[issue30694] Update embedded copy of expat to 2.2.1

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342085 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue29169] update zlib to 1.2.11

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342113 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue32620] [3.5] Travis CI fails on Python 3.5 with "pyenv: version `3.5' not installed"

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342108 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36512] future_factory argument for Thread/ProcessPoolExecutor

Stefan Hölzl added the comment: It would allow to use Futures with a customized interface for a specific domain. e.g. to not only save the result of a task but also some context informations or provide properties/methods which are result specific. But when subclassing Future the builtin Thread/

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by Ned Deily : -- Removed message: https://bugs.python.org/msg342112 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue34128] Release GIL periodically in _pickle module

Change by Antoine Pitrou : -- nosy: +pierreglaser ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mai

[issue30947] Update embeded copy of libexpat from 2.2.1 to 2.2.3

Ned Deily added the comment: New changeset 86a713cb0c110b6798ca7f9e630fc511ee0a4028 by larryhastings (Victor Stinner) in branch '3.4': [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353) https://github.com/python/cpython/commit/86a713cb0c110b6798ca7f9e630fc511ee0a40

[issue31170] Update to expat 2.2.4 (expat: utf8_toUtf8 cannot properly handle exhausting buffer)

Ned Deily added the comment: New changeset 86a713cb0c110b6798ca7f9e630fc511ee0a4028 by larryhastings (Victor Stinner) in branch '3.4': [3.4][Security] bpo-30947, bpo-31170: Update expat from 2.2.1 to 2.2.4 (#3353) https://github.com/python/cpython/commit/86a713cb0c110b6798ca7f9e630fc511ee0a40

[issue25008] Deprecate smtpd (based on deprecated asyncore/asynchat)

Ned Deily added the comment: New changeset f37b0cb230069481609b0bb06891b5dd26320504 by Barry Warsaw in branch '3.4': bpo-25008: Deprecate smtpd and point to aiosmtpd (#274) (#280) https://github.com/python/cpython/commit/f37b0cb230069481609b0bb06891b5dd26320504 -- nosy: +ned.deily

[issue30231] test_imaplib needs a TLS server accepting self-signed certificates

Ned Deily added the comment: New changeset b1549175ed30f2931e2bb980a7e3c360ed19e1c9 by larryhastings (Victor Stinner) in branch '3.4': [3.4] Backport CI config from master (#2475) https://github.com/python/cpython/commit/b1549175ed30f2931e2bb980a7e3c360ed19e1c9 -- _

[issue29169] update zlib to 1.2.11

Ned Deily added the comment: New changeset d0e61bded5256e775e470e2c0da22367a1a81970 by larryhastings (Victor Stinner) in branch '3.4': bpo-29169: Update zlib to 1.2.11 (#3107) https://github.com/python/cpython/commit/d0e61bded5256e775e470e2c0da22367a1a81970 -- nosy: +ned.deily

[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Ned Deily added the comment: New changeset 62d36547f97210a26cc6051da78714fd078e158c by larryhastings (Steve Dower) in branch '3.4': bpo-36216: Add check for characters in netloc that normalize to separators (GH-12201) (#12224) https://github.com/python/cpython/commit/62d36547f97210a26cc6051d

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Ned Deily added the comment: New changeset 6c655ce34ae54adb8eef22b73108e22cc381cb8d by larryhastings (Victor Stinner) in branch '3.4': bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11868) https://github.com/python/cpython/commit/6c655ce34ae54adb8eef22b73108e22cc381cb8d -

[issue30939] Sphinx 1.6.3 deprecation warning for sphinx.util.compat.Directive in docs builds

Ned Deily added the comment: New changeset 3b3a5a5b70dc468dcfacb17a3d6b342820b480ff by larryhastings (Ned Deily) in branch '3.4': bpo-30939: Avoid Sphinx deprecation warning in docs build. (#2721) (#2724) https://github.com/python/cpython/commit/3b3a5a5b70dc468dcfacb17a3d6b342820b480ff

[issue29591] expat 2.2.0: Various security vulnerabilities in bundled expat (CVE-2016-0718 and CVE-2016-4472)

Ned Deily added the comment: New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269b

[issue34791] xml package does not obey sys.flags.ignore_environment

Ned Deily added the comment: New changeset 765d333512e9b58da4a4431595a0e81517ef0443 by larryhastings (Victor Stinner) in branch '3.4': bpo-34791: xml package obeys ignore env flags (GH-9544) (#11872) https://github.com/python/cpython/commit/765d333512e9b58da4a4431595a0e81517ef0443 -

[issue31036] building the python docs requires the blurb module

Ned Deily added the comment: New changeset 362e9fb0de4321bf265dbca290f7dc1f383a4a47 by Ned Deily in branch '3.4': [3.5] bpo-31036: use an existing Misc/NEWS rather than trying to use blurb (#2874) (#2926) https://github.com/python/cpython/commit/362e9fb0de4321bf265dbca290f7dc1f383a4a47 ---

[issue26617] Assertion failed in gc with __del__ and weakref

Ned Deily added the comment: New changeset 34fae03cd6c9e304e02c571b3bf9e8df0cfe76be by larryhastings (Serhiy Storchaka) in branch '3.4': [3.4] bpo-26617: Ensure gc tracking is off when invoking weakref callbacks. (#2695) https://github.com/python/cpython/commit/34fae03cd6c9e304e02c571b3bf9e8

[issue35647] Cookie path check returns incorrect results

Ned Deily added the comment: New changeset e260f092cd0d8975c777e73ca6fb549d59b5d452 by larryhastings (Xtreak) in branch '3.4': bpo-35647: Fix path check in cookiejar (#11436) (#12278) https://github.com/python/cpython/commit/e260f092cd0d8975c777e73ca6fb549d59b5d452 -- _

[issue30500] [security] urllib connects to a wrong host

Ned Deily added the comment: New changeset cc54c1c0d2d05fe7404ba64c53df4b1352ed2262 by larryhastings (Victor Stinner) in branch '3.4': bpo-30500: urllib: Simplify splithost by calling into urlparse. (#1849) (#2291) https://github.com/python/cpython/commit/cc54c1c0d2d05fe7404ba64c53df4b1352ed2

[issue26657] Directory traversal with http.server and SimpleHTTPServer on windows

Ned Deily added the comment: New changeset 6f6bc1da8aaae52664e7747e328d26eb59c0e74f by larryhastings (Victor Stinner) in branch '3.4': bpo-26657: Fix Windows directory traversal vulnerability with http.server (#782) https://github.com/python/cpython/commit/6f6bc1da8aaae52664e7747e328d26eb59c0

[issue27945] Various segfaults with dict

Ned Deily added the comment: New changeset f7344798e57da6b9c4ed9372e8eaecde80989c86 by larryhastings (Serhiy Storchaka) in branch '3.4': [3.4] [3.5] bpo-27945: Fixed various segfaults with dict. (GH-1657) (GH-1678) (#2248) https://github.com/python/cpython/commit/f7344798e57da6b9c4ed9372e8ea

[issue32620] [3.5] Travis CI fails on Python 3.5 with "pyenv: version `3.5' not installed"

Ned Deily added the comment: New changeset 71b94e30b1d63c789908482b3b808cc613e57267 by larryhastings in branch '3.4': [3.4] [3.5] bpo-32620: Remove failing pyenv call from CI config (GH-5274) (#5533) https://github.com/python/cpython/commit/71b94e30b1d63c789908482b3b808cc613e57267

[issue29572] Upgrade installers to OpenSSL 1.0.2k

Ned Deily added the comment: New changeset 092db6c3cb049052fbfca15efc85ad68093676e7 by larryhastings (Victor Stinner) in branch '3.4': bpo-29572: Update Windows build to OpenSSL 1.0.2k (GH-443) (#3445) https://github.com/python/cpython/commit/092db6c3cb049052fbfca15efc85ad68093676e7 ---

[issue35121] Cookie domain check returns incorrect results

Ned Deily added the comment: New changeset 42ad4101d3ba7ca3c371dadf0f8880764c9f15fb by larryhastings (Xtreak) in branch '3.4': [3.4] bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (#12279) https://github.com/python/cpython/commit/42ad4101d3ba7ca3c371dadf0f8880764c

[issue33001] Buffer overflow vulnerability in os.symlink on Windows (CVE-2018-1000117)

Ned Deily added the comment: New changeset 77c02cdce2d7b8360771be35b7676a4977e070c1 by larryhastings (Steve Dower) in branch '3.4': [3.4] bpo-33001: Prevent buffer overrun in os.symlink (GH-5989) (#5992) https://github.com/python/cpython/commit/77c02cdce2d7b8360771be35b7676a4977e070c1 -

[issue34623] _elementtree.c doesn't call XML_SetHashSalt()

Ned Deily added the comment: New changeset d16eaf36795da48b930b80b20d3805bc27820712 by larryhastings (stratakis) in branch '3.4': [3.4] bpo-34623: Use XML_SetHashSalt in _elementtree (#9953) https://github.com/python/cpython/commit/d16eaf36795da48b930b80b20d3805bc27820712 -- nosy: +

[issue33329] sigaddset() can fail on some signal numbers

Ned Deily added the comment: New changeset 2226139aa2b69047cb54dbcfd79f5c2e36f98653 by larryhastings (Cheryl Sabella) in branch '3.4': [3.4] bpo-33329: Fix multiprocessing regression on newer glibcs (GH-6575) (#12145) https://github.com/python/cpython/commit/2226139aa2b69047cb54dbcfd79f5c2e3

[issue32072] Issues with binary plists

Ned Deily added the comment: New changeset c59731d92dc73111d224876f1caa064097aad786 by larryhastings (Serhiy Storchaka) in branch '3.4': [3.4] bpo-32072: Fix issues with binary plists. (GH-4455) (#4658) https://github.com/python/cpython/commit/c59731d92dc73111d224876f1caa064097aad786 --

[issue30119] (ftplib) A remote attacker could possibly attack by containing the newline characters

Ned Deily added the comment: New changeset 2a5a26c87e82c7d9a348792891feccd1b5e9a769 by larryhastings (Dong-hee Na) in branch '3.4': [3.4] bpo-30119: fix ftplib.FTP.putline() to throw an error for a illegal command (#1214) (#2893) https://github.com/python/cpython/commit/2a5a26c87e82c7d9a3487

[issue30726] [Windows] Warnings in elementtree due to new expat

Ned Deily added the comment: New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269b

[issue30730] [security] Injecting environment variable in subprocess on Windows

Ned Deily added the comment: New changeset fe82c46327effc124ff166e1fa1e611579e1176b by larryhastings (Serhiy Storchaka) in branch '3.4': [security][3.4] bpo-30730: Prevent environment variables injection in subprocess on Windows. (GH-2325) (#2362) https://github.com/python/cpython/commit/fe8

[issue32981] Catastrophic backtracking in poplib (CVE-2018-1060) and difflib (CVE-2018-1061)

Ned Deily added the comment: New changeset 942cc04ae44825ea120e3a19a80c9b348b8194d0 by larryhastings (Ned Deily) in branch '3.4': [3.4] bpo-32981: Fix catastrophic backtracking vulns (GH-5955) (#6035) https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0

[issue30657] [security] CVE-2017-1000158: Unsafe arithmetic in PyString_DecodeEscape

Ned Deily added the comment: New changeset 6c004b40f9d51872d848981ef1a18bb08c2dfc42 by larryhastings (Miro Hrončok) in branch '3.4': bpo-30657: Fix CVE-2017-1000158 (#4758) https://github.com/python/cpython/commit/6c004b40f9d51872d848981ef1a18bb08c2dfc42 -- nosy: +ned.deily

[issue34656] [CVE-2018-20406] memory exhaustion in Modules/_pickle.c:1393

Ned Deily added the comment: New changeset 4b42d575bf0fb01192b3ec54b7e224b238691527 by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-34656: Avoid relying on signed overflow in _pickle memos (GH-9261) (#11870) https://github.com/python/cpython/commit/4b42d575bf0fb01192b3ec54b7e224

[issue30694] Update embedded copy of expat to 2.2.1

Ned Deily added the comment: New changeset 71572bbe82aa0836c036d44d41c8269ba6a321be by larryhastings (Victor Stinner) in branch '3.4': [3.4] bpo-29591, bpo-30694: Upgrade Modules/expat to libexpat 2.2.1 (#2164) (#2203) https://github.com/python/cpython/commit/71572bbe82aa0836c036d44d41c8269b

[issue36737] Warnings operate out of global runtime state.

Eric Snow added the comment: New changeset 86ea58149c3e83f402cecd17e6a536865fb06ce1 by Eric Snow in branch 'master': bpo-36737: Use the module state C-API for warnings. (gh-13159) https://github.com/python/cpython/commit/86ea58149c3e83f402cecd17e6a536865fb06ce1 -- _

[issue36737] Warnings operate out of global runtime state.

Change by Eric Snow : -- assignee: -> eric.snow resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___

[issue36858] f-string '=' debugging output needs to be documented

Mariatta Wijaya added the comment: Perhaps it can be added under Tutorial? https://docs.python.org/3/tutorial/inputoutput.html#formatted-string-literals -- ___ Python tracker ___

[issue32592] Drop support of Windows Vista in Python 3.8

Change by Ned Deily : -- nosy: +lukasz.langa ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyt

[issue26317] Build Problem with GCC + Macintosh OS X 10.11 El Capitain

Ned Deily added the comment: THe _scproxy.c compile error is a separate issue. The problem arises in an Apple-supplied include file and there are many reports on the web of clang vs gcc differences like this. I'm not sure what we could or should do about it other than forcing _scproxy to a

[issue35983] tp_dealloc trashcan shouldn't be called for subclasses

Antoine Pitrou added the comment: New changeset 351c67416ba4451eb3928fa0b2e933c2f25df1a3 by Antoine Pitrou (Jeroen Demeyer) in branch 'master': bpo-35983: skip trashcan for subclasses (GH-11841) https://github.com/python/cpython/commit/351c67416ba4451eb3928fa0b2e933c2f25df1a3 -- __

[issue36512] future_factory argument for Thread/ProcessPoolExecutor

Antoine Pitrou added the comment: I'd like to know about the use case too :-) -- ___ Python tracker ___ ___ Python-bugs-list mailin

[issue36512] future_factory argument for Thread/ProcessPoolExecutor

Change by Antoine Pitrou : -- nosy: +tomMoral ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.py

[issue24263] unittest cannot load module whose name starts with Unicode

Toshio Kuratomi added the comment: >From the description, I think the bug is that filenames that *begin* with >non-ascii are not searched for tests. Looking at the test_dir.tar.gz >contents, this is the test case that I'd use: Broken: $ python3 -m unittest discover -vv -p '*.py' test_走 (te

[issue36601] signals can be caught by any thread

Change by Gregory P. Smith : -- resolution: -> fixed stage: patch review -> commit review status: open -> closed type: -> enhancement versions: +Python 3.8 ___ Python tracker ___

[issue36843] AIX build fails with failure to get random numbers

Robert Boehne added the comment: I wonder if there's anyone with AIX 7 who can attempt to reproduce this. We have another AIX machine, but it is down for the moment. I would like to eliminate a problem on this machine as the cause. -- ___ Python

[issue36843] AIX build fails with failure to get random numbers

Robert Boehne added the comment: It doesn't look good: robb@nepal:/raid/checkouts-raid/robb/nepal$ xlc_r -q64 -O0 -g -qlanglvl=extc1x -o urandom urandom.c robb@nepal:/raid/checkouts-raid/robb/nepal$ ./urandom open O_RDONLY failed open O_RDONLY | O_CLOEXEC failed robb@nepal:/raid/checkouts-

[issue36875] argparse does not ship with translations

Carmen Bianca Bakker added the comment: I have created a prototype for the proposed fix here: https://github.com/carmenbianca/argparse I'm not a regular Python contributor, so I simply copied argparse.py out of Lib and started working on my own copy. The changes are, all things considered,

[issue34600] python3 regression ElementTree.iterparse() unable to capture comments

Stefan Behnel added the comment: I think this is resolved by issue 36673 (Py3.8). Please try it in the just released alpha4. -- resolution: -> duplicate stage: -> resolved status: open -> closed ___ Python tracker

[issue36875] argparse does not ship with translations

New submission from Carmen Bianca Bakker : Although argparse contains translatable strings, translations for those strings do not ship with Python. This means that any program that uses argparse must separately translate argparse, which is a lot of duplicated work. Moreover, if argparse is tr

[issue36874] Support CDATA by xml.etree.(c)ElementTree

Stefan Behnel added the comment: PR welcome. This is how lxml implements it: https://lxml.de/api.html#cdata Tests are here: https://github.com/lxml/lxml/blob/1a2db33aa8b9619c1caf407167567d5cca0b9019/src/lxml/tests/test_etree.py#L1692-L1749 I guess it won't look perfectly the same in ElementTr

[issue33725] Python crashes on macOS after fork with no exec

Josh Rosenberg added the comment: I've seen far too many cases where Python code targeting Linux intentionally uses the COW benefits of fork for multiprocessing to think it would be a good idea to change the default start method there without *some* sort of deprecation period. -- no

[issue29254] Documentation Error

Change by SilentGhost : -- Removed message: https://bugs.python.org/msg342070 ___ Python tracker ___ ___ Python-bugs-list mailing li

[issue29254] Documentation Error

kev levrone added the comment: The nevents argument determines the size of eventlist. When nevents is zero, kevent() will return immediately even if there is a timeout specified unlike select(2). https://goo.gl/KyvnZF -- nosy: +kevlevrone ___ Pyt

[issue36872] passing negative values through modules

David Collins added the comment: Sorry for being so abrupt you are correct . The code I was working from was a university professors and not my own, I understood better thanks steve. I wasn’t passing a return value yet and the professors work was overwriting the list. I do apologise. Thank

[issue36869] Avoid warning of unused variables

Inada Naoki added the comment: New changeset a2fedd8c910cb5f5b9bd568d6fd44d63f8f5cfa5 by Inada Naoki (Emmanuel Arias) in branch 'master': bpo-36869: fix warning of unused variables (GH-13182) https://github.com/python/cpython/commit/a2fedd8c910cb5f5b9bd568d6fd44d63f8f5cfa5 -- nosy:

[issue36874] Support CDATA by xml.etree.(c)ElementTree

Change by Karthikeyan Singaravelan : -- nosy: +scoder ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue36874] Support CDATA by xml.etree.(c)ElementTree

New submission from Pierre van de Laar : I would like to add information to CDATA in an Xml Tree. Turns out I am not the only one: https://stackoverflow.com/questions/174890/how-to-output-cdata-using-elementtree Can the library be extended to also support CDATA (similar to Comment)? Saves a l

[issue36872] passing negative values through modules

Terry J. Reedy added the comment: Robert, when posting to this tracker by email, please remove the quote of the previous post. It duplicates the post itself. I said exactly what I said, which explained why marking the issue for IDLE was a mistake. (The same error is a weekly occurrence, by

[issue36872] passing negative values through modules

Terry J. Reedy added the comment: David, the tracker 'component' is intended to be, for bug reports, the component of Python that you think has a bug. When you run your code with IDLE and you get an exception displayed, that almost certainly means that IDLE is working as intended: it ran yo

[issue36872] passing negative values through modules

David Collins added the comment: So what your saying is that python is unable to pass a negative number between modules and you don’t think that this is an issue . Sent from Mail for Windows 10 From: Terry J. Reedy Sent: Friday, 10 May 2019 7:21 PM To: coldy...@gmail.com Subject: [issue36872

[issue33071] Document that PyPI no longer requires 'register'

miss-islington added the comment: New changeset 069a5b48334a795d3abe3a512dd41aad7a532a73 by Miss Islington (bot) in branch '3.7': bpo-33071: remove outdated PyPI docs (GH-13087) https://github.com/python/cpython/commit/069a5b48334a795d3abe3a512dd41aad7a532a73 -- nosy: +miss-islingto

[issue33071] Document that PyPI no longer requires 'register'

Change by miss-islington : -- pull_requests: +13145 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue33071] Document that PyPI no longer requires 'register'

Nick Coghlan added the comment: New changeset 1b4abcf302ff2c8f4d4881294510d48ba5186b53 by Nick Coghlan (Kojo Idrissa) in branch 'master': bpo-33071: remove outdated PyPI docs (GH-13087) https://github.com/python/cpython/commit/1b4abcf302ff2c8f4d4881294510d48ba5186b53 -- nosy: +ncogh

[issue36676] Make ET.XMLParser target aware of namespace prefixes

Stefan Behnel added the comment: New changeset e9a465f3ea22c61e05ffe7b44a69102b25f57db4 by Stefan Behnel in branch 'master': bpo-36676: Update what's new document. (#13226) https://github.com/python/cpython/commit/e9a465f3ea22c61e05ffe7b44a69102b25f57db4 --

[issue32604] Expose the subinterpreters C-API in Python for testing use.

Change by Jamie Stribling : -- components: +Documentation -Interpreter Core ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36345] Deprecate Tools/scripts/serve.py in favour of python -m http.server -d

Berker Peksag added the comment: > I looked at other examples: they are nice but far from a "real application". You can use the same argument for pretty much every example in the stdlib documentation :) wsgiref is a low level module, users should use projects like WebOb instead. Also, a com

[issue36872] passing negative values through modules

Steven D'Aprano added the comment: David, I'm pretty sure that SilentGhost is correct. You are misreading the error message: it has nothing to do with the negative index. The problem is that your `insert_value` function returns None, not the list. I believe that what you have done is tested

<    1   2