[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Change by Senthil Kumaran : -- pull_requests: +23319 pull_request: https://github.com/python/cpython/pull/24532 ___ Python tracker ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Change by Senthil Kumaran : -- pull_requests: +23318 pull_request: https://github.com/python/cpython/pull/24531 ___ Python tracker ___

[issue43227] Backslashes in function arguments in f-string expressions

Change by Eric V. Smith : -- resolution: -> not a bug stage: -> resolved status: open -> closed ___ Python tracker ___ ___

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Change by Dustin Rodrigues : -- pull_requests: +23317 pull_request: https://github.com/python/cpython/pull/24530 ___ Python tracker ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Change by Senthil Kumaran : -- pull_requests: +23316 pull_request: https://github.com/python/cpython/pull/24529 ___ Python tracker ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Change by Senthil Kumaran : -- pull_requests: +23315 pull_request: https://github.com/python/cpython/pull/24528 ___ Python tracker ___

[issue43227] Backslashes in function arguments in f-string expressions

Eric V. Smith added the comment: Yes, they're prohibited anywhere inside of the braces {}. This might be relaxed in the future, but through 3.9 it's still enforced. -- ___ Python tracker

[issue43227] Backslashes in function arguments in f-string expressions

Change by Karthikeyan Singaravelan : -- nosy: +eric.smith ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43227] Backslashes in function arguments in f-string expressions

New submission from Thomas Nabelek : >From https://www.python.org/dev/peps/pep-0498/#escape-sequences: "Backslashes may not appear inside the expression portions of f-strings" Is this supposed to be true even for arguments to functions inside of the expression? my_str = "test\ test\ test"

[issue43182] TURTLE: Default values for basic Turtle commands

Bruce Fuda added the comment: Added turtle experts to nosy list -- nosy: +gregorlingl, willingc ___ Python tracker ___ ___

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Change by Ned Deily : -- resolution: -> works for me stage: -> resolved status: open -> closed ___ Python tracker ___ ___

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Neel Gore added the comment: Ah in hindsight I see why this was troublesome; the directory name was "Project 4/5", and zsh was displaying the / with a :. Renaming the directory to "Project 4_5" fixed the problem. Thanks everyone! -- ___ Python

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Dustin Rodrigues added the comment: FWIW, it looks like spaces in directory names in macOS seem to be handled okay in both bash and zsh when working with venv's activate script. Colons do not and there doesn't appear to be a workaround other than not working in a directory with a colon in

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Dustin Rodrigues added the comment: What's the name of the current directory? Does it end with "Project 4:5"? It may be the colon in the directory name is interfering with the PATH parsing so that the shell thinks that the first two entries in your path after the venv activate are

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Eric V. Smith added the comment: Thanks. I’m guessing the space in the path is causing a problem. -- ___ Python tracker ___ ___

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Neel Gore added the comment: This is Python 3.9.1 from the normal python.org download. Before venv activation, "echo $PATH" gives: /Library/Frameworks/Python.framework/Versions/3.9/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public After

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Ned Deily added the comment: It could be that the activate is failing for some reason in that directory or terminal session. Try it in a new terminal session after entering "set -x" so you can see the expanded commands. -- ___ Python tracker

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Eric V. Smith added the comment: Where did you install Python from? Before you've activated the virtual env, please run "echo $PATH". After you've activated the virtual env, can you run "ls -l .venv/bin" and "echo $PATH"? -- ___ Python tracker

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Neel Gore added the comment: (sorry for double message) update: Just created a venv in Desktop and another in a directory in Documents and got the correct behavior both times. Seems like the issue is isolated to the certain directory? -- ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Senthil Kumaran added the comment: New changeset fcbe0cb04d35189401c0c880ebfb4311e952d776 by Adam Goldschmidt in branch 'master': bpo-42967: only use '&' as a query string separator (#24297) https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 --

[issue43226] build from 3.9.1 tarball on WSL failed

New submission from DoctorDan : Attempted to build 3.9.1 on WSL from tarball Python-3.9.1.tar.xz Make - succeeded Make test - Many tests failed Make install - failed Attaching the tail end of the console trace. The scrollback buffer was not big enough to accomodate the whole thing. If there

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Neel Gore added the comment: Just ran: neelgore@Neels-MacBook-Pro Project 4:5 % rm -r .venv neelgore@Neels-MacBook-Pro Project 4:5 % which python3 /Library/Frameworks/Python.framework/Versions/3.9/bin/python3 neelgore@Neels-MacBook-Pro Project 4:5 % python3 -m venv .venv

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Ned Deily added the comment: Are you sure there wasn't an existing virtual environment at .venv? By default, venv does not upgrade an existing environment. Try deleting the .venv directory first, assuming there is nothing in the environment you want to save. Otherwise you could try

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Neel Gore added the comment: zsh 5.8 (x86_64-apple-darwin20.0) and macOS Big Sur 11.2.1 This was the normal python dot org installation. -- ___ Python tracker ___

[issue43225] Add missing value returned by methods on cookiejar

Emmanuel Arias added the comment: Sorry I left nothing of information. On https://docs.python.org/3/library/http.cookiejar.html?highlight=http%20cookiejar#http.cookiejar.DefaultCookiePolicy.is_blocked and

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Dustin Rodrigues added the comment: I'm also unable to replicate this. Where did you install Python from? Which version of zsh are you running? -- nosy: +dtrodrigues ___ Python tracker

[issue43225] Add missing value returned by methods on cookiejar

Change by Emmanuel Arias : -- keywords: +patch pull_requests: +23314 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24522 ___ Python tracker ___

[issue43225] Add missing value returned by methods on cookiejar

New submission from Emmanuel Arias : Documentation say that return something but don't specific what value is returned, and that can be confuse. -- assignee: docs@python components: Documentation messages: 386961 nosy: docs@python, eamanu priority: normal severity: normal status: open

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Senthil Kumaran added the comment: Éric, I considered the possibility of bringing it in python-dev, but thought it could be decided in this ticket itself. 1. This was already brought up by multiple Release Managers in Python-dev, and some conversation seems to have happened there

[issue43220] Explicit default required arguments with add_mutually_exclusive_group are rejected

Keith Smiley added the comment: Here's an example outside of argparse showing this is caused by the `is` comparison with interned string: ``` import sys short_string = sys.argv[1] short_default = '1' long_string = sys.argv[2] long_default = 'not-interned' print(f"short comparisons: id1:

[issue42129] Support resources in namespace packages

Jason R. Coombs added the comment: For the first two errors, the issue seems to be that CPython includes tests for the ResourceReader ABC and asserts that .contents() returns an empty list as the default degenerate behavior

[issue43134] (list have item) instate (item in list)

Change by Mark Dickinson : -- nosy: -mark.dickinson ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Éric Araujo added the comment: I also have concerns about specifics of the implementation (see PR) and in general the behaviour change in point releases. Maybe have a thread on python-dev? -- ___ Python tracker

[issue43224] Add support for PEP 646 (Variadic Generics) to typing.py

Change by Matthew Rahtz : -- keywords: +patch nosy: +matthew.rahtz nosy_count: 1.0 -> 2.0 pull_requests: +23313 stage: -> patch review pull_request: https://github.com/python/cpython/pull/24527 ___ Python tracker

[issue43224] Add support for PEP 646 (Variadic Generics) to typing.py

Change by Matthew Rahtz : -- components: Library (Lib) nosy: mrahtz priority: normal severity: normal status: open title: Add support for PEP 646 (Variadic Generics) to typing.py versions: Python 3.10 ___ Python tracker

[issue43218] after venv activation "which python3" and sys.path both give base installation instead of venv

Eric V. Smith added the comment: Please do not post screen captures. It makes it difficult for users with accessibility software and it makes it hard for people trying to help you to copy and paste exactly what you've tried. I'm unable to duplicate your problem. [~]$ ps PID TTY

[issue43217] tkinter style map return value in alt theme

Serhiy Storchaka added the comment: Tested on Python 3.8.6 and 3.8.7+, Windows 10. On 3.8.6 the bug is reproduced, on 3.8.7+ all works as expected. -- resolution: -> out of date stage: -> resolved status: open -> closed superseder: -> ttk style.map function incorrectly handles the

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Senthil Kumaran added the comment: I finished reviewing this PR https://github.com/python/cpython/pull/24297 With the contexts given in W3C recommendation, Synk.io Security Report and pattern of usage in libraries like werkzeug and bottle, instead of ignoring this and letting this behavior

[issue43217] tkinter style map return value in alt theme

misianne added the comment: Tested W10 Python 3.9.1: map output is OK. It is a problem of Python 3.8.6 under W7. -- ___ Python tracker ___

[issue43204] Fix LibTom URL's in hashlib comments

Change by Erlend Egeberg Aasland : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue43204] Fix LibTom URL's in hashlib comments

Dong-hee Na added the comment: New changeset ae2ff7ba04ad20424db4efcc67246ff27b95 by Miss Islington (bot) in branch '3.8': bpo-43204: Fix LibTomCrypt URL in md5module.c and sha*module.c comments (GH-24507) (GH-24516)

[issue43210] Fix inaccurate byteswap comment in sha512module.c

Dong-hee Na added the comment: New changeset 1b57426e3a7842b4e6f9fc13ffb657c78e5443d4 by Erlend Egeberg Aasland in branch 'master': bpo-43210: Fix byteswap comment in sha512.module.c (GH-24518) https://github.com/python/cpython/commit/1b57426e3a7842b4e6f9fc13ffb657c78e5443d4 --

[issue43210] Fix inaccurate byteswap comment in sha512module.c

Dong-hee Na added the comment: Thank you Erlend! -- nosy: +corona10 resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue43216] Removal of @asyncio.coroutine in Python 3.10

Change by Dong-hee Na : -- nosy: +aeros ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43217] tkinter style map return value in alt theme

misianne added the comment: My os is windows 7, Python 3.8.6. Obviously, I can't test it on 3.9+. -- ___ Python tracker ___ ___

[issue21567] cannot create multipart alternative message with us-ascii charset

Irit Katriel added the comment: Works for me: Python 3.10.0a5+ (heads/master:bf2e7e55d7, Feb 11 2021, 23:09:25) [MSC v.1928 64 bit (AMD64)] on win32 >>> from email.mime.multipart import MIMEMultipart >>> new_msg = MIMEMultipart('alternative') >>> new_msg.set_charset('us-ascii') >>>

[issue28926] subprocess.Popen + Sqlalchemy doesn't wait for process

Irit Katriel added the comment: There isn't enough information here to understand what the issue is. If you are still having this issue in Python 3, please create a new ticket with code to reproduce it and information about the system you are using. -- resolution: -> rejected

[issue2941] Propagate define to resurce mingw32 compile

Change by Irit Katriel : -- resolution: -> out of date stage: test needed -> resolved status: pending -> closed ___ Python tracker ___

[issue43217] tkinter style map return value in alt theme

Serhiy Storchaka added the comment: What is our OS and Python version. I cannot reproduce this on Linux, perhaps it is OS-specific. Try to test with the latest Python release. Maybe this bug was fixed in issue42328. -- nosy: +serhiy.storchaka

[issue43223] Open Redirection In Python 3.7 & 3.8

New submission from Hamza AVvan : The provided version of python distros 3.8.7 and 3.7.4 are vulnerable to open redirection while traversing to an existing directory. # PAYLOAD http://127.0.0.1:8000//attacker.com/..%2f..%2f..%2f..%2f..%2f../%0a%0d/../.ssh In this case, the actual path of

[issue43134] (list have item) instate (item in list)

Masoud Azizi added the comment: Linus makes the Linux kernel without expecting benefits. USA start a war against German and Japan in ww2 without expecting benefits. Some times we should not think about benefits, just we will do it, if its the right thing. A child never will not born for

[issue43222] Regular expression split fails on 3.6 and not 2.7 or 3.7+

Serhiy Storchaka added the comment: There was a bug in the regular expression engine which caused re.split() working incorrectly with zero-width patterns. Note that in your example _DIGIT_BOUNDARY_RE.split("10.0.0") returns ['10.0.0'] on Python 2.7 -- the result which you unlikely expected.

[issue43222] Regular expression split fails on 3.6 and not 2.7 or 3.7+

New submission from Philip : I am receiving an unexpected behavior in using regular expressions for splitting a string. It seems like this error exists in `python 3.6` but not `python 2.7` and not `python 3.7+`. Below I have described a minimal example with `tox`. `setup.py` ``` from