[issue26680] Incorporating float.is_integer into Decimal

[Raymond Hettinger]

Change by Raymond Hettinger :


--
pull_requests: +21577
stage: resolved -> patch review
pull_request: https://github.com/python/cpython/pull/22584

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41961] Windows install failure "could not set file security"

[Eryk Sun]

Eryk Sun  added the comment:

> Anyone else know of any possible causes for this?

The installer service runs as SYSTEM, with an access token at system integrity 
level that has full privileges and the administrators group enabled. Nothing in 
the file security should prevent the service from opening 
"%APPDATA%\Microsoft\Installer" with WRITE_DAC [1] and WRITE_OWNER [2] access, 
assuming it uses backup semantics with the restore privilege enabled, but 
apparently it doesn't.

I was able to reproduce the error dialog by changing the owner of the 
"Installer" folder to the current user and removing the two DACL entries that 
grant access to Administrators and SYSTEM. I then restored normal operation by 
changing the owner of the folder back to the Administrators group and adding 
the full-control DACL entries for Administrators (BA) and SYSTEM (SY):

takeown /a /f "%APPDATA%\Microsoft\Installer"
icacls "%APPDATA%\Microsoft\Installer" /grant:r *BA:(OI)(CI)(F) 
*SY:(OI)(CI)(F)

---

[1] A security context (access token) is allowed WRITE_DAC access to an object 
(to modify its discretionary ACL and security attributes) if the object's 
mandatory label allows write access to the token's integrity level and either 
the object's discretionary ACL explicitly grants WRITE_DAC access to the 
token's user and enabled groups or implicitly grants this access given the 
object's discretionary ACL does not contain an "OWNER RIGHTS" entry and the 
object's owner is the token's user or in the token's enabled groups. In 
particular for a kernel file object (e.g. opening a filesystem file/directory), 
WRITE_DAC access is always allowed if an open uses backup semantics and 
SeRestorePrivilege is enabled.

[2] A security context (access token) is allowed WRITE_OWNER access to an 
object (to modify its owner, group, and mandatory label) if the token has 
SeTakeOwnershipPrivilege enabled or if the object's mandatory label allows 
write access to the token's integrity level and the object's discretionary ACL 
grants WRITE_OWNER access to the token's user and enabled groups. The object's 
owner can be set to any security principal if the token has SeRestorePrivilege 
enabled, else it's limited to the access token user and any of the enabled 
groups in the access token that is flagged SE_GROUP_OWNER (typically the 
Administrators group). In particular for a kernel file object (e.g. opening a 
filesystem file/directory), WRITE_OWNER access is always allowed if an open 
uses backup semantics and SeRestorePrivilege is enabled.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41962] Make threading._register_atexit public?

[Ben Darnell]

New submission from Ben Darnell :

I'm dealing with a subtle deadlock involving 
concurrent.futures.ThreadPoolExecutor, and my solution that worked in Python 
3.8 broke with 3.9. I'm running some long-running (possibly infinite) tasks in 
the thread pool, and I cancel them in an `atexit` callback so that everything 
can shut down cleanly (before ThreadPoolExecutor joins all worker threads in 
its own `atexit` hook).

Python 3.9 broke this due to https://bugs.python.org/issue39812. That change 
introduced a new atexit-like mechanism to the threading module and uses it 
where Python 3.8 used regular atexit. This means that ThreadPoolExecutor's 
atexit runs before mine, and since I never get a chance to cancel my tasks, it 
deadlocks.

One way I can solve this is to move my own atexit function to 
`threading._register_atexit`, so my strawman proposal here is to make that 
function public and documented. 

On the other hand, even without the change in Python 3.9, my use of `atexit` 
smells like an abuse of implementation details in ThreadPoolExecutor (getting 
the atexit callbacks called in the right order was tricky when the 
concurrent.futures module started using lazy loading in Python 3.7). So I would 
welcome other suggestions about how to handle long-running but cancelable 
operations in a ThreadPoolExecutor at shutdown. 

One clean solution is to do the cancellation at the end of the main module 
instead of in an atexit hook. However, I'm doing this at a library so I don't 
have any way but atexit to ensure that this happens. Another option is to 
forego ThreadPoolExecutor entirely and manage the threads myself. 

My code in question is in a not-yet-released branch of Tornado: 
https://github.com/tornadoweb/tornado/blob/5913aa43ecfdaa76876fc57867062227b907b1dd/tornado/platform/asyncio.py#L57-L73

With the master branch of Tornado, Python 3.9, and Windows, `python -c "from 
tornado.httpclient import HTTPClient; c = HTTPClient()` reliably deadlocks at 
interpreter shutdown.

--
messages: 378144
nosy: Ben.Darnell
priority: normal
severity: normal
status: open
title: Make threading._register_atexit public?
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36534] tarfile: handling Windows (path) illegal characters in archive member names

[Eryk Sun]

Eryk Sun  added the comment:

> This issue is about tarfile. Maybe create another issue to enhance 
> the pathlib module?

IIRC there's already an open issue for that. But in case anyone were to look to 
pathlib as an example of what should be reserved, I wanted to highlight here 
how its reserved_names list is incomplete and how its is_reserved() method is 
insufficient.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41961] Windows install failure "could not set file security"

[Steve Dower]

Steve Dower  added the comment:

Suspicious points:
* error 0 means success, so it shouldn't be popping up an error
* 'Installer\' is a directory, not a file
* %AppData%\Microsoft\Installer is normally readable by Everyone, but only 
writable by Administrators, even in the user's directory

So I assume the error came back from the Windows Installer service which 
couldn't write to the folder for some reason. It may just be system permissions 
or corrupt ACLs (waiting on user logs for more ideas here).

Anyone else know of any possible causes for this? I'm not sure if it's anything 
we could even prevent, but maybe we can make it easier to troubleshoot.

--
nosy: +eryksun

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41961] Windows install failure "could not set file security"

[Steve Dower]

New submission from Steve Dower :

Original report: 
https://twitter.com/Steve_Casselman/status/1313564671652159488?s=20

A user received MSI error 1926 in a popup dialog, text reading:

> Could not set file security for file 
> 'C:\Users\sc\AppData\Roaming\Microsoft\Installer\'. Error: 0. Verify that you 
> have sufficient privileges to modify the security permissions for this file.

OS version: 18362.1082 (Windows 10 Home 1903)

--
components: Windows
messages: 378141
nosy: paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
stage: test needed
status: open
title: Windows install failure "could not set file security"
type: behavior
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36534] tarfile: handling Windows (path) illegal characters in archive member names

[STINNER Victor]

STINNER Victor  added the comment:

> pathlib._WindowsFlavour.is_reserved() fails to reserve names (...)

This issue is about tarfile. Maybe create another issue to enhance the pathlib 
module?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38605] [typing] PEP 563: Postponed evaluation of annotations: enable it by default in Python 3.10

[STINNER Victor]

STINNER Victor  added the comment:

Good! I'm happy to see yet another "Python 4.0 change" going away :-) Let's 
make "Python 4.0" as compatible as possible ;-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41960] Add globalns and localns to the inspect.signature and inspect.Signature.from_callable

[Batuhan Taskaya]

Change by Batuhan Taskaya :


--
keywords: +patch
pull_requests: +21576
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22583

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into Decimal

[Raymond Hettinger]

Change by Raymond Hettinger :


--
title: Incorporating float.is_integer into the numeric tower and Decimal -> 
Incorporating float.is_integer into Decimal

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into the numeric tower and Decimal

[Raymond Hettinger]

Raymond Hettinger  added the comment:

No worries Robert.  It's all part of the process :-)

If it's okay with you.  I would like to revert the incorrectly applied PR and 
then you can build a fresh, clean patch.  Does that work for you?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41960] Add globalns and localns to the inspect.signature and inspect.Signature.from_callable

[Batuhan Taskaya]

New submission from Batuhan Taskaya :

To resolve annotations in local namespaces (and possibly in different 
contexts), inspect.signature can take globalns and localns parameters.

I'm not inclined to add these into the getfullargspec, but I'd appreciate any 
comments about whether it is a good idea or not!

--
components: Library (Lib)
messages: 378137
nosy: BTaskaya, gvanrossum, yselivanov
priority: normal
severity: normal
status: open
title: Add globalns and localns to the inspect.signature and 
inspect.Signature.from_callable
type: enhancement
versions: Python 3.10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41957] IDLE does not Transform Tabs into Spaces in Interactive Mode

[Terry J. Reedy]

Terry J. Reedy  added the comment:

#37903 is the first stage of a serious refactor

--
resolution:  -> duplicate
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38605] [typing] PEP 563: Postponed evaluation of annotations: enable it by default in Python 3.10

[Guido van Rossum]

Guido van Rossum  added the comment:

I'm marking this fixed, but there are some subtle edge cases. That's what alpha 
releases are for.

@BTaskaya, adding those arguments to various inspect functions sounds like a 
nice thing to do. You could either open a new issue or just reference this 
(closed) issue in your PR -- up to you.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38605] [typing] PEP 563: Postponed evaluation of annotations: enable it by default in Python 3.10

[Guido van Rossum]

Guido van Rossum  added the comment:


New changeset 044a1048ca93d466965afc027b91a5a9eb9ce23c by Batuhan Taskaya in 
branch 'master':
bpo-38605: Make 'from __future__ import annotations' the default (GH-20434)
https://github.com/python/cpython/commit/044a1048ca93d466965afc027b91a5a9eb9ce23c


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38605] [typing] PEP 563: Postponed evaluation of annotations: enable it by default in Python 3.10

[Batuhan Taskaya]

Batuhan Taskaya  added the comment:

@gvanrossum should I draft a patch to convert this
inspect.signature(callable, *, follow_wrapped=True) (and also things like 
inspect.Signature.from_callable) into inspect.signature(callable, *, 
follow_wrapped=True, globalns=None, localns=None) in order to pass them to 
get_type_hints (for resolving in different namespaces)?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41920] Weird add operation of "0.2222 + 0.1111"

[Leonard Schwennesen]

Leonard Schwennesen  added the comment:

Hi Steven,
Thanks for your detailed explanations. They where very helpful for me. Now I 
know a bit more about Python and Computers in general. (;

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41905] add update_abstractmethods function to update an ABC's abstract methods

[Guido van Rossum]

Guido van Rossum  added the comment:

Thanks all!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41905] add update_abstractmethods function to update an ABC's abstract methods

[Guido van Rossum]

Guido van Rossum  added the comment:


New changeset bef7d299eb911086ea5a7ccf7a9da337e38a8491 by Ben Avrahami in 
branch 'master':
bpo-41905: Add abc.update_abstractmethods() (GH-22485)
https://github.com/python/cpython/commit/bef7d299eb911086ea5a7ccf7a9da337e38a8491


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41952] sys.version has double space between month and date

[Ammar Askar]

Ammar Askar  added the comment:

For reference, this comes from 
https://github.com/python/cpython/blob/e42b705188271da108de42b55d9344642170aa2b/Modules/getbuildinfo.c#L45-L46
and is set by the compiler `__DATE__` macro. 

GCC documentation says:

> If the day of the month is less than 10, it is padded with a space on the 
> left.

and MSVC documentation says:

> The first character of date dd is a space if the value is less than 10. This 
> macro is always defined.


So I think we can close this as working-as-intended.

--
nosy: +ammar2

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41951] python-3.8.2.exe /uninstall /quiet fails with Exit code: 0x643

[E. Paine]

Change by E. Paine :


--
components: +Windows
nosy: +paul.moore, steve.dower, tim.golden, zach.ware

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41952] sys.version has double space between month and date

[E. Paine]

E. Paine  added the comment:

I just confirmed (compiling the master having changed the system date) that 
this double space does not occur when the date is double-digits (`Oct 10`), 
suggesting that this is almost certainly intentional.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into the numeric tower and Decimal

[Guido van Rossum]

Change by Guido van Rossum :


--
assignee: gvanrossum -> rhettinger
nosy:  -gvanrossum

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into the numeric tower and Decimal

[Robert Smallshire]

Robert Smallshire  added the comment:

First, I would like to apologise for the confusion I have inadvertently caused. 
I didn't see Raymond's question and Guido's clear response here about not 
modifying the numeric tower, as it came _long_ after activity had moved to 
GitHub, and code had been reviewed over there. Now Raymond has linked back to 
here and I've caught up with the situation, I offer to make a compensating PR 
with reverts the changes to the numeric tower. I should be able to do this in 
the next day or two.

Please let me know whether you would like me to proceed, or whether you intend 
to handle the a partial or complete rollback among yourselves.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36534] tarfile: handling Windows (path) illegal characters in archive member names

[Eryk Sun]

Eryk Sun  added the comment:

> The pathlib module has _WindowsFlavour.reserved_names list of 
> Windows reserved names:

pathlib._WindowsFlavour.reserved_names is missing "CONIN$" and "CONOUT$". Prior 
to Windows 8 these two are reserved as relative names. In Windows 8+, they're 
also reserved in directories, just like the other reserved device names.

pathlib._WindowsFlavour.is_reserved() fails to reserve names containing ASCII 
control characters [0-31], vertical bar [|], the file-stream delimiter [:] 
(i.e. "filename:streamname:streamtype"), and the five wildcard characters 
[*?"<>]. (Maybe it should allow the file-stream delimiter, but that requires 
validating that a file stream is proper.) It fails to reserve names that end 
with a dot or space, which includes UNC and device paths except for \\?\ 
verbatim paths. It fails to match all reserved base names, which begin with a 
reserved device name, followed by zero or more spaces, a dot or colon, and zero 
or more characters. If names that contain colon are already reserved, then this 
check only has to be modified to strip trailing spaces before comparing against 
the list of reserved device names.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:


New changeset a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 by Florian Bruhin in 
branch 'master':
bpo-41944: No longer call eval() on content received via HTTP in the 
UnicodeNames tests (GH-22575)
https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41959] Doc/library/asyncio-policy.rst grammar error

[Raúl Cumplido]

Change by Raúl Cumplido :


--
keywords: +patch
pull_requests: +21575
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22580

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41959] Doc/library/asyncio-policy.rst grammar error

[Raúl Cumplido]

New submission from Raúl Cumplido :

The Doc/library/asyncio-policy.rst file contains the following:
```
This implementation registers a :py:data:`SIGCHLD` signal handler on 
instantiation. That can break third-party code that installs a custom handler 
for `SIGCHLD`.  signal).
```
The latest . and ) are incorrect.

--
assignee: docs@python
components: Documentation
messages: 378124
nosy: docs@python, raulcd
priority: normal
severity: normal
status: open
title: Doc/library/asyncio-policy.rst grammar error
type: enhancement
versions: Python 3.10, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41958] importlib has not util module

[Irit Katriel]

Irit Katriel  added the comment:

import importlib.util

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41957] IDLE does not Transform Tabs into Spaces in Interactive Mode

[E. Paine]

E. Paine  added the comment:

This has been an issue for a *long* time (issue 7676). Hopefully, the merging 
of #37903 will allow this to be explored but currently there is not a lot that 
can be done (without a serious refactor).

--
nosy: +epaine

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41958] importlib has not util module

[Mario Idival]

New submission from Mario Idival :

After new version 3.9, the util module from importlib does not exists anymore

>>> import importlib
>>> importlib.util.find_spec('enum')
Traceback (most recent call last):
  File "", line 1, in 
AttributeError: module 'importlib' has no attribute 'util'
>>>

--
components: Library (Lib)
messages: 378121
nosy: marioidival
priority: normal
severity: normal
status: open
title: importlib has not util module
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41958] importlib has not util module

[Mario Idival]

Change by Mario Idival :


--
type:  -> crash

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

Since it's a security vulnerability, I created backports to 3.6 and 3.7 as well.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[miss-islington]

Change by miss-islington :


--
pull_requests: +21573
pull_request: https://github.com/python/cpython/pull/22578

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:


New changeset 6c6c256df3636ff6f6136820afaefa5a10a3ac33 by Miss Skeleton (bot) 
in branch '3.8':
bpo-41944: No longer call eval() on content received via HTTP in the CJK codec 
tests (GH-22566) (GH-22577)
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[miss-islington]

Change by miss-islington :


--
pull_requests: +21574
pull_request: https://github.com/python/cpython/pull/22579

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[miss-islington]

miss-islington  added the comment:


New changeset b664a1df4ee71d3760ab937653b10997081b1794 by Miss Skeleton (bot) 
in branch '3.9':
bpo-41944: No longer call eval() on content received via HTTP in the CJK codec 
tests (GH-22566)
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[Serhiy Storchaka]

Serhiy Storchaka  added the comment:


New changeset 2ef5caa58febc8968e670e39e3d37cf8eef3cab8 by Serhiy Storchaka in 
branch 'master':
bpo-41944: No longer call eval() on content received via HTTP in the CJK codec 
tests (GH-22566)
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[miss-islington]

Change by miss-islington :


--
pull_requests: +21572
pull_request: https://github.com/python/cpython/pull/22577

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[miss-islington]

Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 5.0 -> 6.0
pull_requests: +21571
pull_request: https://github.com/python/cpython/pull/22576

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41954] [mock] Recursion on mocking inspect.isfunction

[Mario Corchero]

Mario Corchero  added the comment:

Oh, well spotted. We could add some guards around the code in mock to still 
work when key stdlib functionality is mocked out, but this might make the mock 
code quite messy. Specially as we will have to make sure that not only the 
function we call are safe to call (which is easy by just doing import from), 
but that all dependencies of those function are also safe to call.

I'd instead suggest for users to patch in the module where they are using the 
function instead.

I think that once any part of the stdlib is patched by mock, there are no 
guarantees that anything will work unless the patch provides a functioning 
implmentation.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue1635741] Py_Finalize() doesn't clear all Python objects at exit

[STINNER Victor]

STINNER Victor  added the comment:

Statistics on C extension modules using the old API (PyModule_Create) / new API 
(PyModuleDef_Init):

* 3.5: 84 / 24 (22%), total: 108
* 3.6: 87 / 25 (22%), total: 112 (+4)
* 3.7 : 89 / 26 (23%), total: 115 (+3)
* 3.8: 91 / 27 (23%), total: 118 (+3)
* 3.9: 68 / 52 (43%), total: 120 (+2)
* master: 42 / 76 (64%), total: 118 (-2)

Before Python 3.8, it doesn't evolve much. Between 3.8 and 3.9, 25 extensions 
have been ported to the new API. Between 3.9 and master, 24 more extensions 
have been ported. Nice work so far!

I didn't check if these extensions use a module state or if they still use some 
kind of global shared state such as static types. I just used a dummy grep:

grep -E '\' $(find Modules/ -name "*.c")|wc -l

grep -E '\' $(find Modules/ -name "*.c")|wc -l

Anyway, it's going in the right direction!

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

I'm now tracking this vulnerability at:
https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36534] tarfile: handling Windows (path) illegal characters in archive member names

[STINNER Victor]

STINNER Victor  added the comment:

> Also, while _sanitize_windows_name() handles trailing dots, for some reason 
> it overlooks trailing spaces. It also doesn't handle reserved DOS device 
> names.

The pathlib module has _WindowsFlavour.reserved_names list of Windows
reserved names:

>>> pprint.pprint(sorted(pathlib._WindowsFlavour.reserved_names))
['AUX',
 'COM1',
 'COM2',
 'COM3',
 'COM4',
 'COM5',
 'COM6',
 'COM7',
 'COM8',
 'COM9',
 'CON',
 'LPT1',
 'LPT2',
 'LPT3',
 'LPT4',
 'LPT5',
 'LPT6',
 'LPT7',
 'LPT8',
 'LPT9',
 'NUL',
 'PRN']

--
nosy: +vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

> FWIW I found another place where a similar thing is done, though by chance 
> it's probably not exploitable - see GH-22575.

I agree that test_ucn is not exploitable, but it would be nice to harden it 
anyway.

Extract of the code:

self.assertEqual(unicodedata.lookup(seqname), codepoints)
with self.assertRaises(SyntaxError):
self.checkletter(seqname, None)

test_ucn downloads http://www.pythontest.net/unicode/13.0.0/NamedSequences.txt 
and calls checkletter() on each line, but first it ensures that 
unicodedata.lookup(seqname) works as expected.

I don't see how it would be possible to inject arbitrary Python code in the 
'seqname' variable without making unicodedata.lookup() to fail.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41957] IDLE does not Transform Tabs into Spaces in Interactive Mode

[Alex]

New submission from Alex <2423067...@qq.com>:

In Python I usually find the problem like this.
>>> for i in range(10):
#some code
In edit mode, IDLE will automatically transform tabs into spaces.
But in interactive mode, IDLE won't do the same.
The same problem have been reported in some other forums as far as I know.
I don't know how the problem is caused. However, we shoule look at this problem 
carefully, until we solve it.

--
assignee: terry.reedy
components: IDLE
messages: 378112
nosy: Alex-Python-Programmer, terry.reedy
priority: normal
severity: normal
status: open
title: IDLE does not Transform Tabs into Spaces in Interactive Mode
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30197] Enhance swap_attr() and swap_item() in test.support

[Will Chill]

Change by Will Chill :


Removed file: https://bugs.python.org/file49498/March 23rd 2017.htm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue30197] Enhance swap_attr() and swap_item() in test.support

[Will Chill]

Will Chill  added the comment:

Thought I'd send

--
nosy: +wburchill7
Added file: https://bugs.python.org/file49498/March 23rd 2017.htm

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[Florian Bruhin]

Florian Bruhin  added the comment:

Thanks for the clarification - I wasn't aware those tests aren't run by default.

FWIW I found another place where a similar thing is done, though by chance it's 
probably not exploitable - see GH-22575.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[Florian Bruhin]

Change by Florian Bruhin :


--
pull_requests: +21570
pull_request: https://github.com/python/cpython/pull/22575

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

I'm not saying that this issue is not a vulnerability, just that the scope is 
limited.

By default, downloaded from the Internet are disabled. You have to opt-in for 
that using -u network (or -u all which enables the network resource) command 
line option of "./python -m test".

Impacted:

* "make testall", "make testuniversal" and "make buildbottest" commands are 
impacted (pass -u all to the test suite).

* Python buildbot workers are impacted: they run the "make buildbottest" 
command.

* Travis CI is impacted: it runs "./python -m test -uall,-cpu (...)".

* Multiple GitHub Action jobs are impacted (coverage, Windows, macOS, Ubuntu): 
run "-uall,-cpu".

* Azure Pipelines jobs are impacted: use -uall,-cpu.


> https://src.fedoraproject.org/rpms/python3.9/blob/master/f/python3.9.spec#_1168

Fedora packages are not impacted: no -u option is passed to the test suite.


> Anyone building with --enable-optimizations (PGO) will likely do so as well, 
> though I'm not sure if that runs this part of the testsuite.

PGO build is not impacted, it uses "./python -m test --pgo" (download is 
disabled). Moreover, multibyte codec checks are not run by this command (see 
Lib/test/libregrtest/pgo.py, only test_codecs of codec tests is run).

--
nosy: +pablogsal, zach.ware

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[Florian Bruhin]

Florian Bruhin  added the comment:

That assumption is false. For starters, distribution packagers do:

https://github.com/archlinux/svntogit-packages/blob/3fc85177e35d1ff9ab000950c5d1af9567730434/trunk/PKGBUILD#L72-L84

https://src.fedoraproject.org/rpms/python3.9/blob/master/f/python3.9.spec#_1168

When I build a Python from source (via an Arch User Repository package), I do 
as well, and so does anyone installing those packages by default.

Anyone building with --enable-optimizations (PGO) will likely do so as well, 
though I'm not sure if that runs this part of the testsuite.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

Oops: Only developers of Python itself run the Python test suite.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] [security] Python testsuite calls eval() on content received via HTTP

[STINNER Victor]

STINNER Victor  added the comment:

I don't think that a CVE is justified.

I don't know anyone running the Python test suite on production. Only 
developers of Python itself run Python.

--
title: Python testsuite calls eval() on content received via HTTP -> [security] 
Python testsuite calls eval() on content received via HTTP

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41944] Python testsuite calls eval() on content received via HTTP

[Florian Bruhin]

Florian Bruhin  added the comment:

I wonder if I should request a CVE for this as well? Just to make sure the word 
gets out to distributions/organizations/etc. running the Python testsuite, 
given that we can't be sure it which contexts this happens (and as it could be 
exploited by e.g. spoofing a WiFi network or so).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41561] test_ssl fails in Ubuntu 20.04: test_min_max_version_mismatch

[Christian Heimes]

Christian Heimes  added the comment:

It sounds like a Debian/Ubuntu patch is breaking an assumption. Did somebody 
report the bug with Debian/Ubuntu maintainers of OpenSSL already?

Fedora also configures OpenSSL with minimum protocol version of TLS 1.2. The 
distribution does it in a slightly different way that makes the restriction 
discoverable and that is compatible with Python's test suite.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41952] sys.version has double space between month and date

[Terry J. Reedy]

Terry J. Reedy  added the comment:

>>> sys.version
'3.10.0a1 (tags/v3.10.0a1:8e9afaf, Oct  5 2020, 20:32:52) [MSC v.1927 64 bit 
(AMD64)]'

I am guessing that the template is leaving spaces for 2 digits.  Intentional?  
I see the same thing in local repository debug builds.

Pablo is the release manager for 3.10/11.

--
assignee: terry.reedy -> 
nosy: +lukasz.langa, pablogsal
type: enhancement -> behavior
versions: +Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41956] Regression in HTMLParser on malformed tags

[Dan]

New submission from Dan :

The attached HTML document (pulled from a Samsung printer web interface) 
contains the following invalid HTML tag:

(invalid because of ,="")
In Python 3.x completely stops the HTML parser, preventing any further tags 
from being parsed. This does not happen in Python 2.x
See the attached Python script, which counts the number of "input" tags. When 
executed using Python 2.7, it correctly counts 4 such tags. When executed using 
Python 3.8 it only finds 1.

--
components: Library (Lib)
files: testhtmlparse.zip
messages: 378101
nosy: dan
priority: normal
severity: normal
status: open
title: Regression in HTMLParser on malformed tags
type: behavior
versions: Python 3.8
Added file: https://bugs.python.org/file49497/testhtmlparse.zip

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41490] Update bundled pip to 20.2.1 and setuptools to 49.2.1

[Steve Dower]

Steve Dower  added the comment:

I have no objection to bumping it further, provided someone has fixed 
importlib.resources on 3.10 (i.e. my backported tests pass)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41949] Redefinition of HMAC functions prevents static linking

[Christian Heimes]

Christian Heimes  added the comment:

It looks like LibreSSL is finally adding OpenSSL 1.1.1 APIs after all. This is 
a good move but also breaks assumptions.

Please note that compiling Python with LibreSSL is completely untested and 
unmaintained.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41955] Python Modules

[Gaming With Skytorrush]

New submission from Gaming With Skytorrush :

Modules such as Pillow, Psycopg2, Psycopg2-binary are not installing via pip 
stating this version doesn't support those

--
messages: 378096
nosy: clashwithchiefrpjyt
priority: normal
severity: normal
status: open
title: Python Modules
type: resource usage
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into the numeric tower and Decimal

[Serhiy Storchaka]

Change by Serhiy Storchaka :


--
priority: normal -> release blocker

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41952] sys.version has double space between month and date

[E. Paine]

New submission from E. Paine :

To elaborate on the information given in the title, @sy is referring to the 
shell start text. More specifically, they are raising a grammatical issue with 
`sys.version` where there are two spaces between the shortened month form and 
the date (on my build this is `Sep  5`).

This is not a problem with IDLE and I doubt this is an issue generally, but is 
it worth nosying Lukasz? (I presume he is the person to ask?)

--
components:  -IDLE
nosy: +epaine
title: Top Sentence Had a Extra Space Between "Oct" and "5" -> sys.version has 
double space between month and date
versions: +Python 3.10 -Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41955] Python Modules

[Christian Heimes]

Christian Heimes  added the comment:

All packages in your list use native C code and don't offer compiled binaries 
for Python 3.9 yet. It's usually taking a couple of days or weeks until major 
packages ship binaries for a new Python version.

Please report missing binaries with the maintainers of these packages.

--
nosy: +christian.heimes
resolution:  -> third party
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41951] python-3.8.2.exe /uninstall /quiet fails with Exit code: 0x643

[XIAO AN ZHENG]

XIAO AN ZHENG  added the comment:

This happens in windows 2019 server running Powershell under SYSTEM account:

&"..\thirdparty\python-3.8.2.exe" /uninstall /quiet

--
title: python-3.8.2.exe /uninstall /quiet fails woth Exit code: 0x643 -> 
python-3.8.2.exe /uninstall /quiet fails with Exit code: 0x643

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40864] spec_set/autospec/spec seems to not be reading attributes defined in class body

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +cjw296, lisroach, mariocj89, michael.foord

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41954] [mock] Recursion on mocking inspect.isfunction

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +cjw296, lisroach, mariocj89, michael.foord, xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41954] [mock] Recursion on mocking inspect.isfunction

[Stanislav Levin]

New submission from Stanislav Levin :

With Python 3.8 the mocking of `inspect.isfunction` results in recursion.

Please, consider a code snippet:

```python
from unittest import TestCase
from unittest.mock import patch

import inspect

class TestClass(TestCase):
def setUp(self):
patcher = patch('inspect.isfunction')
self.addCleanup(patcher.stop)
self.patched_func = patcher.start()

def test_m(self):
def f():
   pass

inspect.isfunction(f)
```

Output:
```
ERROR: test_m (test.TestClass)
--
Traceback (most recent call last):
  File "/usr/src/test.py", line 16, in test_m
inspect.isfunction(f)
  File "/usr/lib64/python3.8/unittest/mock.py", line 1081, in __call__
return self._mock_call(*args, **kwargs)
  File "/usr/lib64/python3.8/unittest/mock.py", line 1085, in _mock_call
return self._execute_mock_call(*args, **kwargs)
  File "/usr/lib64/python3.8/unittest/mock.py", line 1157, in _execute_mock_call
return self.return_value
  File "/usr/lib64/python3.8/unittest/mock.py", line 526, in __get_return_value
ret = self._get_child_mock(
  File "/usr/lib64/python3.8/unittest/mock.py", line 1025, in _get_child_mock
return klass(**kw)
  File "/usr/lib64/python3.8/unittest/mock.py", line 408, in __new__
sig = inspect.signature(NonCallableMock.__init__)
  File "/usr/lib64/python3.8/inspect.py", line 3093, in signature
return Signature.from_callable(obj, follow_wrapped=follow_wrapped)
  File "/usr/lib64/python3.8/inspect.py", line 2842, in from_callable
return _signature_from_callable(obj, sigcls=cls,
  File "/usr/lib64/python3.8/inspect.py", line 2289, in _signature_from_callable
if isfunction(obj) or _signature_is_functionlike(obj):
  File "/usr/lib64/python3.8/unittest/mock.py", line 1081, in __call__
return self._mock_call(*args, **kwargs)
  File "/usr/lib64/python3.8/unittest/mock.py", line 1085, in _mock_call
return self._execute_mock_call(*args, **kwargs)
  File "/usr/lib64/python3.8/unittest/mock.py", line 1157, in _execute_mock_call
return self.return_value
  File "/usr/lib64/python3.8/unittest/mock.py", line 526, in __get_return_value
ret = self._get_child_mock(
  File "/usr/lib64/python3.8/unittest/mock.py", line 1025, in _get_child_mock
return klass(**kw)
...

return _signature_from_callable(obj, sigcls=cls,
RecursionError: maximum recursion depth exceeded
```

breaking commit: 
https://github.com/python/cpython/commit/77b3b7701a34ecf6316469e05b79bb91de2addfa

The pre-77b3b7701a34ecf6316469e05b79bb91de2addfa state of 
`Lib/unittest/mock.py` works as expected.

--
messages: 378094
nosy: stanislavlevin
priority: normal
severity: normal
status: open
title: [mock] Recursion on mocking inspect.isfunction
type: behavior
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41939] 3.9.0 test_site warning: "urllib.requests._opener was modified by test_site"

[STINNER Victor]

Change by STINNER Victor :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41939] 3.9.0 test_site warning: "urllib.requests._opener was modified by test_site"

[miss-islington]

miss-islington  added the comment:


New changeset 78bddc7794a629614dc84e195b9117416ae97ed3 by Miss Skeleton (bot) 
in branch '3.8':
bpo-41939: Fix test_site.test_license_exists_at_url() (GH-22559)
https://github.com/python/cpython/commit/78bddc7794a629614dc84e195b9117416ae97ed3


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26680] Incorporating float.is_integer into the numeric tower and Decimal

[Mark Dickinson]

Change by Mark Dickinson :


--
nosy:  -mark.dickinson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41939] 3.9.0 test_site warning: "urllib.requests._opener was modified by test_site"

[miss-islington]

Change by miss-islington :


--
pull_requests: +21569
pull_request: https://github.com/python/cpython/pull/22574

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com