[issue13733] Change required to sysconfig.py for Python 2.7.2 on OS/2
Paul Smedley p...@smedley.id.au added the comment: When I get some spare time, I'll test the default code using Andy Mac's last build of Python - which afaik was 2.4.x and see if it works correctly -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13733 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13642] urllib incorrectly quotes username and password in https basic auth
Michele Orrù maker...@gmail.com added the comment: Whoops, probably I tested using $ python instead of $ ./python.exe - Attaching two patches, one keeps using map(), but definitely changes unquote() behavior; the other simply asserts user_passwd exists before using unquote(). Well, concerning the class field abuse, HTTPConnection._buffer attribute might help? The point is that I can't find an easy way to get the HTTPConnection instance from an urlopen(). -- Added file: http://bugs.python.org/file24191/issue13642.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13642 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13642] urllib incorrectly quotes username and password in https basic auth
Changes by Michele Orrù maker...@gmail.com: Removed file: http://bugs.python.org/file24186/issue13642.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13642 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13642] urllib incorrectly quotes username and password in https basic auth
Changes by Michele Orrù maker...@gmail.com: Added file: http://bugs.python.org/file24192/issue13642_with_map.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13642 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13755] str.endswith and str.startswith do not take lists of strings
Mark Dickinson dicki...@gmail.com added the comment: No, but they take tuples: 'abcd'.endswith(('a', 'b')) False 'abcd'.endswith(('c', 'd')) True Suggest closing as out of date. -- nosy: +mark.dickinson type: behavior - enhancement versions: +Python 3.3 -Python 3.1 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13755 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
STINNER Victor victor.stin...@haypocalc.com added the comment: Version 3 of my patch: - Add PYTHONHASHSEED environment variable to get a fixed seed or to disable the randomized hash function (PYTHONHASHSEED=0) - Add tests on the randomized hash function - Add more tests on os.urandom() -- Added file: http://bugs.python.org/file24193/random-3.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst --- a/Doc/using/cmdline.rst +++ b/Doc/using/cmdline.rst @@ -460,6 +460,13 @@ These environment variables influence Py option. +.. envvar:: PYTHONHASHSEED + + If this is set, it is used as a fixed seed for the Unicode randomized hash: + number in range [0; 4294967295]. The value 0 disables the Unicode randomized + hash. + + .. envvar:: PYTHONIOENCODING If this is set before running the interpreter, it overrides the encoding used diff --git a/Include/pythonrun.h b/Include/pythonrun.h --- a/Include/pythonrun.h +++ b/Include/pythonrun.h @@ -246,6 +246,8 @@ typedef void (*PyOS_sighandler_t)(int); PyAPI_FUNC(PyOS_sighandler_t) PyOS_getsig(int); PyAPI_FUNC(PyOS_sighandler_t) PyOS_setsig(int, PyOS_sighandler_t); +/* Random */ +PyAPI_FUNC(int PyOS_URandom) (void *buffer, Py_ssize_t size); #ifdef __cplusplus } diff --git a/Include/unicodeobject.h b/Include/unicodeobject.h --- a/Include/unicodeobject.h +++ b/Include/unicodeobject.h @@ -376,6 +376,18 @@ typedef struct { PyAPI_DATA(PyTypeObject) PyUnicode_Type; PyAPI_DATA(PyTypeObject) PyUnicodeIter_Type; +/* Issue #13703: add 2 x sizeof(Py_hash_t) random bytes to the output of + hash(str) to make the dict hash attack more complex. The attack computes N + strings with the same hash value to exploit to worst case of a dict lookup: + O(n^2) complexity. Without these random bytes, an attacker can precompute + the N keys only once to cause a denial of service. See oCERT advisory for the + details: http://www.ocert.org/advisories/ocert-2011-003.html */ +typedef struct { +Py_hash_t prefix; +Py_hash_t suffix; +} _Py_unicode_hash_secret_t; +PyAPI_DATA(_Py_unicode_hash_secret_t) _Py_unicode_hash_secret; + #define PyUnicode_Check(op) \ PyType_FastSubclass(Py_TYPE(op), Py_TPFLAGS_UNICODE_SUBCLASS) #define PyUnicode_CheckExact(op) (Py_TYPE(op) == PyUnicode_Type) diff --git a/Lib/os.py b/Lib/os.py --- a/Lib/os.py +++ b/Lib/os.py @@ -761,23 +761,6 @@ try: except NameError: # statvfs_result may not exist pass -if not _exists(urandom): -def urandom(n): -urandom(n) - str - -Return a string of n random bytes suitable for cryptographic use. - - -try: -_urandomfd = open(/dev/urandom, O_RDONLY) -except (OSError, IOError): -raise NotImplementedError(/dev/urandom (or equivalent) not found) -bs = b -while len(bs) n: -bs += read(_urandomfd, n - len(bs)) -close(_urandomfd) -return bs - # Supply os.popen() def popen(cmd, mode=r, buffering=-1): if not isinstance(cmd, str): diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py --- a/Lib/test/test_os.py +++ b/Lib/test/test_os.py @@ -12,6 +12,7 @@ import subprocess import time import shutil from test import support +from test.script_helper import assert_python_ok import contextlib import mmap import platform @@ -630,14 +631,32 @@ class DevNullTests(unittest.TestCase): self.assertEqual(f.read(), b'') class URandomTests(unittest.TestCase): -def test_urandom(self): -try: -self.assertEqual(len(os.urandom(1)), 1) -self.assertEqual(len(os.urandom(10)), 10) -self.assertEqual(len(os.urandom(100)), 100) -self.assertEqual(len(os.urandom(1000)), 1000) -except NotImplementedError: -pass +def test_urandom_length(self): +self.assertEqual(len(os.urandom(1)), 1) +self.assertEqual(len(os.urandom(10)), 10) +self.assertEqual(len(os.urandom(100)), 100) +self.assertEqual(len(os.urandom(1000)), 1000) + +def test_urandom_value(self): +data1 = os.urandom(16) +data2 = os.urandom(16) +self.assertNotEqual(data1, data2) + +def get_urandom_subprocess(self, count): +code = '\n'.join(( +'import os, sys', +'data = os.urandom(%s)' % count, +'sys.stdout.buffer.write(data)', +'sys.stdout.buffer.flush()')) +out = assert_python_ok('-c', code) +stdout = out[1] +self.assertEqual(len(stdout), 16) +return stdout + +def test_urandom_subprocess(self): +data1 = self.get_urandom_subprocess(16) +data2 = self.get_urandom_subprocess(16) +self.assertNotEqual(data1, data2) @contextlib.contextmanager def _execvpe_mockup(defpath=None): diff --git
[issue13755] str.endswith and str.startswith do not take lists of strings
Eric V. Smith e...@trueblade.com added the comment: It seems like a set would make more sense than a tuple. And if tuples, why not lists? Not that it matters much, since I doubt it's worth changing in either case. It's easy enough for the caller to convert. -- nosy: +eric.smith ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13755 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13755] str.endswith and str.startswith do not take lists of strings
Changes by Raymond Hettinger raymond.hettin...@gmail.com: -- resolution: - rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13755 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13756] Python3.2.2 make fail on cygwin
New submission from Holger hol...@bille.dk: Downloaded Python-3.2.2.tar cd Python-3.2.2 ./configure make Fail on: . ranlib libpython3.2m.a make: *** No rule to make target `libpython3.2m.dll.a', needed by `python.exe'. Stop. libpython3.2m.a was built successfully: $ ls -l libpython3.2m.a -rw-r--r--+ 1 hbille Domain Users 7182050 Jan 10 13:31 libpython3.2m.a I am not sure which part is incorrect. The name with or without dll -- components: Installation messages: 151014 nosy: holgerd00d priority: normal severity: normal status: open title: Python3.2.2 make fail on cygwin versions: Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13756 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5998] Add __bool__ to threading.Event and multiprocessing.Event
Florian Berger fber...@florian-berger.de added the comment: Voting for re-opening. I am currently porting a non-threaded function for use within a threaded application. If threading.Event had __bool__, it would be a drop-in replacement for simple True/False flags that can not be used in multithreaded code. To me, it is actually surprising that I can not do tests like if event: IMHO, if event.is_set(): ... is unnecessarily complicated, especially with the documentation speaking of a true/false flag all the time. I will subclass threading.Event now and add __bool__, but I don't feel this is a nice solution. -- nosy: +fberger ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue5998 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12736] Request for python casemapping functions to use full not simple casemaps per Unicode's recommendation
Benjamin Peterson benja...@python.org added the comment: __ap__'s implementation method is about 2x faster than mine. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12736 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
Antoine Pitrou pit...@free.fr added the comment: Version 3 of my patch: - Add PYTHONHASHSEED environment variable to get a fixed seed or to disable the randomized hash function (PYTHONHASHSEED=0) - Add tests on the randomized hash function - Add more tests on os.urandom() You forgot random.c. +PyErr_SetString(PyExc_RuntimeError, Fail to generate random bytes); I would put an OSError and preserve the errno. +def test_null_hash(self): +# PYTHONHASHSEED=0 disables the randomized hash +self.assertEqual(self.get_hash(abc, 0), -1600925533) + +def test_fixed_hash(self): +# test a fixed seed for the randomized hash +self.assertEqual(self.get_hash(abc, 42), -206076799) This is portable on both 32-bit and 64-bit builds? -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13642] urllib incorrectly quotes username and password in https basic auth
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 01ef13e9e225 by Senthil Kumaran in branch '2.7': - Issue #13642: Unquote before b64encoding user:password during Basic http://hg.python.org/cpython/rev/01ef13e9e225 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13642 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13642] urllib incorrectly quotes username and password in https basic auth
Senthil Kumaran sent...@uthcode.com added the comment: Joonas and Michele - The fix along with the tests is in for 2.7 line. W.r.t to tests having it in the class level buf seems to be only easy way, for other it seemed to be that FakeSocket and FakeConnection stuff need some major change (and resulted in breaking of some tests). I thought it is better to push it in the current form as we use the buf for temporary storage and verification. I think, those tests can be brought into 3.x line as well. -- resolution: - fixed stage: patch review - committed/rejected ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13642 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9637] docs do not say that urllib uses HTTP_PROXY
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 3370fa13ed73 by Senthil Kumaran in branch '3.2': Issue9637 - Explain in getproxies_environment that scheme_proxy environ variable case does not matter. http://hg.python.org/cpython/rev/3370fa13ed73 New changeset eb028b3c62c9 by Senthil Kumaran in branch 'default': Merge from 3.2 - Issue9637 - Explain in getproxies_environment that scheme_proxy environ variable case does not matter. http://hg.python.org/cpython/rev/eb028b3c62c9 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9637 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9637] docs do not say that urllib uses HTTP_PROXY
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 4a30eae3b945 by Senthil Kumaran in branch '2.7': port to 2.7 - Issue9637 - Details that case of Proxy env var does not matter. http://hg.python.org/cpython/rev/4a30eae3b945 -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9637 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9637] docs do not say that urllib uses HTTP_PROXY
Senthil Kumaran sent...@uthcode.com added the comment: This is fixed. Thanks for your contribution. -- resolution: - fixed stage: needs patch - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue9637 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13757] os.fdlistdir() should not close the file descriptor given in argument
New submission from Charles-François Natali neolo...@free.fr: os.fdlistdir() closes the FD passed as argument. This is annoying, since in 99% of the cases you'd like to keep FD intact, so you end up doing os.fdlistdir(os.dup(fd)). Here's a patch that duplicates the FD in fdlistdir(), so that the original FD is kept intact, which is much more natural (at least to me :). That's an API change, but since fdlistdir() has been introduced in 3.3 which hasn't been released yet, I think it should be acceptable. -- components: Extension Modules files: fdlistdir_noclose.diff keywords: patch messages: 151023 nosy: neologix, pitrou, rosslagerwall priority: normal severity: normal status: open title: os.fdlistdir() should not close the file descriptor given in argument type: behavior versions: Python 3.3 Added file: http://bugs.python.org/file24194/fdlistdir_noclose.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13757 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13757] os.fdlistdir() should not close the file descriptor given in argument
Antoine Pitrou pit...@free.fr added the comment: Agreed with the change. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13757 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13757] os.fdlistdir() should not close the file descriptor given in argument
Ross Lagerwall rosslagerw...@gmail.com added the comment: The reason I made it like that was that it seemed closer to the fdopendir() function which steals the fd for internal use. However, I agree that it makes more sense to dup() it. Patch looks good. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13757 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13685] argparse does not sanitize help strings for % signs
Steven Bethard steven.beth...@gmail.com added the comment: Eric's suggested doc fix looks good to me. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13685 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13757] os.fdlistdir() should not close the file descriptor given in argument
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 6d395ed03f95 by Charles-François Natali in branch 'default': Issue #13757: Change os.fdlistdir() so that it duplicates the passed file http://hg.python.org/cpython/rev/6d395ed03f95 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13757 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12760] Add create mode to open()
Charles-François Natali neolo...@free.fr added the comment: Nick suggested to call the new flag exclusive create in the doc (and explain in whatsnew that it's based C11 new 'x' flag). Could someone please check the attached patch? My wording sounds really clumsy, so I'd prefer if a native speaker could review it. -- nosy: +ncoghlan Added file: http://bugs.python.org/file24195/x_flag.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12760 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13757] os.fdlistdir() should not close the file descriptor given in argument
Charles-François Natali neolo...@free.fr added the comment: Thanks! -- resolution: - fixed stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13757 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13645] import machinery vulnerable to timestamp collisions
Brett Cannon br...@python.org added the comment: On Mon, Jan 9, 2012 at 18:05, Antoine Pitrou rep...@bugs.python.org wrote: Antoine Pitrou pit...@free.fr added the comment: I'm not suggesting two stat calls (in the general case); you would call one or the other depending on the magic number of the pyc file. The proposal is to store both mtime and size, actually, to make false positives less likely. Then a method that returns some object representing all of the needed info on the source file is needed, but that does NOT blindly return the stat info (eg. modification date, file size, and even source as bytes can be in this object). It could even have methods to generate the bytecode, etc. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13645 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
STINNER Victor victor.stin...@haypocalc.com added the comment: Patch version 4: - os.urandom() raises again exceptions on failure - drop support of VMS (which used RAND_pseudo_bytes from OpenSSL): I don't see how to link Python/random.c to libcrypto on VMS, I don't have VMS, and it don't see how it was working because posixmodule.c was neither linked to libcrypto !? - fix test_dict, test_gdb, test_builtin - win32_urandom() handles size bigger than INT_MAX using a loop (it may be DWORD max instead?) - _PyRandom_Init() does nothing it is called twice to fix a _testembed failure (don't change the Unicode secret because Python stores some strings somewhere and never destroy them) -- Added file: http://bugs.python.org/file24196/random-4.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13734] Add a generic directory walker method to avoid symlink attacks
Charles-François Natali neolo...@free.fr added the comment: Here's a patch with tests and documentation. I noticed something surprising: walk() with followlinks=False returns links to directories as directories (in dirnames). I find this surprising, since if you don't follow symlinks, those are just files (and you don't recurse into it). Also, it's a pain when you want to remove dirnames, since you have to distinguish between a link and a directory (unlink()/rmdir() or unlinkat() without/with AT_REMOVEDIR) To be consistent with this behavior, I had to change fdwalk() (I renamed it to be consistent with fdlistdir()) to perform a call to fstatat() without AT_SYMLINK_NOFOLLOW, since otherwise it would report such links as files. So the bottom line is that because of this, you can have up to 3 stat() calls per entry: - fstatat(rootfd, name) - fstatat(rootfd, name, AT_SYMLINK_NOFOLLOW) right before opening the directory - fstat(dirfd) right after open to check that we're dealing with the same file (walk() currently uses two stat() per entry, so it's not too bad). -- Added file: http://bugs.python.org/file24197/fdwalk.diff ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13734 ___diff --git a/Doc/library/os.rst b/Doc/library/os.rst --- a/Doc/library/os.rst +++ b/Doc/library/os.rst @@ -2240,6 +2240,58 @@ os.rmdir(os.path.join(root, name)) +.. function:: fdwalk(top, topdown=True, onerror=None, followlinks=False) + + .. index:: + single: directory; walking + single: directory; traversal + +This behaves exactly like :func:`walk`, except that it yields a 4-tuple +``(dirpath, dirnames, filenames, dirfd)``. + + *dirpath*, *dirnames* and *filenames* are identical to :func:`walk` output, + and *dirfd* is an open file descriptor to the directory. + + .. note:: + + Since :func:`fdwalk` yields file descriptors, those are only valid until + the next iteration step, so you should duplicate them (e.g. with + :func:`dup`) if you want to keep them longer. + + .. note:: + + Contrarily to :func:`walk`, modifying the dirnames list in-place won't + affect the directories traversed. + + This example displays the number of bytes taken by non-directory files in each + directory under the starting directory:: + + import os + for root, dirs, files, rootfd in os.fdwalk('python/Lib/email'): + print(root, consumes, end=) + print(sum([os.fstatat(rootfd, name).st_size for name in files]), +end=) + print(bytes in, len(files), non-directory files) + + In the next example, walking the tree bottom-up is essential: + :func:`unlinkat` doesn't allow deleting a directory before the directory is + empty:: + + # Delete everything reachable from the directory named in top, + # assuming there are no symbolic links. + # CAUTION: This is dangerous! For example, if top == '/', it + # could delete all your disk files. + import os + for root, dirs, files, rootfd in os.fdwalk(top, topdown=False): + for name in files: + os.unlinkat(rootfd, name) + for name in dirs: + os.unlinkat(rootfd, name, os.AT_REMOVEDIR) + + Availability: Unix. + + .. versionadded:: 3.3 + .. _os-process: Process Management diff --git a/Doc/whatsnew/3.3.rst b/Doc/whatsnew/3.3.rst --- a/Doc/whatsnew/3.3.rst +++ b/Doc/whatsnew/3.3.rst @@ -478,6 +478,10 @@ (Patch submitted by Giampaolo Rodolà in :issue:`10784`.) +* The :mod:`os` module has a new :func:`~os.fdwalk` function similar to + :func:`~os.walk` excepts that it also yields an open file descriptor to the + directories visited. This is especially useful to avoid symlink races. + * at functions (:issue:`4761`): * :func:`~os.faccessat` diff --git a/Lib/os.py b/Lib/os.py --- a/Lib/os.py +++ b/Lib/os.py @@ -24,6 +24,7 @@ #' import sys, errno +import stat as st _names = sys.builtin_module_names @@ -32,6 +33,9 @@ defpath, name, path, devnull, SEEK_SET, SEEK_CUR, SEEK_END] +def _exists(name): +return name in globals() + def _get_exports_list(module): try: return list(module.__all__) @@ -120,7 +124,13 @@ umask(mask) return mode ~mask -#' +def _are_same_file(stat1, stat2): +Helper function that checks whether two stat results refer to the same +file. + +return (stat1.st_mode == stat2.st_mode and stat1.st_ino == stat2.st_ino and +stat1.st_dev == stat2.st_dev) +# # Super directory utilities. # (Inspired by Eric Raymond; the doc strings are mostly his) @@ -151,7 +161,6 @@ try: mkdir(name, mode) except OSError as e: -import stat as st if not (e.errno == errno.EEXIST and exist_ok and path.isdir(name) and st.S_IMODE(lstat(name).st_mode) == _get_masked_mode(mode)):
[issue13703] Hash collision security issue
STINNER Victor victor.stin...@haypocalc.com added the comment: Patch version 5 fixes test_unicode for 64-bit system. -- Added file: http://bugs.python.org/file24198/random-5.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
Changes by STINNER Victor victor.stin...@haypocalc.com: Removed file: http://bugs.python.org/file24142/random.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
Changes by STINNER Victor victor.stin...@haypocalc.com: Removed file: http://bugs.python.org/file24193/random-3.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
Changes by STINNER Victor victor.stin...@haypocalc.com: Removed file: http://bugs.python.org/file24143/random-2.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13703] Hash collision security issue
Changes by STINNER Victor victor.stin...@haypocalc.com: Removed file: http://bugs.python.org/file24196/random-4.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13703 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12736] Request for python casemapping functions to use full not simple casemaps per Unicode's recommendation
Changes by Benjamin Peterson benja...@python.org: Added file: http://bugs.python.org/file24199/full-casemapping.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12736 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13758] compile() should not encode 'filename' (at least on Windows)
New submission from Terry J. Reedy tjre...@udel.edu: The 3.2.2 doc for compile() says The filename argument should give the file from which the code was read; pass some recognizable value if it wasn’t read from a file ('string' is commonly used). I am not sure what 'recognizable' is supposed to mean, but as I understand it, it would be user-specific and any string containing a fake 'filename' should be accepted and attached to the output code object as the .co_filename attribute. (At least on Windows.) In fact, compile() has a hidden restriction: it encodes 'filename' with the local filesystem encoding. It tosses the bytes result (at least on Windows) but lets a UnicodeEncodeError terminate compilation. The effect is to add an undocumented and spurious dependency to code that has nothing to do with real files or the local machine. In #10114, msg118845, Victor Stinner justified this with co_filename attribute is used to display the traceback: Python opens the related file, read the source code line and display it. If the filename is fake, it cannot do that. (Perhaps the doc should warn users to make sure that fake filenames do not match any possibly real filenames ;-). The traceback mechanism could ignore UnicodeEncodeErrors just as well as it now ignores IO(?)Errors when open('fakename') does not not work. Victor continues On Windows, co_filename is directly used because Windows accepts unicode for filenames. This is not true in that on at least some Windows, compile tries to encode with the mbcs codec, which in turn uses the hidden local codepage. I believe that for most or all codepages, this will even raise errors for some valid Unicode filenames. I do not know whether the stored .co_filename attribute type for *nix is str, as on Windows, or bytes. If the latter, the doc should say so. If compile() continues to filter fake filenames, which I oppose, the doc should also say so and say what it does. This issue came up on python-list when someone used a Chinese filename and mbcs rejected it. -- components: Interpreter Core messages: 151034 nosy: terry.reedy priority: normal severity: normal stage: test needed status: open title: compile() should not encode 'filename' (at least on Windows) type: behavior versions: Python 3.2, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13758 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13759] Python 3.2.2 Mac installer version doesn't accept multibyte character in interactive mode
New submission from Atsushi Shibata shib...@webcore.co.jp: I installed Python 3.2.2 on Macintosh(Snow Leopard), by using installer on python.org. In interactive mode, it does not accept multibyte character. When I type Japanese character on it, it changes to ?. I tried to make Python 3.2.2 by using tar ball on the same machine. I can type Japanese character in interactive mode. I guess it's because of some minor issue, such as compile option is different etc. Thanks in advance. -- assignee: ronaldoussoren components: Macintosh messages: 151035 nosy: ats, ronaldoussoren priority: normal severity: normal status: open title: Python 3.2.2 Mac installer version doesn't accept multibyte character in interactive mode type: behavior versions: Python 3.2 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13759 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue13760] ConfigParser exceptions are not pickleable
New submission from Faheem Mitha fah...@faheem.info: I have not experienced this myself, but see http://stackoverflow.com/questions/2246384/multiprocessing-pool-hangs-when-there-is-a-exception-in-any-of-the-thread This appears to be another case of http://bugs.python.org/issue1692335 I also recently reported a similar problem at http://bugs.python.org/issue13751 Looking at the code for `NoOptionError` (see below) in 2.6 at least it would indeed be subject to the same problem. Perhaps some attention could be paid to resolving 1692335, which would presumably make this vexing problem go away? class NoOptionError(Error): A requested option was not found. def __init__(self, option, section): Error.__init__(self, No option %r in section: %r % (option, section)) self.option = option self.section = section -- components: Library (Lib) messages: 151036 nosy: fmitha priority: normal severity: normal status: open title: ConfigParser exceptions are not pickleable versions: Python 2.6 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue13760 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com