.6. - * Fixed building in non-UTF8 environments on Python 2. - - 3.1.1 - ----- - * Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3. - - 3.1.0 - ----- - * Added support for ``checkpw``, a convenience method for verifying a password. - * Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt. - * Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug. - * Fixed compilation under Alpine Linux. - - 3.0.0 - ----- - * Switched the C backend to code obtained from the OpenBSD project rather than - openwall. - * Added support for ``bcrypt_pbkdf`` via the ``kdf`` function. - - 2.0.0 - ----- - * Added support for an adjustible prefix when calling ``gensalt``. - * Switched to CFFI 1.0+ - - Usage - ----- - - Password Hashing - ~~~~~~~~~~~~~~~~ - - Hashing and then later checking that a password matches the previous hashed - password is very simple: - - .. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a randomly-generated salt - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt()) - >>> # Check that an unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - - KDF - ~~~ - - As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``. - This KDF is used in OpenSSH's newer encrypted private key format. - - .. code:: pycon - - >>> import bcrypt - >>> key = bcrypt.kdf( - ... password=b'password', - ... salt=b'salt', - ... desired_key_bytes=32, - ... rounds=100) - - - Adjustable Work Factor - ~~~~~~~~~~~~~~~~~~~~~~ - One of bcrypt's features is an adjustable logarithmic work factor. To adjust - the work factor merely pass the desired number of rounds to - ``bcrypt.gensalt(rounds=12)`` which defaults to 12): - - .. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a certain number of rounds - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14)) - >>> # Check that a unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - - - Adjustable Prefix - ~~~~~~~~~~~~~~~~~ - - Another one of bcrypt's features is an adjustable prefix to let you define what - libraries you'll remain compatible with. To adjust this, pass either ``2a`` or - ``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. - - As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated. - - Maximum Password Length - ~~~~~~~~~~~~~~~~~~~~~~~ - - The bcrypt algorithm only handles passwords up to 72 characters, any characters - beyond that are ignored. To work around this, a common approach is to hash a - password with a cryptographic hash (such as ``sha256``) and then base64 - encode it to prevent NULL byte problems before hashing the result with - ``bcrypt``: - - .. code:: pycon - - >>> password = b"an incredibly long password" * 10 - >>> hashed = bcrypt.hashpw( - ... base64.b64encode(hashlib.sha256(password).digest()), - ... bcrypt.gensalt() - ... ) - - Compatibility - ------------- - - This library should be compatible with py-bcrypt and it will run on Python - 3.6+, and PyPy 3. - - C Code - ------ - - This library uses code from OpenBSD. - - Security - -------- - - ``bcrypt`` follows the `same security policy as cryptography`_, if you - identify a vulnerability, we ask you to contact us privately. - - .. _`same security policy as cryptography`: https://cryptography.io/en/latest/security/ - .. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt - .. _`argon2_cffi`: https://argon2-cffi.readthedocs.io - .. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt - Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: License :: OSI Approved :: Apache Software License Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy Classifier: Programming Language :: Python :: 3 +Classifier: Programming Language :: Python :: 3 :: Only Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 +Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 Requires-Python: >=3.6 +Description-Content-Type: text/x-rst Provides-Extra: tests Provides-Extra: typecheck +License-File: LICENSE + +bcrypt +====== + +.. image:: https://img.shields.io/pypi/v/bcrypt.svg + :target: https://pypi.org/project/bcrypt/ + :alt: Latest Version + +.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main + :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain + +Good password hashing for your software and your servers + + +Installation +============ + +To install bcrypt, simply: + +.. code:: bash + + $ pip install bcrypt + +Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. + +For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ sudo apt-get install build-essential libffi-dev python-dev + +For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ sudo yum install gcc libffi-devel python-devel + +For Alpine, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ apk add --update musl-dev gcc libffi-dev + + +Alternatives +============ + +While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. + +Changelog +========= + +3.2.2 +----- + +* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. + +3.2.1 +----- + +* Added support for compilation on z/OS +* The next release of ``bcrypt`` with be 4.0 and it will require Rust at + compile time, for users building from source. There will be no additional + requirement for users who are installing from wheels. Users on most + platforms will be able to obtain a wheel by making sure they have an up to + date ``pip``. The minimum supported Rust version will be 1.56.0. +* This will be the final release for which we ship ``manylinux2010`` wheels. + Going forward the minimum supported manylinux ABI for our wheels will be + ``manylinux2014``. The vast majority of users will continue to receive + ``manylinux`` wheels provided they have an up to date ``pip``. + + +3.2.0 +----- + +* Added typehints for library functions. +* Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5). +* Shipped ``abi3`` Windows wheels (requires pip >= 20). + +3.1.7 +----- + +* Set a ``setuptools`` lower bound for PEP517 wheel building. +* We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce + them was a maintenance burden. + +3.1.6 +----- + +* Added support for compilation on Haiku. + +3.1.5 +----- + +* Added support for compilation on AIX. +* Dropped Python 2.6 and 3.3 support. +* Switched to using ``abi3`` wheels for Python 3. If you are not getting a + wheel on a compatible platform please upgrade your ``pip`` version. + +3.1.4 +----- + +* Fixed compilation with mingw and on illumos. + +3.1.3 +----- +* Fixed a compilation issue on Solaris. +* Added a warning when using too few rounds with ``kdf``. + +3.1.2 +----- +* Fixed a compile issue affecting big endian platforms. +* Fixed invalid escape sequence warnings on Python 3.6. +* Fixed building in non-UTF8 environments on Python 2. + +3.1.1 +----- +* Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3. + +3.1.0 +----- +* Added support for ``checkpw``, a convenience method for verifying a password. +* Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt. +* Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug. +* Fixed compilation under Alpine Linux. + +3.0.0 +----- +* Switched the C backend to code obtained from the OpenBSD project rather than + openwall. +* Added support for ``bcrypt_pbkdf`` via the ``kdf`` function. + +2.0.0 +----- +* Added support for an adjustible prefix when calling ``gensalt``. +* Switched to CFFI 1.0+ + +Usage +----- + +Password Hashing +~~~~~~~~~~~~~~~~ + +Hashing and then later checking that a password matches the previous hashed +password is very simple: + +.. code:: pycon + + >>> import bcrypt + >>> password = b"super secret password" + >>> # Hash a password for the first time, with a randomly-generated salt + >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt()) + >>> # Check that an unhashed password matches one that has previously been + >>> # hashed + >>> if bcrypt.checkpw(password, hashed): + ... print("It Matches!") + ... else: + ... print("It Does not Match :(") + +KDF +~~~ + +As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``. +This KDF is used in OpenSSH's newer encrypted private key format. + +.. code:: pycon + + >>> import bcrypt + >>> key = bcrypt.kdf( + ... password=b'password', + ... salt=b'salt', + ... desired_key_bytes=32, + ... rounds=100) + + +Adjustable Work Factor +~~~~~~~~~~~~~~~~~~~~~~ +One of bcrypt's features is an adjustable logarithmic work factor. To adjust +the work factor merely pass the desired number of rounds to +``bcrypt.gensalt(rounds=12)`` which defaults to 12): + +.. code:: pycon + + >>> import bcrypt + >>> password = b"super secret password" + >>> # Hash a password for the first time, with a certain number of rounds + >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14)) + >>> # Check that a unhashed password matches one that has previously been + >>> # hashed + >>> if bcrypt.checkpw(password, hashed): + ... print("It Matches!") + ... else: + ... print("It Does not Match :(") + + +Adjustable Prefix +~~~~~~~~~~~~~~~~~ + +Another one of bcrypt's features is an adjustable prefix to let you define what +libraries you'll remain compatible with. To adjust this, pass either ``2a`` or +``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. + +As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated. + +Maximum Password Length +~~~~~~~~~~~~~~~~~~~~~~~ + +The bcrypt algorithm only handles passwords up to 72 characters, any characters +beyond that are ignored. To work around this, a common approach is to hash a +password with a cryptographic hash (such as ``sha256``) and then base64 +encode it to prevent NULL byte problems before hashing the result with +``bcrypt``: + +.. code:: pycon + + >>> password = b"an incredibly long password" * 10 + >>> hashed = bcrypt.hashpw( + ... base64.b64encode(hashlib.sha256(password).digest()), + ... bcrypt.gensalt() + ... ) + +Compatibility +------------- + +This library should be compatible with py-bcrypt and it will run on Python +3.6+, and PyPy 3. + +C Code +------ + +This library uses code from OpenBSD. + +Security +-------- + +``bcrypt`` follows the `same security policy as cryptography`_, if you +identify a vulnerability, we ask you to contact us privately. + +.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html +.. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt +.. _`argon2_cffi`: https://argon2-cffi.readthedocs.io +.. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/README.rst new/bcrypt-3.2.2/README.rst --- old/bcrypt-3.2.0/README.rst 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/README.rst 2022-05-01 19:56:00.000000000 +0200 @@ -5,11 +5,8 @@ :target: https://pypi.org/project/bcrypt/ :alt: Latest Version -.. image:: https://travis-ci.org/pyca/bcrypt.svg?branch=master - :target: https://travis-ci.org/pyca/bcrypt - -.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=master - :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amaster +.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main + :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain Good password hashing for your software and your servers @@ -52,6 +49,25 @@ Changelog ========= +3.2.2 +----- + +* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. + +3.2.1 +----- + +* Added support for compilation on z/OS +* The next release of ``bcrypt`` with be 4.0 and it will require Rust at + compile time, for users building from source. There will be no additional + requirement for users who are installing from wheels. Users on most + platforms will be able to obtain a wheel by making sure they have an up to + date ``pip``. The minimum supported Rust version will be 1.56.0. +* This will be the final release for which we ship ``manylinux2010`` wheels. + Going forward the minimum supported manylinux ABI for our wheels will be + ``manylinux2014``. The vast majority of users will continue to receive + ``manylinux`` wheels provided they have an up to date ``pip``. + 3.2.0 ----- @@ -219,7 +235,7 @@ ``bcrypt`` follows the `same security policy as cryptography`_, if you identify a vulnerability, we ask you to contact us privately. -.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security/ +.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html .. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt .. _`argon2_cffi`: https://argon2-cffi.readthedocs.io .. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/pyproject.toml new/bcrypt-3.2.2/pyproject.toml --- old/bcrypt-3.2.0/pyproject.toml 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/pyproject.toml 2022-05-01 19:56:00.000000000 +0200 @@ -11,4 +11,4 @@ [tool.black] line-length = 79 -target-version = ["py27"] +target-version = ["py36"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/setup.cfg new/bcrypt-3.2.2/setup.cfg --- old/bcrypt-3.2.0/setup.cfg 2020-08-16 19:22:43.515459000 +0200 +++ new/bcrypt-3.2.2/setup.cfg 2022-05-01 19:56:11.015513200 +0200 @@ -1,5 +1,44 @@ [metadata] +name = bcrypt +version = attr: bcrypt.__about__.__version__ +description = Modern password hashing for your software and your servers +long_description = file: README.rst +long_description_content_type = text/x-rst +license = Apache License, Version 2.0 license_file = LICENSE +url = https://github.com/pyca/bcrypt/ +author = The Python Cryptographic Authority developers +author_email = [email protected] +classifiers = + Development Status :: 5 - Production/Stable + License :: OSI Approved :: Apache Software License + Programming Language :: Python :: Implementation :: CPython + Programming Language :: Python :: Implementation :: PyPy + Programming Language :: Python :: 3 + Programming Language :: Python :: 3 :: Only + Programming Language :: Python :: 3.6 + Programming Language :: Python :: 3.7 + Programming Language :: Python :: 3.8 + Programming Language :: Python :: 3.9 + Programming Language :: Python :: 3.10 + +[options] +python_requires = >=3.6 +include_package_data = True +zip_safe = False +package_dir = + =src +packages = + bcrypt +ext_package = bcrypt +install_requires = + cffi>=1.1 + +[options.extras_require] +tests = + pytest>=3.2.1,!=3.3.0 +typecheck = + mypy [egg_info] tag_build = diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/setup.py new/bcrypt-3.2.2/setup.py --- old/bcrypt-3.2.0/setup.py 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/setup.py 2022-05-01 19:56:00.000000000 +0200 @@ -1,14 +1,8 @@ #!/usr/bin/env python -import io import platform import sys from setuptools import setup -from setuptools.command.test import test - - -CFFI_DEPENDENCY = "cffi>=1.1" -SIX_DEPENDENCY = "six>=1.4.1" CFFI_MODULES = [ @@ -16,12 +10,6 @@ ] -# Manually extract the __about__ -__about__ = {} -with open("src/bcrypt/__about__.py") as fp: - exec (fp.read(), __about__) - - if platform.python_implementation() == "PyPy": if sys.pypy_version_info < (2, 6): raise RuntimeError( @@ -30,48 +18,6 @@ ) -class PyTest(test): - def finalize_options(self): - test.finalize_options(self) - self.test_args = [] - self.test_suite = True - - def run_tests(self): - import pytest - - errno = pytest.main(self.test_args) - sys.exit(errno) - - setup( - name=__about__["__title__"], - version=__about__["__version__"], - description=__about__["__summary__"], - long_description=io.open("README.rst", encoding="utf-8").read(), - url=__about__["__uri__"], - license=__about__["__license__"], - author=__about__["__author__"], - author_email=__about__["__email__"], - python_requires=">=3.6", - setup_requires=[CFFI_DEPENDENCY], - install_requires=[CFFI_DEPENDENCY, SIX_DEPENDENCY], - extras_require={"tests": ["pytest>=3.2.1,!=3.3.0"], "typecheck": ["mypy"]}, - tests_require=["pytest>=3.2.1,!=3.3.0"], - package_dir={"": "src"}, - packages=["bcrypt"], - package_data={"bcrypt": ["py.typed"]}, - zip_safe=False, - classifiers=[ - "Development Status :: 5 - Production/Stable", - "License :: OSI Approved :: Apache Software License", - "Programming Language :: Python :: Implementation :: CPython", - "Programming Language :: Python :: Implementation :: PyPy", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - ], - ext_package="bcrypt", cffi_modules=CFFI_MODULES, - cmdclass={"test": PyTest}, ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/_csrc/portable_endian.h new/bcrypt-3.2.2/src/_csrc/portable_endian.h --- old/bcrypt-3.2.0/src/_csrc/portable_endian.h 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/src/_csrc/portable_endian.h 2022-05-01 19:56:00.000000000 +0200 @@ -212,6 +212,22 @@ # define htobe16(x) be16toh(x) # endif +#elif defined(__MVS__) + +# define htobe16(x) (x) +# define htole16(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) +# define be16toh(x) (x) +# define le16toh(x) (((((uint16_t)(x)) >> 8))|((((uint16_t)(x)) << 8))) + +# define htobe32(x) (x) +# define htole32(x) (((uint32_t)htole16(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)htole16(((uint16_t)(x)))) << 16)) +# define be32toh(x) (x) +# define le32toh(x) (((uint32_t)le16toh(((uint16_t)(((uint32_t)(x)) >> 16)))) | (((uint32_t)le16toh(((uint16_t)(x)))) << 16)) + +# define htobe64(x) (x) +# define htole64(x) (((uint64_t)htole32(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)htole32(((uint32_t)(x)))) << 32)) +# define be64toh(x) (x) +# define le64toh(x) (((uint64_t)le32toh(((uint32_t)(((uint64_t)(x)) >> 32)))) | (((uint64_t)le32toh(((uint32_t)(x)))) << 32)) #else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/_csrc/pycabcrypt.h new/bcrypt-3.2.2/src/_csrc/pycabcrypt.h --- old/bcrypt-3.2.0/src/_csrc/pycabcrypt.h 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/src/_csrc/pycabcrypt.h 2022-05-01 19:56:00.000000000 +0200 @@ -22,6 +22,12 @@ typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; typedef uint64_t u_int64_t; +#elif defined(__MVS__) +#include <stdint.h> +typedef uint8_t u_int8_t; +typedef uint16_t u_int16_t; +typedef uint32_t u_int32_t; +typedef uint64_t u_int64_t; #else #include <stdint.h> #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt/__about__.py new/bcrypt-3.2.2/src/bcrypt/__about__.py --- old/bcrypt-3.2.0/src/bcrypt/__about__.py 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/src/bcrypt/__about__.py 2022-05-01 19:56:00.000000000 +0200 @@ -32,10 +32,10 @@ __summary__ = "Modern password hashing for your software and your servers" __uri__ = "https://github.com/pyca/bcrypt/"; -__version__ = "3.2.0" +__version__ = "3.2.2" __author__ = "The Python Cryptographic Authority developers" __email__ = "[email protected]" __license__ = "Apache License, Version 2.0" -__copyright__ = "Copyright 2013-2020 {0}".format(__author__) +__copyright__ = "Copyright 2013-2022 {0}".format(__author__) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt/__init__.py new/bcrypt-3.2.2/src/bcrypt/__init__.py --- old/bcrypt-3.2.0/src/bcrypt/__init__.py 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/src/bcrypt/__init__.py 2022-05-01 19:56:00.000000000 +0200 @@ -16,13 +16,11 @@ from __future__ import absolute_import from __future__ import division +import hmac import os import re import warnings -import six - -from . import _bcrypt # type: ignore from .__about__ import ( __author__, __copyright__, @@ -33,6 +31,7 @@ __uri__, __version__, ) +from . import _bcrypt # noqa: I100 __all__ = [ @@ -51,7 +50,7 @@ ] -_normalize_re = re.compile(br"^\$2y\$") +_normalize_re = re.compile(rb"^\$2y\$") def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: @@ -76,8 +75,8 @@ def hashpw(password: bytes, salt: bytes) -> bytes: - if isinstance(password, six.text_type) or isinstance(salt, six.text_type): - raise TypeError("Unicode-objects must be encoded before hashing") + if isinstance(password, str) or isinstance(salt, str): + raise TypeError("Strings must be encoded before hashing") if b"\x00" in password: raise ValueError("password may not contain NUL bytes") @@ -114,10 +113,8 @@ def checkpw(password: bytes, hashed_password: bytes) -> bool: - if isinstance(password, six.text_type) or isinstance( - hashed_password, six.text_type - ): - raise TypeError("Unicode-objects must be encoded before checking") + if isinstance(password, str) or isinstance(hashed_password, str): + raise TypeError("Strings must be encoded before checking") if b"\x00" in password or b"\x00" in hashed_password: raise ValueError( @@ -125,11 +122,7 @@ ) ret = hashpw(password, hashed_password) - - if len(ret) != len(hashed_password): - return False - - return _bcrypt.lib.timingsafe_bcmp(ret, hashed_password, len(ret)) == 0 + return hmac.compare_digest(ret, hashed_password) def kdf( @@ -139,8 +132,8 @@ rounds: int, ignore_few_rounds: bool = False, ) -> bytes: - if isinstance(password, six.text_type) or isinstance(salt, six.text_type): - raise TypeError("Unicode-objects must be encoded before hashing") + if isinstance(password, str) or isinstance(salt, str): + raise TypeError("Strings must be encoded before hashing") if len(password) == 0 or len(salt) == 0: raise ValueError("password and salt must not be empty") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt/_bcrypt.pyi new/bcrypt-3.2.2/src/bcrypt/_bcrypt.pyi --- old/bcrypt-3.2.0/src/bcrypt/_bcrypt.pyi 1970-01-01 01:00:00.000000000 +0100 +++ new/bcrypt-3.2.2/src/bcrypt/_bcrypt.pyi 2022-05-01 19:56:00.000000000 +0200 @@ -0,0 +1,4 @@ +import typing + +ffi: typing.Any +lib: typing.Any diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt.egg-info/PKG-INFO new/bcrypt-3.2.2/src/bcrypt.egg-info/PKG-INFO --- old/bcrypt-3.2.0/src/bcrypt.egg-info/PKG-INFO 2020-08-16 19:22:43.000000000 +0200 +++ new/bcrypt-3.2.2/src/bcrypt.egg-info/PKG-INFO 2022-05-01 19:56:10.000000000 +0200 @@ -1,246 +1,269 @@ Metadata-Version: 2.1 Name: bcrypt -Version: 3.2.0 +Version: 3.2.2 Summary: Modern password hashing for your software and your servers Home-page: https://github.com/pyca/bcrypt/ Author: The Python Cryptographic Authority developers Author-email: [email protected] License: Apache License, Version 2.0 -Description: bcrypt - ====== - - .. image:: https://img.shields.io/pypi/v/bcrypt.svg - :target: https://pypi.org/project/bcrypt/ - :alt: Latest Version - - .. image:: https://travis-ci.org/pyca/bcrypt.svg?branch=master - :target: https://travis-ci.org/pyca/bcrypt - - .. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=master - :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amaster - - Good password hashing for your software and your servers - - - Installation - ============ - - To install bcrypt, simply: - - .. code:: bash - - $ pip install bcrypt - - Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. - - For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ sudo apt-get install build-essential libffi-dev python-dev - - For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ sudo yum install gcc libffi-devel python-devel - - For Alpine, the following command will ensure that the required dependencies are installed: - - .. code:: bash - - $ apk add --update musl-dev gcc libffi-dev - - - Alternatives - ============ - - While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. - - Changelog - ========= - - - 3.2.0 - ----- - - * Added typehints for library functions. - * Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5). - * Shipped ``abi3`` Windows wheels (requires pip >= 20). - - 3.1.7 - ----- - - * Set a ``setuptools`` lower bound for PEP517 wheel building. - * We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce - them was a maintenance burden. - - 3.1.6 - ----- - - * Added support for compilation on Haiku. - - 3.1.5 - ----- - - * Added support for compilation on AIX. - * Dropped Python 2.6 and 3.3 support. - * Switched to using ``abi3`` wheels for Python 3. If you are not getting a - wheel on a compatible platform please upgrade your ``pip`` version. - - 3.1.4 - ----- - - * Fixed compilation with mingw and on illumos. - - 3.1.3 - ----- - * Fixed a compilation issue on Solaris. - * Added a warning when using too few rounds with ``kdf``. - - 3.1.2 - ----- - * Fixed a compile issue affecting big endian platforms. - * Fixed invalid escape sequence warnings on Python 3.6. - * Fixed building in non-UTF8 environments on Python 2. - - 3.1.1 - ----- - * Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3. - - 3.1.0 - ----- - * Added support for ``checkpw``, a convenience method for verifying a password. - * Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt. - * Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug. - * Fixed compilation under Alpine Linux. - - 3.0.0 - ----- - * Switched the C backend to code obtained from the OpenBSD project rather than - openwall. - * Added support for ``bcrypt_pbkdf`` via the ``kdf`` function. - - 2.0.0 - ----- - * Added support for an adjustible prefix when calling ``gensalt``. - * Switched to CFFI 1.0+ - - Usage - ----- - - Password Hashing - ~~~~~~~~~~~~~~~~ - - Hashing and then later checking that a password matches the previous hashed - password is very simple: - - .. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a randomly-generated salt - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt()) - >>> # Check that an unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - - KDF - ~~~ - - As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``. - This KDF is used in OpenSSH's newer encrypted private key format. - - .. code:: pycon - - >>> import bcrypt - >>> key = bcrypt.kdf( - ... password=b'password', - ... salt=b'salt', - ... desired_key_bytes=32, - ... rounds=100) - - - Adjustable Work Factor - ~~~~~~~~~~~~~~~~~~~~~~ - One of bcrypt's features is an adjustable logarithmic work factor. To adjust - the work factor merely pass the desired number of rounds to - ``bcrypt.gensalt(rounds=12)`` which defaults to 12): - - .. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a certain number of rounds - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14)) - >>> # Check that a unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - - - Adjustable Prefix - ~~~~~~~~~~~~~~~~~ - - Another one of bcrypt's features is an adjustable prefix to let you define what - libraries you'll remain compatible with. To adjust this, pass either ``2a`` or - ``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. - - As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated. - - Maximum Password Length - ~~~~~~~~~~~~~~~~~~~~~~~ - - The bcrypt algorithm only handles passwords up to 72 characters, any characters - beyond that are ignored. To work around this, a common approach is to hash a - password with a cryptographic hash (such as ``sha256``) and then base64 - encode it to prevent NULL byte problems before hashing the result with - ``bcrypt``: - - .. code:: pycon - - >>> password = b"an incredibly long password" * 10 - >>> hashed = bcrypt.hashpw( - ... base64.b64encode(hashlib.sha256(password).digest()), - ... bcrypt.gensalt() - ... ) - - Compatibility - ------------- - - This library should be compatible with py-bcrypt and it will run on Python - 3.6+, and PyPy 3. - - C Code - ------ - - This library uses code from OpenBSD. - - Security - -------- - - ``bcrypt`` follows the `same security policy as cryptography`_, if you - identify a vulnerability, we ask you to contact us privately. - - .. _`same security policy as cryptography`: https://cryptography.io/en/latest/security/ - .. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt - .. _`argon2_cffi`: https://argon2-cffi.readthedocs.io - .. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt - Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: License :: OSI Approved :: Apache Software License Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy Classifier: Programming Language :: Python :: 3 +Classifier: Programming Language :: Python :: 3 :: Only Classifier: Programming Language :: Python :: 3.6 Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 +Classifier: Programming Language :: Python :: 3.9 +Classifier: Programming Language :: Python :: 3.10 Requires-Python: >=3.6 +Description-Content-Type: text/x-rst Provides-Extra: tests Provides-Extra: typecheck +License-File: LICENSE + +bcrypt +====== + +.. image:: https://img.shields.io/pypi/v/bcrypt.svg + :target: https://pypi.org/project/bcrypt/ + :alt: Latest Version + +.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main + :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain + +Good password hashing for your software and your servers + + +Installation +============ + +To install bcrypt, simply: + +.. code:: bash + + $ pip install bcrypt + +Note that bcrypt should build very easily on Linux provided you have a C compiler, headers for Python (if you're not using pypy), and headers for the libffi libraries available on your system. + +For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ sudo apt-get install build-essential libffi-dev python-dev + +For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ sudo yum install gcc libffi-devel python-devel + +For Alpine, the following command will ensure that the required dependencies are installed: + +.. code:: bash + + $ apk add --update musl-dev gcc libffi-dev + + +Alternatives +============ + +While bcrypt remains a good choice for password storage depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. + +Changelog +========= + +3.2.2 +----- + +* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. + +3.2.1 +----- + +* Added support for compilation on z/OS +* The next release of ``bcrypt`` with be 4.0 and it will require Rust at + compile time, for users building from source. There will be no additional + requirement for users who are installing from wheels. Users on most + platforms will be able to obtain a wheel by making sure they have an up to + date ``pip``. The minimum supported Rust version will be 1.56.0. +* This will be the final release for which we ship ``manylinux2010`` wheels. + Going forward the minimum supported manylinux ABI for our wheels will be + ``manylinux2014``. The vast majority of users will continue to receive + ``manylinux`` wheels provided they have an up to date ``pip``. + + +3.2.0 +----- + +* Added typehints for library functions. +* Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5). +* Shipped ``abi3`` Windows wheels (requires pip >= 20). + +3.1.7 +----- + +* Set a ``setuptools`` lower bound for PEP517 wheel building. +* We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce + them was a maintenance burden. + +3.1.6 +----- + +* Added support for compilation on Haiku. + +3.1.5 +----- + +* Added support for compilation on AIX. +* Dropped Python 2.6 and 3.3 support. +* Switched to using ``abi3`` wheels for Python 3. If you are not getting a + wheel on a compatible platform please upgrade your ``pip`` version. + +3.1.4 +----- + +* Fixed compilation with mingw and on illumos. + +3.1.3 +----- +* Fixed a compilation issue on Solaris. +* Added a warning when using too few rounds with ``kdf``. + +3.1.2 +----- +* Fixed a compile issue affecting big endian platforms. +* Fixed invalid escape sequence warnings on Python 3.6. +* Fixed building in non-UTF8 environments on Python 2. + +3.1.1 +----- +* Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3. + +3.1.0 +----- +* Added support for ``checkpw``, a convenience method for verifying a password. +* Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt. +* Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug. +* Fixed compilation under Alpine Linux. + +3.0.0 +----- +* Switched the C backend to code obtained from the OpenBSD project rather than + openwall. +* Added support for ``bcrypt_pbkdf`` via the ``kdf`` function. + +2.0.0 +----- +* Added support for an adjustible prefix when calling ``gensalt``. +* Switched to CFFI 1.0+ + +Usage +----- + +Password Hashing +~~~~~~~~~~~~~~~~ + +Hashing and then later checking that a password matches the previous hashed +password is very simple: + +.. code:: pycon + + >>> import bcrypt + >>> password = b"super secret password" + >>> # Hash a password for the first time, with a randomly-generated salt + >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt()) + >>> # Check that an unhashed password matches one that has previously been + >>> # hashed + >>> if bcrypt.checkpw(password, hashed): + ... print("It Matches!") + ... else: + ... print("It Does not Match :(") + +KDF +~~~ + +As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``. +This KDF is used in OpenSSH's newer encrypted private key format. + +.. code:: pycon + + >>> import bcrypt + >>> key = bcrypt.kdf( + ... password=b'password', + ... salt=b'salt', + ... desired_key_bytes=32, + ... rounds=100) + + +Adjustable Work Factor +~~~~~~~~~~~~~~~~~~~~~~ +One of bcrypt's features is an adjustable logarithmic work factor. To adjust +the work factor merely pass the desired number of rounds to +``bcrypt.gensalt(rounds=12)`` which defaults to 12): + +.. code:: pycon + + >>> import bcrypt + >>> password = b"super secret password" + >>> # Hash a password for the first time, with a certain number of rounds + >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14)) + >>> # Check that a unhashed password matches one that has previously been + >>> # hashed + >>> if bcrypt.checkpw(password, hashed): + ... print("It Matches!") + ... else: + ... print("It Does not Match :(") + + +Adjustable Prefix +~~~~~~~~~~~~~~~~~ + +Another one of bcrypt's features is an adjustable prefix to let you define what +libraries you'll remain compatible with. To adjust this, pass either ``2a`` or +``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. + +As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated. + +Maximum Password Length +~~~~~~~~~~~~~~~~~~~~~~~ + +The bcrypt algorithm only handles passwords up to 72 characters, any characters +beyond that are ignored. To work around this, a common approach is to hash a +password with a cryptographic hash (such as ``sha256``) and then base64 +encode it to prevent NULL byte problems before hashing the result with +``bcrypt``: + +.. code:: pycon + + >>> password = b"an incredibly long password" * 10 + >>> hashed = bcrypt.hashpw( + ... base64.b64encode(hashlib.sha256(password).digest()), + ... bcrypt.gensalt() + ... ) + +Compatibility +------------- + +This library should be compatible with py-bcrypt and it will run on Python +3.6+, and PyPy 3. + +C Code +------ + +This library uses code from OpenBSD. + +Security +-------- + +``bcrypt`` follows the `same security policy as cryptography`_, if you +identify a vulnerability, we ask you to contact us privately. + +.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html +.. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt +.. _`argon2_cffi`: https://argon2-cffi.readthedocs.io +.. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt + + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt.egg-info/SOURCES.txt new/bcrypt-3.2.2/src/bcrypt.egg-info/SOURCES.txt --- old/bcrypt-3.2.0/src/bcrypt.egg-info/SOURCES.txt 2020-08-16 19:22:43.000000000 +0200 +++ new/bcrypt-3.2.2/src/bcrypt.egg-info/SOURCES.txt 2022-05-01 19:56:10.000000000 +0200 @@ -18,6 +18,7 @@ src/_csrc/timingsafe_bcmp.c src/bcrypt/__about__.py src/bcrypt/__init__.py +src/bcrypt/_bcrypt.pyi src/bcrypt/py.typed src/bcrypt.egg-info/PKG-INFO src/bcrypt.egg-info/SOURCES.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/src/bcrypt.egg-info/requires.txt new/bcrypt-3.2.2/src/bcrypt.egg-info/requires.txt --- old/bcrypt-3.2.0/src/bcrypt.egg-info/requires.txt 2020-08-16 19:22:43.000000000 +0200 +++ new/bcrypt-3.2.2/src/bcrypt.egg-info/requires.txt 2022-05-01 19:56:10.000000000 +0200 @@ -1,5 +1,4 @@ cffi>=1.1 -six>=1.4.1 [tests] pytest!=3.3.0,>=3.2.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/tests/test_bcrypt.py new/bcrypt-3.2.2/tests/test_bcrypt.py --- old/bcrypt-3.2.0/tests/test_bcrypt.py 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/tests/test_bcrypt.py 2022-05-01 19:56:00.000000000 +0200 @@ -2,8 +2,6 @@ import pytest -import six - import bcrypt @@ -264,30 +262,22 @@ def test_checkpw_str_password(): with pytest.raises(TypeError): - bcrypt.checkpw( - six.text_type("password"), b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", - ) + bcrypt.checkpw("password", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO") def test_checkpw_str_salt(): with pytest.raises(TypeError): - bcrypt.checkpw( - b"password", six.text_type("$2b$04$cVWp4XaNU8a4v1uMRum2SO"), - ) + bcrypt.checkpw(b"password", "$2b$04$cVWp4XaNU8a4v1uMRum2SO") def test_hashpw_str_password(): with pytest.raises(TypeError): - bcrypt.hashpw( - six.text_type("password"), b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", - ) + bcrypt.hashpw("password", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO") def test_hashpw_str_salt(): with pytest.raises(TypeError): - bcrypt.hashpw( - b"password", six.text_type("$2b$04$cVWp4XaNU8a4v1uMRum2SO"), - ) + bcrypt.hashpw(b"password", "$2b$04$cVWp4XaNU8a4v1uMRum2SO") def test_checkpw_nul_byte(): @@ -440,14 +430,12 @@ def test_kdf_str_password(): with pytest.raises(TypeError): - bcrypt.kdf( - six.text_type("password"), b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 10, 10 - ) + bcrypt.kdf("password", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 10, 10) def test_kdf_str_salt(): with pytest.raises(TypeError): - bcrypt.kdf(b"password", six.text_type("salt"), 10, 10) + bcrypt.kdf(b"password", "salt", 10, 10) def test_kdf_no_warn_rounds(): @@ -462,8 +450,8 @@ @pytest.mark.parametrize( ("password", "salt", "desired_key_bytes", "rounds", "error"), [ - (u"pass", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 10, 10, TypeError), - (b"password", u"salt", 10, 10, TypeError), + ("pass", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 10, 10, TypeError), + (b"password", "salt", 10, 10, TypeError), (b"", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 10, 10, ValueError), (b"password", b"", 10, 10, ValueError), (b"password", b"$2b$04$cVWp4XaNU8a4v1uMRum2SO", 0, 10, ValueError), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/bcrypt-3.2.0/tox.ini new/bcrypt-3.2.2/tox.ini --- old/bcrypt-3.2.0/tox.ini 2020-08-16 19:21:29.000000000 +0200 +++ new/bcrypt-3.2.2/tox.ini 2022-05-01 19:56:00.000000000 +0200 @@ -1,5 +1,4 @@ [tox] -envlist = pypy3,py36,py37,py38,pep8,packaging,mypy isolated_build = True [testenv] @@ -8,7 +7,8 @@ deps = coverage commands = - coverage run -m pytest --strict {posargs} + coverage run -m pytest --strict-markers {posargs} + coverage combine coverage report -m --fail-under 100 [testenv:pep8]
