./security/py-passlib, Comprehensive password hashing framework supporting over 30 schemes

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.7.4nb1, Package name: py310-passlib-1.7.4nb1, Maintainer: kleink

Passlib is a password hashing library for Python 2 & 3, which
provides cross-platform implementations of over 30 password hashing
algorithms, as well as a framework for managing existing password
hashes. It's designed to be useful for a wide range of tasks, from
verifying a hash found in /etc/shadow, to providing full-strength
password hashing for multi-user application.

Required to run:
[devel/py-setuptools] [lang/python37]

Required to build:

Master sites:

Filesize: 673.676 KB

Version history: (Expand)

CVS history: (Expand)

   2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595)
Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2020-10-12 13:57:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-passlib: updated to 1.7.4

**1.7.4** (2020-10-08)

Small followup to 1.7.3 release.


* Fixed some Python 2.6 errors from last release (:issue:`128`)

Other Changes

* :mod:`passlib.ext.django` -- updated tests to pass for Django 1.8 - 3.1 \ 
  along with some internal refactoring of the test classes.

* .. py:currentmodule:: passlib.context

  :class:`CryptContext` will now throw :exc:`~passlib.exc.UnknownHashError` when \ 
it can't identify
  a hash provided to methods such as :meth:`!CryptContext.verify`.
  Previously it would throw a generic :exc:`ValueError`.


* :mod:`passlib.ext.django`: This extension will require Django 2.2 or newer as \ 
of Passlib 1.8.

**1.7.3** (2020-10-06)

This release rolls up assorted bug & compatibility fixes since 1.7.2.

Administrative Changes

.. rst-class:: without-title

.. note::

  **Passlib has moved to Heptapod!**

  Due to BitBucket deprecating Mercurial support, Passlib's public repository \ 
and issue tracker
  has been relocated.  It's now located at \ 
  and is powered by `Heptapod <https://heptapod.net/>`_.

  Hosting for this and other open-source projects graciously provided by the \ 
people at
  `Octobus <https://octobus.net/>`_ and `CleverCloud \ 

  The mailing list and documentation urls remain the same.

New Features

* .. py:currentmodule:: passlib.hash

  :class:`ldap_salted_sha512`: LDAP "salted hash" support added for \ 
SHA-256 and SHA-512 (:issue:`124`).


* .. py:currentmodule:: passlib.hash

  :class:`bcrypt`: Under python 3, OS native backend wasn't being detected on \ 
BSD platforms.
  This was due to a few internal issues in feature-detection code, which have \ 
been fixed.

* :func:`passlib.utils.safe_crypt`: Support :func:`crypt.crypt` unexpectedly
  returning bytes under Python 3 (:issue:`113`).

* :func:`passlib.utils.safe_crypt`: Support :func:`crypt.crypt` throwing \ 
  which can happen as of Python 3.9 (:issue:`115`).

* :mod:`passlib.ext.django`: fixed lru_cache import (django 3 compatibility)

* :mod:`!passlib.tests`: fixed bug where \ 
:meth:`HandlerCase.test_82_crypt_support` wasn't
  being run on systems lacking support for the hasher being tested.
  This test now runs regardless of system support.

Other Changes

* .. py:currentmodule:: passlib.hash

  :class:`bcrypt_sha256`:  Internal algorithm has been changed to use \ 
HMAC-SHA256 instead of
  plain SHA256.  This should strengthen the hash against brute-force attempts \ 
which bypass
  the intermediary hash by using known-sha256-digest lookup tables (:issue:`114`).

* .. py:currentmodule:: passlib.hash

  :class:`bcrypt`: OS native backend ("os_crypt") now raises the new \ 
  if password is provided as non-UTF8 bytes under python 3
  (These can't be passed through, due to limitation in stdlib's \ 
  Prior to this release, it confusingly raised \ 
:exc:`~passlib.exc.MissingBackendError` instead.

  Also improved legacy bcrypt format workarounds, to support a few more UTF8 \ 
edge cases than before.

* Modified some internals to help run on FIPS systems (:issue:`116`):

  In particular, when MD5 hash is not available, :class:`~passlib.hash.hex_md5`
  will now return a dummy hasher which throws an error if used; rather than throwing
  an uncaught :exc:`!ValueError` when an application attempts to import it.  \ 
(Similar behavior
  added for the other unsalted digest hashes).

  .. py:currentmodule:: passlib.crypto.digest

  Also, :func:`lookup_hash`'s ``required=False`` kwd was modified to report \ 
unsupported hashes
  via the :attr:`HashInfo.supported` attribute; rather than letting ValueErrors \ 
through uncaught.

  This should allow CryptContext instances to be created on FIPS systems without \ 
  a load-time error (though they will still receive an error if an attempt is \ 
made to actually
  *use* a FIPS-disabled hash).

* Internal errors calling stdlib's :func:`crypt.crypt`, or third party libraries,
  will now raise the new :exc:`~passlib.exc.InternalBackendError` (a RuntimeError);
  where previously it would raise an :exc:`AssertionError`.

* Various Python 3.9 compatibility fixes (including ``NotImplemented``-related \ 
warning, :issue:`125`)
   2020-09-27 12:38:25 by Klaus Klein | Files touched by this commit (1)
Log message:
py-passlib: Update HOMEPAGE.
   2019-11-24 12:36:53 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
py-passlib: updated to 1.7.2

This release rolls up assorted bug & compatibility fixes since 1.7.1.

New Features

* .. py:currentmodule:: passlib.hash
  :class:`argon2`: Now supports Argon2 "ID" and "D" hashes \ 
(assuming new enough backend library).
  Now defaults to "ID" hashes instead of "I" hashes, but \ 
this can be overridden via ``type`` keyword.

* .. py:currentmodule:: passlib.hash
  :class:`scrypt`: Now uses python 3.6 stdlib's :func:`hashlib.scrypt` as backend,
  if present
   2017-06-21 12:24:19 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Argon2 & Scrypt hash support
TOTP support
PBKDF2 now has faster builtin backend, and utilizes other backends where available
Lots of API cleanups and internal refactoring
HtpasswdFile reader is now more flexible, and with improved security options.
Refreshed documentation
   2016-06-08 19:43:49 by Thomas Klausner | Files touched by this commit (356)
Log message: