[issue43669] PEP 644: Require OpenSSL 1.1.1 or newer

Change by Christian Heimes : -- pull_requests: +24195 pull_request: https://github.com/python/cpython/pull/25470 ___ Python tracker ___

[issue43880] 3.10 SSL module deprecations

Christian Heimes added the comment: New changeset 2875c603b2a7691b55c2046aca54831c91efda8e by Christian Heimes in branch 'master': bpo-43880: Show DeprecationWarnings for deprecated ssl module features (GH-25455)

[issue43837] Operator precedence documentation could be more clear

Chris Jerdonek added the comment: > So maybe we should change the terminology while we’re at it. When math is taught to elementary school students in the US, it's called "order of operations": https://en.wikipedia.org/wiki/Order_of_operations Since this was raised in the context of newcomers

[issue42854] OpenSSL 1.1.1: use SSL_write_ex() and SSL_read_ex()

Change by Christian Heimes : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue42854] OpenSSL 1.1.1: use SSL_write_ex() and SSL_read_ex()

Christian Heimes added the comment: New changeset 89d1550d14ba689af12eeb726e4ff8ce73cee7e1 by Christian Heimes in branch 'master': bpo-42854: Use SSL_read/write_ex() (GH-25468) https://github.com/python/cpython/commit/89d1550d14ba689af12eeb726e4ff8ce73cee7e1 --

[issue43837] Operator precedence documentation could be more clear

Ammar Askar added the comment: Opened https://github.com/python/cpython/pull/25469 for the first suggestion of reversing the precedence table order since it seems like a good improvement. I think the tight binding to weak order is more natural and aside from K, the following other languages

[issue43837] Operator precedence documentation could be more clear

Change by Ammar Askar : -- keywords: +patch nosy: +ammar2 nosy_count: 8.0 -> 9.0 pull_requests: +24194 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25469 ___ Python tracker

[issue43837] Operator precedence documentation could be more clear

Change by Raymond Hettinger : -- assignee: rhettinger -> ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43837] Operator precedence documentation could be more clear

Raymond Hettinger added the comment: Let's reverse the table in accordance with the de facto standard. -- ___ Python tracker ___

[issue39298] add BLAKE3 to hashlib

Christian Heimes added the comment: 3.10 feature freeze is in two weeks (May 3). I don't feel comfortable to add so much new C code shortly before beta 1. If I understandly correctly the code is new and hasn't been published on PyPI yet. I also don't have much time to properly review the

[issue42853] `OverflowError: signed integer is greater than maximum` in ssl.py for files larger than 2GB

Christian Heimes added the comment: Python 3.10 will use SSL_write_ex() and SSL_read_ex(), which support > 2 GB data. -- versions: -Python 3.10 ___ Python tracker ___

[issue42854] OpenSSL 1.1.1: use SSL_write_ex() and SSL_read_ex()

Christian Heimes added the comment: SSL_write_ex() and SSL_read_ex() solve two issues: * bpo-42853: SSLSocket no longer raises overflow error when sending or receiving more than 2 GB of data * bpo-31711: empty send(b"") no longer fails with protocol violation exception --

[issue31711] ssl.SSLSocket.send(b"") fails

Christian Heimes added the comment: Thanks to PEP 644 the issue will be fixed in 3.10 by using SSL_read_ex and SSL_write_ex() functions. I couldn't use the functions earlier because Python had to support older OpenSSL versions and LibreSSL. See https://github.com/python/cpython/pull/25468

[issue39298] add BLAKE3 to hashlib

Larry Hastings added the comment: I note that Python already ships with some #ifdefs around SSE and the like. So, yes, we already do this sort of thing, although I think this usually uses compiler intrinsics rather than actual assembly. A quick grep shows zero .s files and only one .asm

[issue42854] OpenSSL 1.1.1: use SSL_write_ex() and SSL_read_ex()

Change by Christian Heimes : -- keywords: +patch pull_requests: +24193 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/25468 ___ Python tracker

[issue39298] add BLAKE3 to hashlib

Jack O'Connor added the comment: An update a year later: I have a proof-of-concept branch that adds BLAKE3 support to hashlib: https://github.com/oconnor663/cpython/tree/blake3. That branch is API compatible with the current master branch of https://github.com/oconnor663/blake3-py. Both

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

Guido van Rossum added the comment: Actually I believe a real case was reported on python-dev. I think it is not clean that the boundary between numbers and identifiers is so fluid. -- nosy: +Guido.van.Rossum ___ Python tracker

[issue43602] Include Decimal's in numbers.Real

Raymond Hettinger added the comment: Considering Oscar's response, Mark's comments, and prior discussions, we should close this. No strong use cases have emerged that would warrant overturning the long-standing prior decisions on this topic. -- resolution: -> rejected stage: ->

[issue43883] Making urlparse WHATWG conformant

Change by Karthikeyan Singaravelan : -- nosy: +xtreak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

Karthikeyan Singaravelan added the comment: See also a related issue to sanitise newline on other helper functions https://bugs.python.org/issue30713 See also discussion and compatibility on disallowing control characters : https://bugs.python.org/issue30458 -- nosy:

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

Raymond Hettinger added the comment: I recommend just letting this be. Aside from it allowing for a cute riddle, in the real world seems to be harmless and not worth breaking code. There are lots of other harmless oddities such as the space-invader increment operator: x -=- 1 FWIW, a

[issue43837] Operator precedence documentation could be more clear

Change by Raymond Hettinger : -- assignee: docs@python -> rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue43884] Cannot cleanly kill a subprocess using high-level asyncio APIs

Ronal Abraham added the comment: Reproducing the program here: import asyncio async def test(): process = await asyncio.create_subprocess_shell( "sleep 2 && echo done", stdout=asyncio.subprocess.PIPE, ) await asyncio.sleep(1)

[issue43884] Cannot cleanly kill a subprocess using high-level asyncio APIs

New submission from Ronal Abraham : There doesn't appear to be a way to prematurely kill a subprocess using the high-level asyncio subprocess APIs (https://docs.python.org/3.9/library/asyncio-subprocess.html) without getting a traceback on exit. On exit, the attached program writes the

[issue43883] Making urlparse WHATWG conformant

Serhiy Storchaka added the comment: It would be interesting to test also with the yarl module. It is based on urlparse and urljoin, but does extra normalization of %-encoding. -- nosy: +serhiy.storchaka ___ Python tracker

[issue43284] sys.getwindowsversion().platform_version is incorrect

Eryk Sun added the comment: > But kernel32.dll (since it's of a different version) isn't > accurate at all right? To clarify, CMD's VER command calls GetVersion(). It has nothing to do with the file version of any system DLL. Because CMD is a system component, the GetVersion() call

[issue43802] Seg fault on macOS using multiprocessing.JoinableQueue

Jacob Walls added the comment: Unfortunately, at the outset I should have tested this without multiprocessing. I can reproduce without multiprocessing[1], which meant I could more easily pinpoint the failure. There is an expensive O(nm) algorithm[2] in the music21 library that is

[issue43883] Making urlparse WHATWG conformant

New submission from Senthil Kumaran : Mike Lissner reported that a set test suites that exercise extreme conditions with URLs, but in conformance with url.spec.whatwg.org was maintained here: https://github.com/web-platform-tests/wpt/tree/77da471a234e03e65a22ee6df8ceff7aaba391f8/url These

[issue43882] urllib.parse should sanitize urls containing ASCII newline and tabs.

New submission from Senthil Kumaran : A security issue was reported by Mike Lissner wherein an attacker was able to use `\r\n` in the url path, the urlparse method didn't sanitize and allowed those characters be present in the request. > In [9]: from urllib.parse import urlsplit > In [10]:

[issue43804] Add more info about building C/C++ Extensions on Windows using MSVC

Shreyan Avigyan added the comment: Kindly have a review of my PR. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

sco1 added the comment: Makes sense, thanks! -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

Serhiy Storchaka added the comment: There is no issues with lists and strings. "]" clearly ends the list display, and a quote ends a string literal. The problem with numeric literals is that they can contain letters, so it is not clear (for human reader) where the numeric literals ends and

[issue43874] argparse crashes on subparsers with no dest/metava

Terence Honles added the comment: Thanks for the context Paul. I didn't think to look in the tracker for an existing issue, sorry! I'm not sure if documenting the requirement is sufficient or something that a user would go towards with the error as it is. I _might_ suggest throwing an

[issue43284] sys.getwindowsversion().platform_version is incorrect

Shreyan Avigyan added the comment: But kernel32.dll (since it's of a different version) isn't accurate at all right? To find the accurate result we have to use the CurrentBuildNumber registry key. I think this key will not be removed so easily by Microsoft. This key have been in existence

[issue18233] SSLSocket.getpeercertchain()

Change by Christian Heimes : -- pull_requests: +24191 pull_request: https://github.com/python/cpython/pull/25467 ___ Python tracker ___

[issue43878] ./configure fails on Apple Silicon

Keith Smiley added the comment: Thanks for taking a look. My limited understanding is also that these should be able to be updated separately from autoconf, and I feel slightly more confident knowing that in the past folks treated this update as trivial. It seems like the changes should be

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

sco1 added the comment: We can also see this kind of thing with other literals, would that be in scope here? e.g. ``` Python 3.9.4 (default, Apr 5 2021, 12:33:45) [Clang 12.0.0 (clang-1200.0.32.29)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>>

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

Serhiy Storchaka added the comment: PR 25466 makes the tokenizer emitting a deprecation warning if the numeric literal is followed by one of keywords which are valid after numeric literals. In future releases it will be changed to syntax warning, and finally to syntax error. It is breaking

[issue43833] Unexpected Parsing of Numeric Literals Concatenated with Boolean Operators

Change by Serhiy Storchaka : -- keywords: +patch pull_requests: +24190 stage: -> patch review pull_request: https://github.com/python/cpython/pull/25466 ___ Python tracker

[issue43284] sys.getwindowsversion().platform_version is incorrect

Eryk Sun added the comment: The "CurrentBuild" and "CurrentVersion" values go back to the first release of Windows NT 3.1 in 1993 (build 511, which was quickly replaced by build 528). In NT 3.1 (build 528), the "CurrentBuild" value was "1.528.1 () (July 1993)". In NT 3.5, this awkward

[issue43284] sys.getwindowsversion().platform_version is incorrect

Shreyan Avigyan added the comment: I researched a little more and found that before Vista the winver command used the CurrentBuildNumber key instead of CurrentBuild key. In fact before Vista CurrentBuild was marked as obsolete by Microsoft. But that changed in Vista, when Microsoft started

[issue36076] ssl.get_server_certificate should use SNI

Christian Heimes added the comment: Thanks! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: +Python 3.10 -Python 3.7 ___ Python tracker

[issue36076] ssl.get_server_certificate should use SNI

miss-islington added the comment: New changeset 49fdf118aeda891401d638ac32296c7d55d54678 by juhovh in branch 'master': bpo-36076: Add SNI support to ssl.get_server_certificate. (GH-16820) https://github.com/python/cpython/commit/49fdf118aeda891401d638ac32296c7d55d54678 -- nosy:

[issue43641] Update `ssl.PROTOCOL_TLSv1_2` docs since it is not the newest TLS version

Christian Heimes added the comment: Thanks! -- nosy: +christian.heimes resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue43284] sys.getwindowsversion().platform_version is incorrect

Shreyan Avigyan added the comment: @eryksun described "Apparently the developers do not want to guarantee that the version information on any particular system DLL can be used to get the system version. Apparently they also do not want to officially sanction using the

[issue43641] Update `ssl.PROTOCOL_TLSv1_2` docs since it is not the newest TLS version

miss-islington added the comment: New changeset 2798f247c0747d28cb857fa80803797b24696cb6 by Illia Volochii in branch 'master': bpo-43641: Stop stating that TLS 1.2 is the most modern version in docs (GH-25041) https://github.com/python/cpython/commit/2798f247c0747d28cb857fa80803797b24696cb6

[issue43362] Bad free in py_sha3_new_impl function

Christian Heimes added the comment: The issue affected Python 3.10a1 to latest alpha. 3.9 and earlier are not affected. Thanks! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: -Python 3.8, Python 3.9 ___

[issue43362] Bad free in py_sha3_new_impl function

Christian Heimes added the comment: New changeset aa6da32edc3c6ddfda5e849561e20273b8d82771 by Christian Heimes in branch 'master': bpo-43362: Fix invalid free and return check in _sha3 module (GH-25463) https://github.com/python/cpython/commit/aa6da32edc3c6ddfda5e849561e20273b8d82771

[issue43877] Logging Cookbook ambiguity

Raymond Hettinger added the comment: The multiprocessing.Queue() instance will accumulate messages regardless of whether a producer or consumer is started first. -- nosy: +rhettinger ___ Python tracker