Christian Heimes added the comment:
This issue has already been assigned CVE-2014-1912
Reference:
http://www.openwall.com/lists/oss-security/2014/02/12/16
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1912
--
___
Python tracker
Changes by Chris Rebert pyb...@rebertia.com:
--
nosy: +cvrebert
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20246
___
___
Python-bugs-list
Gareth Rees added the comment:
If 100 doesn't work for you, try a larger number.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20727
___
___
Gareth Rees added the comment:
I suspect I messed up the timing I did yesterday, because today I find that 100
isn't large enough, but here's what I found today (in Python 3.3):
from timeit import timeit
test = [tuple(range(300))] + [()] * 100
New submission from Xavier de Gaye:
After the pdb 'continue' command, the signal module owns a reference to
Pdb.sigint_handler. On the next instantiation of pdb, the signal module owns a
reference to a new sigint_handler method that owns a reference to the previous
sigint_handler. As a
Changes by koobs koobs.free...@gmail.com:
--
nosy: +koobs
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20246
___
___
Python-bugs-list mailing
Changes by Berker Peksag berker.pek...@gmail.com:
--
nosy: +eric.snow
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
___
Python-bugs-list
Antoine Pitrou added the comment:
Interesting. According to the Mercurial logs, they were never actually
documented...
--
assignee: docs@python - pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20765
Paul Moore added the comment:
Should this be mentioned in the 3.3.5 changelog
(http://docs.python.org/3.3/whatsnew/changelog.html)?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20621
Gareth Rees added the comment:
But now that I look at the code more carefully, the old recipe also has O(n^2)
behaviour, because cycle(islice(nexts, pending)) costs O(n) and is called O(n)
times. To have worst-case O(n) behaviour, you'd need something like this:
from collections import
Xavier de Gaye added the comment:
the first pdb instance is never freed
The first pdb instance is (and all the other pdb instances) never freed until
the call to PyOS_FiniInterrupts() in Py_Finalize().
--
___
Python tracker rep...@bugs.python.org
New submission from Antoine Brodin.FreeBSD:
Hi,
On FreeBSD -current, clang 3.4 is now the default compiler.
Clang 3.4 rejects -R/path/to/lib flag (previously in version 3.3 it just
ignored it).
This leads to some errors with some python extensions:
cc -shared -O2 -pipe -fno-strict-aliasing
Changes by STINNER Victor victor.stin...@gmail.com:
--
nosy: +doko, loewis, thomas-petazzoni
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20767
___
Changes by koobs koobs.free...@gmail.com:
--
versions: +Python 3.3, Python 3.4, Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20767
___
koobs added the comment:
Details on how clang 3.4 changes behaviour for compiler flags:
http://llvm.org/releases/3.4/tools/clang/docs/ReleaseNotes.html#new-compiler-flags
--
___
Python tracker rep...@bugs.python.org
New submission from Felipe Sateler:
I reported the following in the debian bug tracker[1], and it was requested
that I report it here.
pyconfig.h has definitions like the following:
#define HAVE_DIRENT_H 1
#define HAVE_DLFCN_H 1
These are the general form feature test macros take in
R. David Murray added the comment:
We don't currently have the capability to set an email trigger when the type is
set to security. That should be submitted as a request on the meta tracker.
(It will require a new reactor, which is easy, and a tweak to the database
schema, which I don't
Matthias Klose added the comment:
no, I requested that you propose a patch. And the question why you need to
include Python.h everywhere where it could do harm is unanswered too.
--
nosy: +doko
___
Python tracker rep...@bugs.python.org
Changes by R. David Murray rdmur...@bitdance.com:
--
nosy: +larry
priority: normal - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
Felipe Sateler added the comment:
I'm sorry but I definitely don't have time or knowledge about python
to propose a patch (simply removing pyconfig.h clearly doesn't work).
As to the question, please clarify. I have a python module, which
includes Python.h, which includes pyconfig.h. I don't
David Lindquist added the comment:
Thanks Gareth for your analysis. Very informative!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20727
___
Changes by jan matejek jmate...@suse.cz:
--
nosy: +matejcik
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
___
Python-bugs-list mailing
Marc-Andre Lemburg added the comment:
On 25.02.2014 15:29, Felipe Sateler wrote:
I'm sorry but I definitely don't have time or knowledge about python
to propose a patch (simply removing pyconfig.h clearly doesn't work).
As to the question, please clarify. I have a python module, which
Roundup Robot added the comment:
New changeset 1afbd851d1c1 by R David Murray in branch 'default':
whatsnew: Request.method can be overridden in subclasses (#18978).
http://hg.python.org/cpython/rev/1afbd851d1c1
--
___
Python tracker
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
priority: normal - high
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20767
___
___
Matthias Klose added the comment:
this looks safe from my point of view.
However the real problem is that you unconditionally add a runtime path for a
standard system path. I think the better way to fix this is not to pass the -L
and -R arguments at all if the library is found in a system
Roundup Robot added the comment:
New changeset 8ac9c3754d33 by R David Murray in branch 'default':
whatsnew: encoding is now optional in PYTHONIOENCODING (#18818)
http://hg.python.org/cpython/rev/8ac9c3754d33
--
___
Python tracker
New submission from Roy Smith:
http://docs.python.org/2/library/functions.html#reload says:
It is legal though generally not very useful to reload built-in or dynamically
loaded modules, except for sys, __main__ and __builtin__.
It is unclear what the except for ... part is referring to. Is
Antoine Brodin.FreeBSD added the comment:
For the python-ldap extension, this seems to be a buglet in its setup.cfg, it
lists /usr/lib in library_dirs and /usr/include in library_dirs
For the others, /usr/local/lib is not in the default library search path (only
/lib and /usr/lib) so at least
Brett Cannon added the comment:
The problem is that the PEP 451 switch accidentally cut out compatibility code
for PathEntryFinder.find_module() since Python 3.3 started the transition to
find_loader(). Adding a bit of code to
Brett Cannon added the comment:
I should also mention that subclassing importlib.abc.PathEntryFinder solves
this coding problem.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
Roundup Robot added the comment:
New changeset 9975f827eefd by Serhiy Storchaka in branch '3.3':
Fix typo (issue #19619).
http://hg.python.org/cpython/rev/9975f827eefd
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19619
New submission from And Clover:
When an SMTP server responds to the STARTTLS command with an error, the
smtplib.SMTP.starttls() method does not raise an exception, as it would if TLS
negotiation itself failed. Consequently naïve callers of the function may
assume that a TLS connection has
Martin v. Löwis added the comment:
doko: how do you know the addition of the -R option is unconditional? and whom
do you refer to by you who is adding the option?
In any case, the patch is independent of whether the option is added
unconditionally, and I agree that the patch looks safe. The
And Clover added the comment:
This could potentially be considered a security issue as it would allow a MitM
attacker to sabotage the STARTTLS and get the rest of the content in the clear.
I don't personally consider it too serious as I doubt anyone is (a) relying on
the security of this for
Serhiy Storchaka added the comment:
Here is backported to 3.3 patch.
--
nosy: +georg.brandl
Added file:
http://bugs.python.org/file34221/issue20404_check_valid_textio_codec-3.3.patch
___
Python tracker rep...@bugs.python.org
Chris Rose added the comment:
Is there an ETA for a 2.7.7 release with this fix?
--
nosy: +offby1
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20246
___
R. David Murray added the comment:
The python3 docs say:
It is legal though generally not very useful to reload built-in or dynamically
loaded modules (this is not true for e.g. sys, __main__, builtins and other key
modules where reloading is frowned upon).
So, it is the former...sort of.
Changes by R. David Murray rdmur...@bitdance.com:
--
Removed message: http://bugs.python.org/msg212197
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20769
___
R. David Murray added the comment:
The python3 docs say:
It is legal though generally not very useful to reload built-in or dynamically
loaded modules (this is not true for e.g. sys, __main__, builtins and other key
modules where reloading is frowned upon).
So, it is the former...sort of.
New submission from Alfonso Andalon Jr.:
Download this http://talkray.com/dl/ee
--
messages: 212199
nosy: Alfonso.Andalon.Jr.
priority: normal
severity: normal
status: open
title: Download Talkray...
___
Python tracker rep...@bugs.python.org
Changes by Zachary Ware zachary.w...@gmail.com:
--
Removed message: http://bugs.python.org/msg212199
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20771
___
Changes by Zachary Ware zachary.w...@gmail.com:
--
nosy: -Alfonso.Andalon.Jr.
resolution: - invalid
stage: - committed/rejected
status: open - closed
title: Download Talkray... - spam
___
Python tracker rep...@bugs.python.org
R. David Murray added the comment:
I agree that there is an argument for classifying this as a low-impact security
bug. Whether or not it is so classified will affect how we fix it. I'll email
the psrt about it.
--
nosy: +r.david.murray
___
Antoine Pitrou added the comment:
It probably isn't a good idea to break the API, but this should certainly be
documented.
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20770
Changes by Barry A. Warsaw ba...@python.org:
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20770
___
___
Python-bugs-list mailing
Zachary Ware added the comment:
Can anyone please test the patch on Windows?
It seems to work; memory usage is much lower with the patch than without using
an 8 MB file. I don't notice any behavioral change with the patch; if there's
anything specific to look for on that front, give me a
Roundup Robot added the comment:
New changeset 879861161b84 by Antoine Pitrou in branch 'default':
Issue #20765: Add missing documentation for PurePath.with_name() and
PurePath.with_suffix().
http://hg.python.org/cpython/rev/879861161b84
--
nosy: +python-dev
Antoine Pitrou added the comment:
I've now added the missing doc entries. Thanks for reporting!
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
type: - behavior
versions: +Python 3.5
___
Python tracker
Changes by Berker Peksag berker.pek...@gmail.com:
--
nosy: -lcarrionr
resolution: - invalid
stage: - committed/rejected
status: open - closed
title: You only live once - Spam
___
Python tracker rep...@bugs.python.org
Changes by Berker Peksag berker.pek...@gmail.com:
--
Removed message: http://bugs.python.org/msg212205
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20772
___
Ryan Smith-Roberts added the comment:
I notified secur...@python.org and waited for the go-ahead (from Guido I think)
before opening this bug. If today is the first that the PSRT is hearing about
this, then the issue is broader than just the bugtracker.
--
Antoine Pitrou added the comment:
Yes, your message reached PSRT on Jan 12th.
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20246
___
Christian Heimes added the comment:
Sorry, you are right and I was wrong. :(
Your mail *was* delivered to PSRT. But it failed to reach me because I was
having issues with my @python.org account. The server-side spam filter is now
deactivated and I receive all mails again.
--
Ronald Oussoren added the comment:
Why is _call_external_zip needed at all? The code says it is used when the
zipfile module is not available, but that module is part of the stdlib and
should always be available.
--
nosy: +ronaldoussoren
___
Python
Changes by Ned Deily n...@acm.org:
--
assignee: - georg.brandl
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20741
___
___
Python-bugs-list
Changes by Ronald Oussoren ronaldousso...@mac.com:
--
nosy: +ronaldoussoren
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20581
___
___
Roundup Robot added the comment:
New changeset 4cd620d8c3f6 by R David Murray in branch 'default':
whatsnew: DynanicClassAttribute (#19030), Py_SetStandardStreamEncoding (#16129)
http://hg.python.org/cpython/rev/4cd620d8c3f6
--
___
Python tracker
R. David Murray added the comment:
I added docs for DynamicClassAttribute by copying the docstring. I think the
doc entry could use some expansion, though, as it isn't obvious how to use it
(or what, in fact, it does exactly).
--
___
Python
Roundup Robot added the comment:
New changeset 4cd620d8c3f6 by R David Murray in branch 'default':
whatsnew: DynanicClassAttribute (#19030), Py_SetStandardStreamEncoding (#16129)
http://hg.python.org/cpython/rev/4cd620d8c3f6
--
___
Python tracker
Justin Foo added the comment:
I think getting this bug fixed would be really nice from a user experience
point of view.
I've further into this for my own setup, which is Python 3.3 64-bit, Visual C++
Express 2010 and the Windows SDK v7.1 (plus service packs), which is probably a
typical
New submission from Chris Adams:
Currently the stdlib json module requires a custom serializer to avoid throwing
a TypeError on collections.deque instances:
Python 3.3.4 (default, Feb 12 2014, 09:35:54)
[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79)] on darwin
Type help, copyright,
Serhiy Storchaka added the comment:
Thank you Zachary.
Here is a patch with a test. I'm not sure that it is successful on Windows.
--
Added file: http://bugs.python.org/file34222/fileinput_hook_encoded_2.patch
___
Python tracker
Tal Einat added the comment:
While we're bikeshedding, how about the more verbose PY_DECREF_AND_ASSIGN? That
makes it clearer that an INCREF is not done.
Regarding Kristján's suggestion of PY_ASSIGN and a complementary PY_STORE, IMO
these names are too similar and the difference between them
Zachary Ware added the comment:
The new test passes on Windows with the whole patch applied, but fails without
the changes to fileinput.py. Is this change meant to fix behavior, or just the
memory usage issue?
Just for completeness, here's the failure output (with unpatched fileinput.py):
Serhiy Storchaka added the comment:
While we're bikeshedding, how about the more verbose PY_DECREF_AND_ASSIGN?
That makes it clearer that an INCREF is not done.
Py_ASSIGN_AND_DECREF would be more correct. And Py_CLEAR can be renamed to
Py_CLEAR_AND_XDECREF or Py_ASSIGN_NULL_AND_XDECREF.
Marius Gedminas added the comment:
Near the top:
Help on module xml.etree.ElementTree in xml.etree:
NAME
xml.etree.ElementTree
FILE
/usr/lib/python2.7/xml/etree/ElementTree.py
MODULE DOCS
http://docs.python.org/library/xml.etree.ElementTree
DESCRIPTION
...
--
New submission from Naftali Harris:
Hi everyone,
It appears that if you use a global variable in a function that you pass to
Pool.map, but modify that global variable after instantiating the Pool, then
the modification will not be reflected when Pool.map calls that function.
Here's a short
Tal Einat added the comment:
PY_ASSIGN_AND_DECREF could seem to imply that the assigned value is DECREF-ed.
I think PY_DECREF_AND_ASSIGN makes it clearer that the original value is
DECREF-ed.
I like PY_ASSIGN_NULL_AND_DECREF, though for the same reason as above, I'd name
it
Nick Coghlan added the comment:
Might be worth explaining by example - the use case is sufficiently obscure
I don't believe it's comprehensible except in terms of we added it because
we needed it.
--
___
Python tracker rep...@bugs.python.org
Serhiy Storchaka added the comment:
What would be the failure output when comment out first 1, 2 or three checks?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20501
___
Alexander Ljungberg added the comment:
This still appears to be an issue in Python 2.7. Queue.get routinely hangs for
a very long time on the Raspberry Pi as it doesn't have a clock battery and
often ends up significantly adjusting its system time soon after startup.
--
nosy:
NAVNEET SUMAN added the comment:
made patch according to Ezio Melotti
--
keywords: +patch
nosy: +NAVNEET.SUMAN
Added file: http://bugs.python.org/file34224/remover_duplicate_function.patch
___
Python tracker rep...@bugs.python.org
STINNER Victor added the comment:
You should upgrade to python 3.3! The pep 418 mentions different available
modules for python 2. My new trollius project has for example an
implementation in asyncio.time_monotonic.
--
___
Python tracker
Brett Cannon added the comment:
I have a fix, I just need to create a test.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
___
Kristján Valur Jónsson added the comment:
Better yet, embrace c++ and smart pointers :;-)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20440
___
New submission from Brett Cannon:
Specifically tests that exercise uses of importlib.abc.PathEntryFinder (i.e.
find_module() successfully, find_loader() failing and successful, find_spec()
failing and successful).
--
components: Library (Lib)
messages: 212231
nosy: brett.cannon
Changes by Brett Cannon br...@python.org:
--
assignee: - brett.cannon
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
___
Roundup Robot added the comment:
New changeset 8899e4028561 by Gregory P. Smith in branch '3.3':
Mention issue 20621 fix in the NEWS file for 3.3.5rc1.
http://hg.python.org/cpython/rev/8899e4028561
--
___
Python tracker rep...@bugs.python.org
Brett Cannon added the comment:
Fix and test is attached. Can someone review it so I can check it in and get a
cherrypick?
--
keywords: +patch
stage: - commit review
Added file: http://bugs.python.org/file34225/issue_20763.diff
___
Python tracker
Changes by Terry J. Reedy tjre...@udel.edu:
--
title: IDLE: PEP8 Style Check Integration - IDLE: Integrate external code
analysis tools
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18704
Eric Snow added the comment:
LGTM
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
___
Python-bugs-list mailing list
Unsubscribe:
R. David Murray added the comment:
json is only designed to serialize standard data types out of the box.
Anything else is an extension. I presume you are asking for this because a
deque looks more-or-less like a list. I'm not sure that's reason enough, but
we'll see what others think.
Changes by Giampaolo Rodola' g.rod...@gmail.com:
--
nosy: +giampaolo.rodola
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20246
___
___
New submission from Carlos Ferreira:
PyArg_ParseTupleAndKeywords is not respecting the format string sy*ss
When using the format sbss with the following valid arguments
enp0s8, 0, 08:00:27:da:b3:47, 08:00:27:11:22:33
there is no error and the function succeeds in parsing the arguments.
But
Carlos Ferreira added the comment:
(Please ignore the previous post)
PyArg_ParseTupleAndKeywords is not respecting the format string sy*ss
When using the format sbss with the following valid arguments
enp0s8, 0, 08:00:27:da:b3:47, 08:00:27:11:22:33
there is no error and the function succeeds
Sworddragon added the comment:
It sounds like me that del dir_list does only delete the copied list while
del dir_list[:] accesses the reference and deletes this list. If I'm not
wrong with this assumption I think you was meaning dir_list instead of root_dir
in your post.
But thanks for the
Ned Deily added the comment:
Yes, I did indeed mean dir_list, not root_dir. Sorry for the confusion.
One point: there is no copied list. del dir_list merely deletes the
binding between the name dir_list and the list object returned by os.walk;
the list object itself is unaltered but can no
Changes by Ned Deily n...@acm.org:
--
nosy: +sbt
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20775
___
___
Python-bugs-list mailing list
Tim Peters added the comment:
This is expected. global has only to do with the visibility of a name within
a module; it has nothing to do with visibility of mutations across processes.
On a Linux-y system, executing Pool(3) creates 3 child processes, each of which
sees a read-only *copy* of
Naftali Harris added the comment:
Oh, ok, that makes a lot of sense. Thanks for the clear and patient
explanation, Tim! Sorry to have bothered the Python bug tracker with this.
--Naftali
--
resolution: - invalid
status: open - closed
___
Python
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20763
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20776
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20767
___
Pavel Kazakov added the comment:
(Alternatively, we could redefine squares in Python. All other languages
just have the regular squares; Python has a super *extra* square 2! That
clearly makes squares in Python *better* than squares in other languages...)
Heh. I initially wasn't sure if
paul j3 added the comment:
The addition of a simple decorator to the 'ArgumentParser' class, would
simplify registering the tests:
def crosstest(self, func):
# decorator to facilitate adding these functions
name = func.__name__
self.register('cross_tests', name,
96 matches
Mail list logo