[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Matej Cepl added the comment: You are right. Thank you. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36522] http/client.py does not print duplicate header values in debug

Serhiy Storchaka added the comment: New changeset 461c416dd78a98f2bba7f323af8c9738e060b6f2 by Serhiy Storchaka (Matt Houglum) in branch 'master': bpo-36522: Print all values for headers with multiple values. (GH-12681)

[issue36522] http/client.py does not print duplicate header values in debug

Change by miss-islington : -- pull_requests: +12610 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36521] Consider removing docstrings from co_consts in code objects

Change by Inada Naoki : -- nosy: +inada.naoki ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Karthikeyan Singaravelan added the comment: The docs state the tuple contains two dictionaries depending on how common the type is. I guess you want a merged dict to be provided as an API? I will leave it to @r.david.murray on that. -- ___ Python

[issue36521] Consider removing docstrings from co_consts in code objects

Raymond Hettinger added the comment: > co_consts[0] is used for setting the initial value of __doc__. Why is __doc__ set this way, but __name__ is set directly on the function object? Setting __doc__ from the code object seems like an odd implementation hack that puts the responsibility in

[issue36054] Way to detect CPU count inside docker container

Manjusaka added the comment: Yes, not only but also support get real memory limit. look at https://blogs.oracle.com/java-platform-group/java-se-support-for-docker-cpu-and-memory-limits -- ___ Python tracker

[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Steve Dower added the comment: You need a "u" prefix on some of your strings or they're probably being immediately decomposed. The result of urlsplit should be unicode on Python 2 for a Unicode input, and yours are not. -- ___ Python tracker

[issue36522] http/client.py does not print duplicate header values in debug

Change by Roundup Robot : -- keywords: +patch pull_requests: +12608 stage: -> patch review ___ Python tracker ___ ___

[issue36521] Consider removing docstrings from co_consts in code objects

Serhiy Storchaka added the comment: co_consts[0] is used for setting the initial value of __doc__. See PyFunction_NewWithQualName(). consts = ((PyCodeObject *)code)->co_consts; if (PyTuple_Size(consts) >= 1) { doc = PyTuple_GetItem(consts, 0); if

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: (I just found out that Cary is on vacation until 4/17.) -- ___ Python tracker ___ ___

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: One way would be to compile only their own source to bytecode using this flag. But I agree it doesn't look very viable in general. I'll talk to Cary offline. -- ___ Python tracker

[issue36522] http/client.py does not print duplicate header values in debug

New submission from Matt Houglum : This is a follow-up to https://bugs.python.org/issue33365. The fix for that issue (see https://github.com/python/cpython/pull/6611) added a statement to also print header values, but it does not account for the case where multiple values exist for the same

[issue18697] Unify arguments names in Unicode object C API documentation

Change by Rune Tynan : -- keywords: +patch pull_requests: +12607 stage: needs patch -> patch review ___ Python tracker ___ ___

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

bigbigliang added the comment: Thank you for your answer. I am a student and very interested in python. I want to continue digging for Python bugs, but I am not good at this area. I want to keep looking for loopholes. from:bigbigliang Christian Heimes 于2019年4月3日周三 下午5:33写道： > > Christian

[issue36521] Consider removing docstrings from co_consts in code objects

New submission from Raymond Hettinger : Function objects provide __doc__ as a documented writeable attribute. However, code objects also have the same information in co_consts[0]. When __doc__ is changed, the latter keeps a reference to the old string. Also, the disassembly shows that

[issue36466] Adding a way to strip annotations from compiled bytecode

Raymond Hettinger added the comment: FYI, this partially breaks functools.singledispatch() and completely breaks both typing.NamedTuple() and dataclasses.dataclass(). A user may be able to avoid these in their own code, but I don't see how they can avoid it in third-party code. --

[issue18697] Unify arguments names in Unicode object C API documentation

Rune Tynan added the comment: Another inconsistency I've noticed is that the code sometimes refers to Py_ssize_t instances as a 'length' and sometimes as a 'size'. It seems like 'size' is the more common one in the docs, but the headers more often use 'length'. Which would be the better one

[issue36520] Email header folded incorrectly

New submission from Jonathan Horn : I encountered a problem with replacing the 'Subject' header of an email. After serializing it again, the utf8 encoding was wrong. It seems to be occurring when folding the internal header objects. Example: >> email.policy.default.fold_binary('Subject', >>

[issue6721] Locks in the standard library should be sanitized on fork

Gregory P. Smith added the comment: I'd start with faulthandler.register with all_threads=True and see if that gives you what you need. https://docs.python.org/3/library/faulthandler.html -- ___ Python tracker

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Daniel Black added the comment: Thanks Karthikeyan. That is a bit cumbersome but gets it done. Any value seen in adding as proposed? -- ___ Python tracker ___

[issue36479] Exit threads when interpreter is finalizing rather than runtime.

Change by Joannah Nanjekye : -- keywords: +patch pull_requests: +12606 stage: needs patch -> patch review ___ Python tracker ___

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: Issue #36256 (a real bug) was backported to 3.7 but also includes a similar improvement regarding node names in error messages. I can revert it from 3.7 if you consider it should not be there. -- ___

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Serhiy Storchaka added the comment: New changeset fd83a823a6f268dc97ee2bf7d8a1a88d948446e5 by Serhiy Storchaka (Zackery Spytz) in branch '2.7': bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) (GH-12678)

[issue36440] more helpful diagnostics for parser module

Serhiy Storchaka added the comment: Why was this merged in 3.7? This is a new feature, not a bug fix. -- ___ Python tracker ___

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: Thanks A. Skrobov for your contribution! :) -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: New changeset 513d142993bb8c13e6803727fa086e44eafc360f by Pablo Galindo in branch '3.7': [3.7] bpo-36440: include node names in ParserError messages, instead of numeric IDs (GH-12565) (GH-12671)

[issue12756] datetime.datetime.utcnow should return a UTC timestamp

Paul Ganssle added the comment: @tin utcnow is a semi-deprecated way to get a naive datetime that represents the time in UTC. The preferred replacement is to do this: from datetime import datetime, timezone datetime.now(tz=timezone.utc) Note that you can replace "timezone.utc" with

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Guido van Rossum added the comment: This will require a PEP discussion before it can move forward. -- ___ Python tracker ___ ___

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: @cary are you planning on updating with the suggested/requested improvements to the patch? If not, let us know and we'll see if someone else is interested in taking over. -- ___ Python tracker

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Change by Zackery Spytz : -- pull_requests: +12605 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36260] Cpython/Lib vulnerability found and request a patch submission

Christian Heimes added the comment: The suggested approach is merely a heuristic that reduces the impact of a zipbomb. An attacker can circumvent the heuristic. In best case scenario, the approach just increases the cost factor for a successful DoS. For example an attacker may have to

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

miss-islington added the comment: New changeset 9c08eeb30ca0e551323467b62ae40e08e30839b3 by Miss Islington (bot) in branch '3.7': bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660)

[issue36260] Cpython/Lib vulnerability found and request a patch submission

Victor Kung added the comment: Hello Python community, I’m curious why the patch or pitfall prevention in ZipFile are not suggested. I have no idea if everyone read documentation in detail. It seems straightforward to add the methods in ZipFile with well documented rather than just warn in

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Change by Stefan Behnel : -- keywords: +patch pull_requests: +12604 stage: -> patch review ___ Python tracker ___ ___

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Stefan Behnel added the comment: Seems like a reasonable request to me, even if it hasn't been touched or re-requested for years. Funny enough, DocumentFragment is currently documented as "not implemented" (as for Entity, Notation, CDATASection, CharacterData, DOMImplementation,

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Change by miss-islington : -- pull_requests: +12603 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by László Kiss Kollár : -- nosy: +lkollar ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36466] Adding a way to strip annotations from compiled bytecode

Ivan Levkivskyi added the comment: +1 from me. There are two ways to enable this: * Add -OOO that would remove all three: asserts, docstrings, annotations * Add separate --O-asserts --O-docstrings --O-annotations (or similar) I think I like the second option more. @cary Please note that our

[issue36054] Way to detect CPU count inside docker container

Christian Heimes added the comment: The JVM parses cgroups information from the proc filesystem and evaluates CPU count from the cgroup cpu.shares and cpu.cfs. https://github.com/openjdk/jdk/blob/d5686b87f31d6c57ec6b3e5e9c85a04209dbac7a/src/hotspot/os/linux/os_linux.cpp#L5304-L5336

[issue35625] Comprehension doc doesn't mention buggy class scope behavior

Change by Aaron Hall : -- nosy: +Aaron Hall ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue12756] datetime.datetime.utcnow should return a UTC timestamp

Agustin added the comment: Hi there, I was wondering if we re-open this issue breaking the backward compatibility now? -- nosy: +tin versions: +Python 3.9 -Python 2.7, Python 3.2 ___ Python tracker

[issue36054] Way to detect CPU count inside docker container

Manjusaka added the comment: Hi Stéphane: I have checked the JVM implantation about container improvements. I confirm that maybe we need a new Libary for container environment. I don't think that combine it into the os module is a good idea. I will make a PR during this week. --

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Francisco Couzo added the comment: I just made the pull request, I totally forgot I mentioned I was going to work on this, sorry! -- ___ Python tracker ___

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Change by Francisco Couzo : -- pull_requests: +12602 stage: needs patch -> patch review ___ Python tracker ___ ___ Python-bugs-list

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- versions: +Python 3.6 -Python 3.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- components: +Library (Lib) versions: +Python 3.7 -Python 2.7, Python 3.2 ___ Python tracker ___ ___

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- type: -> behavior ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Joannah Nanjekye added the comment: @franciscouzo any status on this? Do you need any help on this? -- ___ Python tracker ___ ___

[issue13947] gdbm reorganize() leaves hanging file descriptor

sds added the comment: I observe the same behavior on Linux 4.18.0-17-generic #18-Ubuntu with Python 3.6.7 (default, Oct 22 2018, 11:32:17) [GCC 8.2.0]. gdbm 1.14.1-6: after db = dbm.gnu.open("asdf","n") db["a"] = "124" db.reorganize() db.close() I see $ lsof ~/asdf COMMAND PID USER FD

[issue29259] Add tp_fastcall to PyTypeObject: support FASTCALL calling convention for all callable objects

Jeroen Demeyer added the comment: See also PEP 590, which has very similar ideas. Also PEP 580 is related to this. -- ___ Python tracker ___

[issue36519] Blake2b/s implementations have minor GIL issues

Christian Heimes added the comment: Thanks, I'll have a look. -- assignee: -> christian.heimes versions: +Python 3.6, Python 3.8 ___ Python tracker ___

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

bigbigliang added the comment: > > Certainly. > > -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by Mario Corchero : -- nosy: +mariocj89 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36519] Blake2b/s implementations have minor GIL issues

Change by SilentGhost : -- nosy: +christian.heimes type: -> behavior ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36519] Blake2b/s implementations have minor GIL issues

New submission from George King : I was browsing the Blake2b module implementation in master and noticed two subtle issues in blake2b_impl.c. There are two places where the GIL gets released; both of them appear flawed. py_blake2b_new_impl, line 221. The ALLOW_THREADS block fails to

[issue33261] inspect.isgeneratorfunction fails on hand-created methods

Change by Petr Viktorin : -- stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___ Python-bugs-list

[issue6721] Locks in the standard library should be sanitized on fork

cagney added the comment: > Does your code use any C code that forks on its own without properly calling > the C Python PyOS_BeforeFork(), PyOS_AfterFork_Parent(), and > PyOS_AfterFork_Child() APIs? No. Is there a web page explaining how to pull a python backtrace from all the threads

[issue36517] typing.NamedTuple does not support mixins

Change by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by Serhiy Storchaka : -- keywords: +patch pull_requests: +12601 stage: -> patch review ___ Python tracker ___ ___

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

New submission from Serhiy Storchaka : This is yet one alternative to PEP 570. It does not solve all problems that PEP 570 is purposed to solve, but it significantly reduces the need in positional-only parameters. Currently the problem with implementing in Python functions that should accept

[issue36517] typing.NamedTuple does not support mixins

Change by Stéphane Wirtel : -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Matej Cepl added the comment: I am trying to investigate the impact of this bug on Python 2.6 (yes, it is for SLE), and I have hard to replicate the steps in the description even on 2.7: ~$ ipython2 Python 2.7.15 (default, May 21 2018, 17:53:03) [GCC] Type "copyright", "credits" or "license"

[issue36517] typing.NamedTuple does not support mixins

Change by Karthikeyan Singaravelan : -- nosy: +gvanrossum, levkivskyi ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36517] typing.NamedTuple does not support mixins

New submission from Andrew Wason : Subclassing typing.NamedTuple an inheriting from a mixin class does not work. It does work for collections.namedtuple, and can be worked around by modifying typing.NamedTupleMeta: >>> import collections >>> import typing >>> >>> >>> class Mixin: ... def

[issue36514] -m switch revisited

Ronald Oussoren added the comment: Given a python script in a file named foo.py in the current directory: * python -m foo Should, and does, work. * python -m foo.py Raises an error, because the command tries to run the submodule "py" of module "foo" as the __main__ module. For

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Karthikeyan Singaravelan added the comment: > However this seems to compete with the functionality of the types map so > another consideration is content-types_map where the content-type is the key > and the pair values are lists of valid filename extensions: There is

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Change by James Socol : -- nosy: -jamessocol ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36514] -m switch revisited

Colin Dick added the comment: No, the first example is expected, BUT the middle two work HENCE the last should NOT have a problem either... No? Because the middle two work, so should the last complete without any errors. There were no code changes, Therefore the problem is with python On Wed,

[issue36514] -m switch revisited

Ronald Oussoren added the comment: This is not a bug: * "python -m NAME" runs module (or package) NAME as a script, NAME should therefore be a module name and not a filename (and hence not have a .py suffix) * "python NAME" runs a script in file NAME and should therefore by a complete file

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

Christian Heimes added the comment: Could you please do us a favor and contact MITRE to get the CVE number revoked? Please CC secur...@python.org so we have a record of the emails. -- ___ Python tracker

[issue36516] Python Launcher can not recognize pyw file as Python GUI Script file type correctly.

Change by Jiongjiong Gao : -- keywords: +patch pull_requests: +12600 stage: -> patch review ___ Python tracker ___ ___

[issue34430] Symmetrical chaining futures in asyncio.future.wrap_future

Alfred Sawaya added the comment: Can be closed if not needed by the community. -- resolution: -> wont fix stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue36053] pkgutil.walk_packages jumps out from given path if there is package with the same name in sys.path

Change by SilentGhost : -- nosy: +ncoghlan versions: -Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7 ___ Python tracker ___

[issue36481] telnetlib process_rawq() callback

SilentGhost added the comment: As a general rule, your PR would have to include documentation (including a NEWS entry) and tests for the new functionality. Naturally, by itself it's not a guarantee that this suggestion would be accepted. -- nosy: +SilentGhost, giampaolo.rodola

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Change by SilentGhost : -- components: +Library (Lib) nosy: +r.david.murray type: -> enhancement versions: +Python 3.8, Python 3.9 ___ Python tracker ___

[issue36514] -m switch revisited

SilentGhost added the comment: Colin, sorry, are you reporting an issue? Because I have trouble understanding what is. The examples you've posted seem to work as expected, no? -- nosy: +SilentGhost ___ Python tracker

[issue36505] PYTHON-CAN with vector

SilentGhost added the comment: Again, this is not the problem with Python as a language, its implementation in CPython or the standard library. Please, don't re-open this issue again. -- status: open -> closed ___ Python tracker

[issue36445] bus error in test_gil test on armhf running with 64bit kernel

Change by Matthias Klose : -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> unaligned memory access in the _sha3 extension ___ Python tracker

[issue36516] Python Launcher can not recognize pyw file as Python GUI Script file type correctly.

New submission from Jiongjiong Gao : In Python Launcher Preferences there are two settings for file type, Python Script and Python GUI Script. But Python Launcher can not recognize pyw file as Python GUI Script file type correctly. -- components: macOS messages: 339380 nosy: gjj2828,