[issue7946] Convoy effect with I/O bound threads and New GIL

2020-10-02 Thread Larry Hastings


Larry Hastings  added the comment:

FWIW: I think David's cited behavior proves that the GIL is de facto a 
scheduler.  And, in case you missed it, scheduling is a hard problem, and not a 
solved problem.  There are increasingly complicated schedulers with new 
approaches and heuristics.  They're getting better and better... as well as 
more and more complex.  BFS is an example of that trend from ten years ago.  
But the Linux kernel has been shy about merging it, not sure why (technical 
deficiency? licensing problem? personality conflict? the name?).

I think Python's current thread scheduling approach is almost certainly too 
simple.  My suspicion is that we should have a much more elaborate 
scheduler--which hopefully would fix most (but not all!) of these sorts of 
pathological performance regressions.  But that's going to be a big patch, and 
it's going to need a champion, and that champion would have to be more educated 
about it than I am, so I don't think it's gonna be me.

--

___
Python tracker 
<https://bugs.python.org/issue7946>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] [3.5] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-29 Thread Larry Hastings


Larry Hastings  added the comment:

A day and a half to go!  Again, assuming that this won't be fixed and 3.5 will 
go EOL without supporting this year's Linux distro updates.

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39603] [security] http.client: HTTP Header Injection in the HTTP method

2020-09-28 Thread Larry Hastings


Larry Hastings  added the comment:

> Also note that httplib (python-2.7.18) seems to be affected too. Any 
> particular reason for it not to be listed in the same vulnerability page?

Yes: 2.7 has been end-of-lifed and is no longer supported.

--

___
Python tracker 
<https://bugs.python.org/issue39603>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] [3.5] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-11 Thread Larry Hastings


Larry Hastings  added the comment:

It depends on whether or not I get any more fixes for the rest of the month.  
(Theoretically 3.5 support ends on Sep 13, but I decided to extend it to the 
end of the month.)

I filed this on July 1, so it's already been two months, and the developer who 
would handle this has stopped replying.  If I don't get a fix for this issue 
before the end of the month, then 3.5.10 will be the last release of 3.5 and 
this will simply go unfixed.

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-09-11 Thread Larry Hastings


Larry Hastings  added the comment:

Nope, it's not fixed.

--
resolution: fixed -> 
stage: resolved -> needs patch
status: closed -> open

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41716] SyntaxError: EOL while scanning string literal

2020-09-10 Thread Larry Hastings


Change by Larry Hastings :


--
components: +Interpreter Core -Argument Clinic
nosy:  -larry

___
Python tracker 
<https://bugs.python.org/issue41716>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39603] [security] http.client: HTTP Header Injection in the HTTP method

2020-09-03 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 524b8de630036a29ca340bc2ae6fd6dc7dda8f40 by Victor Stinner in 
branch '3.5':
bpo-39603: Prevent header injection in http methods (GH-18485) (#21946)
https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39603>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-08-17 Thread Larry Hastings


Larry Hastings  added the comment:

> Does testing with the environment variable OPENSSL_CONF=/non-existing-file 
> workaround the remaining issues?

Sadly, no.  I get the same failures whether or not that environment variable is 
set.  And I confirmed that the environment variable survives Python's testing 
harness, it doesn't get unset or overwritten.

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41004] [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface

2020-08-03 Thread Larry Hastings


Change by Larry Hastings :


--
assignee: eric.smith -> 
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue41004>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41004] [CVE-2020-14422] Hash collisions in IPv4Interface and IPv6Interface

2020-08-03 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1 by Tapas Kundu in branch 
'3.5':
[3.5] bpo-41004: Resolve hash collisions for IPv4Interface and IPv6Interface 
(GH-21033) (#21233)
https://github.com/python/cpython/commit/11d258ceafdf60ab3840f9a5700f2d0ad3e2e2d1


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue41004>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-08-03 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset f205f1000a2d7f8b044caf281041b3705f293480 by Steve Dower in branch 
'3.5':
[3.5] bpo-29778: Ensure python3.dll is loaded from correct locations when 
Python is embedded (GH-21297) (#21377)
https://github.com/python/cpython/commit/f205f1000a2d7f8b044caf281041b3705f293480


--

___
Python tracker 
<https://bugs.python.org/issue29778>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41459] pickle.load raises SystemError on malformed input

2020-08-02 Thread Larry Hastings


Change by Larry Hastings :


--
nosy:  -larry

___
Python tracker 
<https://bugs.python.org/issue41459>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-07-20 Thread Larry Hastings


Larry Hastings  added the comment:

I still don't understand why this is considered a Python security problem.  If 
the user can put a malicious "python3.dll" at some arbitrary spot in the 
filesystem (e.g. a USB flash drive), and fool Python.exe into loading it, then 
surely they could put an arbitrary executable at that same spot and launch it 
directly.  And that seems way more straightforward.  Why would anyone bother 
with this?

--

___
Python tracker 
<https://bugs.python.org/issue29778>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue29778] [CVE-2020-15523] _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath

2020-07-16 Thread Larry Hastings


Larry Hastings  added the comment:

I must have taken my stupid pills today.  Why is this considered a "security" 
"release blocker"?  If you can put files in the root of the hard drive where 
Windows was installed, surely you have other, easier attack vectors.

--

___
Python tracker 
<https://bugs.python.org/issue29778>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue39017>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39017] Infinite loop in the tarfile module

2020-07-16 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84 by Petr Viktorin in 
branch '3.5':
[3.5] bpo-39017: Avoid infinite loop in the tarfile module (GH-21454) (#21489)
https://github.com/python/cpython/commit/cac9ca8ed99bd98f4c0dcd1913a146192bf5ee84


--

___
Python tracker 
<https://bugs.python.org/issue39017>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-16 Thread Larry Hastings


Larry Hastings  added the comment:

Ping?

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39017] Infinite loop in the tarfile module

2020-07-15 Thread Larry Hastings


Larry Hastings  added the comment:

Yes, please.  It's a simple low-risk fix.  And 3.5.10rc1 is stuck waiting for a 
fix anyway.  Thanks!

--

___
Python tracker 
<https://bugs.python.org/issue39017>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-09 Thread Larry Hastings


Larry Hastings  added the comment:

Any news?

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset f52bf62fe12d46267e958f80dbe1f4425b55cd0f by Christian Heimes in 
branch '3.5':
bpo-41183: Update finite DH params to 3072 bits (#21278)
https://github.com/python/cpython/commit/f52bf62fe12d46267e958f80dbe1f4425b55cd0f


--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

Gotcha.  Thanks for looking into it for me.  I don't think the world is super 
anxious about getting 3.5.10rc1 so it's not a big huge deal.  But I will wait 
to hear back from you.  Thanks!

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

Do you need a temporary login on one of my Pop!_OS computers, in order to test?

--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

./python -m test -v test_ssl >& test_ssl_verbose_36_master

--
Added file: https://bugs.python.org/file49290/test_ssl_verbose_36_master

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

I assume this is building against the system OpenSSL.  On this machine, the 
"openssl", "libssl1.1", and "libssl-dev" packages are all version 
"1.1.1f-1ubuntu2".

The OS is "Pop!_OS" version 20.04, which is a derivative of Ubuntu 20.04.  It 
appears to be getting this package straight out of the Ubuntu package repo.  
The maintainer is listed as "Ubuntu Developers 
".

Attached is the revision history, copied and pasted out of the package 
manager's "changelog".

--
Added file: https://bugs.python.org/file49289/openssl.revision.history.txt

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

The 3.6 branch of python/cpython fails as well on this machine.  Output 
attached.

--
Added file: https://bugs.python.org/file49288/test_ssl_36_branch

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

test_ssl was one of the seven modules that failed.  But attached here is just 
the output of

% ./python -m test -v test_ssl >& test_ssl_failure

--
Added file: https://bugs.python.org/file49287/test_ssl_failure

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

Upgrading to release blocker.

--
priority: high -> release blocker
resolution: fixed -> 
stage: resolved -> needs patch
status: closed -> open

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL ".._KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

Christian:  Help!  Again!

I merged your PR, pulled a fresh copy, built it, and ran the test suite.  I get 
seven failures in I think the same modules.

Most of the failures are either "ssl.SSLError: [SSL] internal error 
(_ssl.c:728)", or some flavor of "OSError: [Errno 0] Error".  Sadly not helpful.

But!  Occasionally the test suite prints a very telling error:

ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:3233)

Attached is the output of running just those seven tests.  (One test is now 
working, not sure why.)

Obviously these tests pass on the buildbots, I assume that's because their 
OpenSSL is slightly older.  But I don't think I can ship 3.5.10rc1 if it won't 
build with current OpenSSL.

You should be able to simply pull the current 3.5 head 
(d565be84993a3d618add139cf21038e12c60a13e) to reproduce the error.

--
title: Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures -> Workaround 
or fix for SSL ".._KEY_TOO_SMALL" test failures
Added file: https://bugs.python.org/file49286/failures

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue34542] [TLS] Update test certs to future proof settings

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

I also needed a backport of this to 3.5.  See #41183.

Also, it looks like this issue should have been closed long ago, so I'll go 
ahead and do that.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.5

___
Python tracker 
<https://bugs.python.org/issue34542>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:

Thanks for the backport!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in 
branch '3.5':
bpo-41183: Update test certs and keys (#21258)
https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e


--

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue34542] [TLS] Update test certs to future proof settings

2020-07-02 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset d565be84993a3d618add139cf21038e12c60a13e by Christian Heimes in 
branch '3.5':
bpo-41183: Update test certs and keys (#21258)
https://github.com/python/cpython/commit/d565be84993a3d618add139cf21038e12c60a13e


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue34542>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41183] Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures

2020-07-01 Thread Larry Hastings


New submission from Larry Hastings :

I'm testing 3.5.10rc1 on a freshly installed Linux (Pop!_OS 20.04), and I'm 
getting a lot of these test failures:

ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:2951)

Apparently the 2048 keys used in the tests are considered "too small" with 
brand-new builds of the SSL library.

Christian: you upgraded the test suite keys to 3072 bits back in 2018 (issue 
#34542), but didn't backport this as far as 3.5 because it was in 
security-fixes-only mode.  I experimented with taking your patch to 3.6 and 
applying it to 3.5, but 80% of the patches didn't apply cleanly.  Could you 
either backport this upgrade to 3.5 (I'll happily accept the PR), or advise me 
on how to otherwise mitigate the problem?  I don't really want to turn off all 
those tests.  Thanks!

--
assignee: christian.heimes
components: Tests
messages: 372755
nosy: christian.heimes, larry
priority: high
severity: normal
stage: needs patch
status: open
title: Workaround or fix for SSL "EE_KEY_TOO_SMALL" test failures
type: crash
versions: Python 3.5

___
Python tracker 
<https://bugs.python.org/issue41183>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue41170] Use strnlen instead of strlen when the size i known.

2020-07-01 Thread Larry Hastings


Larry Hastings  added the comment:

strnlen() isn't standard C, but an exciting new function strnlen_s() is, as of 
C11.

https://en.cppreference.com/w/c/string/byte/strlen

(At this rate, we should be able to code CPython using that standard in about 
2030.)

But!  I found a 2005 thread on /. talking about strnlen in MSVC.  So maybe it's 
there.  Though Microsoft has this funny habit of putting an underscore in front 
of C library functions that aren't standard, so maybe it's _strnlen().

--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue41170>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue39503>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38576] CVE-2019-18348: CRLF injection via the host part of the url passed to urlopen()

2020-06-20 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 09d8172837b6985c4ad90ee025f6b5a554a9f0ac by Tapas Kundu in branch 
'3.5':
[3.5] closes bpo-38576: Disallow control characters in hostnames in 
http.client. (#19300)
https://github.com/python/cpython/commit/09d8172837b6985c4ad90ee025f6b5a554a9f0ac


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue38576>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39503] [security][CVE-2020-8492] Denial of service in urllib.request.AbstractBasicAuthHandler

2020-06-20 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 37fe316479e0b6906a74b0c0a5e495c55037fdfd by Victor Stinner in 
branch '3.5':
bpo-39503: CVE-2020-8492: Fix AbstractBasicAuthHandler (GH-18284) (#19305)
https://github.com/python/cpython/commit/37fe316479e0b6906a74b0c0a5e495c55037fdfd


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39503>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39073] [security] email module incorrect handling of CR and LF newline characters in Address objects.

2020-06-12 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset f91a0b6df14d6c5133fe3d5889fad7d84fc0c046 by Victor Stinner in 
branch '3.5':
bpo-39073: validate Address parts to disallow CRLF (#19007) (#20450)
https://github.com/python/cpython/commit/f91a0b6df14d6c5133fe3d5889fad7d84fc0c046


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39073>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39035] Travis CI fail on backports: pyvenv not installed

2020-06-12 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset f88b578949a034f511dd1b4c1c161351b3ee0db8 by Inada Naoki in branch 
'3.5':
bpo-39035: travis: Update image to xenial (#17623)
https://github.com/python/cpython/commit/f88b578949a034f511dd1b4c1c161351b3ee0db8


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39035>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue40179] Argument Clinic incorretly translates #elif

2020-04-04 Thread Larry Hastings


Larry Hastings  added the comment:

Good catch, and thanks for submitting a patch too!  I want to play with your 
patch a little before I just say "yes of course".

--

___
Python tracker 
<https://bugs.python.org/issue40179>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38804] Regular Expression Denial of Service in http.cookiejar

2020-04-02 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 55a6a16a46239a71b635584e532feb8b17ae7fdf by Victor Stinner in 
branch '3.5':
bpo-38804: Fix REDoS in http.cookiejar (GH-17157) (#17344)
https://github.com/python/cpython/commit/55a6a16a46239a71b635584e532feb8b17ae7fdf


--

___
Python tracker 
<https://bugs.python.org/issue38804>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue40156] CodeCov/patch job stills runs on pull requests on 3.5 and 3.6 branches

2020-04-02 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset ed07522a5faa3101f68be8e4b8369310f60860f8 by Victor Stinner in 
branch '3.5':
bpo-40156: Copy Codecov configuration from master (#19309)
https://github.com/python/cpython/commit/ed07522a5faa3101f68be8e4b8369310f60860f8


--

___
Python tracker 
<https://bugs.python.org/issue40156>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39704] Disable code coverage

2020-04-02 Thread Larry Hastings


Larry Hastings  added the comment:

Since explicit is better than implicit: yes, we do need backports.  PRs against 
3.5 are getting marked red because of automated codecov complaints.

--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39704>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue40156] CodeCov/patch job stills runs on pull requests on 3.5 and 3.6 branches

2020-04-02 Thread Larry Hastings


Larry Hastings  added the comment:

I need to do a little more reading on it, but I expect if you make an 
equivalent PR for 3.5 I'll merge it.  Thanks for taking this on, Victor!

--

___
Python tracker 
<https://bugs.python.org/issue40156>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38945] Remove newline characters from uu encoding methods

2020-03-21 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue38945>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38945] Remove newline characters from uu encoding methods

2020-03-20 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 8835f465fa94f114dcf865429c0410821d365dae by Ned Deily in branch 
'3.5':
bpo-38945: UU Encoding: Don't let newline in filename corrupt the output format 
(GH-17418) (GH-17444) (#17445)
https://github.com/python/cpython/commit/8835f465fa94f114dcf865429c0410821d365dae


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue38945>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39511] [subinterpreters] Per-interpreter singletons (None, True, False, etc.)

2020-03-17 Thread Larry Hastings


Larry Hastings  added the comment:

> The problem with having a single immortal `None`, is that it will
> cause data cache thrashing as two different CPUs modify the
> refcount on the shared `None` object.

That's a very reasonable theory. Personally, I find modern CPU architecture 
bewildering and unpredictable.  So I'd prefer it if somebody tests such 
performance claims, rather than simply asserting them and having that be the 
final design.

--

___
Python tracker 
<https://bugs.python.org/issue39511>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39511] [subinterpreters] Per-interpreter singletons (None, True, False, etc.)

2020-03-16 Thread Larry Hastings


Larry Hastings  added the comment:

> We should do that for each singletons:
> 
> * None (Py_None)
> * True (Py_True)
> * False (Py_False)
> * Ellipsis (Py_Ellipsis)

Aren't there a couple more lurking in the interpreter?  E.g. empty tuple, empty 
frozenset.


> That is exactly why I didn't propose a change to them.
> The singletons still are refcounted as usual,
> just that their ob_refcnt is ignored.
> If they somehow reach 0, they just "resurrect" themselves
> and ignore the regular collection behavior.

That seems like a very good idea!  They don't even need to "resurrect" 
themselves--we just ensure tp_dealloc is a no-op for those special values.  If 
we do that, different threads and different interpreters can change ob_refcnt 
willy-nilly, there can be unsafe races between threads, the value could no 
longer make any sense--but as long as we never free the object, it's all 
totally fine.

(Actually: tp_dealloc shouldn't be a no-op--it should add a million to the 
reference count for these special objects, to forestall future irrelevant calls 
to tp_dealloc.)

This might have minor deleterious effects, e.g. sys.getrefcount() would return 
misleading results for such objects.  I think that's acceptable.

--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue39511>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-02-12 Thread Larry Hastings


Larry Hastings  added the comment:

Personally I'm enjoying these BLAKE3 status updates, and I wouldn't mind at all 
being kept up-to-date during BLAKE3's development via messages on this issue.  
But, given the tenor of the conversation so far, I'm guessing Python is gonna 
hold off until BLAKE3 reaches 1.0.

--

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings


Larry Hastings  added the comment:

> Anyway, it's better to leave it to the experts:

I'm not sure what you're suggesting here.  I shouldn't try to understand how 
floating-point numbers are stored?

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings


Larry Hastings  added the comment:

Aha!  The crucial distinction is that IEEE 754 doubles have 52 bits of storage 
for the mantissa, but folks (e.g. Wikipedia, Mark Dickinson) describe this as 
"53 bits of precision" because that's easier saying "52 bits but you don't have 
to store the leading 1 bit".

To round the bases: the actual physical storage of a double is 1 sign bit + 52 
mantissa bits + 11 exponent bits = 64 bits.  The current time in seconds is 31 
bits, but we get the leading 1 for free so it only takes up 30 bits of the 
mantissa.  Therefore we only have 22 bits of precision left for the fractional 
second, therefore we're 8 bits short of being able to represent every billionth 
of a second.  We can represent approximately 0.4% of all distinct billionths of 
a second, which is just sliiightly more than 1/256 (0.39%).

Just to totally prove it to myself, I wrote a brute-force Python program.  It 
starts with 1581261916, then for i in range(one_billion) it adds i / 
one_billion to that number.  It then checks to see if that result is different 
from the previous result.  It detected 4194304 times the result was different, 
which is exactly 2**22.  QED.


p.s. I knew in my heart that I would never *actually* correct Mark Dickinson on 
something regarding floating point numbers

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings


Larry Hastings  added the comment:

Yes, but you get the first 1 bit for free.  So it actually only uses 30 bits of 
storage inside the double.

This is apparently called "leading bit convention":

https://en.wikipedia.org/wiki/IEEE_754#Representation_and_encoding_in_memory

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-02-09 Thread Larry Hastings


Larry Hastings  added the comment:

p.s. for what it's worth: I re-checked my math and as usual I goofed.  It takes 
*30* bits to store the non-fractional seconds part of the current time in a 
double, leaving 23 bits for the fractional part, so we're *7* bits short.

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-02-03 Thread Larry Hastings


Larry Hastings  added the comment:

> The problem is that there is a double rounding in
> time = float(time_ns) / 1e9
> 1. When convert time_ns to float.
> 2. When divide it by 1e9.

I'm pretty sure that in Python 3, if you say
   c = a / b
and a and b are both "single-digit" integers, it first converts them both into 
doubles and then performs the divide.  See long_true_divide() in 
Objects/longobject.c, starting (currently) at line 3938.

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-01-31 Thread Larry Hastings


Larry Hastings  added the comment:

(Oh, wow, Victor, you wrote all that while I was writing my reply. ;-)

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39484] time_ns() and time() cannot be compared on windows

2020-01-31 Thread Larry Hastings


Larry Hastings  added the comment:

I don't think this is fixable, because it's not exactly a bug.  The problem is 
we're running out of bits.  In converting the time around, we've lost some 
precision.  So the times that come out of time.time() and time.time_ns() should 
not be considered directly comparable.

Both functions, time.time() and time.time_ns(), call the same underlying 
function to get the current time.  That function is_PyTime_GetSystemClock(); it 
returns nanoseconds since the 1970 epoch, stored in an int64.  Each function 
then simply converts that time into its return format and returns that.

In the case of time.time_ns(), it loses no precision whatsoever.  In the case 
of time.time(), it (usually) converts to double and divides by 1e9, which is 
implicitly floor rounding.

Back-of-the-envelope math here: An IEEE double has 53 bits of resolution for 
the mantissa, not counting the leading 1. The current time in seconds since the 
1970 epoch uses about 29 bits of those 53 bits.  That leaves 24 bits for the 
fractional second.  But you'd need 30 bits to render all one billion fractional 
values.  We're six bits short.

Unless anybody has an amazing suggestion about how to ameliorate this 
situation, I think we should close this as wontfix.

--

___
Python tracker 
<https://bugs.python.org/issue39484>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-01-27 Thread Larry Hastings


Larry Hastings  added the comment:

I just tried it with clang, and uff-da!  2,737,446,868 bytes/sec!

p.s. I compiled with -O3 for both gcc and clang

--

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-01-27 Thread Larry Hastings


Larry Hastings  added the comment:

I gave it a go.  And yup, I see a definite improvement: it jumped from 
1,583,326,242 bytes/sec to 2,376,741,703 bytes/sec on my Intel laptop using 
AVX2.  A 50% improvement!

I also *think* I'm seeing a 10% improvement in ARM using NEON.  On my DE10-Nano 
board, BLAKE3 portable gets about 50mb/sec, and now BLAKE3 using NEON gets 
about 55mb/sec.  (Roughly.)  I might have goofed up on the old benchmarks 
though, or just not written down the final correct numbers.

I observed no statistically significant performance change in the no-SIMD 
builds on Intel and ARM.

p.s. in my previous comment with that table of benchmarks I said "mb/sec".  I 
meant "bytes/sec".  Oops!

--

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-01-13 Thread Larry Hastings


Larry Hastings  added the comment:

According to my order details it is a "8th Generation Intel Core i7-8650U".

--

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-01-11 Thread Larry Hastings


Larry Hastings  added the comment:

For what it's worth, I spent some time producing clean benchmarks.  All these 
were run on the same laptop, and all pre-load the same file (406668786 bytes) 
and run one update() on the whole thing to minimize overhead.  K12 and BLAKE3 
are using a hand-written C driver, and compiled with both gcc and clang; all 
the rest of the algorithms are from hashlib.new, python3 configured with 
--enable-optimizations and compiled with gcc.  K12 and BLAKE3 support several 
SIMD extensions; this laptop only has AVX2 (no AVX512).  All these numbers are 
the best of 3.  All tests were run in a single thread.

-+--+--++---
   hash algorithm|elapsed s |mb/sec|size|hash
-+--+--++---
  K12-Haswell 0.176949   2298224495  64  24693954fa0dfb059f99...
K12-Haswell-clang 0.181968   2234841926  64  24693954fa0dfb059f99...
BLAKE3-AVX2-clang 0.250482   1623547723  64  30149a073eab69f76583...
  BLAKE3-AVX2 0.256845   1583326242  64  30149a073eab69f76583...
  md4 0.37684668 1079135924  32  d8a66422a4f0ae430317...
 sha1 0.46739069  870083193  40  a7488d7045591450ded9...
K12-clang 0.498058816509323  64  24693954fa0dfb059f99...
   BLAKE3 0.561470724292378  64  30149a073eab69f76583...
  K12 0.569490714093306  64  24693954fa0dfb059f99...
 BLAKE3-clang 0.57374370881  64  30149a073eab69f76583...
  blake2b 0.58276098  697831191 128  809ca44337af39792f8f...
  md5 0.59936016  678504863  32  306d7de4d1622384b976...
   sha384 0.64208886  633352818  96  b107ce5d086e9757efa7...
   sha512_224 0.66094102  615287556  56  90931762b9e553bd07f3...
   sha512_256 0.66465768  611846969  64  27b03aacdfbde1c2628e...
   sha512 0.6776549   600111921 128  f0af29e2019a6094365b...
  blake2s 0.86828375  468359318  64  02bee0661cd88aa2be15...
   sha256 0.97720436  416155312  64  48b5243cfcd90d84cd3f...
   sha224 1.0255457   396538907  56  10fb56b87724d59761c6...
shake_128 1.0895037   373260576  32  2ec12727ac9d59c2e842...
 md5-sha1 1.1171806   364013470  72  306d7de4d1622384b976...
 sha3_224 1.2059123   337229156  56  93eaf083ca3a9b348e14...
shake_256 1.3039152   311882857  64  b92538fd701791db8c1b...
 sha3_256 1.3417314   303092540  64  69354bf585f21c567f1e...
ripemd160 1.4846368   273918025  40  30f2fe48fec404990264...
 sha3_384 1.7710776   229616579  96  61af0469534633003d3b...
  sm3 1.8384831   221198006  64  1075d29c75b06cb0af3e...
 sha3_512 2.4839673   163717444 128  c7c250e79844d8dc856e...

If I can't have BLAKE3, I'm definitely switching to BLAKE2 ;-)

--

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue39298] add BLAKE3 to hashlib

2020-01-10 Thread Larry Hastings


New submission from Larry Hastings :

>From 3/4 of the team that brought you BLAKE2, now comes... BLAKE3!

https://github.com/BLAKE3-team/BLAKE3

BLAKE3 is a brand new hashing function.  It's fast, it's paralellizeable, and 
unlike BLAKE2 there's only one variant.

I've experimented with it a little.  On my laptop (2018 Intel i7 64-bit), the 
portable implementation is kind of middle-of-the-pack, but with AVX2 enabled 
it's second only to the "Haswell" build of KangarooTwelve.  On a 32-bit ARMv7 
machine the results are more impressive--the portable implementation is 
neck-and-neck with MD4, and with NEON enabled it's definitely the fastest hash 
function I tested.  These tests are all single-threaded and eliminate I/O 
overhead.

The above Github repo has a reference implementation in C which includes Intel 
and ARM SIMD drivers.  Unsurprisingly, the interface looks roughly the same as 
the BLAKE2 interface(s), so if you took the existing BLAKE2 module and 
s/blake2b/blake3/ you'd be nearly done.  Not quite as close as blake2b and 
blake2s though ;-)

--
components: Library (Lib)
keywords: patch
messages: 359777
nosy: Zooko.Wilcox-O'Hearn, christian.heimes, larry
priority: normal
severity: normal
stage: needs patch
status: open
title: add BLAKE3 to hashlib
type: enhancement
versions: Python 3.9

___
Python tracker 
<https://bugs.python.org/issue39298>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue31026] test_dbm fails when run directly

2019-10-29 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset d7b336fe5d54f73c758802df426e06e8a674bd63 by Larry Hastings 
(Serhiy Storchaka) in branch '3.5':
[3.5] bpo-31026: Fix test_dbm if dbm.ndbm is build with Berkeley DB. (GH-6632)
https://github.com/python/cpython/commit/d7b336fe5d54f73c758802df426e06e8a674bd63


--

___
Python tracker 
<https://bugs.python.org/issue31026>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38243] A reflected XSS in python/Lib/DocXMLRPCServer.py

2019-10-28 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue38243>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38243] A reflected XSS in python/Lib/DocXMLRPCServer.py

2019-10-28 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 3fe1b19265b55c290fc956e9aafcf661803782de by larryhastings (Victor 
Stinner) in branch '3.5':
bpo-38243, xmlrpc.server: Escape the server_title (GH-16373) (GH-16441) (#16516)
https://github.com/python/cpython/commit/3fe1b19265b55c290fc956e9aafcf661803782de


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue38243>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue31026] test_dbm fails when run directly

2019-10-28 Thread Larry Hastings


Larry Hastings  added the comment:

For what it's worth, I'm cherry-picking this back into 3.5 for 3.5.8 final.  I 
(finally?) got bit by this, and since the patch is literally only changes in 
the Lib/test directory I consider it safe to merge even after 3.5.8rc2.  (I was 
in a bit of a hurry, I didn't use the Python cherry picker technology, I just 
used "git cherry-pick".)

--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue31026>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue12178] csv writer doesn't escape escapechar

2019-10-22 Thread Larry Hastings


Change by Larry Hastings :


--
nosy:  -larry

___
Python tracker 
<https://bugs.python.org/issue12178>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue12178] csv writer doesn't escape escapechar

2019-10-22 Thread Larry Hastings


Change by Larry Hastings :


--
versions: +Python 3.8, Python 3.9 -Python 3.5, Python 3.6

___
Python tracker 
<https://bugs.python.org/issue12178>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36274] http.client cannot send non-ASCII request lines

2019-10-12 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue36274>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38174] Security vulnerability in bundled expat CVE-2019-15903 (fix available in expat 2.2.8)

2019-10-08 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset c386c8b06c6e92786f083ef6aba27b37087fdd20 by larryhastings (Victor 
Stinner) in branch '3.5':
closes bpo-38174: Update vendored expat library to 2.2.8. (GH-16346) (#16434)
https://github.com/python/cpython/commit/c386c8b06c6e92786f083ef6aba27b37087fdd20


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue38174>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-10-08 Thread Larry Hastings


Change by Larry Hastings :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue38216>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-10-08 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 2784e78dc3445c6dd59e915d86c336374c1fa09a by larryhastings (Jason 
R. Coombs) in branch '3.5':
[3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation 
and encoding behavior (GH-16448) (#16475)
https://github.com/python/cpython/commit/2784e78dc3445c6dd59e915d86c336374c1fa09a


--

___
Python tracker 
<https://bugs.python.org/issue38216>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36274] http.client cannot send non-ASCII request lines

2019-10-08 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 2784e78dc3445c6dd59e915d86c336374c1fa09a by larryhastings (Jason 
R. Coombs) in branch '3.5':
[3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation 
and encoding behavior (GH-16448) (#16475)
https://github.com/python/cpython/commit/2784e78dc3445c6dd59e915d86c336374c1fa09a


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue36274>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38216] Fix for issue30458 (HTTP Header Injection) prevents crafting invalid requests

2019-09-28 Thread Larry Hastings


Larry Hastings  added the comment:

So, following this recent flurry of activity, all that remains are to sort out 
2.7 and 3.5.  3.5.8 is still in a holding pattern; at this point I think I'm 
going to insert another RC, so I can add the new version of expat.

Will a makes-everyone-happy PR appear for 3.5 soon?

--

___
Python tracker 
<https://bugs.python.org/issue38216>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38216] Fix for issue30458 prevents crafting invalid requests

2019-09-19 Thread Larry Hastings


Larry Hastings  added the comment:

FWIW I planned to tag and release 3.5.8 final early next week.  I don't have 
the domain knowledge to assess the severity of this bug--much less pitch in and 
help fix it--so I suspect this will simply hold up 3.5.8 final.

Depending on the complexity of the fix for this issue, I may also insert a 
second rc into the 3.5.8 schedule.

--

___
Python tracker 
<https://bugs.python.org/issue38216>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

2019-09-18 Thread Larry Hastings


Larry Hastings  added the comment:

Should we open a separate issue to track fixing the regression?

--

___
Python tracker 
<https://bugs.python.org/issue30458>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38141] Use fewer statics in Argument Clinic.

2019-09-13 Thread Larry Hastings


Larry Hastings  added the comment:

shared objects x threads = contention for notification of invalidated cache 
lines

If you're not running multiple threads, there's no problem.  If it's only a few 
shared objects, it probably wouldn't be a big deal.  As they say in medicine: 
"the dose makes the poison."

--

___
Python tracker 
<https://bugs.python.org/issue38141>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue38141] Use fewer statics in Argument Clinic.

2019-09-12 Thread Larry Hastings


Change by Larry Hastings :


--
title: Use less statics in Argument Clinic. -> Use fewer statics in Argument 
Clinic.

___
Python tracker 
<https://bugs.python.org/issue38141>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue37461] email.parser.Parser hang

2019-09-07 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset c28e4a5160d3283b12514c7c28ed6e0a2a52271a by larryhastings 
(Abhilash Raj) in branch '3.5':
[3.5] bpo-37461: Fix infinite loop in parsing of specially crafted email 
headers (GH-14794) (#15446)
https://github.com/python/cpython/commit/c28e4a5160d3283b12514c7c28ed6e0a2a52271a


--

___
Python tracker 
<https://bugs.python.org/issue37461>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-09-07 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 095373c32d16df575ba5fcb5f44bf44119b26193 by larryhastings (Victor 
Stinner) in branch '3.5':
bpo-36742: Corrects fix to handle decomposition in usernames (GH-13812) 
(GH-13814) (#14772)
https://github.com/python/cpython/commit/095373c32d16df575ba5fcb5f44bf44119b26193


--

___
Python tracker 
<https://bugs.python.org/issue36742>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36576] Some test_ssl and test_asyncio tests fail with OpenSSL 1.1.1 on Python 3.4 and 3.5

2019-09-07 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 4d1c2541c125fe9d211016193ebfd5899a8511aa by larryhastings (Victor 
Stinner) in branch '3.5':
bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1 
(#12694)
https://github.com/python/cpython/commit/4d1c2541c125fe9d211016193ebfd5899a8511aa


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue36576>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue34155] email.utils.parseaddr mistakenly parse an email

2019-09-06 Thread Larry Hastings


Larry Hastings  added the comment:

All PRs merged.  Thanks, everybody!

--
resolution:  -> fixed
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue34155>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue34155] email.utils.parseaddr mistakenly parse an email

2019-09-06 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 063eba280a11d3c9a5dd9ee5abe4de640907951b by larryhastings 
(Abhilash Raj) in branch '3.5':
[3.5] bpo-34155: Dont parse domains containing @ (GH-13079) (#15317)
https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue34155>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

2019-07-14 Thread Larry Hastings

Larry Hastings  added the comment:


New changeset afe3a4975cf93c97e5d6eb8800e48f368011d37a by larryhastings (Miro 
HronĨok) in branch '3.5':
bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)
https://github.com/python/cpython/commit/afe3a4975cf93c97e5d6eb8800e48f368011d37a


--

___
Python tracker 
<https://bugs.python.org/issue30458>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36742] CVE-2019-10160: urlsplit NFKD normalization vulnerability in user:password@

2019-07-14 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 4655d576141ee56a69d2052431c636858fcb916a by larryhastings (Steve 
Dower) in branch '3.5':
bpo-36742: Fixes handling of pre-normalization characters in urlsplit() 
(GH-13017) (#13042)
https://github.com/python/cpython/commit/4655d576141ee56a69d2052431c636858fcb916a


--

___
Python tracker 
<https://bugs.python.org/issue36742>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue35907] [security][CVE-2019-9948] Unnecessary URL scheme exists to allow local_file:// reading file in urllib

2019-07-14 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 4fe82a8eef7aed60de05bfca0f2c322730ea921e by larryhastings (Victor 
Stinner) in branch '3.5':
bpo-35907, CVE-2019-9948: urllib rejects local_file:// scheme (GH-13474) 
(GH-13505) (#13510)
https://github.com/python/cpython/commit/4fe82a8eef7aed60de05bfca0f2c322730ea921e


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue35907>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36816] self-signed.pythontest.net TLS certificate key is too weak

2019-07-13 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset 221178aea686abf13ff92b7e2b5ed3e739a53b3f by larryhastings 
(Gregory P. Smith) in branch '3.5':
[3.5] bpo-36816: Update the self-signed.pythontest.net cert (GH-13192) (#13200)
https://github.com/python/cpython/commit/221178aea686abf13ff92b7e2b5ed3e739a53b3f


--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue36816>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue33326] Convert collections (cmp_op, hasconst, hasname and others) in opcode module to more optimal type

2019-07-13 Thread Larry Hastings


Larry Hastings  added the comment:

Maynard is unsupported; it only understands the old bytecode format, pre-3.6 
16-bit "wordcode".

https://docs.python.org/3.6/whatsnew/3.6.html#optimizations

--

___
Python tracker 
<https://bugs.python.org/issue33326>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue37003] ast unparse does not support f-string new debug format.

2019-05-21 Thread Larry Hastings


Change by Larry Hastings :


--
assignee:  -> eric.smith
nosy: +eric.smith

___
Python tracker 
<https://bugs.python.org/issue37003>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36963] PyDict_GetItem SegFaults on simple dictionary lookup when using Ctypes

2019-05-19 Thread Larry Hastings


Larry Hastings  added the comment:

Inada-san, while it is best to not call PyDict_ functions without holding the 
GIL, it doesn't matter unless one creates a second thread.  The GIL doesn't 
even exist until Python creates a second thread.

But, I too don't want bugs.python.org to become a "help people debug their 
programs" site.  Particularly when using ctypes, which crashes a lot.

--

___
Python tracker 
<https://bugs.python.org/issue36963>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36963] PyDict_GetItem SegFaults on simple dictionary lookup when using Ctypes

2019-05-19 Thread Larry Hastings


Larry Hastings  added the comment:

It's not surprising that you crashed the CPython interpreter by using 
ctypes--it's very easy to do by accident, or via a bug in your own code.  
That's why we don't accept crash reports involving ctypes.

Also, it's rude to "nosy" so many people, particularly on your first bug.  
Please show some courtesy in the future, rather than trying to involve as many 
core developers as possible with what is probably a bug in your own code.

--
resolution:  -> rejected
stage:  -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue36963>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36863] argparse doesn't like options in the middle of arguments

2019-05-09 Thread Larry Hastings


Change by Larry Hastings :


--
nosy:  -larry

___
Python tracker 
<https://bugs.python.org/issue36863>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue21820] unittest: unhelpful truncating of long strings.

2019-05-08 Thread Larry Hastings


Larry Hastings  added the comment:

This bug is marked only for 3.4, and 3.4 is now EOL.  Either it should be 
relocated to an active version, or it should be marked wontfix.

--
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue21820>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue24732] 3.5.0b3 Windows accept() on unready non-blocking socket raises PermissionError [now need unit test]

2019-05-08 Thread Larry Hastings


Larry Hastings  added the comment:

3.4 is now EOL, so the 3.4regression tag goes away too.

--
keywords:  -3.4regression

___
Python tracker 
<https://bugs.python.org/issue24732>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue26375] Python 2.7.10 and 3.4.4 hang on imaplib.IMAP4_SSL()

2019-05-08 Thread Larry Hastings


Larry Hastings  added the comment:

3.4 is now EOL, so the 3.4regression tag goes away too.

--
keywords:  -3.4regression
nosy: +larry
versions:  -Python 3.4

___
Python tracker 
<https://bugs.python.org/issue26375>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue35657] multiprocessing.Process.join() ignores timeout if child process use os.exec*()

2019-05-08 Thread Larry Hastings


Larry Hastings  added the comment:

3.4 is now EOL, so the 3.4regression tag goes away too.

--
keywords:  -3.4regression
nosy: +larry

___
Python tracker 
<https://bugs.python.org/issue35657>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36817] Add = to f-strings for easier debugging.

2019-05-07 Thread Larry Hastings


Larry Hastings  added the comment:

> I think that !f is not needed. You can use repr by default only when
> no format spec is specified, and add explicit !r if you want to use
> repr with the format spec.

Actually that's how !d worked.  We changed the behavior because it was too 
"magical".  We need to keep the f-strings format spec simple so it was easier 
to remember.  I for one already have difficulty remembering how f-string 
formatting works, I don't want to make add even more complications.

In the current proposal, the special syntax must be specified in a particular 
order, and the order is easy to remember because information always flows from 
left-to-right. The "=" must come before the "!" and/or the ":", and the "!" 
must come before the ":".  Like so:

   f'{foo
 =
  !s
:20}'

Modification information strictly flows from left to right:

* The = changes the "conversion function" to repr, but then you can override 
the conversion function with !.

* The : format spec runs __format__ on the stuff to its left; if you're using 
the "format" conversion function, it applies the spec directly, otherwise it 
calls format with that spec to the output (the string) you got from the 
conversion function.


If we made the default conversion function when using = dependent on the 
presence or absence of the format spec, now we have information flowing to the 
left, all the way from the end to the beginning.  Eric and I agree: this is too 
magical and too hard to remember.  We want to keep it simple.

(True story: Eric had the !d implementation already done and ready for checkin. 
 When he changed it to this = syntax he actually mostly *threw out* code, 
because this way is simpler and more regular.  Hopefully you're thinking "well 
THAT sounds nice!"--we agree.)

--

___
Python tracker 
<https://bugs.python.org/issue36817>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16024] Doc cleanup regarding path=fd, dir_fd, follow_symlinks, etc

2019-05-06 Thread Larry Hastings


Larry Hastings  added the comment:

At last!  Thanks for reviving it, Cheryl!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 
<https://bugs.python.org/issue16024>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue16024] Doc cleanup regarding path=fd, dir_fd, follow_symlinks, etc

2019-05-06 Thread Larry Hastings


Larry Hastings  added the comment:


New changeset e152169da95b52fa41931572bc90857253c4a5dd by larryhastings (Cheryl 
Sabella) in branch 'master':
bpo-16024: Doc cleanup regarding path_fd, dir_fd, follow_symlinks (GH-5505)
https://github.com/python/cpython/commit/e152169da95b52fa41931572bc90857253c4a5dd


--

___
Python tracker 
<https://bugs.python.org/issue16024>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36798] := breaks f-strings

2019-05-05 Thread Larry Hastings


Larry Hastings  added the comment:

I'm not sure why Guido's preferences would be relevant.  f-strings support 
expressions, := is a valid expression, f-strings therefore must support it. 
 f-strings expressions are not top-level statements and therefore will not 
require parentheses around :=.

There appears to be some confusion around f-strings' use of : to delimit a 
"format specification".  Supporting := won't break format specifications, 
although it will require some intelligence--if you see a :, you must examine 
the next character to know whether it's := or a format specification.  It is 
not a breaking change.

--

___
Python tracker 
<https://bugs.python.org/issue36798>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36798] := breaks f-strings

2019-05-05 Thread Larry Hastings


Larry Hastings  added the comment:

The point is that := is valid expression syntax in Python 3.8, but you can't 
use it in an f-string.  The fact that the error is the same in 3.6 and 3.7 is 
irrelevant because := was not valid syntax in those versions.

--

___
Python tracker 
<https://bugs.python.org/issue36798>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



  1   2   3   4   5   6   7   8   9   10   >