Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918708 - dev-python/bcrypt-4.1.0 breaks dev-python/passlib-1.7.4-r2
Summary: dev-python/bcrypt-4.1.0 breaks dev-python/passlib-1.7.4-r2
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Python Gentoo Team
URL:
Whiteboard:
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2023-11-28 20:39 UTC by Daniel Pouzzner
Modified: 2023-11-29 04:11 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
001_bcrypt_4v1v0_salt_type.patch (001_bcrypt_4v1v0_salt_type.patch,2.42 KB, patch)
2023-11-28 20:39 UTC, Daniel Pouzzner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pouzzner 2023-11-28 20:39:24 UTC 
Created attachment 875875 [details, diff]
001_bcrypt_4v1v0_salt_type.patch

The attached patch is needed to avert runtime crashes in passlib.

The problem doesn't arise with bcrypt-4.0.1.  There was a flurry of change in 4.1.0 that looks to be the root cause.

I tested the patch on both bcrypt-4.1.0 and bcrypt-4.0.1.  That said, consider it a quick fix that might not cover all use cases.

I discovered the problem by way of radicale.


Backtrace showing the syndrome:

$ /usr/bin/radicale
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/radicale/__main__.py", line 199, in run
    server.serve(configuration, shutdown_socket_out)
  File "/usr/lib/python3.11/site-packages/radicale/server.py", line 284, in serve
    application = Application(configuration)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/radicale/app/__init__.py", line 80, in __init__
    super().__init__(configuration)
  File "/usr/lib/python3.11/site-packages/radicale/app/base.py", line 44, in __init__
    self._auth = auth.load(configuration)
                 ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/radicale/auth/__init__.py", line 41, in load
    return utils.load_plugin(INTERNAL_TYPES, "auth", "Auth", BaseAuth,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/radicale/utils.py", line 51, in load_plugin
    return class_(configuration)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/radicale/auth/htpasswd.py", line 84, in __init__
    bcrypt.hash("test-bcrypt-backend")
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 779, in hash
    self.checksum = self._calc_checksum(secret)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 591, in _calc_checksum
    self._stub_requires_backend()
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 2254, in _stub_requires_backend
    cls.set_backend()
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 2163, in set_backend
    return cls.set_backend(name, dryrun=dryrun)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 2188, in set_backend
    cls._set_backend(name, dryrun)
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 2311, in _set_backend
    super(SubclassBackendMixin, cls)._set_backend(name, dryrun)
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 2224, in _set_backend
    ok = loader(**kwds)
         ^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 745, in _load_backend_mixin
    return mixin_cls._finalize_backend_mixin(name, dryrun)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 403, in _finalize_backend_mixin
    result = safe_verify("test", test_hash_20)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 303, in safe_verify
    return verify(secret, hash)
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/utils/handlers.py", line 792, in verify
    return consteq(self._calc_checksum(secret), chk)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 762, in _calc_checksum_raw
    hash = _pybcrypt.hashpw(secret, config)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: argument 'salt': 'str' object cannot be converted to 'PyBytes'

[2023-11-28 11:02:10 -0600] [40793] [CRITICAL] An exception occurred during server startup: argument 'salt': 'str' object cannot be converted to 'PyBytes'


emerge --info:

Portage 3.0.55 (python 3.11.6-final-0, default/linux/amd64/17.1/desktop, gcc-12, glibc-2.38-r7, 6.4.3-gentoo x86_64)
=================================================================
System uname: Linux-6.4.3-gentoo-x86_64-AMD_Ryzen_Threadripper_1950X_16-Core_Processor-with-glibc2.38
KiB Mem:   131887864 total,   2997044 free
KiB Swap:   33554428 total,  33554428 free
Timestamp of repository gentoo: Tue, 28 Nov 2023 14:31:58 +0000
Head commit of repository gentoo: 224192cf4698a82691bcb61077853e7f01a7b484

sh bash 5.2_p21
ld GNU ld (Gentoo 2.41 p2) 2.41.0
ccache version 4.8.3 [disabled]
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.2_p21::gentoo
dev-java/java-config:      2.3.3-r1::gentoo
dev-lang/perl:             5.38.0-r1::gentoo
dev-lang/python:           2.7.18_p16-r1::gentoo, 3.10.13::gentoo, 3.11.6::gentoo
dev-lang/rust:             1.73.0::gentoo
dev-lang/rust-bin:         1.73.0::gentoo
dev-util/ccache:           4.8.3::gentoo
dev-util/cmake:            3.27.8::gentoo
dev-util/meson:            1.3.0::gentoo
sys-apps/baselayout:       2.14-r1::gentoo
sys-apps/openrc:           0.52.1::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/autoconf:        2.13-r8::gentoo, 2.69-r9::gentoo, 2.71-r7::gentoo
sys-devel/automake:        1.16.5-r1::gentoo
sys-devel/binutils:        2.41-r2::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           16.0.6::gentoo, 17.0.5::gentoo, 18.0.0_pre20231119::gentoo
sys-devel/gcc:             6.5.0-r4::gentoo, 9.5.0::gentoo, 11.4.1_p20230824::gentoo, 12.3.1_p20230825::gentoo, 13.2.1_p20231014::gentoo, 14.0.0_pre20231126::gentoo
sys-devel/gcc-config:      9999::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/llvm:            16.0.6::gentoo, 17.0.5::gentoo, 18.0.0_pre20231119::gentoo
sys-devel/make:            4.4.1-r1::gentoo
sys-kernel/linux-headers:  6.6::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r7::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    volatile: False

mega
    location: /etc/portage/overlay
    priority: 0
    volatile: True

crossdev
    location: /var/db/repos/crossdev
    sync-type: rsync
    sync-uri: rsync://rsync11.us.gentoo.org/gentoo-portage/
    masters: gentoo
    priority: 10
    volatile: False
    sync-rsync-verify-jobs: 16
    sync-rsync-extra-opts: 

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/env.d/00glibc /etc/stunnel/stunnel.conf /lib/udev/rules.d /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.8/conf /usr/share/maven-bin-3.9/conf /var/bind /var/dns /var/spool /var/www"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.4/ext-active/ /etc/php/apache2-php8.0/ext-active/ /etc/php/apache2-php8.1/ext-active/ /etc/php/apache2-php8.2/ext-active/ /etc/php/cgi-php7.4/ext-active/ /etc/php/cgi-php8.0/ext-active/ /etc/php/cgi-php8.1/ext-active/ /etc/php/cgi-php8.2/ext-active/ /etc/php/cli-php7.4/ext-active/ /etc/php/cli-php8.0/ext-active/ /etc/php/cli-php8.1/ext-active/ /etc/php/cli-php8.2/ext-active/ /etc/php/fpm-php7.4/ext-active/ /etc/php/fpm-php8.0/ext-active/ /etc/php/fpm-php8.1/ext-active/ /etc/php/fpm-php8.2/ext-active/ /etc/php/phpdbg-php7.4/ext-active/ /etc/php/phpdbg-php8.0/ext-active/ /etc/php/phpdbg-php8.1/ext-active/ /etc/php/phpdbg-php8.2/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe"
DISTDIR="/var/cache/distfiles"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="https://mirror.rackspace.com/gentoo/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j24"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="X a52 aac acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdda cdr cli crypt cups dbus dri dts dvd dvdr elogind emacs encode exif flac fortran gdbm gif gnome-keyring gpm gtk gui iconv icu ipv6 jpeg kerberos lcms ldap libnotify libtirpc lm-sensors logrotate mad mng mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf png policykit ppds readline sdl seccomp sound spell split-usr ssl startup-notification svg test-rust tiff truetype udev udisks unicode upower usb vdpau verify-sig vorbis vulkan wxwidgets x264 xattr xcb xft xinerama xml xorg xv xvid zlib" ABI_X86="64" ADA_TARGET="gnat_2021" ALSA_CARDS="hdsp" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10 python3_11" RUBY_TARGETS="ruby31 ruby32" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EMERGE_DEFAULT_OPTS, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-29 01:08:46 UTC 
I'll mask it now, given https://github.com/pyca/bcrypt/issues/677 and it's yanked from pypi too.
Comment 2 Larry the Git Cow gentoo-dev 2023-11-29 04:10:10 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cfea70348fbd274495191eb81c06a6e69fc9edaf

commit cfea70348fbd274495191eb81c06a6e69fc9edaf
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-11-29 01:10:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-11-29 03:06:36 +0000

    profiles: mask broken/yanked =dev-python/bcrypt-4.1.0
    
    Bug: https://github.com/pyca/bcrypt/issues/677
    Closes: https://bugs.gentoo.org/918708
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)