![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / py-passlib
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Tue Jan 4 20:54:43 2022 UTC (22 months, 4 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
HEAD
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
*: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS
Revision 1.9 / (download) - annotate - [select for diffs], Mon Oct 12 11:57:02 2020 UTC (3 years, 1 month ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.8: +3 -3
lines
Diff to previous 1.8 (colored)
py-passlib: updated to 1.7.4
**1.7.4** (2020-10-08)
======================
Small followup to 1.7.3 release.
Bugfixes
--------
* Fixed some Python 2.6 errors from last release (:issue:`128`)
Other Changes
-------------
* :mod:`passlib.ext.django` -- updated tests to pass for Django 1.8 - 3.1 (:issue:`98`);
along with some internal refactoring of the test classes.
* .. py:currentmodule:: passlib.context
:class:`CryptContext` will now throw :exc:`~passlib.exc.UnknownHashError` when it can't identify
a hash provided to methods such as :meth:`!CryptContext.verify`.
Previously it would throw a generic :exc:`ValueError`.
Deprecations
------------
* :mod:`passlib.ext.django`: This extension will require Django 2.2 or newer as of Passlib 1.8.
**1.7.3** (2020-10-06)
======================
This release rolls up assorted bug & compatibility fixes since 1.7.2.
Administrative Changes
----------------------
.. rst-class:: without-title
.. note::
**Passlib has moved to Heptapod!**
Due to BitBucket deprecating Mercurial support, Passlib's public repository and issue tracker
has been relocated. It's now located at `<https://foss.heptapod.net/python-libs/passlib>`_,
and is powered by `Heptapod <https://heptapod.net/>`_.
Hosting for this and other open-source projects graciously provided by the people at
`Octobus <https://octobus.net/>`_ and `CleverCloud <https://clever-cloud.com/>`_!
The mailing list and documentation urls remain the same.
New Features
------------
* .. py:currentmodule:: passlib.hash
:class:`ldap_salted_sha512`: LDAP "salted hash" support added for SHA-256 and SHA-512 (:issue:`124`).
Bugfixes
--------
* .. py:currentmodule:: passlib.hash
:class:`bcrypt`: Under python 3, OS native backend wasn't being detected on BSD platforms.
This was due to a few internal issues in feature-detection code, which have been fixed.
* :func:`passlib.utils.safe_crypt`: Support :func:`crypt.crypt` unexpectedly
returning bytes under Python 3 (:issue:`113`).
* :func:`passlib.utils.safe_crypt`: Support :func:`crypt.crypt` throwing :exc:`OSError`,
which can happen as of Python 3.9 (:issue:`115`).
* :mod:`passlib.ext.django`: fixed lru_cache import (django 3 compatibility)
* :mod:`!passlib.tests`: fixed bug where :meth:`HandlerCase.test_82_crypt_support` wasn't
being run on systems lacking support for the hasher being tested.
This test now runs regardless of system support.
Other Changes
-------------
* .. py:currentmodule:: passlib.hash
:class:`bcrypt_sha256`: Internal algorithm has been changed to use HMAC-SHA256 instead of
plain SHA256. This should strengthen the hash against brute-force attempts which bypass
the intermediary hash by using known-sha256-digest lookup tables (:issue:`114`).
* .. py:currentmodule:: passlib.hash
:class:`bcrypt`: OS native backend ("os_crypt") now raises the new :exc:`~passlib.exc.PasswordValueError`
if password is provided as non-UTF8 bytes under python 3
(These can't be passed through, due to limitation in stdlib's :func:`!crypt.crypt`).
Prior to this release, it confusingly raised :exc:`~passlib.exc.MissingBackendError` instead.
Also improved legacy bcrypt format workarounds, to support a few more UTF8 edge cases than before.
* Modified some internals to help run on FIPS systems (:issue:`116`):
In particular, when MD5 hash is not available, :class:`~passlib.hash.hex_md5`
will now return a dummy hasher which throws an error if used; rather than throwing
an uncaught :exc:`!ValueError` when an application attempts to import it. (Similar behavior
added for the other unsalted digest hashes).
.. py:currentmodule:: passlib.crypto.digest
Also, :func:`lookup_hash`'s ``required=False`` kwd was modified to report unsupported hashes
via the :attr:`HashInfo.supported` attribute; rather than letting ValueErrors through uncaught.
This should allow CryptContext instances to be created on FIPS systems without having
a load-time error (though they will still receive an error if an attempt is made to actually
*use* a FIPS-disabled hash).
* Internal errors calling stdlib's :func:`crypt.crypt`, or third party libraries,
will now raise the new :exc:`~passlib.exc.InternalBackendError` (a RuntimeError);
where previously it would raise an :exc:`AssertionError`.
* Various Python 3.9 compatibility fixes (including ``NotImplemented``-related warning, :issue:`125`)
Revision 1.8 / (download) - annotate - [select for diffs], Sun Sep 27 10:38:25 2020 UTC (3 years, 2 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
py-passlib: Update HOMEPAGE.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 24 11:36:53 2019 UTC (4 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
py-passlib: updated to 1.7.2 1.7.2: This release rolls up assorted bug & compatibility fixes since 1.7.1. New Features * .. py:currentmodule:: passlib.hash :class:`argon2`: Now supports Argon2 "ID" and "D" hashes (assuming new enough backend library). Now defaults to "ID" hashes instead of "I" hashes, but this can be overridden via ``type`` keyword. * .. py:currentmodule:: passlib.hash :class:`scrypt`: Now uses python 3.6 stdlib's :func:`hashlib.scrypt` as backend, if present
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 21 10:24:19 2017 UTC (6 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
1.7.1: Argon2 & Scrypt hash support TOTP support PBKDF2 now has faster builtin backend, and utilizes other backends where available Lots of API cleanups and internal refactoring HtpasswdFile reader is now more flexible, and with improved security options. Refreshed documentation
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jun 8 17:43:38 2016 UTC (7 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Switch to MASTER_SITES_PYPI.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Aug 14 18:46:33 2015 UTC (8 years, 3 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.3: +4 -5
lines
Diff to previous 1.3 (colored)
Update py-passlib to 1.6.5.
**1.6.5** (2015-08-04) ======================
Fixed some minor bugs in the test suite which were causing
erroneous test failures (:issue:`57` and :issue:`58`). The passlib
library itself is unchanged.
**1.6.4** (2015-07-25) ======================
This release rolls up assorted bug & compatibility fixes since
1.6.2.
Bugfixes --------
* Correctly detect bcrypt 2.0. Previous releases were incorrectly
detecting it as py-bcrypt,
causing spurious errors (:issue:`56`).
* CryptContext now accepts scheme names as unicode (:issue:`54`).
* :mod:`passlib.ext.django` now works correctly with Django
1.7-1.8. Previous
releases had various test failures (:issue:`52`).
* :class:`passlib.apache.HtpasswdFile` now recognizes bcrypt,
sha256_crypt, sha512_crypt
hashes (:issue:`55`).
BCrypt Changes --------------
A few changes have been made to the :class:`~passlib.hash.bcrypt`
hash:
* It now supports the ``$2b$`` hash format.
* It will now issue a :exc:`~passlib.exc.PasslibSecurityWarning`
if the active backend
is vulnerable to the :ref:`wraparound bug <bsd-wraparound-bug>`,
and automatically enable a workaround (py-bcrypt is known to
be vulnerable as of v0.4).
* It will throw a :exc:`~passlib.exc.PasslibSecurityError` if
the active backend
is vulnerable to the :ref:`8-bit bug <crypt-blowfish-bug>`
(none of Passlib's backends are known to be vulnerable as of
2015-07).
* Updated documentation to indicate the cffi-based `bcrypt
<https://pypi.python.org/pypi/bcrypt>`_
library is now the recommended bcrypt backend.
* Backend capability detection code refactored to rely on runtime
detection
rather than hardcoded information.
Other Changes -------------
* Source repo's ``tox.ini`` updated. Now assumes python3 by
default, and refactored test
environments to more cleanly delineate the different setups
being tested.
* Passlib releases are now published as wheels instead of eggs.
.. note::
Release **1.6.3** was skipped due to upload issues.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:20 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.2: +1 -3
lines
Diff to previous 1.2 (colored)
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jan 1 17:46:20 2014 UTC (9 years, 11 months ago) by kleink
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Update py-passlib to 1.6.2.
**1.6.2** (2013-12-26)
======================
Minor changes & compatibility fixes
* Re-tuned the :attr:`~passlib.ifc.PasswordHash.default_rounds`
values for all of the hashes.
* Added the new :doc:`bcrypt_sha256 <lib/passlib.hash.bcrypt_sha256>` hash,
which wraps BCrypt using SHA256 in order to work around
BCrypt's password size limitations (:issue:`43`).
* :doc:`passlib.hash.bcrypt <lib/passlib.hash.bcrypt>`:
Added support for the `bcrypt <https://pypi.python.org/pypi/bcrypt>`_
library as one of the possible bcrypt backends that will be
used if available. (:issue:`49`)
* :mod:`passlib.ext.django`: Passlib's Django extension
(and it's related hashes and unittests) have been updated to
handle some minor API changes in Django 1.5-1.6. They should
now be compatible with Django 1.2 and up. (:issue:`50`)
Revision 1.1 / (download) - annotate - [select for diffs], Mon Aug 5 17:42:19 2013 UTC (10 years, 4 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Import passlib-1.6.1 as security/py-passlib. Passlib is a password hashing library for Python 2 & 3, which provides cross-platform implementations of over 30 password hashing algorithms, as well as a framework for managing existing password hashes. It's designed to be useful for a wide range of tasks, from verifying a hash found in /etc/shadow, to providing full-strength password hashing for multi-user application.