[issue42997] Improve error message for missing : before suites

Serhiy Storchaka added the comment: See also issue1634034. -- nosy: +serhiy.storchaka ___ Python tracker ___ ___ Python-bugs-list

[issue42384] Inconsistent sys.path between python and pdb

Andrey Bienkowski added the comment: I'll give it a try -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue40304] Classes created using type() don't need to explicitly inherit from object

Change by Terry J. Reedy : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue40304] Classes created using type() don't need to explicitly inherit from object

miss-islington added the comment: New changeset 98e1f5c778b9719f6338a3247da95402192bad18 by Miss Islington (bot) in branch '3.9': bpo-40304: Correct type(name, bases, dict) doc (GH-19553) https://github.com/python/cpython/commit/98e1f5c778b9719f6338a3247da95402192bad18 --

[issue40304] Classes created using type() don't need to explicitly inherit from object

miss-islington added the comment: New changeset 34f3f4ac70e3ba2e603ba7792addf973c94f90cb by Miss Islington (bot) in branch '3.8': bpo-40304: Correct type(name, bases, dict) doc (GH-19553) https://github.com/python/cpython/commit/34f3f4ac70e3ba2e603ba7792addf973c94f90cb --

[issue40304] Classes created using type() don't need to explicitly inherit from object

Change by miss-islington : -- pull_requests: +23119 pull_request: https://github.com/python/cpython/pull/24296 ___ Python tracker ___

[issue40304] Classes created using type() don't need to explicitly inherit from object

Change by miss-islington : -- keywords: +patch nosy: +miss-islington nosy_count: 3.0 -> 4.0 pull_requests: +23118 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24295 ___ Python tracker

[issue40304] Classes created using type() don't need to explicitly inherit from object

Terry J. Reedy added the comment: New changeset 644d52818a6391535e5838fd57d58ffcb1163056 by Борис Верховский in branch 'master': bpo-40304: Correct type(name, bases, dict) doc (GH-19553) https://github.com/python/cpython/commit/644d52818a6391535e5838fd57d58ffcb1163056 -- nosy:

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Eryk Sun added the comment: FYI, here are the access rights applicable to files, including their membership in generic (R)ead, (W)rite, and e(X)execute access: 0x0100_ --- ACCESS_SYSTEM_SECURITY 0x0010_ RWX SYNCHRONIZE 0x0008_ --- WRITE_OWNER 0x0004_ ---

[issue42999] `pathlib.Path.link_to()` documentation is misleading

Change by Barney Gale : -- pull_requests: +23117 pull_request: https://github.com/python/cpython/pull/24294 ___ Python tracker ___

[issue43000] All SSL requests fail with WRONG_VERSION_NUMBER when a packet sniffer is open

New submission from Darren Skidmore : As of Python 3.9.1, when attempting to perform any SSL requests when a packet sniffer tool (e.g. Telerik Fiddler) is intercepting SSL traffic, the program will hang for about a minute and then crash with a WRONG_VERSION_NUMBER error. This has been tested

[issue42999] `pathlib.Path.link_to()` documentation is misleading

Change by Jay Chu : -- nosy: +tothesong ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42999] `pathlib.Path.link_to()` documentation is misleading

Change by Barney Gale : -- keywords: +patch pull_requests: +23116 stage: -> patch review pull_request: https://github.com/python/cpython/pull/18909 ___ Python tracker ___

[issue39950] Add pathlib.Path.hardlink_to()

Barney Gale added the comment: I've logged bpo-42999 to cover fixing the existing `link_to()` docs issues. PR incoming... -- ___ Python tracker ___

[issue42999] `pathlib.Path.link_to()` documentation is misleading

New submission from Barney Gale : Compare the documentation of `symlink_to()` and `link_to()`: .. method:: Path.symlink_to(target, target_is_directory=False) Make this path a symbolic link to *target*. .. method:: Path.link_to(target) Create a hard link pointing to a path named

[issue42998] pathlib.Path: add `username` argument to `home()`

Barney Gale added the comment: I should add that this is part of a plan to spin out some `Path` methods into a new `UserPath` class. Notably, in this case, `UserPath.expanduser()` will call `self.home()` under-the-hood. This is done to reduce the surface area of abstract methods that

[issue42998] pathlib.Path: add `username` argument to `home()`

New submission from Barney Gale : The `pathlib.Path.home()` function looks like: @classmethod def home(cls): """Return a new path pointing to the user's home directory (as returned by os.path.expanduser('~')). """ return

[issue39950] Add pathlib.Path.hardlink_to()

Jay Chu added the comment: For me, and as you've pointed out, the current doc of `Path.link_to` is already wrong and misleading. Perhaps a fix of the doc should be made as a first step. The doc uses the expression "Create a hard link pointing to a path named target." But comparing this to

[issue42384] Inconsistent sys.path between python and pdb

Guido van Rossum added the comment: Hey Andrey, this has been merged into 3.10, but the backports didn't work because the structure of the tests has changed (os_helper doesn't exist). Do you want to fix these? -- nosy: +gvanrossum ___ Python

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

Pablo Galindo Salgado added the comment: > About SIGSEGV logs, one option is to use ASAN_OPTIONS="handle_segv=0". Opened https://github.com/python/buildmaster-config/pull/222 -- ___ Python tracker

[issue42997] Improve error message for missing : before suites

Pablo Galindo Salgado added the comment: PR 24293 implements the second idea (only new rules and no new machinery) -- ___ Python tracker ___

[issue42997] Improve error message for missing : before suites

Change by Pablo Galindo Salgado : -- pull_requests: +23115 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24293 ___ Python tracker ___

[issue42990] Improve the C code for calling Python code

Change by Guido van Rossum : -- nosy: +brett.cannon, petr.viktorin, rhettinger, serhiy.storchaka, vstinner, yselivanov ___ Python tracker ___

[issue41928] ZipFile does not supports Unicode Path Extra Field (0x7075) zip header field

Andrea Giudiceandrea added the comment: I submitted more than a month ago a PR that adds support for Unicode Path Extra Field in ZipFile. The PR https://github.com/python/cpython/pull/23736 is awaiting a review in order to be merged. -- ___

[issue42997] Improve error message for missing : before suites

Change by Pablo Galindo Salgado : -- nosy: +gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42997] Improve error message for missing : before suites

Pablo Galindo Salgado added the comment: There are several ways to implement this: In PR24292 I implemented this idea by adding a new element to the grammar: '&&'. This allows to hard-expect a token: if the token is not there the parsing hard-fails immediately without trying anything else

[issue42997] Improve error message for missing : before suites

Change by Pablo Galindo Salgado : -- keywords: +patch pull_requests: +23113 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24292 ___ Python tracker

[issue42997] Improve error message for missing : before suites

Change by Pablo Galindo Salgado : -- nosy: +lys.nikolaou ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42384] Inconsistent sys.path between python and pdb

miss-islington added the comment: New changeset 8603dfb4219989644601f6ede75b57e82648cd4e by Andrey Bienkowski in branch 'master': bpo-42384: pdb: correctly populate sys.path[0] (GH-23338) https://github.com/python/cpython/commit/8603dfb4219989644601f6ede75b57e82648cd4e --

[issue42384] Inconsistent sys.path between python and pdb

Change by miss-islington : -- pull_requests: +23112 pull_request: https://github.com/python/cpython/pull/24291 ___ Python tracker ___

[issue42384] Inconsistent sys.path between python and pdb

Change by miss-islington : -- nosy: +miss-islington nosy_count: 1.0 -> 2.0 pull_requests: +23111 pull_request: https://github.com/python/cpython/pull/24290 ___ Python tracker

[issue42997] Improve error message for missing : before suites

New submission from Pablo Galindo Salgado : Instead of displaying a generic syntax error: Python 3.8.6 (default, Oct 10 2020, 18:31:21) [GCC 10.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> for x in range File "", line 1 for x in range

[issue42780] os.set_inheritable() fails for O_PATH file descriptors on Linux

STINNER Victor added the comment: > No problem! I've noticed at least one other (relatively minor) issue in `os`, > so I may be submitting further bug reports. Please do. But I suggest to open new issues. > I haven't been keeping close track of 3.6/3.7's status, so I added them in >

[issue31904] Python should support VxWorks RTOS

STINNER Victor added the comment: New changeset 5e45f1c8e7bc5f0ab8feba88b9b6e47066203a5c by pxinwr in branch 'master': bpo-31904: setup.py: fix cross-compilation on VxWorks (GH-24191) https://github.com/python/cpython/commit/5e45f1c8e7bc5f0ab8feba88b9b6e47066203a5c --

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: > I'd suggest to print a big warning on the console, explaining that the web > server will potentially make all content accessible by the user visible to > anyone else on the same server. I dislike this idea. If they are vulnerabilities, they should be

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

STINNER Victor added the comment: > Both sound reasonable. But not sure if they will resolve this crash tough. Many tests do crash *on purpose*. Example on test_concurrent_futures.py: def _crash(delay=None): """Induces a segfault.""" if delay: time.sleep(delay) import

[issue39950] Add pathlib.Path.hardlink_to()

Barney Gale added the comment: Makes sense to me. Should I leave the documentation for `link_to` completely alone? With the addition of a similar function, I wonder if that may in itself cause confusion. -- ___ Python tracker

[issue42996] hashlib documentation references an obsolete RFC 2898

Change by Illia Volochii : -- keywords: +patch pull_requests: +23110 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24289 ___ Python tracker ___

[issue42996] hashlib documentation references an obsolete RFC 2898

New submission from Illia Volochii : RFC 2898 mentioned in the "See also" section of hashlib documentation was superseded by RFC 8018. https://docs.python.org/3/library/hashlib.html https://www.ietf.org/rfc/rfc8018.txt -- assignee: docs@python components: Documentation messages:

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Alexey Izbyshev added the comment: > I don't know what you mean by default access rights. I meant the access rights of the handle created by _wopen(). In my PR I basically assume that _wopen() uses GENERIC_READ/GENERIC_WRITE access rights, but _wopen() doesn't have a contractual obligation

[issue42995] Add PurePath.with_suffix_appended()

Change by Brendan Gerrity : -- keywords: +patch pull_requests: +23109 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24288 ___ Python tracker ___

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Illia Volochii added the comment: I didn't find any. I think it is based on some benchmarks like `openssl speed sha`. -- ___ Python tracker ___

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Eryk Sun added the comment: > can a new handle have non-default access rights? Or can the > default change at this point of Windows history? I don't know what you mean by default access rights. C open() requests generic access rights, which map to the standard and file-specific rights in

[issue42980] argparse: GNU-style help formatter

Will Noble added the comment: The main contribution of my PR is simply factoring out _format_option_with_args as an overridable method. Note that this actually enables subclassing HelpFormatter to produce all the examples you presented above with 1-3 trivial lines of code, as opposed to

[issue42994] Missing MIME types for opus, AAC, 3gpp and 3gpp2

Change by Nathan Beals : -- keywords: +patch pull_requests: +23107 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24287 ___ Python tracker ___

[issue42995] Add PurePath.with_suffix_appended()

Brendan Gerrity added the comment: This could addressed with either a new helper or an option in the `PurePath.with_suffix()`. -- ___ Python tracker ___

[issue42995] Add PurePath.with_suffix_appended()

New submission from Brendan Gerrity : Appending a new suffix to a file is common operation. The operations don't come across as elegant: e.g. `foo_path.with_suffix(foo_path.suffix + ".old")` -- components: Library (Lib) messages: 385451 nosy: bgerrity priority: normal severity:

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Ryan Hileman added the comment: How's this for maintainable? https://github.com/lunixbochs/cpython/commit/2bf1cc93d19a49cbed09b45f7dbb00212229f0a1 -- ___ Python tracker ___

[issue42447] robotsparser deny all with some rules

Change by Terry J. Reedy : -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker ___ ___

[issue42994] Missing MIME types for opus, AAC, 3gpp and 3gpp2

Change by Nathan Beals : -- title: Missing MIME types for opus, AAC and 3gpp(2) -> Missing MIME types for opus, AAC, 3gpp and 3gpp2 ___ Python tracker ___

[issue42994] Missing MIME types for opus, AAC and 3gpp(2)

New submission from Nathan Beals : These are officially recognized MIME types by IANA: https://www.iana.org/assignments/media-types/media-types.xhtml#audio - .opus: audio/opus (https://www.iana.org/assignments/media-types/audio/opus and https://tools.ietf.org/html/rfc7845 for recommended

[issue42980] argparse: GNU-style help formatter

paul j3 added the comment: The refactoring looks reasonable. But while we are tweaking: def _format_action_invocation(self, action): I wonder if we also give users more control over how multiple option strings are formatted. Currently if parser.add_argument('-f', '--foo',

[issue42993] doc xml.etree.ElementTree.ElementTree.write does not mention attribute order

New submission from Christian Buhtz : The docs for 'xml.etree.ElementTree.ElementTree.write' in Python 3.7 (and possible earlier) does not say a word about the ordering of the attributes. This makes unittesting hard. But looking in the code tells me that the attributes are ordered lexically.

[issue42992] Tkinter bbox coordinates incorrectly drawn

New submission from Ron Hoffmann : position coordinates retrieved from any object on a canvas with pos = canvas.bbox(object) are returned correctly but when drawn on the canvas (x0,y0) are correct, but (x1, y1) are not drawn in the proper positions. x1 has been divided by 2 somewhere and y1

[issue42991] support for splitting multichannel audio fragments in audioop module

Change by Ramón Fraterman : -- status: pending -> open ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42862] Use functools.lru_cache iso. _sqlite.Cache in sqlite3 module

Erlend Egeberg Aasland added the comment: > Or is it ok to call gc.collect() in the test suite? Seems like it's ok: $ grep -r gc.collect Lib/test | wc -l 366 -- ___ Python tracker

[issue42862] Use functools.lru_cache iso. _sqlite.Cache in sqlite3 module

Erlend Egeberg Aasland added the comment: This works: 1) fully implement GC in connection (bpo-42972) 2) also visit statement_cache 3) explicitly close connections _and_ call GC in problematic tests The first point might not be needed for this particular fix. The last point is a workaround,

[issue42991] support for splitting multichannel audio fragments in audioop module

Change by Ramón Fraterman : -- status: open -> pending ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42991] support for splitting multichannel audio fragments in audioop module

Change by Ramon : -- keywords: +patch pull_requests: +23105 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24286 ___ Python tracker ___

[issue42991] support for splitting multichannel audio fragments in audioop module

New submission from Ramon : All functions from the audioop module that work on stereo fragments, provide the same behaviour on multichannel (i.e. 5.1 channel LPCM) fragments. This is, however, not true for the tomono() function, that only makes sense when supplied with a 2-channel fragment.

[issue42982] Update suggested number of iterations for pbkdf2_hmac()

Christian Heimes added the comment: Is there any scientific research or mathematical proof for 250,000 iteration? -- nosy: +christian.heimes ___ Python tracker ___

[issue33289] tkinter askcolor returning floats for r, g, b values instead of ints

Serhiy Storchaka added the comment: New changeset 6713e869c4989c04318158b406c30a147ea52904 by Cheryl Sabella in branch 'master': bpo-33289: Return RGB triplet of ints instead of floats from tkinter.colorchooser (GH-6578)

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Ryan Hileman added the comment: My understanding as per the outline in PEP 551 as well as PEP 578, is that the audit system is meant primarily to observe the behavior of code rather than to have good sandbox coverage / directly prevent behavior. I am using audit hooks to observe the

[issue42969] pthread_exit & PyThread_exit_thread from PyEval_RestoreThread etc. are harmful

Change by Alexey Izbyshev : -- nosy: +izbyshev ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42888] Not installed “libgcc_s.so.1” causes exit crash.

Alexey Izbyshev added the comment: Thank you for testing. I've added a NEWS entry to the PR, so it's ready for review by the core devs. Note that PyThread_exit_thread() can still be called by daemon threads if they try to take the GIL after Py_Finalize(), and also via C APIs like

[issue42514] Relocatable framework for macOS

Change by Tom Goddard : -- nosy: +tomgoddard ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue33289] tkinter askcolor returning floats for r, g, b values instead of ints

Terry J. Reedy added the comment: Your Linux result is the same as on Windows. Given strings 'abc' or 'abcd', ignore 'c' or 'cd' and expand 'ab' to 'abab', making value 0xabab. Is your computer Ubuntu (implying that personal Ubuntu != CI Ubuntu) or a different Linux? Are there tk/tcl

[issue33289] tkinter askcolor returning floats for r, g, b values instead of ints

Serhiy Storchaka added the comment: I do not understand why #abc00 and #abcd give 0xabab on my computer (Linux) and even weirder result on Ubuntu on CI. Reading the code I expected the same behavior as on macOS. -- ___ Python tracker

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Alexey Izbyshev added the comment: > It's possible to query the granted access of a kernel handle via > NtQueryObject: ObjectBasicInformation Ah, thanks for the info. But it wouldn't help for option (1) that I had in mind because open() and os.open() currently set only msvcrt-level

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

Ken Jin added the comment: I created a PR to remove the getfile function - now it just places the hyperlinked file path there but clicking on it won't render the file contents. Personally I agree with Marc-Andre Lemburg's comments on how _url_handler probably has other vulnerabilities

[issue33289] tkinter askcolor returning floats for r, g, b values instead of ints

Terry J. Reedy added the comment: 65535 = 35536 - 1 = 256 * 256 - 1 == 255 * 257 On Windows, each r, g, b value is n * 257 for n in range(256) (see attached file). The precision loss happens when colors are stored, before the division in winfo_rgb. Perhaps 8 bits/channel (including alpha)

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

Change by Ken Jin : -- keywords: +patch nosy: +kj nosy_count: 4.0 -> 5.0 pull_requests: +23104 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24285 ___ Python tracker

[issue42966] argparse: customizable help formatter

Change by hai shi : -- nosy: +paul.j3, rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42035] [C API] PyType_GetSlot cannot get tp_name

hai shi added the comment: Wait. petr mentioned `_PyType_Name` in PR 23903 which use the short name. So I am not sure which way is better. Lol~ -- ___ Python tracker ___

[issue42990] Improve the C code for calling Python code

New submission from Mark Shannon : Currently, to make a call to Python (modules, classes, etc, not just functions) from C has to use the monster that is `_PyEval_EvalCode`. As Python has adding features over the years, _PyEval_EvalCode has grown and grown. It is time for a refactor.

[issue42989] Bug

Zachary Ware added the comment: That line on its own will cause an IndentationError, which is a subclass of SyntaxError. However, out of context, without the full traceback, and without a description of your environment, the only thing I have to go on here is the fact that the vast

[issue1375011] http.cookies, Cookie.py: Improper handling of duplicate cookies

Christoph Zwerschke added the comment: This patch should really be included. As carl already mentioned, the relevant spec is RFC 6265, see section 5.4.2: "The user agent SHOULD sort the cookie-list in the following order: Cookies with longer paths are listed before cookies with shorter

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Mark Shannon added the comment: If the point of the proposed change is not to deny access to globals, then what is the point of it? You say that this change is to "close a simpler gap in the audit system". What it is that the audit system is supposed to prevent, that is currently possible,

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

Senthil Kumaran added the comment: > IMO we should disable ASAN (handling of signals) at runtime when we trigger a > crash on purpose (ex: faulthandler._sigsegv()). > ASAN_OPTIONS="handle_segv=0". Both sound reasonable. But not sure if they will resolve this crash tough. -- nosy:

[issue42989] Bug

New submission from Andrew C : if playerChoice == "2": reports the ":" as a "syntax error" -- components: Windows messages: 385427 nosy: ASCRong, paul.moore, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Bug type: behavior versions: Python 3.9

[issue42977] Tkinter Optionmenu Too Narrow on Mac

E. Paine added the comment: I suspect this is just a MacOS behaviour, if not then it is a Tk bug. If you really need to enforce the width, you could tell it to expand horizontally in the layout. An example of this would be as follows: tk.Frame(root, height=1, width=300).pack()

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Ryan Hileman added the comment: My personal motivation is not to unilaterally prevent access to globals, but to close a simpler gap in the audit system that affects a currently deployed high performance production system (which is not trying to be a sandbox). I am also already using a C

[issue42911] Addition chains for pow saves 5-20% time for pow(int, int)

Jurjen N.E. Bos added the comment: ...not to mention the new gcd and lcm functions, and the fact that the number conversion is linear for exponent-of-two bases, and the negative power modulo a prime number! -- ___ Python tracker

[issue42911] Addition chains for pow saves 5-20% time for pow(int, int)

Jurjen N.E. Bos added the comment: Well, I would argue that there is already quite a work going to for crypto-sized computations in the integer code, as well as the crypto-oriented .bit_count() function that was recently added. For starters, the arguably crypto-oriented three argument pow()

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: The getfile feature is used to display the source code of a Python module. For example, on the difflib documentation, there a link to difflib.py. If you click, a webpage displays the content of the file. I suggest to remove the whole feature. I don't think

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: An option is also to remove the whole getfile feature. It was added in bpo-2001 by: commit 7bb30b72d8a165f8bacbc480b8d5a15834fa4c35 Author: Nick Coghlan Date: Fri Dec 3 09:29:11 2010 + Improve Pydoc interactive browsing (#2001). Patch by Ron

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: I searched for "pydoc by Ka-Ping Yee" in Google and only found two online pydoc services: * https://gae-pydoc.appspot.com/ * http://www.cc.kyoto-su.ac.jp/~atsushi/Programs/VisualWorks/CSV2HTML/CSV2HTML_PyDoc/index_of_modules.html The first one runs on

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

STINNER Victor added the comment: Documentation of ASAN_OPTIONS: https://github.com/google/sanitizers/wiki/SanitizerCommonFlags https://github.com/google/sanitizers/wiki/AddressSanitizerFlags -- ___ Python tracker

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

STINNER Victor added the comment: About SIGSEGV logs, one option is to use ASAN_OPTIONS="handle_segv=0". -- ___ Python tracker ___

[issue42988] Information disclosure via pydoc -p

Marc-Andre Lemburg added the comment: Looking at the _url_handler() code in pydoc.py, this was clearly not written with web server standards in mind. None of the handlers apply security checks on the user input and there are most likely several other vulnerabilities in there to be found.

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

STINNER Victor added the comment: It seems like something changed on the buildbot, not in Python, since it also fails on 3.8 and 3.9. AMD64 Arch Linux Asan 3.9: https://buildbot.python.org/all/#builders/579/builds/105 AMD64 Arch Linux Asan 3.8:

[issue42988] Information disclosure via pydoc -p

STINNER Victor added the comment: Downstream Fedora issue: https://bugzilla.redhat.com/show_bug.cgi?id=1917807 -- ___ Python tracker ___

[issue42988] Information disclosure via pydoc -p

Change by STINNER Victor : -- nosy: +vstinner ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42955] Add sys.module_names: list of stdlib module names (Python and extension modules)

Change by hai shi : -- nosy: +shihai1991 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42780] os.set_inheritable() fails for O_PATH file descriptors on Linux

cptpcrd added the comment: No problem! I've noticed at least one other (relatively minor) issue in `os`, so I may be submitting further bug reports. I haven't been keeping close track of 3.6/3.7's status, so I added them in without thinking it. Thanks for the reminder. --

[issue42988] Information disclosure via pydoc -p

Julien Palard added the comment: Nice find! I am able to reproduce it too in many Python releases. I see differnt ways we can fix it: # Using a random secret generated at startup time Used any way, like by providing an hmac on getfile urls to ensure they are signed with the server secret.

[issue42988] Information disclosure via pydoc -p

New submission from Miro Hrončok : Hello Python security, a Fedora user has reported the following security vulnerability to us (I was able to verify it): Running `pydoc -p` allows other local users to extract arbitrary files. Steps to Reproduce: 1. start pydoc on a port 2. as a different

[issue41545] gc API requiring matching number of gc.disable - gc.enable calls

Yonatan Goldschmidt added the comment: Dennis, you're right. I guess I missed it when I previously searched for matching issues. https://bugs.python.org/issue31356 indeed solves my problem. Closing this as a duplicate. -- resolution: -> duplicate stage: -> resolved status: open ->

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Mark Shannon added the comment: I agree with Victor, we should not be attempting to build a sandbox. https://www.python.org/dev/peps/pep-0578/#why-not-a-sandbox Preventing access to global variables is next to impossible. Adding more and more hooks to prevent access to globals, merely adds

[issue42752] multiprocessing Queue leaks a file descriptor associated with the pipe writer (#33081 still a problem)

Change by mattip : -- nosy: +davin, pitrou ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

  1   2   >