[issue19065] sqlite3 timestamp adapter chokes on timezones

Change by Ian Fisher : -- nosy: +iafisher ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: I have contacted JP Aumasson to get his feedback on this proposal. -- ___ Python tracker ___

[issue26651] Deprecate register_adapter() and register_converter() in sqlite3

Change by Ian Fisher : -- nosy: +iafisher ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue45382] platform() is not able to detect windows 11

Alex Zaslavskis added the comment: Beter solution . Using match in python 3.10 -- Added file: https://bugs.python.org/file50331/main.py ___ Python tracker ___

[issue26651] Deprecate register_adapter() and register_converter() in sqlite3

Erlend E. Aasland added the comment: Yes, deprecating the preconfigured adapters and converters, but keeping the ability to register adapters/converters sounds like a very good idea to me. As you point out, Marc-Andre, they are application specific. Also, implementing converters and

[issue45402] ERROR: test_sundry (test.test_tools.test_sundry.TestSundryScripts): SystemExit: ERROR: missing _freeze_module

Miro Hrončok added the comment: I can also reproduce this without the additional configure flags: [cpython]$ git clean -fdx [cpython]$ mkdir -p build/debug [cpython]$ cd build/debug [debug]$ ../../configure --with-pydebug [debug]$ make [debug]$ cd ../.. [cpython]$ build/debug/python -m test -v

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: > I don't quite follow. Why is it fine that you discuss DoS, but it's not fine when others discuss DoS ? But this BPO is not about discussing mitigations against DoS attacks in general. It's about adding SipHash1-3- and following the example of Rust and

[issue45402] ERROR: test_sundry (test.test_tools.test_sundry.TestSundryScripts): SystemExit: ERROR: missing _freeze_module

Miro Hrončok added the comment: I can reproduce this from git main branch: $ git clean -fdx $ mkdir -p build/debug $ cd build/debug $ ../../configure --with-platlibdir=lib64 --enable-shared --without-ensurepip --with-pydebug $ make $ cd ../.. $ LD_LIBRARY_PATH=$PWD/build/debug

[issue29410] Moving to SipHash-1-3

Marc-Andre Lemburg added the comment: On 07.10.2021 12:16, Christian Heimes wrote: > >> That's certainly true, but at the same time, just focusing on string > hashes only doesn't really help either, e.g. it is very easy to > create a DoS with numeric keys or other objects which use trivial >

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: > I am not sure its worth enough. Adding algorithm increase some maintenance > cost... Is it really make someone happy? siphash13 is a short function. I wrote and designed PEP 456 so we can easily add new hashing functions. IMHO the maintenance cost is

[issue45382] platform() is not able to detect windows 11

Alex Zaslavskis added the comment: That nice idea . So the dist can contain the minimal build required to say that is for example windows 11 . The simplest solution that came in mind is . Is far from perfect but it works. -- Added file: https://bugs.python.org/file50330/main.py

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: > That's certainly true, but at the same time, just focusing on string hashes only doesn't really help either, e.g. it is very easy to create a DoS with numeric keys or other objects which use trivial hashing algorithms. Marc-Andre, Victor, your postings

[issue45402] ERROR: test_sundry (test.test_tools.test_sundry.TestSundryScripts): SystemExit: ERROR: missing _freeze_module

New submission from Miro Hrončok : When we build Python 3.10.0a1 (from the git tag) in Fedora, we see: == ERROR: test_sundry (test.test_tools.test_sundry.TestSundryScripts)

[issue45400] test_name_error_suggestions_do_not_trigger_for_too_many_locals: AssertionError: 'a1' unexpectedly found in Traceback

Change by Miro Hrončok : -- components: +Tests ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue29410] Moving to SipHash-1-3

Marc-Andre Lemburg added the comment: On 07.10.2021 11:49, Inada Naoki wrote: > Hash DoS is not only for HTTP headers. Everywhere creating dict from > untrusted source can be attack vector. > For example, many API servers receive JSON as HTTP request body. Limiting > HTTP header don't

[issue29410] Moving to SipHash-1-3

Inada Naoki added the comment: > I recommend that you add SipHash-1-3 as an additional algorithm and make it > the default. The removal of --with-hash-algorithm=siphash24 should go through > regular deprecation cycle of two Python versions. I am not sure its worth enough. Adding algorithm

[issue45398] Bugs in set operations in 3.8.10 (detected in Win7)

Change by Serhiy Storchaka : -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue45400] test_name_error_suggestions_do_not_trigger_for_too_many_locals: AssertionError: 'a1' unexpectedly found in Traceback

Miro Hrončok added the comment: I see this was previously added to 3.10 beta, so this never triggered. The test only fails when building from a directory that contains the full Python version. -- ___ Python tracker

[issue29410] Moving to SipHash-1-3

Marc-Andre Lemburg added the comment: Since the days this was discussed, a lot of new and faster hash algorithms have been developed. It may be worthwhile looking at those instead. E.g. xxHash is a lot more performant than siphash: https://github.com/Cyan4973/xxHash (the link also has a

[issue29410] Moving to SipHash-1-3

Inada Naoki added the comment: > I know that it's not a popular opinion, but I don't think that this denial of > service (DoS) is important. IMO there are enough other ways to crash a > server. Moreover, the initial attack vector was a HTTP request with tons of > header lines. In the

[issue45400] test_name_error_suggestions_do_not_trigger_for_too_many_locals: AssertionError: 'a1' unexpectedly found in Traceback

New submission from Miro Hrončok : The test_name_error_suggestions_do_not_trigger_for_too_many_locals test fails with the to-be-released 3.11.0a1: == FAIL: test_name_error_suggestions_do_not_trigger_for_too_many_locals

[issue45401] logging TimedRotatingFileHandler must not rename devices like /dev/null

New submission from STINNER Victor : One way to disable logging in a configuration file is to use /dev/null as the filename for logs. It is fine to use that with FileHandler. The problem is when TimedRotatingFileHandler is used. When Python decides to rotate the "file", it calls os.rename()

[issue45398] Bugs in set operations in 3.8.10 (detected in Win7)

Алексей added the comment: In 3.8.9 version (in Win7 too) the bug is not reproduced! -- ___ Python tracker ___ ___ Python-bugs-list

[issue45399] Remove hostflags from PySSLContext

New submission from ramikg : The PySSLContext struct mentions that "OpenSSL has no API to get hostflags from X509_VERIFY_PARAM* struct. We have to maintain our own copy". Since OpenSSL 1.1.0i added the function X509_VERIFY_PARAM_get_hostflags, this statement is no longer true. Because Python

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: I recommend that you add SipHash-1-3 as an additional algorithm and make it the default. The removal of --with-hash-algorithm=siphash24 should go through regular deprecation cycle of two Python versions. -- ___

[issue43669] PEP 644: Require OpenSSL 1.1.1 or newer

Change by ramikg : -- nosy: +ramikg nosy_count: 4.0 -> 5.0 pull_requests: +27116 pull_request: https://github.com/python/cpython/pull/28602 ___ Python tracker ___

[issue45041] [sqlite3] simplify executescript()

Pablo Galindo Salgado added the comment: New changeset 3f2c433da560d7999a52f9fcba4bbd0898848520 by Erlend Egeberg Aasland in branch 'main': bpo-45041: Restore `sqlite3` executescript behaviour for `SELECT` queries (GH-28509)

[issue29410] Moving to SipHash-1-3

Christian Heimes added the comment: I support this change, too. SipHash-1-3 is more than good enough for our use case. It provides sufficient diffusion of str and bytes hashes and has sufficient reliance against timing attacks on the PRF key. Also 64bit platforms are less affected less by

[issue29410] Moving to SipHash-1-3

STINNER Victor added the comment: "1.67 us +- 0.03 us: 1.78x faster" with a bytes string of 6k bytes sounds worth it to me. When we talk about "security" here, we are talking about a denial of service attack on the dict worst case performance:

[issue29410] Moving to SipHash-1-3

Mark Shannon added the comment: Yes, this is worth doing, IMO. It adds no more code and probably reduces maintenance costs as any improvements/bug-fixes to the rust/ruby versions can be easily ported. Even if the benefit is small, the cost is basically zero. -- nosy: +Mark.Shannon

[issue45398] Bugs in set operations in 3.8.10 (detected in Win7)

New submission from Алексей : x = set('abcde') y = set('bdxyz') x | y result: {'b', 'c', 'd', 'z', 'x', 'a', 'y'} but should be: {'b', 'c', 'd', 'z', 'x', 'a', 'y', 'e'} -- messages: 403362 nosy: bfx683 priority: normal severity: normal status: open title: Bugs in set

[issue31399] Let OpenSSL verify hostname and IP address

Change by ramikg : -- nosy: +ramikg nosy_count: 4.0 -> 5.0 pull_requests: +27115 pull_request: https://github.com/python/cpython/pull/28602 ___ Python tracker ___

[issue29410] Moving to SipHash-1-3

Inada Naoki added the comment: I am not sure this is worth doing. Microbenchmarks: ## import time ``` $ main/opt/bin/pyperf command main/opt/bin/python3 -c 'import typing,asyncio' . command: Mean +- std dev: 49.6 ms +- 0.1 ms $ siphash13/opt/bin/pyperf command

[issue45390] asyncio.Task doesn't propagate CancelledError() exception correctly.

Thomas Grainger added the comment: afaik this is intentional https://bugs.python.org/issue31033 -- nosy: +graingert ___ Python tracker ___

[issue31155] Encode set, frozenset, bytearray, and iterators as json arrays

Change by sedrubal : -- nosy: +sedrubal ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue44603] REPL: exit when the user types exit instead of asking them to explicitly type exit()

Terry J. Reedy added the comment: Steven's list left out the standard way of closing *any* windowed app -- click the close button on the title bar. Works on all major systems. Its does a little too much when python is started on a command line (by closing the console), but beginners, at

[issue45382] platform() is not able to detect windows 11

Marc-Andre Lemburg added the comment: It's probably time to extend the marketing version detection mechanism to use the build number as reference instead of the major.minor system version numbers. Here's a good reference for this:

[issue45382] platform() is not able to detect windows 11

Alex Zaslavskis added the comment: systeminfo can be option -- Added file: https://bugs.python.org/file50329/import subprocess.py ___ Python tracker ___

[issue26651] Deprecate register_adapter() and register_converter() in sqlite3

Marc-Andre Lemburg added the comment: FWIW: I'm -1 on removing the possibility to register conversion or adapter hooks in sqlite3. Such mechanisms have become a standard with Python database modules and are widely used to adapt them to applications or middleware using the modules. The

[issue45385] Fix reference leak from descr_check

Dong-hee Na added the comment: New changeset 35d4857375b6ef8f1243db4da9c2cba0bee63ad6 by Miss Islington (bot) in branch '3.10': bpo-45385: Fix reference leak from descr_check (GH-28719) (GH-28779) https://github.com/python/cpython/commit/35d4857375b6ef8f1243db4da9c2cba0bee63ad6 --

[issue45335] Default TIMESTAMP converter in sqlite3 ignores UTC offset

Erlend E. Aasland added the comment: See also: - bpo-19065: sqlite3 timestamp adapter chokes on timezones - bpo-26651 Deprecate register_adapter() and register_converter() in sqlite3 (Adding Berker to nosy list.) -- nosy: +berker.peksag ___

[issue45395] Frozen stdlib modules are discarded if custom frozen modules added.

Marc-Andre Lemburg added the comment: I'm not sure I follow, but in any case, please make sure that the freeze tool in Tools/ continues to work with the new mechanism. The freeze tool would also need to know which modules are already frozen via the new script, so that modules don't get

[issue45397] Doc for turtle.write missing the tuple part of the font param in 3.10+

Serhiy Storchaka added the comment: Seems it was fixed in Sphinx a year ago: https://github.com/sphinx-doc/sphinx/pull/8265. Maybe we need to update the Sphinx version (but it can introduce new incompatibilities). -- ___ Python tracker

[issue45390] asyncio.Task doesn't propagate CancelledError() exception correctly.

Chris Jerdonek added the comment: > But, once the asyncio.Task is cancelled, is impossible to retrieve that > original asyncio.CancelledError(msg) exception with the message, because it > seems that *a new* asyncio.CancelledError() [without the message] is raised > when

[issue45397] Doc for turtle.write missing the tuple part of the font param in 3.10+

Serhiy Storchaka added the comment: This looks like some Sphinx bug. In Python 3.8, using Sphinx: >>> from sphinx.pycode import ast >>> ast.unparse(ast.parse("('Arial', 8, 'normal')", 'eval').body) "'Arial', 8, 'normal'" For comparison, using builtin ast module in Python 3.9: >>> import

<    1   2