Your message dated Wed, 03 Dec 2025 15:48:51 +0000
with message-id <[email protected]>
and subject line Bug#1120247: fixed in flask-bcrypt 1.0.1-3
has caused the Debian Bug report #1120247,
regarding flask-bcrypt: FTBFS: E ValueError: password cannot be longer
than 72 bytes, truncate manually if necessary (e.g. my_password[:72])
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1120247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120247
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:flask-bcrypt
Version: 1.0.1-2
Severity: serious
Tags: ftbfs forky sid
Dear maintainer:
During a rebuild of all packages in unstable, this package failed to build.
Below you will find the last part of the build log (probably the most
relevant part, but not necessarily). If required, the full build log
is available here:
https://people.debian.org/~sanvila/build-logs/202511/
About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.
If you cannot reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.
If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:flask-bcrypt, so that this is still
visible in the BTS web page for this package.
Thanks.
--------------------------------------------------------------------------------
[...]
debian/rules clean
dh clean --with python3,sphinxdoc --buildsystem=pybuild
dh_auto_clean -O--buildsystem=pybuild
I: pybuild base:311: python3.13 setup.py clean
/usr/lib/python3/dist-packages/setuptools/_distutils/dist.py:289: UserWarning:
Unknown distribution option: 'test_suite'
warnings.warn(msg)
/usr/lib/python3/dist-packages/setuptools/dist.py:759:
SetuptoolsDeprecationWarning: License classifiers are deprecated.
!!
********************************************************************************
Please consider removing the following classifiers in favor of a SPDX
license expression:
License :: OSI Approved :: BSD License
See
https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license
for details.
********************************************************************************
!!
self._finalize_license_expression()
running clean
removing '/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_flask-bcrypt/build' (and
everything under it)
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-3.13' does not exist -- can't clean it
dh_autoreconf_clean -O--buildsystem=pybuild
dh_clean -O--buildsystem=pybuild
debian/rules binary
dh binary --with python3,sphinxdoc --buildsystem=pybuild
dh_update_autotools_config -O--buildsystem=pybuild
dh_autoreconf -O--buildsystem=pybuild
dh_auto_configure -O--buildsystem=pybuild
I: pybuild base:311: python3.13 setup.py config
/usr/lib/python3/dist-packages/setuptools/_distutils/dist.py:289: UserWarning:
Unknown distribution option: 'test_suite'
warnings.warn(msg)
/usr/lib/python3/dist-packages/setuptools/dist.py:759:
SetuptoolsDeprecationWarning: License classifiers are deprecated.
!!
********************************************************************************
Please consider removing the following classifiers in favor of a SPDX
license expression:
License :: OSI Approved :: BSD License
See
https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license
for details.
********************************************************************************
!!
self._finalize_license_expression()
running config
dh_auto_build -O--buildsystem=pybuild
I: pybuild base:311: /usr/bin/python3 setup.py build
/usr/lib/python3/dist-packages/setuptools/_distutils/dist.py:289: UserWarning:
Unknown distribution option: 'test_suite'
warnings.warn(msg)
/usr/lib/python3/dist-packages/setuptools/dist.py:759:
SetuptoolsDeprecationWarning: License classifiers are deprecated.
!!
********************************************************************************
Please consider removing the following classifiers in favor of a SPDX
license expression:
License :: OSI Approved :: BSD License
See
https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license
for details.
********************************************************************************
!!
self._finalize_license_expression()
running build
running build_py
copying flask_bcrypt.py ->
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_flask-bcrypt/build
dh_auto_test -O--buildsystem=pybuild
I: pybuild base:311: cd
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_flask-bcrypt/build; python3.13 -m
pytest
============================= test session starts ==============================
platform linux -- Python 3.13.9, pytest-8.4.2, pluggy-1.6.0
rootdir: /<<PKGBUILDDIR>>
plugins: typeguard-4.4.4
collected 14 items
test_bcrypt.py ....F......... [100%]
=================================== FAILURES ===================================
_______________________ BasicTestCase.test_long_password _______________________
self = <test_bcrypt.BasicTestCase testMethod=test_long_password>
def test_long_password(self):
"""Test bcrypt maximum password length.
The bcrypt algorithm has a maximum password length of 72 bytes, and
ignores any bytes beyond that."""
# Create a password with a 72 bytes length
password = 'A' * 72
pw_hash = self.bcrypt.generate_password_hash(password)
# Ensure that a longer password yields the same hash
> self.assertTrue(self.bcrypt.check_password_hash(pw_hash, 'A' * 80))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
test_bcrypt.py:65:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <flask_bcrypt.Bcrypt object at 0x7f83f7f33350>
pw_hash = b'$2b$06$rM6wSGy8DIUWOGk4YYM5/OOiUFihvKWXmzu3JENutUvzYGa/8ugd2'
password =
b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
def check_password_hash(self, pw_hash, password):
'''Tests a password hash against a candidate password. The candidate
password is first hashed and then subsequently compared in constant
time to the existing hash. This will either return `True` or `False`.
Example usage of :class:`check_password_hash` would look something
like this::
pw_hash = bcrypt.generate_password_hash('secret', 10)
bcrypt.check_password_hash(pw_hash, 'secret') # returns True
:param pw_hash: The hash to be compared against.
:param password: The password to compare.
'''
# Python 3 unicode strings must be encoded as bytes before hashing.
pw_hash = self._unicode_to_bytes(pw_hash)
password = self._unicode_to_bytes(password)
if self._handle_long_passwords:
password = hashlib.sha256(password).hexdigest()
password = self._unicode_to_bytes(password)
> return hmac.compare_digest(bcrypt.hashpw(password, pw_hash), pw_hash)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
E ValueError: password cannot be longer than 72 bytes, truncate manually
if necessary (e.g. my_password[:72])
flask_bcrypt.py:225: ValueError
=========================== short test summary info ============================
FAILED test_bcrypt.py::BasicTestCase::test_long_password - ValueError: passwo...
========================= 1 failed, 13 passed in 2.02s =========================
E: pybuild pybuild:389: test: plugin distutils failed with: exit code=1: cd
/<<PKGBUILDDIR>>/.pybuild/cpython3_3.13_flask-bcrypt/build; python3.13 -m
pytest
dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.13
returned exit code 13
make: *** [debian/rules:6: binary] Error 25
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------
--- End Message ---
--- Begin Message ---
Source: flask-bcrypt
Source-Version: 1.0.1-3
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
flask-bcrypt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated flask-bcrypt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 03 Dec 2025 15:25:13 +0000
Source: flask-bcrypt
Architecture: source
Version: 1.0.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1120247
Changes:
flask-bcrypt (1.0.1-3) unstable; urgency=medium
.
* Team upload.
* Fix test_long_password for bcrypt 5.0.0+ strict limit (closes:
#1120247).
Checksums-Sha1:
7f3abf621623bf79d5fa41a93421c9bab33f25e7 2577 flask-bcrypt_1.0.1-3.dsc
c9882d1939bdf15ccb2a219ef1aeb603c6100d8b 5296
flask-bcrypt_1.0.1-3.debian.tar.xz
39de317a8eba191a2fcacc7097cd6ede80d4239b 156504 flask-bcrypt_1.0.1-3.git.tar.xz
7c860cfe7324b060f341249d80639b0687615ce2 18238
flask-bcrypt_1.0.1-3_source.buildinfo
Checksums-Sha256:
c5ac8a7b3015ecc317fa3cfdd1e29120e823ad7032e20f95a79014465a5ac0c9 2577
flask-bcrypt_1.0.1-3.dsc
277d38de8927fd507e0626cc14fb7191482c111e3ecdcda057dee9ce076169c6 5296
flask-bcrypt_1.0.1-3.debian.tar.xz
f4b9a99796ddc05206d61858e4b38c923a021790cccdc7c39847e2b9a3bca323 156504
flask-bcrypt_1.0.1-3.git.tar.xz
ef124d2c1346c8a7474c2ba386432a72f5b5c4e2359bdbe015eef5e3479c1c25 18238
flask-bcrypt_1.0.1-3_source.buildinfo
Files:
85a5d79d7563682c53ccdf5b7e7cd8a2 2577 python optional flask-bcrypt_1.0.1-3.dsc
0381e93e42de1714c3cea836d85dbb44 5296 python optional
flask-bcrypt_1.0.1-3.debian.tar.xz
ef8d77d282509526f626a4a83596ed9c 156504 python optional
flask-bcrypt_1.0.1-3.git.tar.xz
1f573b75ec90c170f030b158e195deff 18238 python optional
flask-bcrypt_1.0.1-3_source.buildinfo
Git-Tag-Info: tag=e9337a2d617147efbfe7c413c6345cfd5c4ac9bd
fp=ac0a4ff12611b6fccf01c111393587d97d86500b
Git-Tag-Tagger: Colin Watson <[email protected]>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEN02M5NuW6cvUwJcqYG0ITkaDwHkFAmkwVrwACgkQYG0ITkaD
wHkgqBAArLhOEYQeeMiFYGu66bY4Deu6te7RXB8LI0b41EIAICVFh0Fr0JXJj3lt
XD6G57sXDZ4AZp/jBtI7g5xa2yfqLKrsEFP1zUrmNRYfKatW4UCL7XdaICaotaCw
/7v5sMUpKu8SJmUBbmE5lowDljecznoIJnZw26nVroRsTTaITZsDVLnFSGTreCtC
+9nXEfMMuOaeywZP+gWd1WXsK0k2x4UEKTeYOcVj8x1T/LYbiG8/x2fjAuOjLqxh
IEhN9sI90jEteebsBg5BJS6I7jfNW3UkpgjoKJBh767Aws0jKNIqtYHVXSi97mTE
lIY+XWdXm83g3POdoNlBVubCk66+z4mFIJwUK/rbB9smFL2COj2LdZNhpOp8fZvL
MsDK9lSy8VJCV7mRCYNN8rKj3DSPTgMJkHTfyQBF9UxHRu/qmykT4lX/TfO4a1vY
3O9pzgQi3cYpoACXHEQMsFD0RnZK94ANY6Yf+0U7MspUxQ6H+ReLEgmAUQj400Fw
CkNRKii5aFhDTfWH3CpE7c7VXCr/Igk6GM6AhI1q12giO/mfHboBCB8lW85iQYus
R4/3+xC8HYyvZ3gFGg3Ihm+LjMyKm1Mqa53NwVds//o0szhVF00h1bDWssLsuA8O
TGmo6DLTyrmfFKTnHiMTMpk5e1gbi4hYokQzjzGiLKqeQgOlVwY=
=8iLd
-----END PGP SIGNATURE-----
pgpG5_EV00zN2.pgp
Description: PGP signature
--- End Message ---
