[issue13733] Change required to sysconfig.py for Python 2.7.2 on OS/2

[Paul Smedley]

Paul Smedley p...@smedley.id.au added the comment:

When I get some spare time, I'll test the default code using Andy Mac's last 
build of Python - which afaik was 2.4.x and see if it works correctly

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13733
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13642] urllib incorrectly quotes username and password in https basic auth

[Michele Orrù]

Michele Orrù maker...@gmail.com added the comment:

Whoops, probably I tested using $ python instead of $ ./python.exe - 
Attaching two patches, one keeps using map(), but definitely changes unquote() 
behavior; the other simply asserts user_passwd exists before using unquote().

Well, concerning the class field abuse, HTTPConnection._buffer attribute might 
help? The point is that I can't find an easy way to get the HTTPConnection 
instance from an urlopen().

--
Added file: http://bugs.python.org/file24191/issue13642.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13642] urllib incorrectly quotes username and password in https basic auth

[Michele Orrù]

Changes by Michele Orrù maker...@gmail.com:


Removed file: http://bugs.python.org/file24186/issue13642.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13642] urllib incorrectly quotes username and password in https basic auth

[Michele Orrù]

Changes by Michele Orrù maker...@gmail.com:


Added file: http://bugs.python.org/file24192/issue13642_with_map.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13755] str.endswith and str.startswith do not take lists of strings

[Mark Dickinson]

Mark Dickinson dicki...@gmail.com added the comment:

No, but they take tuples:

 'abcd'.endswith(('a', 'b'))
False
 'abcd'.endswith(('c', 'd'))
True

Suggest closing as out of date.

--
nosy: +mark.dickinson
type: behavior - enhancement
versions: +Python 3.3 -Python 3.1

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13755
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

STINNER Victor victor.stin...@haypocalc.com added the comment:

Version 3 of my patch:
 - Add PYTHONHASHSEED environment variable to get a fixed seed or to
disable the randomized hash function (PYTHONHASHSEED=0)
 - Add tests on the randomized hash function
 - Add more tests on os.urandom()

--
Added file: http://bugs.python.org/file24193/random-3.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___diff --git a/Doc/using/cmdline.rst b/Doc/using/cmdline.rst
--- a/Doc/using/cmdline.rst
+++ b/Doc/using/cmdline.rst
@@ -460,6 +460,13 @@ These environment variables influence Py
option.
 
 
+.. envvar:: PYTHONHASHSEED
+
+   If this is set, it is used as a fixed seed for the Unicode randomized hash:
+   number in range [0; 4294967295]. The value 0 disables the Unicode randomized
+   hash.
+
+
 .. envvar:: PYTHONIOENCODING
 
If this is set before running the interpreter, it overrides the encoding 
used
diff --git a/Include/pythonrun.h b/Include/pythonrun.h
--- a/Include/pythonrun.h
+++ b/Include/pythonrun.h
@@ -246,6 +246,8 @@ typedef void (*PyOS_sighandler_t)(int);
 PyAPI_FUNC(PyOS_sighandler_t) PyOS_getsig(int);
 PyAPI_FUNC(PyOS_sighandler_t) PyOS_setsig(int, PyOS_sighandler_t);
 
+/* Random */
+PyAPI_FUNC(int PyOS_URandom) (void *buffer, Py_ssize_t size);
 
 #ifdef __cplusplus
 }
diff --git a/Include/unicodeobject.h b/Include/unicodeobject.h
--- a/Include/unicodeobject.h
+++ b/Include/unicodeobject.h
@@ -376,6 +376,18 @@ typedef struct {
 PyAPI_DATA(PyTypeObject) PyUnicode_Type;
 PyAPI_DATA(PyTypeObject) PyUnicodeIter_Type;
 
+/* Issue #13703: add 2 x sizeof(Py_hash_t) random bytes to the output of
+   hash(str) to make the dict hash attack more complex. The attack computes N
+   strings with the same hash value to exploit to worst case of a dict lookup:
+   O(n^2) complexity. Without these random bytes, an attacker can precompute
+   the N keys only once to cause a denial of service. See oCERT advisory for 
the
+   details: http://www.ocert.org/advisories/ocert-2011-003.html */
+typedef struct {
+Py_hash_t prefix;
+Py_hash_t suffix;
+} _Py_unicode_hash_secret_t;
+PyAPI_DATA(_Py_unicode_hash_secret_t) _Py_unicode_hash_secret;
+
 #define PyUnicode_Check(op) \
  PyType_FastSubclass(Py_TYPE(op), Py_TPFLAGS_UNICODE_SUBCLASS)
 #define PyUnicode_CheckExact(op) (Py_TYPE(op) == PyUnicode_Type)
diff --git a/Lib/os.py b/Lib/os.py
--- a/Lib/os.py
+++ b/Lib/os.py
@@ -761,23 +761,6 @@ try:
 except NameError: # statvfs_result may not exist
 pass
 
-if not _exists(urandom):
-def urandom(n):
-urandom(n) - str
-
-Return a string of n random bytes suitable for cryptographic use.
-
-
-try:
-_urandomfd = open(/dev/urandom, O_RDONLY)
-except (OSError, IOError):
-raise NotImplementedError(/dev/urandom (or equivalent) not found)
-bs = b
-while len(bs)  n:
-bs += read(_urandomfd, n - len(bs))
-close(_urandomfd)
-return bs
-
 # Supply os.popen()
 def popen(cmd, mode=r, buffering=-1):
 if not isinstance(cmd, str):
diff --git a/Lib/test/test_os.py b/Lib/test/test_os.py
--- a/Lib/test/test_os.py
+++ b/Lib/test/test_os.py
@@ -12,6 +12,7 @@ import subprocess
 import time
 import shutil
 from test import support
+from test.script_helper import assert_python_ok
 import contextlib
 import mmap
 import platform
@@ -630,14 +631,32 @@ class DevNullTests(unittest.TestCase):
 self.assertEqual(f.read(), b'')
 
 class URandomTests(unittest.TestCase):
-def test_urandom(self):
-try:
-self.assertEqual(len(os.urandom(1)), 1)
-self.assertEqual(len(os.urandom(10)), 10)
-self.assertEqual(len(os.urandom(100)), 100)
-self.assertEqual(len(os.urandom(1000)), 1000)
-except NotImplementedError:
-pass
+def test_urandom_length(self):
+self.assertEqual(len(os.urandom(1)), 1)
+self.assertEqual(len(os.urandom(10)), 10)
+self.assertEqual(len(os.urandom(100)), 100)
+self.assertEqual(len(os.urandom(1000)), 1000)
+
+def test_urandom_value(self):
+data1 = os.urandom(16)
+data2 = os.urandom(16)
+self.assertNotEqual(data1, data2)
+
+def get_urandom_subprocess(self, count):
+code = '\n'.join((
+'import os, sys',
+'data = os.urandom(%s)' % count,
+'sys.stdout.buffer.write(data)',
+'sys.stdout.buffer.flush()'))
+out = assert_python_ok('-c', code)
+stdout = out[1]
+self.assertEqual(len(stdout), 16)
+return stdout
+
+def test_urandom_subprocess(self):
+data1 = self.get_urandom_subprocess(16)
+data2 = self.get_urandom_subprocess(16)
+self.assertNotEqual(data1, data2)
 
 @contextlib.contextmanager
 def _execvpe_mockup(defpath=None):
diff --git 

[issue13755] str.endswith and str.startswith do not take lists of strings

[Eric V. Smith]

Eric V. Smith e...@trueblade.com added the comment:

It seems like a set would make more sense than a tuple. And if tuples, why not 
lists?

Not that it matters much, since I doubt it's worth changing in either case. 
It's easy enough for the caller to convert.

--
nosy: +eric.smith

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13755
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13755] str.endswith and str.startswith do not take lists of strings

[Raymond Hettinger]

Changes by Raymond Hettinger raymond.hettin...@gmail.com:


--
resolution:  - rejected
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13755
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13756] Python3.2.2 make fail on cygwin

[Holger]

New submission from Holger hol...@bille.dk:

Downloaded Python-3.2.2.tar
cd Python-3.2.2
./configure
make

Fail on:

.
ranlib libpython3.2m.a
make: *** No rule to make target `libpython3.2m.dll.a', needed by `python.exe'. 
 Stop.


libpython3.2m.a was built successfully:

$ ls -l libpython3.2m.a
-rw-r--r--+ 1 hbille Domain Users 7182050 Jan 10 13:31 libpython3.2m.a


I am not sure which part is incorrect. The name with or without dll

--
components: Installation
messages: 151014
nosy: holgerd00d
priority: normal
severity: normal
status: open
title: Python3.2.2 make fail on cygwin
versions: Python 3.2

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13756
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue5998] Add __bool__ to threading.Event and multiprocessing.Event

[Florian Berger]

Florian Berger fber...@florian-berger.de added the comment:

Voting for re-opening.

I am currently porting a non-threaded function for use within a threaded 
application. If threading.Event had __bool__, it would be a drop-in replacement 
for simple True/False flags that can not be used in multithreaded code.

To me, it is actually surprising that I can not do tests like if event:  
IMHO, if event.is_set(): ... is unnecessarily complicated, especially with 
the documentation speaking of a true/false flag all the time.

I will subclass threading.Event now and add __bool__, but I don't feel this is 
a nice solution.

--
nosy: +fberger

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5998
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12736] Request for python casemapping functions to use full not simple casemaps per Unicode's recommendation

[Benjamin Peterson]

Benjamin Peterson benja...@python.org added the comment:

__ap__'s implementation method is about 2x faster than mine.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12736
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[Antoine Pitrou]

Antoine Pitrou pit...@free.fr added the comment:

 Version 3 of my patch:
  - Add PYTHONHASHSEED environment variable to get a fixed seed or to
 disable the randomized hash function (PYTHONHASHSEED=0)
  - Add tests on the randomized hash function
  - Add more tests on os.urandom()

You forgot random.c.

+PyErr_SetString(PyExc_RuntimeError, Fail to generate random
bytes);

I would put an OSError and preserve the errno.

+def test_null_hash(self):
+# PYTHONHASHSEED=0 disables the randomized hash
+self.assertEqual(self.get_hash(abc, 0), -1600925533)
+
+def test_fixed_hash(self):
+# test a fixed seed for the randomized hash
+self.assertEqual(self.get_hash(abc, 42), -206076799)

This is portable on both 32-bit and 64-bit builds?

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13642] urllib incorrectly quotes username and password in https basic auth

[Roundup Robot]

Roundup Robot devn...@psf.upfronthosting.co.za added the comment:

New changeset 01ef13e9e225 by Senthil Kumaran in branch '2.7':
- Issue #13642: Unquote before b64encoding user:password during Basic
http://hg.python.org/cpython/rev/01ef13e9e225

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13642] urllib incorrectly quotes username and password in https basic auth

[Senthil Kumaran]

Senthil Kumaran sent...@uthcode.com added the comment:

Joonas and Michele - The fix along with the tests is in for 2.7 line. W.r.t to 
tests having it in the class level buf seems to be only easy way, for other it 
seemed to be that FakeSocket and FakeConnection stuff need some major change 
(and resulted in breaking of some tests). I thought it is better to push it in 
the current form as we use the buf for temporary storage and verification.
I think, those tests can be brought into 3.x line as well.

--
resolution:  - fixed
stage: patch review - committed/rejected

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13642
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9637] docs do not say that urllib uses HTTP_PROXY

[Roundup Robot]

Roundup Robot devn...@psf.upfronthosting.co.za added the comment:

New changeset 3370fa13ed73 by Senthil Kumaran in branch '3.2':
Issue9637 - Explain in getproxies_environment that scheme_proxy environ 
variable case does not matter.
http://hg.python.org/cpython/rev/3370fa13ed73

New changeset eb028b3c62c9 by Senthil Kumaran in branch 'default':
Merge from 3.2 - Issue9637 - Explain in getproxies_environment that 
scheme_proxy environ variable case does not matter.
http://hg.python.org/cpython/rev/eb028b3c62c9

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9637
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9637] docs do not say that urllib uses HTTP_PROXY

[Roundup Robot]

Roundup Robot devn...@psf.upfronthosting.co.za added the comment:

New changeset 4a30eae3b945 by Senthil Kumaran in branch '2.7':
port to 2.7 - Issue9637 - Details that case of Proxy env var does not matter.
http://hg.python.org/cpython/rev/4a30eae3b945

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9637
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9637] docs do not say that urllib uses HTTP_PROXY

[Senthil Kumaran]

Senthil Kumaran sent...@uthcode.com added the comment:

This is fixed. Thanks for your contribution.

--
resolution:  - fixed
stage: needs patch - committed/rejected
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9637
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13757] os.fdlistdir() should not close the file descriptor given in argument

[Charles-François Natali]

New submission from Charles-François Natali neolo...@free.fr:

os.fdlistdir() closes the FD passed as argument.
This is annoying, since in 99% of the cases you'd like to keep FD intact, so 
you end up doing os.fdlistdir(os.dup(fd)).
Here's a patch that duplicates the FD in fdlistdir(), so that the original FD 
is kept intact, which is much more natural (at least to me :).
That's an API change, but since fdlistdir() has been introduced in 3.3 which 
hasn't been released yet, I think it should be acceptable.

--
components: Extension Modules
files: fdlistdir_noclose.diff
keywords: patch
messages: 151023
nosy: neologix, pitrou, rosslagerwall
priority: normal
severity: normal
status: open
title: os.fdlistdir() should not close the file descriptor given in argument
type: behavior
versions: Python 3.3
Added file: http://bugs.python.org/file24194/fdlistdir_noclose.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13757
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13757] os.fdlistdir() should not close the file descriptor given in argument

[Antoine Pitrou]

Antoine Pitrou pit...@free.fr added the comment:

Agreed with the change.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13757
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13757] os.fdlistdir() should not close the file descriptor given in argument

[Ross Lagerwall]

Ross Lagerwall rosslagerw...@gmail.com added the comment:

The reason I made it like that was that it seemed closer to the fdopendir() 
function which steals the fd for internal use.

However, I agree that it makes more sense to dup() it.

Patch looks good.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13757
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13685] argparse does not sanitize help strings for % signs

[Steven Bethard]

Steven Bethard steven.beth...@gmail.com added the comment:

Eric's suggested doc fix looks good to me.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13685
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13757] os.fdlistdir() should not close the file descriptor given in argument

[Roundup Robot]

Roundup Robot devn...@psf.upfronthosting.co.za added the comment:

New changeset 6d395ed03f95 by Charles-François Natali in branch 'default':
Issue #13757: Change os.fdlistdir() so that it duplicates the passed file
http://hg.python.org/cpython/rev/6d395ed03f95

--
nosy: +python-dev

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13757
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12760] Add create mode to open()

[Charles-François Natali]

Charles-François Natali neolo...@free.fr added the comment:

Nick suggested to call the new flag exclusive create in the doc (and explain 
in whatsnew that it's based C11 new 'x' flag).
Could someone please check the attached patch?
My wording sounds really clumsy, so I'd prefer if a native speaker could review 
it.

--
nosy: +ncoghlan
Added file: http://bugs.python.org/file24195/x_flag.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12760
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13757] os.fdlistdir() should not close the file descriptor given in argument

[Charles-François Natali]

Charles-François Natali neolo...@free.fr added the comment:

Thanks!

--
resolution:  - fixed
stage:  - committed/rejected
status: open - closed

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13757
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13645] import machinery vulnerable to timestamp collisions

[Brett Cannon]

Brett Cannon br...@python.org added the comment:

On Mon, Jan 9, 2012 at 18:05, Antoine Pitrou rep...@bugs.python.org wrote:


 Antoine Pitrou pit...@free.fr added the comment:

  I'm not suggesting two stat calls (in the general case); you would
  call one or the other depending on the magic number of the pyc file.

 The proposal is to store both mtime and size, actually, to make false
 positives less likely.

Then a method that returns some object representing all of the needed info
on the source file is needed, but that does NOT blindly return the stat
info (eg. modification date, file size, and even source as bytes can be
in this object).  It could even have methods to generate the bytecode, etc.

--

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13645
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

STINNER Victor victor.stin...@haypocalc.com added the comment:

Patch version 4:
 - os.urandom() raises again exceptions on failure
 - drop support of VMS (which used RAND_pseudo_bytes from OpenSSL): I don't see 
how to link Python/random.c to libcrypto on VMS, I don't have VMS, and it don't 
see how it was working because posixmodule.c was neither linked to libcrypto !?
 - fix test_dict, test_gdb, test_builtin
 - win32_urandom() handles size bigger than INT_MAX using a loop (it may be 
DWORD max instead?)
 - _PyRandom_Init() does nothing it is called twice to fix a _testembed failure 
(don't change the Unicode secret because Python stores some strings somewhere 
and never destroy them)

--
Added file: http://bugs.python.org/file24196/random-4.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13734] Add a generic directory walker method to avoid symlink attacks

[Charles-François Natali]

Charles-François Natali neolo...@free.fr added the comment:

Here's a patch with tests and documentation.
I noticed something surprising:
walk() with followlinks=False returns links to directories as
directories (in dirnames).
I find this surprising, since if you don't follow symlinks, those are
just files (and you don't recurse into it). Also, it's a pain when you
want to remove dirnames, since you have to distinguish between a link
and a directory (unlink()/rmdir() or unlinkat() without/with
AT_REMOVEDIR)
To be consistent with this behavior, I had to change fdwalk() (I
renamed it to be consistent with fdlistdir()) to perform a call to
fstatat() without AT_SYMLINK_NOFOLLOW, since otherwise it would report
such links as files.
So the bottom line is that because of this, you can have up to 3
stat() calls per entry:
- fstatat(rootfd, name)
- fstatat(rootfd, name, AT_SYMLINK_NOFOLLOW) right before opening the directory
- fstat(dirfd) right after open to check that we're dealing with the same file
(walk() currently uses two stat() per entry, so it's not too bad).

--
Added file: http://bugs.python.org/file24197/fdwalk.diff

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13734
___diff --git a/Doc/library/os.rst b/Doc/library/os.rst
--- a/Doc/library/os.rst
+++ b/Doc/library/os.rst
@@ -2240,6 +2240,58 @@
   os.rmdir(os.path.join(root, name))
 
 
+.. function:: fdwalk(top, topdown=True, onerror=None, followlinks=False)
+
+   .. index::
+  single: directory; walking
+  single: directory; traversal
+
+This behaves exactly like :func:`walk`, except that it yields a 4-tuple
+``(dirpath, dirnames, filenames, dirfd)``.
+
+   *dirpath*, *dirnames* and *filenames* are identical to :func:`walk` output,
+   and *dirfd* is an open file descriptor to the directory.
+
+   .. note::
+
+  Since :func:`fdwalk` yields file descriptors, those are only valid until
+  the next iteration step, so you should duplicate them (e.g. with
+  :func:`dup`) if you want to keep them longer.
+
+   .. note::
+
+  Contrarily to :func:`walk`, modifying the dirnames list in-place won't
+  affect the directories traversed.
+
+   This example displays the number of bytes taken by non-directory files in 
each
+   directory under the starting directory::
+
+  import os
+  for root, dirs, files, rootfd in os.fdwalk('python/Lib/email'):
+  print(root, consumes, end=)
+  print(sum([os.fstatat(rootfd, name).st_size for name in files]),
+end=)
+  print(bytes in, len(files), non-directory files)
+
+   In the next example, walking the tree bottom-up is essential:
+   :func:`unlinkat` doesn't allow deleting a directory before the directory is
+   empty::
+
+  # Delete everything reachable from the directory named in top,
+  # assuming there are no symbolic links.
+  # CAUTION:  This is dangerous!  For example, if top == '/', it
+  # could delete all your disk files.
+  import os
+  for root, dirs, files, rootfd in os.fdwalk(top, topdown=False):
+  for name in files:
+  os.unlinkat(rootfd, name)
+  for name in dirs:
+  os.unlinkat(rootfd, name, os.AT_REMOVEDIR)
+
+   Availability: Unix.
+
+   .. versionadded:: 3.3
+
 .. _os-process:
 
 Process Management
diff --git a/Doc/whatsnew/3.3.rst b/Doc/whatsnew/3.3.rst
--- a/Doc/whatsnew/3.3.rst
+++ b/Doc/whatsnew/3.3.rst
@@ -478,6 +478,10 @@
 
   (Patch submitted by Giampaolo Rodolà in :issue:`10784`.)
 
+* The :mod:`os` module has a new :func:`~os.fdwalk` function similar to
+  :func:`~os.walk` excepts that it also yields an open file descriptor to the
+  directories visited. This is especially useful to avoid symlink races.
+
 * at functions (:issue:`4761`):
 
   * :func:`~os.faccessat`
diff --git a/Lib/os.py b/Lib/os.py
--- a/Lib/os.py
+++ b/Lib/os.py
@@ -24,6 +24,7 @@
 #'
 
 import sys, errno
+import stat as st
 
 _names = sys.builtin_module_names
 
@@ -32,6 +33,9 @@
defpath, name, path, devnull,
SEEK_SET, SEEK_CUR, SEEK_END]
 
+def _exists(name):
+return name in globals()
+
 def _get_exports_list(module):
 try:
 return list(module.__all__)
@@ -120,7 +124,13 @@
 umask(mask)
 return mode  ~mask
 
-#'
+def _are_same_file(stat1, stat2):
+Helper function that checks whether two stat results refer to the same
+file.
+
+return (stat1.st_mode == stat2.st_mode and stat1.st_ino == stat2.st_ino and
+stat1.st_dev == stat2.st_dev)
+#
 
 # Super directory utilities.
 # (Inspired by Eric Raymond; the doc strings are mostly his)
@@ -151,7 +161,6 @@
 try:
 mkdir(name, mode)
 except OSError as e:
-import stat as st
 if not (e.errno == errno.EEXIST and exist_ok and path.isdir(name) and
 st.S_IMODE(lstat(name).st_mode) == _get_masked_mode(mode)):
 

[issue13703] Hash collision security issue

[STINNER Victor]

STINNER Victor victor.stin...@haypocalc.com added the comment:

Patch version 5 fixes test_unicode for 64-bit system.

--
Added file: http://bugs.python.org/file24198/random-5.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

Changes by STINNER Victor victor.stin...@haypocalc.com:


Removed file: http://bugs.python.org/file24142/random.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

Changes by STINNER Victor victor.stin...@haypocalc.com:


Removed file: http://bugs.python.org/file24193/random-3.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

Changes by STINNER Victor victor.stin...@haypocalc.com:


Removed file: http://bugs.python.org/file24143/random-2.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[STINNER Victor]

Changes by STINNER Victor victor.stin...@haypocalc.com:


Removed file: http://bugs.python.org/file24196/random-4.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue12736] Request for python casemapping functions to use full not simple casemaps per Unicode's recommendation

[Benjamin Peterson]

Changes by Benjamin Peterson benja...@python.org:


Added file: http://bugs.python.org/file24199/full-casemapping.patch

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12736
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13758] compile() should not encode 'filename' (at least on Windows)

[Terry J. Reedy]

New submission from Terry J. Reedy tjre...@udel.edu:

The 3.2.2 doc for compile() says The filename argument should give the file 
from which the code was read; pass some recognizable value if it wasn’t read 
from a file ('string' is commonly used).

I am not sure what 'recognizable' is supposed to mean, but as I understand it, 
it would be user-specific and any string containing a fake 'filename' should be 
accepted and attached to the output code object as the .co_filename attribute. 
(At least on Windows.)

In fact, compile() has a hidden restriction: it encodes 'filename' with the 
local filesystem encoding. It tosses the bytes result (at least on Windows) but 
lets a UnicodeEncodeError terminate compilation. The effect is to add an 
undocumented and spurious dependency to code that has nothing to do with real 
files or the local machine.

In #10114, msg118845, Victor Stinner justified this with 
co_filename attribute is used to display the traceback: Python opens the 
related file, read the source code line and display it.
If the filename is fake, it cannot do that. (Perhaps the doc should warn users 
to make sure that fake filenames do not match any possibly real filenames ;-). 
The traceback mechanism could ignore UnicodeEncodeErrors just as well as it now 
ignores IO(?)Errors when open('fakename') does not not work.

Victor continues On Windows, co_filename is directly used because Windows 
accepts unicode for filenames. This is not true in that on at least some 
Windows, compile tries to encode with the mbcs codec, which in turn uses the 
hidden local codepage. I believe that for most or all codepages, this will even 
raise errors for some valid Unicode filenames.

I do not know whether the stored .co_filename attribute type for *nix is str, 
as on Windows, or bytes. If the latter, the doc should say so.
If compile() continues to filter fake filenames, which I oppose, the doc should 
also say so and say what it does.

This issue came up on python-list when someone used a Chinese filename and mbcs 
rejected it.

--
components: Interpreter Core
messages: 151034
nosy: terry.reedy
priority: normal
severity: normal
stage: test needed
status: open
title: compile() should not encode 'filename' (at least on Windows)
type: behavior
versions: Python 3.2, Python 3.3

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13758
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13759] Python 3.2.2 Mac installer version doesn't accept multibyte character in interactive mode

[Atsushi Shibata]

New submission from Atsushi Shibata shib...@webcore.co.jp:

I installed Python 3.2.2 on Macintosh(Snow Leopard), by using installer on 
python.org.
In interactive mode, it does not accept multibyte character. When I type 
Japanese character on it, it changes to ?.
I tried to make Python 3.2.2 by using tar ball on the same machine. I can type 
Japanese character in interactive mode.
I guess it's because of some minor issue, such as compile option is different 
etc.

Thanks in advance.

--
assignee: ronaldoussoren
components: Macintosh
messages: 151035
nosy: ats, ronaldoussoren
priority: normal
severity: normal
status: open
title: Python 3.2.2 Mac installer version doesn't accept multibyte character in 
interactive mode
type: behavior
versions: Python 3.2

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13759
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13760] ConfigParser exceptions are not pickleable

[Faheem Mitha]

New submission from Faheem Mitha fah...@faheem.info:

I have not experienced this myself, but see
http://stackoverflow.com/questions/2246384/multiprocessing-pool-hangs-when-there-is-a-exception-in-any-of-the-thread

This appears to be another case of http://bugs.python.org/issue1692335

I also recently reported a similar problem at http://bugs.python.org/issue13751

Looking at the code for `NoOptionError` (see below) in 2.6 at least it would 
indeed be subject to the same problem. Perhaps some attention could be paid to 
resolving 1692335, which would presumably make this vexing problem go away?

class NoOptionError(Error):
A requested option was not found.

def __init__(self, option, section):
Error.__init__(self, No option %r in section: %r %
   (option, section))
self.option = option
self.section = section

--
components: Library (Lib)
messages: 151036
nosy: fmitha
priority: normal
severity: normal
status: open
title: ConfigParser exceptions are not pickleable
versions: Python 2.6

___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13760
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com