[Python-Dev] Re: Need help on security vulnerability zlib 1.2.11

The pyinstaller docs https://pyinstaller.org/en/stable/ refer to the google group pyinstal...@googlegroups.com or you can try their issue tracker https://github.com/pyinstaller/pyinstaller/issues ___ Python-Dev mailing list -- python-dev@python.org To

[Python-Dev] Re: Need help on security vulnerability zlib 1.2.11

> On 19 Apr 2022, at 23:07, Prasad, PCRaghavendra > wrote: > > Hi All, > > We are facing some issue with the zlib package 1.2.11. Recently there was a > vulnerability in zlib and we had to upgrade to 1.2.12 on all supported > platforms > We did that in all platforms including windows, pyth

[Python-Dev] Re: Need Help

> On 25 Feb 2022, at 21:47, Prasad, PCRaghavendra > wrote: > >  > Hi Scott, Scott is my family name. > > Thanks for the reply > > Are you asking how to link python to an external libexpat instead of the > vendor expat inside python? > > >> yes, we have done for some of the external l

[Python-Dev] Re: Need Help

The embedded copy of expat was recently upgraded to 2.4.6 in https://bugs.python.org/issue46794 including on the 3.9 branch. That will wind up in 3.9.11 per https://www.python.org/dev/peps/pep-0596/. If you are using 3.9.5 you may also have a host of other potential security issues that updating

[Python-Dev] Re: Need Help

Hi Scott, Thanks for the reply Are you asking how to link python to an external libexpat instead of the vendor expat inside python? >> yes, we have done for some of the external libs like OpenSSL, bzip2 but >> libexpat was an internal module to python so how to link to the latest expat >> lib

[Python-Dev] Re: Need Help

> On 25 Feb 2022, at 12:58, Prasad, PCRaghavendra > wrote: > > Hi All, > > we are using the python 3.9.5 version in our application. > > In 3.9.5 it is using libexpat 2.2.8 version, as part of the Black duck scan, > it is showing critical vulnerabilities in libexpat 2.2.8. > > (CVE-2022-

[Python-Dev] Re: Need help to debug a ssl crash on Windows which prevents merging PRs

Well done Victor! This stuff is way over my head, but rest assured that humble Python programmers like me appreciate all the effort put in from guys like you into improving Python. Rob Cliffe On 01/06/2021 23:14, Victor Stinner wrote: On Fri, May 28, 2021 at 6:40 PM Victor Stinner wrote: In

[Python-Dev] Re: Need help to debug a ssl crash on Windows which prevents merging PRs

On Fri, May 28, 2021 at 6:40 PM Victor Stinner wrote: > In the 3.10 branch, it became really hard to merge PRs because the > following ssl crashs on Windows: > https://bugs.python.org/issue44252 Update on this bug which blocked the Python 3.10 beta 2 release. It's now fully fixed! It was a simpl

[Python-Dev] Re: Need help to fix known Python security vulnerabilities

On 08/03/2021 22.02, Victor Stinner wrote: Thanks Victor! > == XML == > > Python XML parsers have at least two known vulnerabilities: "billion > laughs" and "quadratic blowup" which are documented: > https://docs.python.org/dev/library/xml.html#xml-vulnerabilities > > The third party defusedxml

[Python-Dev] Re: Need help with python

Greetings, Please post to this list instead: https://mail.python.org/mailman/listinfo/python-list Really helpful folks over there! Kind Regards, Abdur-Rahmaan Janhangeer about | blog github

[Python-Dev] Re: Need help with python

This mailing list is for the development _of_ the Python language and its CPython implementation. Please consult other resources for help with using or learning Python. On 01.01.2021 11:58, hadi esmaeely wrote: hi my name is hadi i'm from iran (the country which filtering others and  be filter

[Python-Dev] Re: Need help with test_ctypes failing on Windows (test_load_dll_with_flags)

Thanks Steve for the solution and Kyle for confirming it wasn't me! After the latest merge from master my PR's tests all pass, so I'm happy. On Tue, Apr 7, 2020 at 3:33 AM Steve Dower wrote: > FWIW, this test is meant to verify that the old, unsafe DLL load logic > still works. > > I suspect wha

[Python-Dev] Re: Need help with test_ctypes failing on Windows (test_load_dll_with_flags)

FWIW, this test is meant to verify that the old, unsafe DLL load logic still works. I suspect what has happened here is that a new VM image has been rolled out and another app has installed an incompatible _sqlite3.dll on PATH (most likely another copy of Python :) ), thereby proving why the o

[Python-Dev] Re: Need help with test_ctypes failing on Windows (test_load_dll_with_flags)

Looking over the commit history for the PR ( https://github.com/python/cpython/pull/18239/commits), it looks like that specific Azure Pipelines failure did not start occurring until upstream/master was merged into the PR branch ( https://github.com/python/cpython/pull/18239/commits/13d3742fd897e1ea

[Python-Dev] Re: Need help with test_ctypes failing on Windows (test_load_dll_with_flags)

Hm, looking over the diff from a different perspective I think I have changed a few `__class_getitem__` methods that I shouldn't have. I'll see if that fixes it later tonight. On Mon, Apr 6, 2020 at 7:23 PM Ethan Smith wrote: > (Trusty assistant reporting in) I should also note that further up t

[Python-Dev] Re: Need help with test_ctypes failing on Windows (test_load_dll_with_flags)

(Trusty assistant reporting in) I should also note that further up the output there is a FileNotFoundError for sqlite3.dll, perhaps it isn't built or is in the wrong place? Ethan On Mon, Apr 6, 2020, 7:19 PM Guido van Rossum wrote: > I have a large PR (https://github.com/python/cpython/pull/18

[Python-Dev] Re: Need help to fix test_asyncio issues

> Recently, I started to experiment "./python -m test [options] -F -j100" to attempt to reproduce some tricky race conditions: -j100 spawns 100 worker processes in parallel and -F stands for --forever (run tests in loop and stop at the first failure). Interesting, even as someone who has recently