[Python-Dev] RE 25939 - _ssl.enum_certificates broken on Windows

2016-02-17 Thread Dave Hirschfeld
I've run into issue 25939 (https://bugs.python.org/issue25939) when trying to deploy a python webapp with IIS on Windows. This issue is preventing us from deploying the app to production as the workaround AFAICT requires running the app under an admin account. Apologies if this is an

Re: [Python-Dev] When does `PyType_Type.tp_alloc get assigned to PyType_GenericAlloc ?

2016-02-17 Thread Randy Eels
On Sun, Feb 7, 2016 at 8:45 PM, Guido van Rossum wrote: > I think it's probably line 2649 in typeobject.c, in type_new(): > > type->tp_alloc = PyType_GenericAlloc; I pondered it but it doesn't seem to be that. Isn't `type_new` called *after* PyType_Type.tp_alloc has been

Re: [Python-Dev] Buffer overflow bug in GNU C's getaddrinfo()

2016-02-17 Thread Gregory P. Smith
On Wed, Feb 17, 2016 at 12:12 PM Andrew Barnert via Python-Dev < python-dev@python.org> wrote: > On Feb 17, 2016, at 10:44, MRAB wrote: > > > > Is this something that we need to worry about? > > > > Extremely severe bug leaves dizzying number of software and devices >

Re: [Python-Dev] Buffer overflow bug in GNU C's getaddrinfo()

2016-02-17 Thread Guido van Rossum
Does python.org serve any Python binaries that are statically linked with a vulnerable glibc? That seems to be the question. If not, it's up to the downstream distributions. On Wed, Feb 17, 2016 at 12:09 PM, Andrew Barnert via Python-Dev wrote: > On Feb 17, 2016, at 10:44,

Re: [Python-Dev] Buffer overflow bug in GNU C's getaddrinfo()

2016-02-17 Thread Andrew Barnert via Python-Dev
On Feb 17, 2016, at 10:44, MRAB wrote: > > Is this something that we need to worry about? > > Extremely severe bug leaves dizzying number of software and devices vulnerable >

[Python-Dev] Buffer overflow bug in GNU C's getaddrinfo()

2016-02-17 Thread MRAB
Is this something that we need to worry about? Extremely severe bug leaves dizzying number of software and devices vulnerable http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/ ___

Re: [Python-Dev] Disabling changing sys.argv[0] with runpy.run_module(...alter_sys=True)

2016-02-17 Thread Brett Cannon
On Tue, 16 Feb 2016 at 20:59 Mike Kaplinskiy wrote: > Hey folks, > > I hope this is the right list for this sort of thing (python-ideas seemed > more far-fetched). > > For some context: there is currently a issue with pex that causes > sys.modules lookups to stop

Re: [Python-Dev] Disabling changing sys.argv[0] with runpy.run_module(...alter_sys=True)

2016-02-17 Thread Mike Kaplinskiy
On Tue, Feb 16, 2016 at 9:42 PM, Gregory P. Smith wrote: > > On Tue, Feb 16, 2016 at 9:00 PM Mike Kaplinskiy > wrote: > >> Hey folks, >> >> I hope this is the right list for this sort of thing (python-ideas seemed >> more far-fetched). >> >> For some

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Christoph Groth
Steven D'Aprano wrote: > On Tue, Feb 16, 2016 at 11:56:55AM -0800, Glenn Linderman wrote: >> On 2/16/2016 1:48 AM, Christoph Groth wrote: >> >Recent Python versions randomize the hashes of str, bytes and datetime >> >objects. I suppose that the choice of these three types is the result >> >of a

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Larry Hastings
On 02/17/2016 08:49 AM, Chris Angelico wrote: On Thu, Feb 18, 2016 at 12:29 AM, Larry Hastings wrote: int objects have their own hash algorithm, built in to long_hash() in Objects/longobject.c. The hash of an int is the value of the int, unless it's -1 or doesn't fit

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Chris Angelico
On Thu, Feb 18, 2016 at 12:29 AM, Larry Hastings wrote: > int objects have their own hash algorithm, built in to long_hash() in > Objects/longobject.c. The hash of an int is the value of the int, unless > it's -1 or doesn't fit into the native type. Can someone elaborate on

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Stephen J. Turnbull
Christoph Groth writes: > Stephen J. Turnbull wrote: > > Yes. There's only one hash function used, which operates on byte > > streams IIRC. That function now has a random offset. The details of > > hashing each type are in the serializations to byte streams. > > Could you please

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Larry Hastings
On 02/16/2016 09:22 PM, Stephen J. Turnbull wrote: Glenn Linderman writes: > I think hashes of all types have been randomized, not _just_ the list > you mentioned. Yes. There's only one hash function used, which operates on byte streams IIRC. That function now has a random offset. The

Re: [Python-Dev] Wordcode v2

2016-02-17 Thread Antoine Pitrou
Demur Rumed gmail.com> writes: > I've personally benchmarked this fork with positive results. I'm skeptical of claims like this. What did you benchmark exactly, and with which results? I don't think changing the opcode encoding per se will bring any large benefit... Regards Antoine.

Re: [Python-Dev] Hash randomization for which types?

2016-02-17 Thread Christoph Groth
Stephen J. Turnbull wrote: > Glenn Linderman writes: > > > I think hashes of all types have been randomized, not _just_ the list > > you mentioned. > > Yes. There's only one hash function used, which operates on byte > streams IIRC. That function now has a random offset. The details of >