[issue42881] Should typing.get_type_hints change None annotations?

2021-01-10 Thread Larry Hastings
New submission from Larry Hastings : PEP 484 says: (Note that the return type of __init__ ought to be annotated with -> None. The reason for this is subtle. [...] https://www.python.org/dev/peps/pep-0484/#the-meaning-of-annotations If you follow this advice, then c

[issue42616] C Extensions on Darwin that link against libpython are likely to crash

2020-12-11 Thread Larry Hastings
Larry Hastings added the comment: Sorry, somehow bpo decided I added two people to this issue? Weird. Anyway I have removed them (Ned and "froody"). -- nosy: +larry -froody, ned.deily ___ Python tracker <https://bugs.python.o

[issue42616] C Extensions on Darwin that link against libpython are likely to crash

2020-12-11 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue42616> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42616] C Extensions on Darwin that link against libpython are likely to crash

2020-12-11 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue42616> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42616] C Extensions on Darwin that link against libpython are likely to crash

2020-12-11 Thread Larry Hastings
Larry Hastings added the comment: Stop adding me to this issue. -- ___ Python tracker <https://bugs.python.org/issue42616> ___ ___ Python-bugs-list mailin

[issue42616] C Extensions on Darwin that link against libpython are likely to crash

2020-12-11 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue42616> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42310] for loop creates element in defaultdict

2020-11-10 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue42310> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42310] for loop creates element in defaultdict

2020-11-10 Thread Larry Hastings
Larry Hastings added the comment: Yes. Read the documentation for "defaultdict". In the future, please read the documentation before filing bugs. -- components: -Argument Clinic resolution: -> not a bug stage: -> resolved status: open -> cl

[issue7946] Convoy effect with I/O bound threads and New GIL

2020-10-02 Thread Larry Hastings
Larry Hastings added the comment: FWIW: I think David's cited behavior proves that the GIL is de facto a scheduler. And, in case you missed it, scheduling is a hard problem, and not a solved problem. There are increasingly complicated schedulers with new approaches and heuristics

[issue41183] [3.5] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-29 Thread Larry Hastings
Larry Hastings added the comment: A day and a half to go! Again, assuming that this won't be fixed and 3.5 will go EOL without supporting this year's Linux distro updates. -- ___ Python tracker <https://bugs.python.org/issue41

[issue39603] [security] http.client: HTTP Header Injection in the HTTP method

2020-09-28 Thread Larry Hastings
Larry Hastings added the comment: > Also note that httplib (python-2.7.18) seems to be affected too. Any > particular reason for it not to be listed in the same vulnerability page? Yes: 2.7 has been end-of-lifed and is no longer sup

[issue41183] [3.5] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-11 Thread Larry Hastings
Larry Hastings added the comment: It depends on whether or not I get any more fixes for the rest of the month. (Theoretically 3.5 support ends on Sep 13, but I decided to extend it to the end of the month.) I filed this on July 1, so it's already been two months, and the developer who

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-11 Thread Larry Hastings
Larry Hastings added the comment: Nope, it's not fixed. -- resolution: fixed -> stage: resolved -> needs patch status: closed -> open ___ Python tracker <https://bugs.python.or

[issue41716] SyntaxError: EOL while scanning string literal

2020-09-10 Thread Larry Hastings
Change by Larry Hastings : -- components: +Interpreter Core -Argument Clinic nosy: -larry ___ Python tracker <https://bugs.python.org/issue41716> ___ ___ Pytho

[issue39603] [security] http.client: HTTP Header Injection in the HTTP method

2020-09-03 Thread Larry Hastings
Larry Hastings added the comment: New changeset 524b8de630036a29ca340bc2ae6fd6dc7dda8f40 by Victor Stinner in branch '3.5': bpo-39603: Prevent header injection in http methods (GH-18485) (#21946) https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-08-17 Thread Larry Hastings
Larry Hastings added the comment: > Does testing with the environment variable OPENSSL_CONF=/non-existing-file > workaround the remaining issues? Sadly, no. I get the same failures whether or not that environment variable is set. And I confirmed that the environment variable su

[issue41004] [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface

2020-08-03 Thread Larry Hastings
Change by Larry Hastings : -- assignee: eric.smith -> status: open -> closed ___ Python tracker <https://bugs.python.org/issue41004> ___ ___ Python-bugs-

[issue41004] [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface

2020-08-03 Thread Larry Hastings
Larry Hastings added the comment: New changeset 11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 by Tapas Kundu in branch '3.5': [3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface (GH-21033) (#21233) https://github.com/python/cpython/commit

[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-08-03 Thread Larry Hastings
Larry Hastings added the comment: New changeset f205f1000a2d7f8b044caf281041b3705f293480 by Steve Dower in branch '3.5': [3.5] bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (GH-21297) (#21377) https://github.com/python/cpython/commit

[issue41459] pickle.load raises SystemError on malformed input

2020-08-02 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue41459> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-07-20 Thread Larry Hastings
Larry Hastings added the comment: I still don't understand why this is considered a Python security problem. If the user can put a malicious "python3.dll" at some arbitrary spot in the filesystem (e.g. a USB flash drive), and fool Python.exe into loading it, then surely they

[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-07-16 Thread Larry Hastings
Larry Hastings added the comment: I must have taken my stupid pills today. Why is this considered a "security" "release blocker"? If you can put files in the root of the hard drive where Windows was installed, surely you have other, e

[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings
Larry Hastings added the comment: New changeset cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84 by Petr Viktorin in branch '3.5': [3.5] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (#21489) https://github.com/python/cpython/commit/cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-16 Thread Larry Hastings
Larry Hastings added the comment: Ping? -- ___ Python tracker <https://bugs.python.org/issue41183> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Larry Hastings
Larry Hastings added the comment: Yes, please. It's a simple low-risk fix. And 3.5.10rc1 is stuck waiting for a fix anyway. Thanks! -- ___ Python tracker <https://bugs.python.org/issue39

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-09 Thread Larry Hastings
Larry Hastings added the comment: Any news? -- ___ Python tracker <https://bugs.python.org/issue41183> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset f52bf62fe12d46267e958f80dbe1f4425b55cd0f by Christian Heimes in branch '3.5': bpo-41183: Update finite DH params to 3072 bits (#21278) https://github.com/python/cpython/commit/f52bf62fe12d46267e958f80dbe1f4425b55cd0f

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: Gotcha. Thanks for looking into it for me. I don't think the world is super anxious about getting 3.5.10rc1 so it's not a big huge deal. But I will wait to hear back from you. Thanks! -- ___ Python tracker

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: Do you need a temporary login on one of my Pop!_OS computers, in order to test? -- ___ Python tracker <https://bugs.python.org/issue41

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: ./python -m test -v test_ssl >& test_ssl_verbose_36_master -- Added file: https://bugs.python.org/file49290/test_ssl_verbose_36_master ___ Python tracker <https://bugs.python.org/

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: I assume this is building against the system OpenSSL. On this machine, the "openssl", "libssl1.1", and "libssl-dev" packages are all version "1.1.1f-1ubuntu2". The OS is "Pop!_OS" version 20.04, w

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: The 3.6 branch of python/cpython fails as well on this machine. Output attached. -- Added file: https://bugs.python.org/file49288/test_ssl_36_branch ___ Python tracker <https://bugs.python.org/issue41

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: test_ssl was one of the seven modules that failed. But attached here is just the output of % ./python -m test -v test_ssl >& test_ssl_failure -- Added file: https://bugs.python.org/file49287/test_ssl_

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: Upgrading to release blocker. -- priority: high -> release blocker resolution: fixed -> stage: resolved -> needs patch status: closed -> open ___ Python tracker <https://bugs.python

[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: Christian: Help! Again! I merged your PR, pulled a fresh copy, built it, and ran the test suite. I get seven failures in I think the same modules. Most of the failures are either "ssl.SSLError: [SSL] internal error (_ssl.c:728)", or s

[issue34542] [TLS] Update test certs to future proof settings

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: I also needed a backport of this to 3.5. See #41183. Also, it looks like this issue should have been closed long ago, so I'll go ahead and do that. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions

[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: Thanks for the backport! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in branch '3.5': bpo-41183: Update test certs and keys (#21258) https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e

[issue34542] [TLS] Update test certs to future proof settings

2020-07-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in branch '3.5': bpo-41183: Update test certs and keys (#21258) https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e -- nosy: +larry

[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-01 Thread Larry Hastings
New submission from Larry Hastings : I'm testing 3.5.10rc1 on a freshly installed Linux (Pop!_OS 20.04), and I'm getting a lot of these test failures: ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951) Apparently the 2048 keys used in the tests are considered "too

[issue41170] Use strnlen instead of strlen when the size i known.

2020-07-01 Thread Larry Hastings
Larry Hastings added the comment: strnlen() isn't standard C, but an exciting new function strnlen_s() is, as of C11. https://en.cppreference.com/w/c/string/byte/strlen (At this rate, we should be able to code CPython using that standard in about 2030.) But! I found a 2005 thread

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue38576] CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()

2020-06-20 Thread Larry Hastings
Larry Hastings added the comment: New changeset 09d8172837b6985c4ad90ee025f6b5a554a9f0ac by Tapas Kundu in branch '3.5': [3.5] closes bpo-38576: Disallow control characters in hostnames in http.client. (#19300) https://github.com/python/cpython/commit

[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings
Larry Hastings added the comment: New changeset 37fe316479e0b6906a74b0c0a5e495c55037fdfd by Victor Stinner in branch '3.5': bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (#19305) https://github.com/python/cpython/commit/37fe316479e0b6906a74b0c0a5e495c55037fdfd

[issue39073] [security] email module incorrect handling of CR and LF newline characters in Address objects.

2020-06-12 Thread Larry Hastings
Larry Hastings added the comment: New changeset f91a0b6df14d6c5133fe3d5889fad7d84fc0c046 by Victor Stinner in branch '3.5': bpo-39073: validate Address parts to disallow CRLF (#19007) (#20450) https://github.com/python/cpython/commit/f91a0b6df14d6c5133fe3d5889fad7d84fc0c046 -- nosy

[issue39035] Travis CI fail on backports: pyvenv not installed

2020-06-12 Thread Larry Hastings
Larry Hastings added the comment: New changeset f88b578949a034f511dd1b4c1c161351b3ee0db8 by Inada Naoki in branch '3.5': bpo-39035: travis: Update image to xenial (#17623) https://github.com/python/cpython/commit/f88b578949a034f511dd1b4c1c161351b3ee0db8 -- nosy: +larry

[issue40179] Argument Clinic incorretly translates #elif

2020-04-04 Thread Larry Hastings
Larry Hastings added the comment: Good catch, and thanks for submitting a patch too! I want to play with your patch a little before I just say "yes of course". -- ___ Python tracker <https://bugs.python.o

[issue38804] Regular Expression Denial of Service in http.cookiejar

2020-04-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset 55a6a16a46239a71b635584e532feb8b17ae7fdf by Victor Stinner in branch '3.5': bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17344) https://github.com/python/cpython/commit/55a6a16a46239a71b635584e532feb8b17ae7fdf

[issue40156] CodeCov/patch job stills runs on pull requests on 3.5 and 3.6 branches

2020-04-02 Thread Larry Hastings
Larry Hastings added the comment: New changeset ed07522a5faa3101f68be8e4b8369310f60860f8 by Victor Stinner in branch '3.5': bpo-40156: Copy Codecov configuration from master (#19309) https://github.com/python/cpython/commit/ed07522a5faa3101f68be8e4b8369310f60860f8

[issue39704] Disable code coverage

2020-04-02 Thread Larry Hastings
Larry Hastings added the comment: Since explicit is better than implicit: yes, we do need backports. PRs against 3.5 are getting marked red because of automated codecov complaints. -- nosy: +larry ___ Python tracker <https://bugs.python.

[issue40156] CodeCov/patch job stills runs on pull requests on 3.5 and 3.6 branches

2020-04-02 Thread Larry Hastings
Larry Hastings added the comment: I need to do a little more reading on it, but I expect if you make an equivalent PR for 3.5 I'll merge it. Thanks for taking this on, Victor! -- ___ Python tracker <https://bugs.python.org/issue40

[issue38945] Remove newline characters from uu encoding methods

2020-03-21 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue38945] Remove newline characters from uu encoding methods

2020-03-20 Thread Larry Hastings
Larry Hastings added the comment: New changeset 8835f465fa94f114dcf865429c0410821d365dae by Ned Deily in branch '3.5': bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format (GH-17418) (GH-17444) (#17445) https://github.com/python/cpython/commit

[issue39511] [subinterpreters] Per-interpreter singletons (None, True, False, etc.)

2020-03-17 Thread Larry Hastings
Larry Hastings added the comment: > The problem with having a single immortal `None`, is that it will > cause data cache thrashing as two different CPUs modify the > refcount on the shared `None` object. That's a very reasonable theory. Personally, I find modern CPU architecture be

[issue39511] [subinterpreters] Per-interpreter singletons (None, True, False, etc.)

2020-03-16 Thread Larry Hastings
Larry Hastings added the comment: > We should do that for each singletons: > > * None (Py_None) > * True (Py_True) > * False (Py_False) > * Ellipsis (Py_Ellipsis) Aren't there a couple more lurking in the interpreter? E.g. empty tuple, empty frozenset. > That is

[issue39298] add BLAKE3 to hashlib

2020-02-12 Thread Larry Hastings
Larry Hastings added the comment: Personally I'm enjoying these BLAKE3 status updates, and I wouldn't mind at all being kept up-to-date during BLAKE3's development via messages on this issue. But, given the tenor of the conversation so far, I'm guessing Python is gonna hold off until

[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings
Larry Hastings added the comment: > Anyway, it's better to leave it to the experts: I'm not sure what you're suggesting here. I shouldn't try to understand how floating-point numbers are stored? -- ___ Python tracker <https://bugs.pyth

[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings
Larry Hastings added the comment: Aha! The crucial distinction is that IEEE 754 doubles have 52 bits of storage for the mantissa, but folks (e.g. Wikipedia, Mark Dickinson) describe this as "53 bits of precision" because that's easier saying "52 bits but you don't have to st

[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings
Larry Hastings added the comment: Yes, but you get the first 1 bit for free. So it actually only uses 30 bits of storage inside the double. This is apparently called "leading bit convention": https://en.wikipedia.org/wiki/IEEE_754#Representation_and_encoding

[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings
Larry Hastings added the comment: p.s. for what it's worth: I re-checked my math and as usual I goofed. It takes *30* bits to store the non-fractional seconds part of the current time in a double, leaving 23 bits for the fractional part, so we're *7* bits short

[issue39484] time_ns() and time() cannot be compared on windows

2020-02-03 Thread Larry Hastings
Larry Hastings added the comment: > The problem is that there is a double rounding in > time = float(time_ns) / 1e9 > 1. When convert time_ns to float. > 2. When divide it by 1e9. I'm pretty sure that in Python 3, if you say c = a / b and a and b are both "singl

[issue39484] time_ns() and time() cannot be compared on windows

2020-01-31 Thread Larry Hastings
Larry Hastings added the comment: (Oh, wow, Victor, you wrote all that while I was writing my reply. ;-) -- ___ Python tracker <https://bugs.python.org/issue39

[issue39484] time_ns() and time() cannot be compared on windows

2020-01-31 Thread Larry Hastings
Larry Hastings added the comment: I don't think this is fixable, because it's not exactly a bug. The problem is we're running out of bits. In converting the time around, we've lost some precision. So the times that come out of time.time() and time.time_ns() should not be considered

[issue39298] add BLAKE3 to hashlib

2020-01-27 Thread Larry Hastings
Larry Hastings added the comment: I just tried it with clang, and uff-da! 2,737,446,868 bytes/sec! p.s. I compiled with -O3 for both gcc and clang -- ___ Python tracker <https://bugs.python.org/issue39

[issue39298] add BLAKE3 to hashlib

2020-01-27 Thread Larry Hastings
Larry Hastings added the comment: I gave it a go. And yup, I see a definite improvement: it jumped from 1,583,326,242 bytes/sec to 2,376,741,703 bytes/sec on my Intel laptop using AVX2. A 50% improvement! I also *think* I'm seeing a 10% improvement in ARM using NEON. On my DE10-Nano

[issue39298] add BLAKE3 to hashlib

2020-01-13 Thread Larry Hastings
Larry Hastings added the comment: According to my order details it is a "8th Generation Intel Core i7-8650U". -- ___ Python tracker <https://bugs.python.o

[issue39298] add BLAKE3 to hashlib

2020-01-11 Thread Larry Hastings
Larry Hastings added the comment: For what it's worth, I spent some time producing clean benchmarks. All these were run on the same laptop, and all pre-load the same file (406668786 bytes) and run one update() on the whole thing to minimize overhead. K12 and BLAKE3 are using a hand

[issue39298] add BLAKE3 to hashlib

2020-01-10 Thread Larry Hastings
New submission from Larry Hastings : >From 3/4 of the team that brought you BLAKE2, now comes... BLAKE3! https://github.com/BLAKE3-team/BLAKE3 BLAKE3 is a brand new hashing function. It's fast, it's paralellizeable, and unlike BLAKE2 there's only one variant. I've experimen

[issue31026] test_dbm fails when run directly

2019-10-29 Thread Larry Hastings
Larry Hastings added the comment: New changeset d7b336fe5d54f73c758802df426e06e8a674bd63 by Larry Hastings (Serhiy Storchaka) in branch '3.5': [3.5] bpo-31026: Fix test_dbm if dbm.ndbm is build with Berkeley DB. (GH-6632) https://github.com/python/cpython/commit

[issue38243] A reflected XSS in python/Lib/DocXMLRPCServer.py

2019-10-28 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed status: open -> closed ___ Python tracker <https://bugs.python.org/issue38243> ___ ___ Python-bugs-list

[issue38243] A reflected XSS in python/Lib/DocXMLRPCServer.py

2019-10-28 Thread Larry Hastings
Larry Hastings added the comment: New changeset 3fe1b19265b55c290fc956e9aafcf661803782de by larryhastings (Victor Stinner) in branch '3.5': bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441) (#16516) https://github.com/python/cpython/commit

[issue31026] test_dbm fails when run directly

2019-10-28 Thread Larry Hastings
Larry Hastings added the comment: For what it's worth, I'm cherry-picking this back into 3.5 for 3.5.8 final. I (finally?) got bit by this, and since the patch is literally only changes in the Lib/test directory I consider it safe to merge even after 3.5.8rc2. (I was in a bit of a hurry

[issue12178] csv writer doesn't escape escapechar

2019-10-22 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue12178> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue12178] csv writer doesn't escape escapechar

2019-10-22 Thread Larry Hastings
Change by Larry Hastings : -- versions: +Python 3.8, Python 3.9 -Python 3.5, Python 3.6 ___ Python tracker <https://bugs.python.org/issue12178> ___ ___ Python-bug

[issue36274] http.client cannot send non-ASCII request lines

2019-10-12 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

2019-10-08 Thread Larry Hastings
Larry Hastings added the comment: New changeset c386c8b06c6e92786f083ef6aba27b37087fdd20 by larryhastings (Victor Stinner) in branch '3.5': closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434) https://github.com/python/cpython/commit

[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-10-08 Thread Larry Hastings
Change by Larry Hastings : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <https://bugs.python.or

[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-10-08 Thread Larry Hastings
Larry Hastings added the comment: New changeset 2784e78dc3445c6dd59e915d86c336374c1fa09a by larryhastings (Jason R. Coombs) in branch '3.5': [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448) (#16475) https://github.com/python

[issue36274] http.client cannot send non-ASCII request lines

2019-10-08 Thread Larry Hastings
Larry Hastings added the comment: New changeset 2784e78dc3445c6dd59e915d86c336374c1fa09a by larryhastings (Jason R. Coombs) in branch '3.5': [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448) (#16475) https://github.com/python

[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-09-28 Thread Larry Hastings
Larry Hastings added the comment: So, following this recent flurry of activity, all that remains are to sort out 2.7 and 3.5. 3.5.8 is still in a holding pattern; at this point I think I'm going to insert another RC, so I can add the new version of expat. Will a makes-everyone-happy PR

[issue38216] Fix for issue30458 prevents crafting invalid requests

2019-09-19 Thread Larry Hastings
Larry Hastings added the comment: FWIW I planned to tag and release 3.5.8 final early next week. I don't have the domain knowledge to assess the severity of this bug--much less pitch in and help fix it--so I suspect this will simply hold up 3.5.8 final. Depending on the complexity

[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

2019-09-18 Thread Larry Hastings
Larry Hastings added the comment: Should we open a separate issue to track fixing the regression? -- ___ Python tracker <https://bugs.python.org/issue30

[issue38141] Use fewer statics in Argument Clinic.

2019-09-13 Thread Larry Hastings
Larry Hastings added the comment: shared objects x threads = contention for notification of invalidated cache lines If you're not running multiple threads, there's no problem. If it's only a few shared objects, it probably wouldn't be a big deal. As they say in medicine: "the dose

[issue38141] Use fewer statics in Argument Clinic.

2019-09-12 Thread Larry Hastings
Change by Larry Hastings : -- title: Use less statics in Argument Clinic. -> Use fewer statics in Argument Clinic. ___ Python tracker <https://bugs.python.org/issu

[issue37461] email.parser.Parser hang

2019-09-07 Thread Larry Hastings
Larry Hastings added the comment: New changeset c28e4a5160d3283b12514c7c28ed6e0a2a52271a by larryhastings (Abhilash Raj) in branch '3.5': [3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email headers (GH-14794) (#15446) https://github.com/python/cpython/commit

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-09-07 Thread Larry Hastings
Larry Hastings added the comment: New changeset 095373c32d16df575ba5fcb5f44bf44119b26193 by larryhastings (Victor Stinner) in branch '3.5': bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) (GH-13814) (#14772) https://github.com/python/cpython/commit

[issue36576] Some test_ssl and test_asyncio tests fail with OpenSSL 1.1.1 on Python 3.4 and 3.5

2019-09-07 Thread Larry Hastings
Larry Hastings added the comment: New changeset 4d1c2541c125fe9d211016193ebfd5899a8511aa by larryhastings (Victor Stinner) in branch '3.5': bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 (#12694) https://github.com/python/cpython/commit

[issue34155] email.utils.parseaddr mistakenly parse an email

2019-09-06 Thread Larry Hastings
Larry Hastings added the comment: All PRs merged. Thanks, everybody! -- resolution: -> fixed status: open -> closed ___ Python tracker <https://bugs.python.org/i

[issue34155] email.utils.parseaddr mistakenly parse an email

2019-09-06 Thread Larry Hastings
Larry Hastings added the comment: New changeset 063eba280a11d3c9a5dd9ee5abe4de640907951b by larryhastings (Abhilash Raj) in branch '3.5': [3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317) https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b

[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

2019-07-14 Thread Larry Hastings
Larry Hastings added the comment: New changeset afe3a4975cf93c97e5d6eb8800e48f368011d37a by larryhastings (Miro HronĨok) in branch '3.5': bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207) https://github.com/python/cpython/commit/afe3a4975cf93c97e5d6eb8800e48f368011d37a

[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread Larry Hastings
Larry Hastings added the comment: New changeset 4655d576141ee56a69d2052431c636858fcb916a by larryhastings (Steve Dower) in branch '3.5': bpo-36742: Fixes handling of pre-normalization characters in urlsplit() (GH-13017) (#13042) https://github.com/python/cpython/commit

[issue35907] [security][CVE-2019-9948] Unnecessary URL scheme exists to allow local_file:// reading file in urllib

2019-07-14 Thread Larry Hastings
Larry Hastings added the comment: New changeset 4fe82a8eef7aed60de05bfca0f2c322730ea921e by larryhastings (Victor Stinner) in branch '3.5': bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) (GH-13505) (#13510) https://github.com/python/cpython/commit

[issue36816] self-signed.pythontest.net TLS certificate key is too weak

2019-07-13 Thread Larry Hastings
Larry Hastings added the comment: New changeset 221178aea686abf13ff92b7e2b5ed3e739a53b3f by larryhastings (Gregory P. Smith) in branch '3.5': [3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (#13200) https://github.com/python/cpython/commit

[issue33326] Convert collections (cmp_op, hasconst, hasname and others) in opcode module to more optimal type

2019-07-13 Thread Larry Hastings
Larry Hastings added the comment: Maynard is unsupported; it only understands the old bytecode format, pre-3.6 16-bit "wordcode". https://docs.python.org/3.6/whatsnew/3.6.html#optimizations -- ___ Python tracker <https://bu

[issue37003] ast unparse does not support f-string new debug format.

2019-05-21 Thread Larry Hastings
Change by Larry Hastings : -- assignee: -> eric.smith nosy: +eric.smith ___ Python tracker <https://bugs.python.org/issue37003> ___ ___ Python-bugs-list mai

[issue36963] PyDict_GetItem SegFaults on simple dictionary lookup when using Ctypes

2019-05-19 Thread Larry Hastings
Larry Hastings added the comment: Inada-san, while it is best to not call PyDict_ functions without holding the GIL, it doesn't matter unless one creates a second thread. The GIL doesn't even exist until Python creates a second thread. But, I too don't want bugs.python.org to become

[issue36963] PyDict_GetItem SegFaults on simple dictionary lookup when using Ctypes

2019-05-19 Thread Larry Hastings
Larry Hastings added the comment: It's not surprising that you crashed the CPython interpreter by using ctypes--it's very easy to do by accident, or via a bug in your own code. That's why we don't accept crash reports involving ctypes. Also, it's rude to "nosy" so many people, pa

[issue36863] argparse doesn't like options in the middle of arguments

2019-05-09 Thread Larry Hastings
Change by Larry Hastings : -- nosy: -larry ___ Python tracker <https://bugs.python.org/issue36863> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue21820] unittest: unhelpful truncating of long strings.

2019-05-08 Thread Larry Hastings
Larry Hastings added the comment: This bug is marked only for 3.4, and 3.4 is now EOL. Either it should be relocated to an active version, or it should be marked wontfix. -- nosy: +larry ___ Python tracker <https://bugs.python.org/issue21

  1   2   3   4   5   6   7   8   9   10   >