Bug#1122147: marked as done (ValueError: password cannot be longer than 72 bytes, truncate manually if necessary)

Mon, 08 Dec 2025 09:39:34 -0800 

Your message dated Mon, 08 Dec 2025 17:37:00 +0000
with message-id <[email protected]>
and subject line Bug#1122147: fixed in python-bcrypt 5.0.0-3
has caused the Debian Bug report #1122147,
regarding ValueError: password cannot be longer than 72 bytes, truncate 
manually if necessary
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1122147: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122147
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: python3-bcrypt
Version: 5.0.0-2
Severity: grave

This used to work:

from passlib.hash import bcrypt
bcrypt.verify('xxx', 
'$2y$10$KwfCiMkON5ByhhzAtwUYRuegt7IJpm34JW4GN2FOVue6VOg7yJp6q')

But now it's complaining the password is too long, which it clearly isn't:

Traceback (most recent call last):
  File "<python-input-13>", line 1, in <module>
    bcrypt.verify('xxx', 
'$2y$10$KwfCiMkON5ByhhzAtwUYRuegt7IJpm34JW4GN2FOVue6VOg7yJp6q')
    
~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 792, in 
verify
    return consteq(self._calc_checksum(secret), chk)
                   ~~~~~~~~~~~~~~~~~~~^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 592, 
in _calc_checksum
    self._stub_requires_backend()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2254, 
in _stub_requires_backend
    cls.set_backend()
    ~~~~~~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2163, 
in set_backend
    return cls.set_backend(name, dryrun=dryrun)
           ~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2188, 
in set_backend
    cls._set_backend(name, dryrun)
    ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2311, 
in _set_backend
    super(SubclassBackendMixin, cls)._set_backend(name, dryrun)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 2224, 
in _set_backend
    ok = loader(**kwds)
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 627, 
in _load_backend_mixin
    return mixin_cls._finalize_backend_mixin(name, dryrun)
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 422, 
in _finalize_backend_mixin
    if detect_wrap_bug(IDENT_2A):
       ~~~~~~~~~~~~~~~^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 381, 
in detect_wrap_bug
    if verify(secret, bug_hash):
       ~~~~~~^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/utils/handlers.py", line 792, in 
verify
    return consteq(self._calc_checksum(secret), chk)
                   ~~~~~~~~~~~~~~~~~~~^^^^^^^^
  File "/usr/lib/python3/dist-packages/passlib/handlers/bcrypt.py", line 656, 
in _calc_checksum
    hash = _bcrypt.hashpw(secret, config)
ValueError: password cannot be longer than 72 bytes, truncate manually if 
necessary (e.g. my_password[:72])



-- System Information:
Debian Release: forky/sid
  APT prefers testing
  APT policy: (700, 'testing'), (600, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.17.9+deb14-amd64 (SMP w/20 CPU threads; PREEMPT)
Kernel taint flags: TAINT_DIE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de:en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages python3-bcrypt depends on:
ii  libc6      2.41-12
ii  libgcc-s1  15.2.0-9
ii  python3    3.13.7-1+b1

python3-bcrypt recommends no packages.

python3-bcrypt suggests no packages.

-- no debconf information

Christoph

--- End Message ---
--- Begin Message --- 
Source: python-bcrypt
Source-Version: 5.0.0-3
Done: Colin Watson <[email protected]>

We believe that the bug you reported is fixed in the latest version of
python-bcrypt, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated python-bcrypt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 08 Dec 2025 17:17:36 +0000
Source: python-bcrypt
Architecture: source
Version: 5.0.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1122147
Changes:
 python-bcrypt (5.0.0-3) unstable; urgency=medium
 .
   * Team upload.
   * Breaks: python3-passlib (<< 1.9.3-1~) (closes: #1122147).
Checksums-Sha1:
 3e09fc28791ac386ff0aaa0d256aece6970880f7 2621 python-bcrypt_5.0.0-3.dsc
 6c1baf118586a45340079eb33bc808bfb8ff62e6 12396 
python-bcrypt_5.0.0-3.debian.tar.xz
 41cdeb66776e7119f6a7fc73c109c39474181e4a 64760 python-bcrypt_5.0.0-3.git.tar.xz
 36a8558c25df9b23ac567f16bf2d5b43b6ead1f7 18242 
python-bcrypt_5.0.0-3_source.buildinfo
Checksums-Sha256:
 3865acfb9fbfc2e10c510570bac27731b19f47b53f06765c85ed5e5514427935 2621 
python-bcrypt_5.0.0-3.dsc
 0b33ae50ff274aaced811e54fa56917acba94b29fac7b582e135edb15ac1b0e0 12396 
python-bcrypt_5.0.0-3.debian.tar.xz
 f931c652e1decb831a6922b2467c6f81bd86a8018e11ac131e7edebb9fddd5ef 64760 
python-bcrypt_5.0.0-3.git.tar.xz
 631dd6205d146cf97404c7d9f71beab091f89d5ccadd911c690f12a116b64a04 18242 
python-bcrypt_5.0.0-3_source.buildinfo
Files:
 3882a27c82cdd49742f00ba289d40fde 2621 python optional python-bcrypt_5.0.0-3.dsc
 aa6e7ae133d8eb305151baa439303956 12396 python optional 
python-bcrypt_5.0.0-3.debian.tar.xz
 2242f83b83de52fa170933c7aa9b4c2a 64760 python optional 
python-bcrypt_5.0.0-3.git.tar.xz
 dd1d91ac9171b391e9f1e5a7dba7eff8 18242 python optional 
python-bcrypt_5.0.0-3_source.buildinfo
Git-Tag-Info: tag=c1eb675565d6cabe8f76b1bc569d0ba116dbff84 
fp=ac0a4ff12611b6fccf01c111393587d97d86500b
Git-Tag-Tagger: Colin Watson <[email protected]>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmk3CIcACgkQYG0ITkaD
wHlyORAAiqFk3NJWcj4VRsNWbYd90RH+o1uaCHg3Y0ezJBt60d2uicQzSzVmyOLN
h3+jy09gugPAoC0It7AeRiB0WwKDTlaYGqyIQQDTmcHQ7D/ML7xnbhTbnzGkmdyk
y5dPUrD5w4soyc3eiv5XkXoZqnc79VzgiBgWr6b5nfIDLkDr6T7dZ9otgd+il6q1
M0o8dLiC0YP6kZ82WtsgGG1NS7383/OMP7O7awUhSYqAbzPVv+xa0t0moCVy5LLI
aqgKqHPUx6fC/NV+5G2DRNmcGBjm3UgF36t/QXYTzYMvRqgLShPFEaz2g3RRatK0
x7gsYLHtFOmCVJ5NLxFTo13ijDzEQvhbann4MzDj/nE6aXdxFJLmWOCAOvitZmqm
KZx2QbXK42QhM7glUjSl/OES91SVRhJWJSOF8EuYQYqaO21Ou2joRw8jR8SeOAY5
3iTPrWmSFTWnEZnBo8hcl/gFPQrArvMvCtcW34tQ4HTDusWPemRTogt4icQfBTiH
ex4rPFnwECtkHKTWENOluuNLCRa8m3nlAOBkd2ZzF/8Z51p+dGIm7Fwykow33eb6
6bKe2U5ZoreWSVjUT4w12aeqMRyq1PGR3SXiqvLAmh1MGr57jKGEMF1ts0/6Ci90
AhYKDoToP+PiQXKaWkIKeRBNLbeGJ0UqKct3XJoQ40G9WoKGyhU=
=WNEe
-----END PGP SIGNATURE-----

Attachment: pgptQfsPLT2Ek.pgp
Description: PGP signature


--- End Message ---

Reply via email to