[issue46337] urllib.parse: Allow more flexibility in schemes and URL resolution behavior
Senthil Kumaran added the comment: Hi all, I was looking at it. Introducing an enum at the last parameter is going to add cost of understanding the behavior to this function. I am doing further reading on the previous discussions and PR(s) now. -- ___ Python tracker <https://bugs.python.org/issue46337> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46337] urllib.parse: Allow more flexibility in schemes and URL resolution behavior
Senthil Kumaran added the comment: I will review this in a day. I had been following the conversation, but couldn't look deeper into the code. Thank you for engaging and contributions. -- ___ Python tracker <https://bugs.python.org/issue46337> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42782] shutil.move creates a new directory even on failure
Senthil Kumaran added the comment: New changeset e808c9d5c78e5a7a9d804eced013a02c0c7df1a5 by Jelle Zijlstra in branch '3.9': [3.9] bpo-42782: fix broken shutil test (GH-31971) https://github.com/python/cpython/commit/e808c9d5c78e5a7a9d804eced013a02c0c7df1a5 -- ___ Python tracker <https://bugs.python.org/issue42782> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46756] Incorrect authorization check in urllib.request
Senthil Kumaran added the comment: Pablo, we are good. The PRs were merged in open branches a while ago, and this was tracking security releases backports. -- ___ Python tracker <https://bugs.python.org/issue46756> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16247] Report failing url in URLError?
Senthil Kumaran added the comment: It is going to take a few weeks for me to get to my alerts, I will address this as soon as I get to it . Thanks for the triage, Irit. On Mon, Dec 13, 2021, 12:31 AM Irit Katriel wrote: > > Change by Irit Katriel : > > > -- > status: open -> pending > > ___ > Python tracker > <https://bugs.python.org/issue16247> > ___ > -- status: pending -> open ___ Python tracker <https://bugs.python.org/issue16247> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45795] urllib http client vulnerable to DOS attack
Senthil Kumaran added the comment: Hi Muhammad, I haven't gotten to this. urllib doesn't maintain a client state during multiple request / response. The code is available here https://github.com/python/cpython/tree/main/Lib/urllib -- ___ Python tracker <https://bugs.python.org/issue45795> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45795] urllib http client vulnerable to DOS attack
Senthil Kumaran added the comment: > Timeout value should not be reset after client receives a data(bytes), > because it can easily be abused to achieve DOS. Interesting. I looked the server example. Does clients like curl have something like this too? -- ___ Python tracker <https://bugs.python.org/issue45795> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28533] Remove asyncore, asynchat and smtpd modules
Senthil Kumaran added the comment: +1 to these modules removal. One concern I have is when users follow internet examples and look out for these modules or examples. What is the best way to show them the modern usage? - Should Python docs show some example snippet of the most common usage of aiosmtpd ? - Echo server / client using asyncio. A stdlib page dedicated to removal, and showing examples using these modules, especially aiostmpd as it is not a part of stdlib, might be a good idea. -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue28533> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue40321] urllib.request does not support HTTP response status code 308
Senthil Kumaran added the comment: New changeset c379bc5ec9012cf66424ef3d80612cf13ec51006 by Jochem Schulenklopper in branch 'main': bpo-40321: Support HTTP response status code 308 in urllib.request (#19588) https://github.com/python/cpython/commit/c379bc5ec9012cf66424ef3d80612cf13ec51006 -- ___ Python tracker <https://bugs.python.org/issue40321> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Change by Senthil Kumaran : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: -Python 3.9 ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Senthil Kumaran added the comment: New changeset 794430700defb913512f871b701a888aa730de81 by Senthil Kumaran in branch 'main': bpo-45067 - Verify the version of ncurses for extended color support feature usage. (GH-28260) https://github.com/python/cpython/commit/794430700defb913512f871b701a888aa730de81 -- ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Senthil Kumaran added the comment: I have created a pull request - https://github.com/python/cpython/pull/28260 Please review this. -- assignee: -> orsenthil versions: +Python 3.10, Python 3.9 ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Change by Senthil Kumaran : -- keywords: +patch pull_requests: +26680 stage: -> patch review pull_request: https://github.com/python/cpython/pull/28260 ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Senthil Kumaran added the comment: A change like this will be required since these funcs were introduced only recently and nurses shipped with centos was older. % git diff diff --git a/Modules/_cursesmodule.c b/Modules/_cursesmodule.c index 61aaf85522..6fb6c490e6 100644 --- a/Modules/_cursesmodule.c +++ b/Modules/_cursesmodule.c @@ -135,7 +135,7 @@ typedef chtype attr_t; /* No attr_t type is available */ #define STRICT_SYSV_CURSES #endif -#if NCURSES_EXT_COLORS+0 && NCURSES_EXT_FUNCS+0 +#if (defined(NCURSES_EXT_FUNCS) && NCURSES_EXT_FUNCS >= 20170401) && (defined(NCURSES_EXT_COLORS) && NCURSES_EXT_COLORS >= 20170401) #define _NCURSES_EXTENDED_COLOR_FUNCS 1 #else #define _NCURSES_EXTENDED_COLOR_FUNCS 0 -- ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45067] Failed to build _curses on CentOS 7
Senthil Kumaran added the comment:
Here is the output of make with relevant lines.
CC='gcc -pthread' LDSHARED='gcc -pthread -shared' OPT='-DNDEBUG -g -fwrapv
-O3 -Wall' _TCLTK_INCLUDES='' _TCLTK_LIBS='' ./python -E ./setup.py
build
running build
running build_ext
building '_curses' extension
gcc -pthread -fPIC -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3
-Wall -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter
-Wno-missing-field-initializers -Werror=implicit-function-declaration
-fvisibility=hidden -I./Include/internal -DHAVE_NCURSESW=1
-I/usr/include/ncursesw -I./Include -I. -I/usr/local/include
-I/local/home/senthilx/cpython/Include -I/local/home/senthilx/cpython -c
/local/home/senthilx/cpython/Modules/_cursesmodule.c -o
build/temp.linux-x86_64-3.11/local/home/senthilx/cpython/Modules/_cursesmodule.o
-DPy_BUILD_CORE_MODULE
/local/home/senthilx/cpython/Modules/_cursesmodule.c: In function
‘_curses_color_content_impl’:
/local/home/senthilx/cpython/Modules/_cursesmodule.c:149:41: error: implicit
declaration of function ‘extended_color_content’; did you mean
‘_curses_color_content’? [-Werror=implicit-function-declaration]
#define _COLOR_CONTENT_FUNC extended_color_content
^
/local/home/senthilx/cpython/Modules/_cursesmodule.c:2746:9: note: in expansion
of macro ‘_COLOR_CONTENT_FUNC’
if (_COLOR_CONTENT_FUNC(color_number, , , ) == ERR) {
^~~
/local/home/senthilx/cpython/Modules/_cursesmodule.c: In function
‘_curses_init_color_impl’:
/local/home/senthilx/cpython/Modules/_cursesmodule.c:147:41: error: implicit
declaration of function ‘init_extended_color’; did you mean ‘initialize_color’?
[-Werror=implicit-function-declaration]
#define _CURSES_INIT_COLOR_FUNC init_extended_color
^
/local/home/senthilx/cpython/Modules/_cursesmodule.c:3194:29: note: in
expansion of macro ‘_CURSES_INIT_COLOR_FUNC’
return PyCursesCheckERR(_CURSES_INIT_COLOR_FUNC(color_number, r, g, b),
^~~
/local/home/senthilx/cpython/Modules/_cursesmodule.c: In function
‘_curses_init_pair_impl’:
/local/home/senthilx/cpython/Modules/_cursesmodule.c:148:41: error: implicit
declaration of function ‘init_extended_pair’; did you mean
‘use_extended_names’? [-Werror=implicit-function-declaration]
#define _CURSES_INIT_PAIR_FUNC init_extended_pair
^
/local/home/senthilx/cpython/Modules/_cursesmodule.c:3222:9: note: in expansion
of macro ‘_CURSES_INIT_PAIR_FUNC’
if (_CURSES_INIT_PAIR_FUNC(pair_number, fg, bg) == ERR) {
^~
/local/home/senthilx/cpython/Modules/_cursesmodule.c: In function
‘_curses_pair_content_impl’:
/local/home/senthilx/cpython/Modules/_cursesmodule.c:150:41: error: implicit
declaration of function ‘extended_pair_content’; did you mean
‘_curses_pair_content’? [-Werror=implicit-function-declaration]
#define _CURSES_PAIR_CONTENT_FUNC extended_pair_content
^
/local/home/senthilx/cpython/Modules/_cursesmodule.c:3868:9: note: in expansion
of macro ‘_CURSES_PAIR_CONTENT_FUNC’
if (_CURSES_PAIR_CONTENT_FUNC(pair_number, , ) == ERR) {
^
cc1: some warnings being treated as errors
building '_curses_panel' extension
gcc -pthread -fPIC -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3
-Wall -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter
-Wno-missing-field-initializers -Werror=implicit-function-declaration
-fvisibility=hidden -I./Include/internal -DHAVE_NCURSESW=1
-I/usr/include/ncursesw -I./Include -I. -I/usr/local/include
-I/local/home/senthilx/cpython/Include -I/local/home/senthilx/cpython -c
/local/home/senthilx/cpython/Modules/_curses_panel.c -o
build/temp.linux-x86_64-3.11/local/home/senthilx/cpython/Modules/_curses_panel.o
gcc -pthread -shared
build/temp.linux-x86_64-3.11/local/home/senthilx/cpython/Modules/_curses_panel.o
-L/usr/local/lib -lpanelw -lncursesw -o
build/lib.linux-x86_64-3.11/_curses_panel.cpython-311-x86_64-linux-gnu.so
*** WARNING: renaming "_curses_panel" since importing it failed: No module
named '_curses'
The following modules found by detect_modules() in setup.py, have been
built by the Makefile instead, as configured by the Setup files:
_abc pwd time
Failed to build these modules:
_curses
Following modules built successfully but were removed because they could not be
imported:
_curses_panel
running build_scripts
copying and adjusting /local/home/senthilx/cpython/Tools/scripts/pydoc3 ->
build/scripts-3.11
copying and adjusting /local/home/senthilx/cpython/Tools/scripts/idle3 ->
build/scripts-3.11
copying and adjusting /local/home/senthilx/cpython/Tools/scripts/2to3 ->
build/scripts-3.11
changing mode of build/scripts-3
[issue45067] Failed to build _curses on CentOS 7
New submission from Senthil Kumaran : I verified that ncurses-devel is installed. ./configure is able to verify ncurses checking curses.h usability... yes checking curses.h presence... yes checking for curses.h... yes checking ncurses.h usability... yes checking ncurses.h presence... yes checking for ncurses.h... yes checking for term.h... yes But _curses fails to build, this is the output message from `make` gcc -pthread -fPIC -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -std=c99 -Wextra -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -Werror=implicit-function-declaration -fvisibility=hidden -I./Include/internal -DHAVE_NCURSESW=1 -I/usr/include/ncursesw -I./Include -I. -I/usr/local/include -I/local/home/senthilx/cpython/Include -I/local/home/senthilx/cpython -c /local/home/senthilx/cpython/Modules/_curses_panel.c -o build/temp.linux-x86_64-3.11/local/home/senthilx/cpython/Modules/_curses_panel.o gcc -pthread -shared build/temp.linux-x86_64-3.11/local/home/senthilx/cpython/Modules/_curses_panel.o -L/usr/local/lib -lpanelw -lncursesw -o build/lib.linux-x86_64-3.11/_curses_panel.cpython-311-x86_64-linux-gnu.so *** WARNING: renaming "_curses_panel" since importing it failed: No module named '_curses' The following modules found by detect_modules() in setup.py, have been built by the Makefile instead, as configured by the Setup files: _abc pwd time Failed to build these modules: _curses Following modules built successfully but were removed because they could not be imported: _curses_panel -- messages: 400795 nosy: orsenthil priority: normal severity: normal status: open title: Failed to build _curses on CentOS 7 type: compile error versions: Python 3.11 ___ Python tracker <https://bugs.python.org/issue45067> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44830] Broken Mozilla devguide link in "Dealing with Bugs" doc section
Senthil Kumaran added the comment: @Jack, if you review this backport - https://github.com/python/cpython/pull/27666 , I can merge this PR. -- ___ Python tracker <https://bugs.python.org/issue44830> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44830] Broken Mozilla devguide link in "Dealing with Bugs" doc section
Senthil Kumaran added the comment: New changeset 6a6bcf16370beff2e0d1a034661654d5c335b5ee by Miss Islington (bot) in branch '3.9': bpo-44830 - Remove the broken Broken Mozilla devguide link. (GH-27664) (GH-27665) https://github.com/python/cpython/commit/6a6bcf16370beff2e0d1a034661654d5c335b5ee -- ___ Python tracker <https://bugs.python.org/issue44830> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44830] Broken Mozilla devguide link in "Dealing with Bugs" doc section
Change by Senthil Kumaran : -- pull_requests: +26155 pull_request: https://github.com/python/cpython/pull/27666 ___ Python tracker <https://bugs.python.org/issue44830> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44830] Broken Mozilla devguide link in "Dealing with Bugs" doc section
Senthil Kumaran added the comment: New changeset ebecffdb6d5fffa4249f9a813f1fc1915926feb5 by Senthil Kumaran in branch 'main': bpo-44830 - Remove the broken Broken Mozilla devguide link. (GH-27664) https://github.com/python/cpython/commit/ebecffdb6d5fffa4249f9a813f1fc1915926feb5 -- ___ Python tracker <https://bugs.python.org/issue44830> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44830] Broken Mozilla devguide link in "Dealing with Bugs" doc section
Change by Senthil Kumaran : -- keywords: +patch nosy: +orsenthil nosy_count: 3.0 -> 4.0 pull_requests: +26153 stage: -> patch review pull_request: https://github.com/python/cpython/pull/27664 ___ Python tracker <https://bugs.python.org/issue44830> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29555] Update Python Software Foundation Copyright Year
Senthil Kumaran added the comment: Yes, closing this. -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue29555> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44359] test_ftplib fails as "env changes" if a socket operation times out in a thread: TimeoutError is not catched
Change by Senthil Kumaran : -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue44359> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44360] test_compile killed by SIGKILL on AMD64 Ubuntu 3.x (Linux OOM Killer)
Senthil Kumaran added the comment: > Maybe you should give more memory to your worker, or you should spawn less > jobs in parallel It was related to high number of jobs in that particular agent and result in OOM Kill from the Linux kernel - https://pastebin.com/559H4ksa The machine has 1GB Ram, but I realize that it has only one 1 CPU (This seems not optimal, minimal of 2 CPU seems to be recommendation - https://devguide.python.org/buildworker/) I will change it to run few jobs in parallel, and disable some services which are not used) and we could see again. For this, I would rather side with an agent resource issue than a compiler issue. Sorry for that. --- I also notice number unsuccessful SSH attempts on the server (today) - https://pastebin.com/ab0EKDuF The agent got unreachable probably due this, and I did reboot of the agent from the cloud console, so that I could login and see what might have happened. -- ___ Python tracker <https://bugs.python.org/issue44360> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44360] test_compile killed by SIGKILL on AMD64 Ubuntu 3.x
Senthil Kumaran added the comment: Yes, this was related to the Linux OOM Killer. The agent went down shortly after this. Either multiple parallel jobs might have led to OOM or something else. I will see if logs provide more information. -- ___ Python tracker <https://bugs.python.org/issue44360> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44348] test_exceptions.ExceptionTests.test_recursion_in_except_handler stack overflow on Windows debug builds
Change by Senthil Kumaran : -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue44348> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43105] [Windows] Can't import extension modules resolved via relative paths in sys.path
Senthil Kumaran added the comment: There is a report about this change might have caused behaviour change for '.' in sys.path between 3.10.0a7 and 3.10.0b1 https://mail.python.org/archives/list/python-...@python.org/thread/DE3MDGB2JGOJ3X4NWEGJS26BK6PJUPKW/ -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue43105> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset 0593ae84af9e0e8332644e7ed13d7fd8306c4e1a by Senthil Kumaran in branch '3.9': [3.9] bpo-43882 - Mention urllib.parse changes in Whats new section. (GH-26276) https://github.com/python/cpython/commit/0593ae84af9e0e8332644e7ed13d7fd8306c4e1a -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset f14015adf52014c2345522fe32d43f15f001c986 by Senthil Kumaran in branch '3.10': [3.10] bpo-43882 - Mention urllib.parse changes in Whats new section. (GH-26275) https://github.com/python/cpython/commit/f14015adf52014c2345522fe32d43f15f001c986 -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24883 pull_request: https://github.com/python/cpython/pull/26277 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24882 pull_request: https://github.com/python/cpython/pull/26276 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24881 stage: commit review -> patch review pull_request: https://github.com/python/cpython/pull/26275 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24872 pull_request: https://github.com/python/cpython/pull/26268 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24871 stage: resolved -> patch review pull_request: https://github.com/python/cpython/pull/26267 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43504] Site linked in docs, effbot.org, down
Senthil Kumaran added the comment: Julien, we could remove them from docs.python.org instead of pointing to archive.org. Users will be able to find more recent examples in the internet. -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue43504> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44089] csv.Error can't be subclassed
Senthil Kumaran added the comment: This was also merged in 3.11 https://github.com/python/cpython/commit/2b458c1dba4058c808fde25226bb2d91c5a909ca -- ___ Python tracker <https://bugs.python.org/issue44089> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44089] csv.Error can't be subclassed
Change by Senthil Kumaran : -- assignee: -> orsenthil resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue44089> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue44089] csv.Error can't be subclassed
Senthil Kumaran added the comment: New changeset 3e44e9af9ea4c5e82912a01f256d4abcae96f32b by Miss Islington (bot) in branch '3.10': bpo-44089: Allow subclassing of ``csv.Error`` (GH-26008) (GH-26066) https://github.com/python/cpython/commit/3e44e9af9ea4c5e82912a01f256d4abcae96f32b -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue44089> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23750] doc: Clarify difference between os.system/subprocess.call in section "Replacing os.system()"
Senthil Kumaran added the comment: New changeset 390bfe044531a813722919933116ed37fe321861 by Miss Islington (bot) in branch '3.9': bpo-23750: Document os-system, subprocess. Patch by Martin Panter. (GH-26016) (GH-26041) https://github.com/python/cpython/commit/390bfe044531a813722919933116ed37fe321861 -- ___ Python tracker <https://bugs.python.org/issue23750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23750] doc: Clarify difference between os.system/subprocess.call in section "Replacing os.system()"
Change by Senthil Kumaran : -- stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue23750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23750] doc: Clarify difference between os.system/subprocess.call in section "Replacing os.system()"
Senthil Kumaran added the comment: New changeset 6fc6f4366d02412e3424d2a6da43a28d8f479d7b by Miss Islington (bot) in branch '3.10': bpo-23750: Document os-system, subprocess. Patch by Martin Panter. (GH-26016) (GH-26040) https://github.com/python/cpython/commit/6fc6f4366d02412e3424d2a6da43a28d8f479d7b -- ___ Python tracker <https://bugs.python.org/issue23750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23750] doc: Clarify difference between os.system/subprocess.call in section "Replacing os.system()"
Senthil Kumaran added the comment: Does anyone know what the return value 768 signify here? -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue23750> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Senthil Kumaran added the comment: In 3.10 - https://github.com/python/cpython/commit/a2c72d52dddefbfbaa0745b0af54330fad03b29e 3.9 - https://github.com/python/cpython/commit/a25c46bd7dd47a2f95b32d17ee2f66de214892c6 -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Senthil Kumaran added the comment: Fixed in 3.11 here - https://github.com/python/cpython/commit/80d250d68cf3bb511fd862169c681b28028499c2 -- ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Change by Senthil Kumaran : -- pull_requests: +24632 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/25980 ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Senthil Kumaran added the comment: Looks like the BINDIR dependency was added here - https://github.com/python/cpython/commit/49fd7fa4431da299196d74087df4a04f99f9c46f#diff-1f0a8db227d22005511b0d90f5339b97db345917b863954b3b3ccb9ec308767cR833 but we didn't add the directory creation dependency then. A simple fix of add BINDIR as dependency seems _OK_ to me. At least it wont break the libainstall standalone target. -- ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: Ned wrote: > Senthil, I am not sure which previous message you are referring to but. I meant, the messages from other developers who raised that change broke certain test cases. Ned, but I got little concerned, if we planned to revert the change. > the only way we *should* proceed with the current changes is by including > more information in a What's New entry and the NEWS blurb about that the > implications to users are of these changes. I agree with completely. I will include an additional blurb for this change for security fix versions. Greg wrote: > There is no less intrusive fix as far as I can see. I believe we're down to > either stick with what we've done, or do nothing. Exactly my feeling too. > It doesn't have to be the same choice in all release branches, being more > conservative with changes the older the stable branch is okay. (ie: removing > this from 3.6 and 3.7 seems fine even if more recent ones do otherwise) I hadn't considered that. But it wont save much will be my opinion. The users will have to upgrade to supported versions anyway and it will break then. The problem is only pushed a little. So, keeping it consistent seems alright to me. It is a little additional for everyone, but we seem to be doing it. -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment:
Hello All,
I think, the current striping of ASCII newline and tab is a _reasonable_
solution given it was a security issue.
It also follows the guidelines of "WHATWG" (Specifically Point 3)
> 2. If input contains any ASCII tab or newline, validation error.
> 3. Remove all ASCII tab or newline from input.
And as per WHATWG, "A validation error does not mean that the parser
terminates. Termination of a parser is always stated explicitly, e.g., through
a return statement."
I agree that terms used in spec vs representing it with library code may not be
1:1, but we tried to stay close and followed the existing behavior of widely
used clients.
This is a fix, per a security report, and per an evolv{ed,ing} standard
recommendation. When dealing with security fixes, there could be simple or more
complex migration involvements.
My reading of the previous message was, even if we raised exception or gave as
a parameter, it wont be any better for certain downstream users, as we let the
security problem open, and have it only as opt-in fix.
With respect to control
The comment in the review -
https://github.com/python/cpython/pull/25595#pullrequestreview-647122723 was to
make these characters available in module level parameters, so that if users
prefer to override, they could patch it.
so a revert may not be necessary for the reason of lack of control.
In short, at this moment, I still feel that is reasonable fix at this moment
for the problem report, and intention to move closer to whatwg spec.
--
___
Python tracker
<https://bugs.python.org/issue43882>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Senthil Kumaran added the comment: issue25696 was related, and it fixed bininstall issue. -- ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue16866] libainstall doesn't create $(BINDIR) directory
Senthil Kumaran added the comment: This is still a problem behaviour as of May 2021. ./configure --prefix=/home/senthil/foobar make libainstall failed with /usr/bin/install: cannot create regular file '/home/senthil/foobar/bin/python3.11-config': No such file or directory make: *** [Makefile:1715: libainstall] Error 1 -- versions: +Python 3.10, Python 3.11, Python 3.9 -Python 2.7, Python 3.4, Python 3.5 ___ Python tracker <https://bugs.python.org/issue16866> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue9725] urllib.request.FancyURLopener won't connect to pages requiring username and password
Senthil Kumaran added the comment: urllib.request.FancyURLopener has been deprecated since 3.3 https://docs.python.org/3/library/urllib.request.html#urllib.request.FancyURLopener This bug wont be fixed. The other higher level methods (urlopen) could used for basic authentication with username and password. -- resolution: -> wont fix stage: -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue9725> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30164] Testing FTP support in urllib shouldn't use Debian FTP server
Change by Senthil Kumaran : -- pull_requests: +24624 pull_request: https://github.com/python/cpython/pull/25968 ___ Python tracker <https://bugs.python.org/issue30164> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30164] Testing FTP support in urllib shouldn't use Debian FTP server
Senthil Kumaran added the comment: This has been fixed here - https://github.com/python/cpython/pull/2755/files Python docs demonstrate the usage of ftplib using ftp.debian.org. I think, it is perfectly reasonable and welcome thing to do so. https://docs.python.org/3/library/ftplib.html Closing this ticket as fixed. I will add some minor improvement to the documentation usage though. -- resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue30164> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12441] _GLOBAL_DEFAULT_TIMEOUT remains as an object() in HTTPConnection and the connection hangs
Senthil Kumaran added the comment: The _GLOBAL_DEFAULT_TIMEOUT usage is an established pattern with socket module. https://github.com/python/cpython/blob/main/Lib/socket.py#L805 This is not a bug and we don't have a good reproducible step mentioned in the report. -- resolution: -> not a bug stage: test needed -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue12441> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11466] getpass.getpass doesn't close tty file
Senthil Kumaran added the comment: This was fixed in https://github.com/python/cpython/commit/16dbbae2981c96c7c9b1ae81e1708d54b08c10ac Since Python 3.4 And tests do not raise any ResourceWarning now. ``` $ ../../python -Vs Python 3.11.0a0 $ ../../python -m unittest test_getpass.py -v test_username_falls_back_to_pwd (test_getpass.GetpassGetuserTest) ... ok test_username_priorities_of_env_values (test_getpass.GetpassGetuserTest) ... ok test_username_takes_username_from_env (test_getpass.GetpassGetuserTest) ... ok test_flushes_stream_after_prompt (test_getpass.GetpassRawinputTest) ... ok test_raises_on_empty_input (test_getpass.GetpassRawinputTest) ... ok test_trims_trailing_newline (test_getpass.GetpassRawinputTest) ... ok test_uses_stderr_as_default (test_getpass.GetpassRawinputTest) ... ok test_uses_stdin_as_default_input (test_getpass.GetpassRawinputTest) ... ok test_uses_stdin_as_different_locale (test_getpass.GetpassRawinputTest) ... ok test_falls_back_to_fallback_if_termios_raises (test_getpass.UnixGetpassTest) ... ok test_falls_back_to_stdin (test_getpass.UnixGetpassTest) ... ok test_flushes_stream_after_input (test_getpass.UnixGetpassTest) ... ok test_resets_termios (test_getpass.UnixGetpassTest) ... ok test_uses_tty_directly (test_getpass.UnixGetpassTest) ... ok -- Ran 14 tests in 0.041s OK ``` -- resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue11466> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Change by Senthil Kumaran : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Change by Senthil Kumaran : -- versions: +Python 3.10, Python 3.9 ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Senthil Kumaran added the comment: Hi Stephen, Thanks for the response and the details. I was able to verify the bug! I don't know exactly what I was doing previously, but I agree with you that this is a bug and will be fixed with your patch. :) Thanks, Senthil -- ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Senthil Kumaran added the comment: I am also hesitant to fix something that is not broken. So, please share the broken behavior that could be verified, and this will give us greater confidence to commit this patch. -- ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Senthil Kumaran added the comment: Hi Stephen, With the example, I couldn't reproduce the problem with curl 7.65.3 That said, I do recognize that this change is a positive improvement, but I cannot see this a bug-fix (and for client misbehavior, which I couldn't verify). To take a call, I think, this change could go into `main` branch as an "improvement" change than a bug-fix. Note: the existing behavior is 10+ year old and don't want to introduce changes if it is not a bug. Thanks -- versions: +Python 3.11 -Python 3.6, Python 3.7, Python 3.8, Python 3.9 ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset 24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 by Miss Islington (bot) in branch '3.10': bpo-43882 Remove the newline, and tab early. From query and fragments. (GH-25936) https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24589 pull_request: https://github.com/python/cpython/pull/25921 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset 8a595744e696a0fb92dccc5d4e45da41571270a1 by Senthil Kumaran in branch '3.9': [3.9] bpo-43882 Remove the newline, and tab early. From query and fragments. (#25853) https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: Based on Greg's review comment, I have pushed the fix for 3.9, and 3.8 - [3.9] https://github.com/python/cpython/pull/25853 - [3.8] https://github.com/python/cpython/pull/25726 There is no need to hold off releases for these alone. If we get it merged before the release cut today, fine, otherwise, they will be in the next security fix. -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- pull_requests: +24537 pull_request: https://github.com/python/cpython/pull/25853 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Senthil Kumaran added the comment: Hi Stephen, Could you give a brief demo of using curl to see the problematic behavior. I have testing with a version python and saw that without content length, the curl was behaving properly. ``` $mkdir foo $#add index.html to directory foo $python -m http.server foo $ curl -I -L http://0.0.0.0:8082/foo HTTP/1.0 301 Moved Permanently Server: SimpleHTTP/0.6 Python/3.6.13+ Date: Sat, 01 May 2021 17:16:14 GMT Location: /foo/ HTTP/1.0 200 OK Server: SimpleHTTP/0.6 Python/3.6.13+ Date: Sat, 01 May 2021 17:16:14 GMT Content-type: text/html Content-Length: 171 Last-Modified: Sat, 01 May 2021 14:34:48 GMT ``` And ``` curl --version curl 7.65.3 ``` -- ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43972] Simple HTTP Request Handler in http.server does not set a content-length and does not close connections on 301s
Change by Senthil Kumaran : -- assignee: -> orsenthil nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue43972> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset 491fde0161d5e527eeff8586dd3972d7d3a631a7 by Miss Islington (bot) in branch '3.9': [3.9] bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. (GH-25595) (GH-25725) https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: New changeset 76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 by Senthil Kumaran in branch 'master': bpo-43882 - urllib.parse should sanitize urls containing ASCII newline and tabs. (GH-25595) https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 -- ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43795] Implement PEP 652 -- Maintaining the Stable ABI
Change by Senthil Kumaran : -- nosy: +orsenthil nosy_count: 3.0 -> 4.0 pull_requests: +24407 pull_request: https://github.com/python/cpython/pull/25716 ___ Python tracker <https://bugs.python.org/issue43795> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43774] [Doc] Document configure options in the Python documentation
Change by Senthil Kumaran : -- nosy: +orsenthil nosy_count: 5.0 -> 6.0 pull_requests: +24406 pull_request: https://github.com/python/cpython/pull/25716 ___ Python tracker <https://bugs.python.org/issue43774> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8077] cgi handling of POSTed files is broken in Windows
Change by Senthil Kumaran : -- pull_requests: +24343 stage: test needed -> patch review pull_request: https://github.com/python/cpython/pull/25652 ___ Python tracker <https://bugs.python.org/issue8077> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue8077] cgi handling of POSTed files is broken in Windows
Change by Senthil Kumaran : -- title: cgi handling of POSTed files is broken -> cgi handling of POSTed files is broken in Windows versions: +Python 3.10 -Python 3.2, Python 3.3 ___ Python tracker <https://bugs.python.org/issue8077> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Senthil Kumaran added the comment: Please open a new issue. It has better chances of being fixed quickly. On Mon, Apr 26, 2021 at 10:02 PM junpengruan wrote: > > junpengruan <632077...@qq.com> added the comment: > > Hi > I think there is another bug when initial_response_ok=False. When using > AUTH PLAIN, the server will response like: > -- > C: AUTH PLAIN > S: 334 ok. go on > -- > and it's not base64 encoding, while in the auth() it will decode the > resp(here is "ok, go on") which will cause a binascii.Error: > > Traceback (most recent call last): > File "/usr/lib/python3.6/smtplib.py", line 644, in auth > challenge = base64.decodebytes(resp) > File "/usr/lib/python3.6/base64.py", line 553, in decodebytes > return binascii.a2b_base64(s) > binascii.Error: Incorrect padding > > I think this fit the title "a bug in smtplib when > initial_response_ok=False", should I just comment on this issue or open a > new issue? > Thanks! > > -- > nosy: +junpengruan > > ___ > Python tracker > <https://bugs.python.org/issue27820> > ___ > -- ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12966] cookielib.LWPCookieJar breaks on cookie values with a newline
Senthil Kumaran added the comment: This bug was reported in 2.5 and we don't have a test case attached in this report. Given many changes and age of the bug, I am closing this. A specific report against the latest code will help us to fix this bug. -- stage: -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue12966> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue3609] does parse_header really belong in CGI module?
Change by Senthil Kumaran : -- stage: needs patch -> resolved status: languishing -> closed ___ Python tracker <https://bugs.python.org/issue3609> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23498] Expose http.cookiejar.split_header_words()
Change by Senthil Kumaran : -- assignee: -> orsenthil ___ Python tracker <https://bugs.python.org/issue23498> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue3609] does parse_header really belong in CGI module?
Senthil Kumaran added the comment: Closing this age old bug in favor of fixing it as part of issue23498. -- resolution: -> wont fix ___ Python tracker <https://bugs.python.org/issue3609> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43534] turtle.textinput window is not transient
Senthil Kumaran added the comment: New changeset b47f05157bd05c5825c26389af5be3064a2c1313 by Miss Islington (bot) in branch '3.9': bpo-43534: Fix the turtle module working with multiple root windows GH-25593 https://github.com/python/cpython/commit/b47f05157bd05c5825c26389af5be3064a2c1313 -- ___ Python tracker <https://bugs.python.org/issue43534> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43534] turtle.textinput window is not transient
Senthil Kumaran added the comment: New changeset 9ca20fdc4c27e31832adbd6d393a87e7d8953e3c by Miss Islington (bot) in branch '3.8': bpo-43534: Fix the turtle module working with multiple root windows GH-25594 https://github.com/python/cpython/commit/9ca20fdc4c27e31832adbd6d393a87e7d8953e3c -- nosy: +orsenthil ___ Python tracker <https://bugs.python.org/issue43534> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Senthil Kumaran added the comment: I have added a PR to remove ascii newlines and tabs from URL input. It is as per the WHATWG spec. However, I still like to research more and find out if this isn't introducing behavior that will break existing systems. It should also be aligned the decisions we have made with previous related bug reports. Please review. -- stage: patch review -> needs patch ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] [security] urllib.parse should sanitize urls containing ASCII newline and tabs.
Change by Senthil Kumaran : -- keywords: +patch pull_requests: +24315 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/25595 ___ Python tracker <https://bugs.python.org/issue43882> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43883] Making urlparse WHATWG conformant
New submission from Senthil Kumaran : Mike Lissner reported that a set test suites that exercise extreme conditions with URLs, but in conformance with url.spec.whatwg.org was maintained here: https://github.com/web-platform-tests/wpt/tree/77da471a234e03e65a22ee6df8ceff7aaba391f8/url These test cases were used against urlparse and urljoin method. https://gist.github.com/mlissner/4d2110d7083d74cff3893e261a801515 Quoting verbatim ``` The basic idea is to iterate over the test cases and try joining and parsing them. The script wound up messier than I wanted b/c there's a fair bit of normalization you have to do (e.g., the test cases expect blank paths to be '/', while urlparse returns an empty string), but you'll get the idea. The bad news is that of the roughly 600 test cases fewer than half pass. Some more normalization would fix some more of this, and I don't imagine all of these have security concerns (I haven't thought through it, honestly, but there are issues with domain parsing too that look meddlesome). For now I've taken it as far as I can, and it should be a good start, I think. The final numbers the script cranks out are: Done. 231/586 successes. 1 skipped. ``` -- assignee: orsenthil messages: 391344 nosy: orsenthil priority: normal severity: normal stage: needs patch status: open title: Making urlparse WHATWG conformant type: behavior ___ Python tracker <https://bugs.python.org/issue43883> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.
New submission from Senthil Kumaran :
A security issue was reported by Mike Lissner wherein an attacker was able to
use `\r\n` in the url path, the urlparse method didn't sanitize and allowed
those characters be present in the request.
> In [9]: from urllib.parse import urlsplit
> In [10]: urlsplit("java\nscript:alert('bad')")
> Out[10]: SplitResult(scheme='', netloc='', path="java\nscript:alert('bad')",
> query='', fragment='')
Firefox and other browsers ignore newlines in the scheme. From
the browser console:
>> new URL("java\nscript:alert(bad)")
<< URL { href: "javascript:alert(bad)", origin: "null", protocol:
"javascript:", username: "", password: "", host: "", hostname: "", port: "",
pathname: "alert(bad)", search: ""
Mozilla Developers informed about the controlling specification for URLs is in
fact defined by the "URL Spec"
from WHATWG which updates RFC 3986 and specifies that tabs and newlines
should be stripped from the scheme.
See: https://url.spec.whatwg.org/#concept-basic-url-parser
That link defines an automaton for URL parsing. From that link, steps 2 and 3
of scheme parsing read:
If input contains any ASCII tab or newline, validation error.
3. Remove all ASCII tab or newline from input.
urlparse module behavior should be updated, and an ASCII tab or newline should
be removed from the url (sanitized) before it is sent to the request, as WHATWG
spec.
--
assignee: orsenthil
messages: 391343
nosy: orsenthil
priority: normal
severity: normal
stage: needs patch
status: open
title: urllib.parse should sanitize urls containing ASCII newline and tabs.
type: security
versions: Python 3.10, Python 3.6, Python 3.7, Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.org/issue43882>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43871] urllib.parse.urlparse doesn't check port
Change by Senthil Kumaran : -- assignee: -> orsenthil versions: +Python 3.10 ___ Python tracker <https://bugs.python.org/issue43871> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43871] urllib.parse.urlparse doesn't check port
Senthil Kumaran added the comment: Treating this as bug in itself might be a better idea than waiting for a ipv6 scope introduction, which had few caveats. > Would it be an improvement if _checknetloc[2] validates the value of port > properly? Yes, we could check if it is an int. That should be sufficient. -- ___ Python tracker <https://bugs.python.org/issue43871> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42967] [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran added the comment: New changeset d5b80eb11b4812b4a579ce129ba4a10c5f5d27f6 by Miss Islington (bot) in branch '3.8': bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (GH-24818) (#25345) https://github.com/python/cpython/commit/d5b80eb11b4812b4a579ce129ba4a10c5f5d27f6 -- ___ Python tracker <https://bugs.python.org/issue42967> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42967] [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran added the comment: New changeset b38601d49675d90e1ee6faa47f7adaeca992d02d by Ken Jin in branch 'master': bpo-42967: coerce bytes separator to string in urllib.parse_qs(l) (#24818) https://github.com/python/cpython/commit/b38601d49675d90e1ee6faa47f7adaeca992d02d -- ___ Python tracker <https://bugs.python.org/issue42967> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43479] Remove a duplicate comment and assignment in http.client
Change by Senthil Kumaran : -- stage: -> resolved ___ Python tracker <https://bugs.python.org/issue43479> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43479] Remove a duplicate comment and assignment in http.client
Change by Senthil Kumaran : -- stage: resolved -> ___ Python tracker <https://bugs.python.org/issue43479> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43479] Remove a duplicate comment and assignment in http.client
Change by Senthil Kumaran : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue43479> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43479] Remove a duplicate comment and assignment in http.client
Change by Senthil Kumaran : -- assignee: -> orsenthil nosy: +orsenthil versions: -Python 3.6, Python 3.7 ___ Python tracker <https://bugs.python.org/issue43479> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Change by Senthil Kumaran : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Senthil Kumaran added the comment: New changeset 8cadc2c9cacfa1710cb5ca28a70f7782cacf09aa by Senthil Kumaran in branch '3.8': [3.8] bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) (#24833) https://github.com/python/cpython/commit/8cadc2c9cacfa1710cb5ca28a70f7782cacf09aa -- ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42967] [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran added the comment: Petr, On > the `separator` argument now allows multi-character strings, so you can parse > 'a=1b=2' with separator=''. Was this intentional? No, this was not intentional. The separator arg was just coice, for compatibility, if some wanted to use `;` like the some URLs that were shared as use case. We didn't restrict about what was allowed or length of the separator. -- ___ Python tracker <https://bugs.python.org/issue42967> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Senthil Kumaran added the comment: New changeset 32717b982d3347e30ae53eb434e2a32e0d03d51e by Miss Islington (bot) in branch '3.9': bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) (#24832) https://github.com/python/cpython/commit/32717b982d3347e30ae53eb434e2a32e0d03d51e -- ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Change by Senthil Kumaran : -- pull_requests: +23599 pull_request: https://github.com/python/cpython/pull/24833 ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Senthil Kumaran added the comment: New changeset 7591d9455eb37525c832da3d65e1a7b3e6dbf613 by Pandu E POLUAN in branch 'master': bpo-27820: Fix AUTH LOGIN logic in smtplib.SMTP (GH-24118) https://github.com/python/cpython/commit/7591d9455eb37525c832da3d65e1a7b3e6dbf613 -- ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42967] [CVE-2021-23336] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator
Senthil Kumaran added the comment: Petr, thank you. Let's treat it as a new issue linked to this. -- ___ Python tracker <https://bugs.python.org/issue42967> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27820] Possible bug in smtplib when initial_response_ok=False
Senthil Kumaran added the comment: Hello Pandu, Thank you for this patch and the explanation. Does client blocking on repeated challenge from the server (using of while loop) look okay here? The conversation here indicates to me that it is fine. Is there any recommendation or implementation strategies to break the loop (on a malformed server)? Thanks, Senthil -- assignee: -> orsenthil nosy: +orsenthil versions: +Python 3.10, Python 3.9 -Python 3.5, Python 3.6 ___ Python tracker <https://bugs.python.org/issue27820> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
