Éric Araujo added the comment:
Tagging for the bug day.
--
keywords: +easy
nosy: +eric.araujo, vinay.sajip
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16378
___
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +eric.araujo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15873
___
___
Python-bugs-list
Ramchandra Apte added the comment:
On 31 October 2012 23:29, Mark Dickinson rep...@bugs.python.org wrote:
Mark Dickinson added the comment:
Fixed the unuse of decorator syntax. I think the dummy_threading changes
should be considered a separate issue.
With regards to the patch: I
Mark Dickinson added the comment:
I'm not quite sure why you're quoting the docs at me. What's the point you
want to make?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13701
___
New submission from Torsten Landschoff:
The sqlite3 module does not expose the sqlite3 error codes to python. This
makes it impossible to detect specific error conditions directly.
Case in point: If a user selects some random file as the database in our
application, we can not detect that it
Mark Dickinson added the comment:
Ramchandra: can you give an example of a realistic situation where the
existence of this code in tkinter allows users to execute code *that they
wouldn't be able to execute otherwise*?
--
nosy: +mark.dickinson
___
Martin v. Löwis added the comment:
In general, including standard library headers before including Python.h is not
recommended, since it may break binary compatibility across object files. So
the proposed work-around may also cause harm.
--
___
Ramchandra Apte added the comment:
On 1 November 2012 14:09, Mark Dickinson rep...@bugs.python.org wrote:
Mark Dickinson added the comment:
I'm not quite sure why you're quoting the docs at me. What's the point
you want to make?
--
___
Roundup Robot added the comment:
New changeset 8e95a078d490 by Andrew Svetlov in branch '3.2':
Issue #16373: Prevent infinite recursion for ABC Set class operations.
http://hg.python.org/cpython/rev/8e95a078d490
New changeset 11a9297733b8 by Andrew Svetlov in branch '3.3':
Merge issue #16373:
Andrew Svetlov added the comment:
Fixed. Thanks, Serhiy.
--
nosy: +asvetlov
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16373
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16248
___
___
Mark Dickinson added the comment:
No.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13701
___
___
Python-bugs-list mailing list
Unsubscribe:
Stefan Krah added the comment:
Ramchandra Apte rep...@bugs.python.org wrote:
I'm not quite sure why you're quoting the docs at me. What's the point
you want to make?
Does decimal use the dummy_threading module where
deadlock might occur from a thread being created that blocks waiting
Andrew Svetlov added the comment:
I'm pretty sure Doc and Lib are already fixed, only Tools left.
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16261
___
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue7317
___
___
Python-bugs-list
Andrew Svetlov added the comment:
I'm -0 for proposed changes, these changes reduce code readability from my
perspective.
I think better to use existing approach: explicitly specify what do you want to
do with overloaded properties.
--
nosy: +asvetlov
Andrew Svetlov added the comment:
+1 for both pyunit script and autodiscovering by default.
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14266
___
Ramchandra Apte added the comment:
On 1 November 2012 17:21, Andrew Svetlov rep...@bugs.python.org wrote:
Andrew Svetlov added the comment:
I'm pretty sure Doc and Lib are already fixed, only Tools left.
--
nosy: +asvetlov
___
Python tracker
Ramchandra Apte added the comment:
On 1 November 2012 17:12, Stefan Krah rep...@bugs.python.org wrote:
Stefan Krah added the comment:
Ramchandra Apte rep...@bugs.python.org wrote:
I'm not quite sure why you're quoting the docs at me. What's the point
you want to make?
Does
Roundup Robot added the comment:
New changeset 02d25098ad57 by Andrew Svetlov in branch '3.3':
Issue #16218: Support non ascii characters in python launcher.
http://hg.python.org/cpython/rev/02d25098ad57
New changeset 1267d64c14b3 by Andrew Svetlov in branch 'default':
Merge issue #16218:
Andrew Svetlov added the comment:
Fixed. Thanks, Serhiy.
--
nosy: +asvetlov
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16218
New submission from abcdef:
The documentation
http://docs.python.org/2.7/library/stdtypes.html#set-types-set-frozenset
http://docs.python.org/3/library/stdtypes.html#set-types-set-frozenset
of for sets uses true subset and true superset. The correct
termininology is proper subset and proper
Mark Dickinson added the comment:
+1
--
nosy: +mark.dickinson
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16380
___
___
Python-bugs-list mailing
Andrew Svetlov added the comment:
Updated patch to execute tests only for CPython.
--
nosy: +asvetlov
Added file: http://bugs.python.org/file27820/kill_reference_3.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16284
New submission from Christian Theune:
I run long-running server processes (web apps, etc) a lot and I keep
encountering the situation that many applications will not properly deal with
MemoryError exceptions but end up in an unusable state.
From an operational perspective I wish the process
Changes by Christian Theune c...@gocept.com:
--
keywords: +patch
Added file: http://bugs.python.org/file27821/9430a5c65114.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16381
___
Andrew Svetlov added the comment:
The patch LGTM except I cannot reproduce crash on unmodified sources with
running applied test.
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16228
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16230
___
___
Changes by Andrew Svetlov andrew.svet...@gmail.com:
--
nosy: +asvetlov
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1207589
___
___
Christian Heimes added the comment:
Your proposal sounds like a very good idea. IMHO it should be discussed on the
python-ideas or python-dev mailing list before it gets integrated into 3.4.
Embrace yourself for some serious bike shedding! :)
By the way your patch contains several changes
Mark Dickinson added the comment:
I just wanted to ensure that there wouldn't be any bugs by my patch.
Okay, understood. Thanks.
Please note that this issue is now closed, though: the 2.3 compatibility
workarounds have been dealt with. The use or non-use of dummy_threading has
nothing to
Matt Selsky added the comment:
I tested this patch again python 2.7.3 on Solaris 9 and the math module now
builds correctly. Thanks!
Let me know if you need any output.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9742
Ramchandra Apte added the comment:
But my patch does use dummy_threading.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13701
___
___
Christian Theune added the comment:
Grr. Sorry. The automatic patch extraction went wrong and I didn't notice.
Here's a manual try.
--
Added file: http://bugs.python.org/file27822/issue16381.diff
___
Python tracker rep...@bugs.python.org
Changes by Christian Theune c...@gocept.com:
Removed file: http://bugs.python.org/file27821/9430a5c65114.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16381
___
Ramchandra Apte added the comment:
@Mark Dickinson
Run the attached file, exploit.py, with normal priveleges and then run IDLE
with sudo (something I did to actually uncover this bug!).
Then the file /root/exploited should contain Exploit succeeded!
--
Added file:
New submission from Phil Elson:
When passing an invalid Warning subclasses to the warnings.warn function, a
bare issubclass exception is raised:
import warnings
warnings.warn('hello world', 'not a valid warning type')
Traceback (most recent call last):
File stdin, line 1, in module
Serhiy Storchaka added the comment:
Of course, this kind of bugs can cause unpredictable behavior, they do not have
to lead to an immediate crash. This depends from the platform, the compiler
and its options. On my computers the test always crashed, this is the maximum
that I can say.
Christian Heimes added the comment:
Thanks!
Py_FatalError() might be too drastic for the task. It calls abort() which kills
the process with SIGABRT. The function closes and flushes all stream but no
additional cleanup code is executed. This might be bad for resources like
shared memories,
Benjamin Peterson added the comment:
I think the fatal erroring should be done in PyErr_NoMemory.
--
nosy: +benjamin.peterson
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16381
___
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file27490/sched_unblock.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16165
___
Serhiy Storchaka added the comment:
Tests added. Please review.
--
keywords: +needs review
Added file: http://bugs.python.org/file27825/sched_unblock_2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16165
Serhiy Storchaka added the comment:
Please review.
--
keywords: +needs review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16215
___
___
Changes by Serhiy Storchaka storch...@gmail.com:
Removed file: http://bugs.python.org/file27825/sched_unblock_2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16165
___
Changes by Serhiy Storchaka storch...@gmail.com:
Added file: http://bugs.python.org/file27826/sched_unblock_2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16165
___
Vinay Sajip added the comment:
I'm not especially familiar with this code, but just trying to understand - how
come filename_obj isn't decref'd on normal exit?
--
nosy: +vinay.sajip
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka added the comment:
Please review.
--
keywords: +needs review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10182
___
___
Changes by Serhiy Storchaka storch...@gmail.com:
--
nosy: -serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16245
___
___
Mark Dickinson added the comment:
Okay, but if a user can run IDLE with sudo, they presumably *already* have many
other ways to use sudo to create files in /root, without using IDLE or tkinter.
That's why I said: *that they wouldn't be able to execute otherwise*. I
don't see the security
Andrew Svetlov added the comment:
Vinay, it's processed in
PyObject_CallFunction(loader_type, sN, __main__, filename_obj)
Please note sN format istead sO.
N means PyObject* is passed but unlike sO that object is not increfed.
--
___
Python tracker
Arne Babenhauserheide added the comment:
…you were faster than me (I only managed to get the repo onto my current
computer yesterday and the children kept me occupied).
Thank you!
--
___
Python tracker rep...@bugs.python.org
Andrew Svetlov added the comment:
No problems!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14900
___
___
Python-bugs-list mailing list
Changes by Santoso Wijaya santoso.wij...@gmail.com:
--
versions: +Python 3.4, Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16376
___
Changes by Santoso Wijaya santoso.wij...@gmail.com:
--
type: - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16376
___
___
Vinay Sajip added the comment:
Please note sN format istead sO.
I see. Thanks.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16218
___
___
New submission from Jim Pattee:
Python 3.3 Permission Error with User Library on Windows
I have certain scripts that run without error on Python 2.7 and 3.2. With
Python 3.3 they get a Permission Error. This does not occur with every
script. The difference seems to be that the ones with a
Martin v. Löwis added the comment:
Ramchandra: Your patch wasn't actually used to resolve this issue. Please see
http://hg.python.org/cpython/rev/7ada0faded9b for the change that Mark
*actually* made to resolve the issue.
There were actually a number of problems with your patch, but there is
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +brett.cannon
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16382
___
___
Python-bugs-list
R. David Murray added the comment:
Can you post the error, please?
--
nosy: +r.david.murray
type: crash - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16383
___
Serhiy Storchaka added the comment:
Here is a new patch. It contains some other minor changes. rmtree behavior
unified for system with and without at-functions.
--
stage: needs patch - patch review
Added file: http://bugs.python.org/file27828/shutil_rmtree_2.patch
Changes by kirpit kir...@gmail.com:
--
nosy: +kirpit
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15873
___
___
Python-bugs-list mailing list
New submission from Sye van der Veen:
The PyMarshal_Read* functions raise EOFError when the end of the file is
unexpectedly met. The current import.c functions propagate this error when
reading .pyc or .pyo files. One consequence of this is that Python will abort
on startup if, say,
Roundup Robot added the comment:
New changeset 3672db224eb3 by Antoine Pitrou in branch '3.2':
Issue #16228: Fix a crash in the json module where a list changes size while it
is being encoded.
http://hg.python.org/cpython/rev/3672db224eb3
New changeset 7528c02b8d52 by Antoine Pitrou in branch
Zachary Ware added the comment:
Coming back to this 5 months later and looking into it myself, I find that the
sqlite3 docs really need a bit of a cleanup all around, especially in all three
3.x branches. Several minor changes were made by Raymond Hettinger in
d229032dc213 and a few
Changes by Zachary Ware zachary.w...@gmail.com:
Added file: http://bugs.python.org/file27830/sqlite3_cleanup_3.2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15067
___
Serhiy Storchaka added the comment:
The result does not depend on the direction of comparison. This only affects
speed. But who can to say in which direction comparison will be faster?
Here I see a one obvious opportunity for optimization:
if (kind_self kind_sub)
return 0;
After
Roundup Robot added the comment:
New changeset 33ae62a4ecf5 by Antoine Pitrou in branch '2.7':
Issue #16228: Fix a crash in the json module where a list changes size while it
is being encoded.
http://hg.python.org/cpython/rev/33ae62a4ecf5
--
___
Antoine Pitrou added the comment:
Thank you for noticing this, and for writing a patch.
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16228
Zachary Ware added the comment:
I failed to mention, the 3.2 patch also removes the line (and comment) about
db_row based solutions since it seems from a quick Google search that
db_row is a library created back in the 2.2 days that I didn't quickly see a
3.x version for. Also, the comment
Changes by Zachary Ware zachary.w...@gmail.com:
--
versions: +Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14893
___
___
Andrew Svetlov added the comment:
Hi, I'm ok with patch but I guess to add some comment in C code to prevent,
hmm, back optimization from upcoming contributor.
The same for #16230
--
___
Python tracker rep...@bugs.python.org
Roundup Robot added the comment:
New changeset 87ccf2635ad7 by Antoine Pitrou in branch '3.2':
Issue #16230: Fix a crash in select.select() when one the lists changes size
while iterated on.
http://hg.python.org/cpython/rev/87ccf2635ad7
New changeset 717660ec8f67 by Antoine Pitrou in branch
Antoine Pitrou added the comment:
Committed, thank you!
--
nosy: +pitrou
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16230
Roundup Robot added the comment:
New changeset 2bf99322218f by Andrew Svetlov in branch '3.2':
Issue #14893: Add function annotation example to function tutorial.
http://hg.python.org/cpython/rev/2bf99322218f
New changeset 45167091b5f9 by Andrew Svetlov in branch '3.3':
Merge issue #14893: Add
Andrew Svetlov added the comment:
Fixed. Thanks, Zachary.
--
nosy: +asvetlov
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14893
Zachary Ware added the comment:
If I understand correctly, I think what Ramchandra is getting at is that if an
attacker could manage to get a .Tk.py file into a user's home directory
somehow, then the next time that user happens to do 'sudo idle', the attacker's
code is executed with root
Antoine Pitrou added the comment:
Hi, I'm ok with patch but I guess to add some comment in C code to
prevent, hmm, back optimization from upcoming contributor.
The same for #16230
But that's what tests are for.
--
___
Python tracker
Andrew Svetlov added the comment:
Sorry, looks like I don't understood you correctly.
Do you want to replace `except:` to `except Exception` or something else?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16261
Jim Pattee added the comment:
Python 3.3 (64bit)
Traceback (most recent call last):
File file-py\astyle-protected.py, line 157, in module
process_files()
File file-py\astyle-protected.py, line 30, in process_files
get_header_variables(header_variables, header_path)
File
Andrew Svetlov added the comment:
As I said tests was not crashed on my linux 64 bit Ubuntu with buggy code.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16228
___
Antoine Pitrou added the comment:
As I said tests was not crashed on my linux 64 bit Ubuntu with buggy code.
They crashed duly here in debug mode (64-bit Linux).
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16228
Zachary Ware added the comment:
Thank you Éric for the approval, and Andrew for the commit!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14893
___
Ezio Melotti added the comment:
I think it would be better to keep the capitalization of the queries separate
from the rest of the patch.
--
nosy: +ezio.melotti
stage: - patch review
type: - enhancement
___
Python tracker rep...@bugs.python.org
Andrew Svetlov added the comment:
Fixed in 56c3ab6f7f07, 56c3ab6f7f07, fa7311caa203, 7dda9dc5e830
Thanks.
--
nosy: +asvetlov
resolution: - fixed
stage: - committed/rejected
status: open - closed
versions: +Python 3.2, Python 3.4
___
Python tracker
Serhiy Storchaka added the comment:
Here is an updated patch. More appropriate error message used, many new tests
added.
--
keywords: +patch
stage: needs patch - patch review
versions: +Python 3.4
Added file: http://bugs.python.org/file27831/sre_empty_group_name.patch
Antoine Pitrou added the comment:
As Zachary and Ramchandra explained, the security issue is obvious: a
non-sudoer user A can make a sudoer user B execute arbitrary code, simply by
placing a file where IDLE will be run from.
This is the same reason Python has -s and -E options. The least we
Andrew Svetlov added the comment:
I have python built with Py_DEBUG (./configure --with-pydebug)
What I' missed?
I'm ok with status quo but just want to understand how to configure my build
properly.
--
___
Python tracker rep...@bugs.python.org
Mark Dickinson added the comment:
And then user A is relying on user B executing IDLE via sudo? Is that a normal
thing to do?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16248
___
Antoine Pitrou added the comment:
And then user A is relying on user B executing IDLE via sudo? Is that
a normal thing to do?
Well, I suppose that could be any Tk app, not just IDLE.
And I also suppose you could use IDLE to edit some file that is only
root-writable.
--
Mark Dickinson added the comment:
So if this is a security issue, should Python 2.6 also be fixed?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16248
___
Antoine Pitrou added the comment:
I have python built with Py_DEBUG (./configure --with-pydebug)
What I' missed?
I'm ok with status quo but just want to understand how to configure my build
properly.
Well, I don't know. Perhaps a different compiler version, a different
libc, or perhaps you
Antoine Pitrou added the comment:
So if this is a security issue, should Python 2.6 also be fixed?
Probably, if it's deemed important enough by our security RMs.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16248
Andrew Svetlov added the comment:
Ok. Thanks.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16228
___
___
Python-bugs-list mailing list
R. David Murray added the comment:
Is it possible you installed 3.3 differently? For example 3.2 and 2.7
installed for all users and 3.3 for just you, or vice versa?
From the looks of the traceback there really is a permission problem with the
file, since it is failing on a normal open. (I
Stefan Krah added the comment:
Isn't IDLE supposed to be a Python shell? As I understand this issue,
you'd have the same exploit by adding this to your .bashrc:
echo EXPLOIT /root/exploit
Then, as a normal user, run:
sudo bash
It would be nice to get rid of the exec, but why is this an
Serhiy Storchaka added the comment:
Here is a more simpler patch. Please approve, it's a really trivial patch.
--
stage: needs patch - patch review
Added file: http://bugs.python.org/file27832/msgfmt_literal_eval.patch
___
Python tracker
Changes by Serhiy Storchaka storch...@gmail.com:
--
nosy: +haypo
stage: - needs patch
type: - crash
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15581
___
Antoine Pitrou added the comment:
As I understand it, this is not specifically about IDLE. Any Tk app would be
vulnerable.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16248
___
Serhiy Storchaka added the comment:
Amaury, run the followed commands:
import readline, rlcompleter
readline.parse_and_bind('tab: complete')
Hint: you can add this to your .pythonrc.py.
--
___
Python tracker rep...@bugs.python.org
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: docs@python -
components: -Documentation
keywords: +needs review
resolution: invalid -
stage: - patch review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8402
1 - 100 of 131 matches
Mail list logo
