Stefan Krah stefan-use...@bytereef.org added the comment:
You can't return mpd_realloc_dyn(result, nwords, status) in the
second instance: the coefficient must be initialized to zero
later on. So this is intentional.
--
components: +Extension Modules -Library (Lib)
resolution: -
Changes by Stefan Krah stefan-use...@bytereef.org:
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15059
___
___
Stefan Krah stefan-use...@bytereef.org added the comment:
I can see why it is seems strange that // and % behave differently.
If anything, I'd change divint to raise for things like inf // 3.
But the official test cases don't:
dvix601 divideint -Inf -1000 - Infinity
remx701 remainder -Inf
Maciej Fijalkowski fij...@gmail.com added the comment:
secure_compare leaks the password always. Note that it takes different time to
create a result of ord() depending whether it's =100 or 100 due to caching
of small numbers. Such functions should be written in C.
--
nosy: +fijall
Hynek Schlawack h...@ox.cx added the comment:
We should. Adding secure functions that aren't really secure is something we
should rather avoid. :)
Christian, are you willing to do that?
--
components: +Library (Lib) -IO
nosy: +hynek
stage: patch review - needs patch
type: behavior -
Armin Rigo ar...@users.sourceforge.net added the comment:
fijal: while I agree with you, the limit for small ints has actually been
pushed to 257 in recent CPythons. So it should still theoretically work --- of
course, assuming a predictable CPU, which is wrong, and assuming a simple
Christian Heimes li...@cheimes.de added the comment:
I don't see how the function is going to leak this information when both this
patch and the patch in #14955 are applied. With
http://bugs.python.org/file25801/secure-compare-fix-v2.patch ord() is no longer
used and thus avoid the timing
Maciej Fijalkowski fij...@gmail.com added the comment:
Ah unicodes. is encode('unicode-internal') independent on the string
characters? I heavily doubt so. you leak at least some information through that
function alone.
--
___
Python tracker
Antoine Pitrou pit...@free.fr added the comment:
With PEP 393 unicode objects can have several representations, which makes it
unlikely that *really* constant-timing functions can be devised.
Speaking about this particular patch, I don't understand the point.
secure_compare() is obviously
Christian Heimes li...@cheimes.de added the comment:
IMHO it's not obvious to all users. Better safe than sorry. ;)
The invariant 'known and equal length' impresses an artificial limitation. Code
may need to compare outside data with internal data without exposing too many
details about the
Hynek Schlawack h...@ox.cx added the comment:
I don’t want to be the killjoy but I find it highly questionable to add a
function that is advertised as secure while we can't fully grok the
complexities at play. If we can't produce a provable secure one, we should
scrub the function for good;
Antoine Pitrou pit...@free.fr added the comment:
I don’t want to be the killjoy but I find it highly questionable to
add a function that is advertised as secure while we can't fully
grok the complexities at play. If we can't produce a provable secure
one, we should scrub the function for
Maciej Fijalkowski fij...@gmail.com added the comment:
Antoine, seriously? You want to explore a function that's called secure when
the only thing you know about it is probably secure? This is extremely tricky
business and I think it should be called secure only if you can prove it's
secure.
Maciej Fijalkowski fij...@gmail.com added the comment:
export not explore. Why can't I edit my own post?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15061
___
Antoine Pitrou pit...@free.fr added the comment:
Antoine, seriously? You want to explore a function that's called
secure when the only thing you know about it is probably secure?
This is extremely tricky business and I think it should be called
secure only if you can prove it's secure.
Maciej Fijalkowski fij...@gmail.com added the comment:
For unicode at the very least it's not an improvement at all. With the patch
mentioned that does encode it's also not an improvement at all. Prove as in
reason about the function in C and make sure it does not do any conditionals
Antoine Pitrou pit...@free.fr added the comment:
With PEP 393 unicode objects can have several representations, which makes it
unlikely that *really* constant-timing functions can be devised.
However, a C version could provide some guarantees, by raising an error if the
passed unicode strings
Changes by Hynek Schlawack h...@ox.cx:
--
nosy: +hynek
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14955
___
___
Python-bugs-list mailing list
Martin v. Löwis mar...@v.loewis.de added the comment:
I recommend to revert the addition of this function. It's not possible to
implement a time-independent comparison function, as demonstrated in issues
14955 and 15061
--
nosy: +loewis
___
Python
Martin v. Löwis mar...@v.loewis.de added the comment:
I recommend to revert the addition of the function, given that it can't be made
secure.
--
nosy: +loewis
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15061
Antoine Pitrou pit...@free.fr added the comment:
How is it not possible? The implementation may be buggy, but it's possible to
write a C version that does the right thing.
--
___
Python tracker rep...@bugs.python.org
Changes by Hynek Schlawack h...@ox.cx:
--
nosy: +hynek
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14532
___
___
Python-bugs-list mailing list
Christian Heimes li...@cheimes.de added the comment:
I've two suggestions:
* rename the function to 'total_compare'. The name explains what the function
actually does in comparison to '=='. It takes the total input values into
account instead of using short circuit comparison.
* restrict the
New submission from Richard Oudkerk shibt...@gmail.com:
There are some types which should support the context manager protocol:
- connection objects
- listener objects
- pool objects
--
messages: 162776
nosy: sbt
priority: normal
severity: normal
stage: needs patch
status: open
title:
Maciej Fijalkowski fij...@gmail.com added the comment:
Hi Christian. It's either secure or it's not. If it's not, there is no point in
introducing it at all as I don't think it's a good idea to have a
kind-of-secure-but-i-dont-know functions in stdlib.
If you restrict input to bytes it looks
Antoine Pitrou pit...@free.fr added the comment:
It's either secure or it's not.
I don't think that's true. By that reasoning, Python is not secure so there's
no point in fixing crashes or providing a hashlib module.
That said, I think renaming to total_compare isn't really helpful. The
New submission from Kevin kevin.fairba...@gatech.edu:
When using %F and %T in strftime on Mac and Linux the function works as
expected, but it fails on Windows. Although these format strings are not in
the Python documentation, the inconsistent behavior should be noted or
corrected. If
R. David Murray rdmur...@bitdance.com added the comment:
As I said, patches to improve the situation are welcome, and if they match with
current internet practices they will likely be accepted.
It is still the case that such URLs are likely to require extra work on the
part of the application
R. David Murray rdmur...@bitdance.com added the comment:
You could get one of the pypy devs that have push rights on cpython to commit
it. If that doesn't happen, then at some point (probably not *too* long from
now) I or someone else will commit it. We have many more patches than we have
Eric O. LEBIGOT eric.lebi...@normalesup.org added the comment:
Terry, it seems that the doc I was quoting is for version 1.5.1
(http://docs.python.org/release/1.5.1p1/tut/node43.html). I can't find it in
more recent versions of the doc. I should not have quoted an obsolete version
of the
Michael Herrmann mherrmann...@gmail.com added the comment:
That is *exactly* my point :)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12982
___
R. David Murray rdmur...@bitdance.com added the comment:
Because:
1) The __debug__ flag is defined to be process-global. If you test it in one
module, your code should be able to assume that it has the same value in all
other modules
2) python-dev does not support running .pyo code
R. David Murray rdmur...@bitdance.com added the comment:
The reason the codes are not documented is that they are not supported.
Because we delegate to the system strftime, they happen to work.
To change that the most sensible thing would be to have our own strftime
implementation, which
anatoly techtonik techto...@gmail.com added the comment:
On Wed, Jul 14, 2010 at 1:52 AM, Alexander Belopolsky
rep...@bugs.python.org wrote:
I am still -1 on adding specialized formatting methods to the datetime class.
I think this should be done in specialized modules.
No problem - add
anatoly techtonik techto...@gmail.com added the comment:
I must add - many times better than no solution at all.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7584
___
Eric Snow ericsnowcurren...@gmail.com added the comment:
I am not fully sure why -O is essentially required for running .pyo
files: why not have the Python interpreter handle everything
automatically based on the extension?
In part because it would take work to make it happen and apparently
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 62030ebb2b01 by Martin v. Löwis in branch '3.2':
Issue #14937: Fix typo. Patch by Roger Serwy.
http://hg.python.org/cpython/rev/62030ebb2b01
--
___
Python tracker
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 9a6b45a83dec by Martin v. Löwis in branch 'default':
Issue #14936: curses_panel was converted to PEP 3121 API.
http://hg.python.org/cpython/rev/9a6b45a83dec
New changeset 6eb21c1d3099 by Martin v. Löwis in branch
Martin v. Löwis mar...@v.loewis.de added the comment:
Thanks for the patches!
--
nosy: +loewis
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14936
Martin v. Löwis mar...@v.loewis.de added the comment:
These functions need to be documented.
--
nosy: +loewis
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15042
___
David Barnett davidbarne...@gmail.com added the comment:
Is this ready and just waiting to be merged now?
--
nosy: +mu_mind
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue11880
___
1
In directory /WORK/suzc/software/Python-2.7.3, I do this:
suzc@linux-opensuse:22:33:28:Python-2.7.3$ ./configure
--prefix=/WORK/suzc/installed/python --exec-prefix=/WORK/suzc/installed/python
--mandir=/WORK/suzc/installed/man | tee -a config_make.20120614.log
make
make install
Daniel Holth dho...@fastmail.fm added the comment:
Yes, but I had some trouble attaching a good patch to the issue tracker
itself.
On Thu, Jun 14, 2012, at 02:28 PM, David Barnett wrote:
David Barnett davidbarne...@gmail.com added the comment:
Is this ready and just waiting to be merged
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset d31e83497c5a by Richard Oudkerk in branch 'default':
Issue #13841: Make child processes exit using sys.exit() on Windows
http://hg.python.org/cpython/rev/d31e83497c5a
--
nosy: +python-dev
New submission from Zachary Ware zachary.w...@gmail.com:
See: http://hg.python.org/cpython/file/d31e83497c5a/Doc/library/sqlite3.rst#l708
PEP 246 is headed by:
Rejection Notice
I'm rejecting this PEP. Something much better is about to happen;
it's too early to say exactly what, but
New submission from Jason R. Coombs jar...@jaraco.com:
I found that fileinput.input() requires two EOF characters to stop reading
input on Python 2.7.3 on Windows and Ubuntu:
PS C:\Users\jaraco python
Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on
win32
import
Jason R. Coombs jar...@jaraco.com added the comment:
I observed if I send EOF as the first character, it honors it immediately and
doesn't require a second EOF.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15068
Brett Cannon br...@python.org added the comment:
Thanks for the info, Roumen. It looks like there is a single use of MAXPATHLEN
still in import.c which I hope to eliminate, so hopefully that will rectify
this problem.
--
___
Python tracker
Brett Cannon br...@python.org added the comment:
So sys.dont_write_bytecode is there to prevent bytecode writing but not
loading. This is an issue for some systems (e.g. clusters) where there are so
many processes running Python that they start to trample each others bytecode
files and it
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15056
___
R. David Murray rdmur...@bitdance.com added the comment:
Frankly I'm surprised it works at all, since fileinput.input() will by default
read from stdin, and stdin is in turn being read by the python prompt.
I just checked 2.5 on linux, and the same situation exists there (two ^Ds are
required
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9374
___
Jason R. Coombs jar...@jaraco.com added the comment:
FWIW, I encountered the double-EOF behavior when invoking fileinput.input from
a script running non-interactively (except of course for the input() call).
--
___
Python tracker
Martin v. Löwis mar...@v.loewis.de added the comment:
Thanks, fixed
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14937
___
New submission from Pat p...@jegcpa.com:
Attempting to import pyserial. In module serialposix.py a dict declaration
starting on line 64;
baudrate_constants = {
0: 000,
50: 001,
75: 002,
110: 003, ...etc
Traceback
Amaury Forgeot d'Arc amaur...@gmail.com added the comment:
You are importing with Python3 a module written for Python2.
pyserial-2.6 comes with a setup.py script that will do the conversion, you
should run it and not try to import the source code directly.
--
nosy: +amaury.forgeotdarc
Ronan Lamy ronan.l...@gmail.com added the comment:
Doing it at the interpreter level is trivial (cf. patch), except for an
annoying bug I noticed (see below). Doing it from user code might require some
care to avoid disrupting existing import hooks, but AFAICT something like
Zachary Ware zachary.w...@gmail.com added the comment:
I just tested on Python 3.2, and found something interesting; it seems a ^Z
character on a line that has other input read in as a character. Also, other
input after an EOF on its own means you still have to do two more EOFs to end.
R. David Murray rdmur...@bitdance.com added the comment:
I don't know how the EOF character works, but I wouldn't be surprised if it had
to be on a line by itself to mean EOF.
If the double EOF is required when not at the interactive prompt, then there
could be a long standing bug in
R. David Murray rdmur...@bitdance.com added the comment:
And yes, a number with leading zeros is an invalid token in Python3, because in
Python2 it was an octal number, and now we spell octal as, eg, 0o0001.
--
nosy: +r.david.murray
___
Python
Petri Lehtinen pe...@digip.org added the comment:
The fix seems to be very simple:
diff --git a/Lib/mailbox.py b/Lib/mailbox.py
index a677729..2be4c83 100644
--- a/Lib/mailbox.py
+++ b/Lib/mailbox.py
@@ -675,6 +675,7 @@ class _singlefileMailbox(Mailbox):
Eric Snow ericsnowcurren...@gmail.com added the comment:
At the time it referred to generic functions (a la PEP 3124: Overloading,
Generic Functions, Interfaces, and Adaptation). However, ultimately it was
Abstract Base Classes (PEP 3119) that slid into this space.
--
nosy:
Jason Tishler ja...@tishler.net added the comment:
The problem is due to Cygwin's automatic .exe extension handling. See the
attached patch (i.e., code comment) for the details. Is this patch acceptable?
--
keywords: +patch
stage: - patch review
type: - behavior
Added file:
Terry J. Reedy tjre...@udel.edu added the comment:
Eric, can you find a place in the current doc where -O and .pyo are mentioned,
and where you think a sentence should go. What sentence(s) would you like to
see.
Other comments:
__debug__ is intended to be a process-global compilation value
Changes by Richard Oudkerk shibt...@gmail.com:
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13841
___
Serhiy Storchaka storch...@gmail.com added the comment:
It is not only the fileinput. The same effect can be achieved by simple
idiomatic code:
import sys
while True:
chunk = sys.stdin.read(1000)
if not chunk:
break
# process
--
nosy: +storchaka
New submission from Antoine Pitrou pit...@free.fr:
When I try to launch the AMD64 debug build:
Z:\defaultPC\VS9.0\amd64\python_d.exe
I get an error box complaining that python33_d.dll is missing from my system.
Indeed it doesn't seem there:
Z:\defaultdir PC\VS9.0\amd64\*.dll
Volume in drive
R. David Murray rdmur...@bitdance.com added the comment:
That makes sense. It is a consequence of (a) buffered input and (b) the fact
that EOF on stdin doesn't really close it. (And by interactive here I don't
just mean Python's interactive prompt, but also the shell).
By default fileinput
Antoine Pitrou pit...@free.fr added the comment:
Ah, apparently it's a linking error and it doesn't work for release builds
either:
1 Creating library Z:\default\PC\VS9.0\\amd64\python33.lib and object
Z:\default\PC\VS9.0\\amd64\python33.exp
1timemodule.obj : error LNK2019: unresolved
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset ccbf6f970943 by Antoine Pitrou in branch 'default':
Issue #15070: fix VS9.0 build regression
http://hg.python.org/cpython/rev/ccbf6f970943
--
nosy: +python-dev
___
Python
Changes by Antoine Pitrou pit...@free.fr:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15070
___
Serhiy Storchaka storch...@gmail.com added the comment:
Note that in the rare cases, when stdio ends immediately on the limit of the
read buffer, just one EOF is sufficient. In particular for read(1) one EOF is
sufficient always, and for read(2) it is sufficient in about half of the cases.
Antoine Pitrou pit...@free.fr added the comment:
It is unlikely to be solvable at the Python level. Witness the raw stream's
behaviour (in Python 3):
sys.stdin.buffer.raw.read(1000)
If you type a letter followed by ^D (Linux) or ^Z (Windows), this returns
immediately:
Serhiy Storchaka storch...@gmail.com added the comment:
Thank you, Antoine.
3327 (+360%) 15304 encode utf-16le 'A'*1
3314 (+335%) 14413 encode utf-16le '\x80'*1
3290 (+357%) 15036 encode utf-16be'\x80'+'A'*
It must be a fluctuation (-30-40%). For all UCS1 strings the
Martin v. Löwis mar...@v.loewis.de added the comment:
The question really remains whether the VS 9 project files should be generated
from the VS 2010 ones; this would have resolved this error as well (even though
Richard Oudkerk probably wouldn't have run those generators - consequentially,
Serhiy Storchaka storch...@gmail.com added the comment:
On 32-bit Linux, Intel Atom N570 @ 1.66GHz:
Py2.7Py3.2Py3.3patched
214 (+718%) 215 (+714%) 363 (+382%) 1750 encode utf-32le 'A'*1
214 (+704%) 214 (+704%) 362 (+375%) 1720 encode utf-32le
New submission from Daniel C. llaniscud...@gmail.com:
I am develop a RADIUS server in 3.2 for WiFi authentication, the EAP-TLS or
PEAP auths require a TLS tunnel AND get the master key and the client hello and
server hello randoms to generate the MSK, the key to encrypt between WiFi user
and
Changes by Serhiy Storchaka storch...@gmail.com:
Added file:
http://bugs.python.org/file26010/ElementTree-force_long_tags-v3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14377
___
Antoine Pitrou pit...@free.fr added the comment:
Please elaborate on what you are asking for, and try to make yourself
understandable.
Also, a good way to see your enhancement request fulfilled is to contribute it
yourself; please take a look at the devguide: http://docs.python.org/devguide/
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15068
___
Martin v. Löwis mar...@v.loewis.de added the comment:
Daniel: Antoine is absolutely right. About the only way this can happen is if
*you* contribute the code. Even if you would make clear what you want (what is
a master key and the hello randoms?), it is likely that still nobody else
needs
Serhiy Storchaka storch...@gmail.com added the comment:
I don't think that the three new fields in each Element is a suitable price for
this very rare used feature.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14377
Serhiy Storchaka storch...@gmail.com added the comment:
The = 0x8000UL was intentional. The low-order 31 bits of mt[0] don't
form part of the state of the Mersenne Twister: the resulting random stream
isn't affected by their values.
Thanks, I have no more questions.
--
Serhiy Storchaka storch...@gmail.com added the comment:
Georg, Atsuo, how are you?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3665
___
___
Serhiy Storchaka storch...@gmail.com added the comment:
Martin, now the patch is good?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10376
___
New submission from William Payne wtpa...@gmail.com:
Unfortunately, I cannot provide the source of the script I was running then the
crash occurred, so I strongly suspect that this issue will be closed as cannot
reproduce, but I have included the OSX problem report anyway, if it is of any
Daniel C. llaniscud...@gmail.com added the comment:
ok. i try to do the patch!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15071
___
___
Ronald Oussoren ronaldousso...@mac.com added the comment:
Sadly enough the crash report is not very helpful for us.
Can you reproduce the issue? If so, can you either provide more information by
running the programming in a debugger or create a script that reproduces the
problem?
And as
William Payne wtpa...@gmail.com added the comment:
The crash has only occurred once (so far). If it happens a couple more
times I will try to reproduce it and send you the script.
For now though, I guess the ticket should be closed.
I hope I did the right thing in raising a ticket - I thought
Yaakov (Cygwin Ports) yselkow...@users.sourceforge.net added the comment:
I use obcaseinsensitive=0, hence I didn't see this. Would that be an option
for you?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15047
Ronald Oussoren ronaldousso...@mac.com added the comment:
Letting us know of the problem is fine, in general Python should not crash. But
without a way to reproduce the problem it is very hard to do anything about
that.
There are a number of known issues that can cause crashes, a subset of
Nick Coghlan ncogh...@gmail.com added the comment:
Maciej, please read http://mjg59.dreamwidth.org/13061.html
Secure vs not secure is not a binary state - it's about making attacks
progressively more difficult. Something that is secure against a casual script
kiddie scatter gunning attacks on
Ned Deily n...@acm.org added the comment:
I have no experience with opensuse but, from a general unix install install
view, the most obvious cause of that message would be a build failure of the
_struct extension. Check the log file for messages with _struct in it. You
could also try to
Sam Whitehead demon@gmail.com added the comment:
This still seems to be the case in 3.2.
Python 3.2.3 (default, Apr 23 2012, 23:35:30)
[GCC 4.7.0 20120414 (prerelease)] on linux2
from collections import UserString
a = UserString(foop)
import os.path
os.path.exists(a)
Traceback
Changes by Terry J. Reedy tjre...@udel.edu:
--
nosy: +terry.reedy
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14997
___
___
Python-bugs-list
Eli Bendersky eli...@gmail.com added the comment:
Agree with Serhiy. Why are these flags required in Element?
Also, I'm moving this to 3.4 since the patch came too late in the 3.3 process -
the first beta is very soon, after which we prefer not to add new features.
--
priority: normal
Eli Bendersky eli...@gmail.com added the comment:
This looks rejected to me. Any opposition to closing the issue?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14035
___
Eli Bendersky eli...@gmail.com added the comment:
Note: last traces of Python bootstrap code were removed from _elementtree in
changeset 652d148bdc1d
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13988
New submission from Pavel Fedin p.fe...@samsung.com:
commands.getoutput() is broken on Windows. The issue has been detected in
v2.7.2, but still persists in v2.7.3:
--- cut ---
Python 2.7.3 (default, Apr 10 2012, 23:24:47) [MSC v.1500 64 bit (AMD64)] on
win32
Type help, copyright, credits or
99 matches
Mail list logo