[issue15061] hmac.secure_compare() leaks information about length of strings

Hynek Schlawack added the comment: >> Why not write a C function which can be more secure than Python code? > For Unicode strings, it's impossible to write a time-independent > comparison function even in C Really? Some comments sounded different. That's too bad but also what I suspected in th

[issue1470548] Bugfix for #1470540 (XMLGenerator cannot output UTF-16)

Serhiy Storchaka added the comment: The patch updated to reflect Martin's comments. I hope the old behavior now preserved in the most used in practice cases. Tests converted to work with bytes instead of strings. -- Added file: http://bugs.python.org/file26011/XMLGenerator-2.patch __

[issue14035] behavior of test.support.import_fresh_module

Changes by Nick Coghlan : -- status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: Can people please stop raising a false dichotomy and using that as an excuse not to do anything? The decision is not between "leak some information" and "leak no information". It is between "leak more information" and "leak less information". The timing variat

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > Well, one example: > https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py It says that it needs that, but I fail to understand why. pbkdf2 is used to generate encryption keys from passwords, where you don't need to compare strings at all. Instea

[issue15074] Strange behaviour of python cmd module. (Ignores slash)

New submission from jsevilleja : I've used the code from here: http://stackoverflow.com/questions/5637124/tab-completion-in-pythons-raw-input/5638688#5638688 and it works. But I've used the same code in a class which inherits from cmd.Cmd, and the code doesn't works. Doing tests, I've noticed

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: To repeat, the specific feature being proposed for retention is: * a function called hmac.total_compare() that is clearly documented as being still vulnerable to timing analysis given a sufficiently sophisticated attacker, while still being more resistant to su

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > The timing variations with standard comparison are relatively massive > and relatively easy to analyse (if the time taken goes up, you got > the previous digit correct). If you have an application that is vulnerable to such an attack, you better reconsider y

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > To repeat, the specific feature being proposed for retention is: To repeat, no use case has been demonstrated for that function. It has been added because it was fun to write, not because it is useful. -- ___ Pyt

[issue15061] hmac.secure_compare() leaks information about length of strings

Maciej Fijalkowski added the comment: On Fri, Jun 15, 2012 at 9:41 AM, Nick Coghlan wrote: > > Nick Coghlan added the comment: > > To repeat, the specific feature being proposed for retention is: > > * a function called hmac.total_compare() that is clearly documented as > being still vulnerabl

[issue15061] hmac.secure_compare() leaks information about length of strings

Maciej Fijalkowski added the comment: On Fri, Jun 15, 2012 at 9:47 AM, Martin v. Löwis wrote: > > Martin v. Löwis added the comment: > > > To repeat, the specific feature being proposed for retention is: > > To repeat, no use case has been demonstrated for that function. It > has been added be

[issue15061] hmac.secure_compare() leaks information about length of strings

Hynek Schlawack added the comment: >> and any other place that compares passwords, tokens, … > > No no no. Any sensible place to compare passwords would use some > sort of one-way function (password hash) before the comparison, > so that someone breaking into the machine will not gain the clear

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: I'm not really opposed to writing it in C - I just don't think rewriting it in C should be a requirement for keeping it. Even in pure Python, it still leaks less information than the standard comparison operator. --

[issue15061] hmac.secure_compare() leaks information about length of strings

Maciej Fijalkowski added the comment: On Fri, Jun 15, 2012 at 9:55 AM, Hynek Schlawack wrote: > > Hynek Schlawack added the comment: > > >> and any other place that compares passwords, tokens, … > > > > No no no. Any sensible place to compare passwords would use some > > sort of one-way functi

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > Is comparing passwords against a secure one not useful? I claim that this use case doesn't occur in practice. Everybody uses hashed passwords. If they do compare against a plain-text password, and they want to change something about it, they should switch to

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: This point was discussed in #14532 when the new API was added. >From http://bugs.python.org/issue14532#msg158045: """Given that this issue has affected a lot of security-sensitive third-party code (keyczar, openid providers, almost every python web service that

[issue14991] Option for regex groupdict() to show only matching names

Changes by Ezio Melotti : -- components: +Regular Expressions nosy: +ezio.melotti, mrabarnett stage: -> needs patch ___ Python tracker ___ __

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > I see your point that adding such a function would leverage bad > security behavior and thus may be a bad thing. The usefulness of such > a function to some(?) people is IMHO not disputable though. I think this entire issue is out of scale. There is really b

[issue15007] Unittest CLI does not support test packages very well

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue15019] String termination on Linux

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue15034] tutorial should use best practices in user defined exceptions section

Changes by Ezio Melotti : -- nosy: +ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.py

[issue14998] pprint._safe_key is not always safe enough

Changes by Ezio Melotti : -- nosy: +ezio.melotti stage: needs patch -> patch review ___ Python tracker ___ ___ Python-bugs-list mailin

[issue15009] urlsplit can't round-trip relative-host urls.

Changes by Ezio Melotti : -- nosy: +ezio.melotti stage: -> needs patch type: -> behavior versions: +Python 3.3 -Python 2.6 ___ Python tracker ___ __

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > Note that this does not relief you from using a time-independent comparison > function. If you call some hash function (which time is known to the > attacker), then you compare it against a stored hashed version. If you use > a normal compare you're leaking t

[issue15061] hmac.secure_compare() leaks information about length of strings

Maciej Fijalkowski added the comment: On Fri, Jun 15, 2012 at 10:09 AM, Martin v. Löwis wrote: > > Martin v. Löwis added the comment: > > > Note that this does not relief you from using a time-independent > comparison > > function. If you call some hash function (which time is known to the > >

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > For password hashing, the attacker is unlikely to be able to provide > the digest directly, but for signature checking it's far more likely > to be the case. Can you elaborate? What is the application, where is the digest checking, and what is the threat? -

[issue11600] PY_CFLAGS and PY_CPPFLAGS inconsistent

Serhiy Storchaka added the comment: PY_CFLAGS (C compiler flags) always used with PY_CPPFLAGS (C preprocessor flags). The include directories need for #include, so it is logical that PY_CPPFLAGS did contain them. This may be useful if you use C preprocessor without C compiler. I don't think t

[issue15075] XincludeTest failure in test_xml_etree

New submission from Eli Bendersky : The XincludeTest test-case in test_xml_etree is now skipped, because it fails in an intermittent manner. I can reproduce the failure when running full regrtest with -j1, but not -j8, and not when run individually. The failure is most likely due to the test i

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > Martin, you fail to understand how this works. You don't do 2**32 tries to > leak the 4 charaters, you need 4 * 256, that's why this attack is so bad, > because the time needed for the next character is brute force, but then you > can move on to the next one.

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: That's why the vulnerable cases are far more likely to be related to *signature* checking. In those you can generally provide both the hash input (the message) and the hash target (the purported "signature"). If the signature check uses a time-dependent compari

[issue15075] XincludeTest failure in test_xml_etree

Changes by Nick Coghlan : -- nosy: +ncoghlan ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python

[issue15061] hmac.secure_compare() leaks information about length of strings

Petri Lehtinen added the comment: For example, Django uses time independent comparison to compare signatures of signed cookies. A signed cookie consists of a plain-text value followed by a signature. An attacker wants to construct a cookie that has a malformed value and a valid signature for

[issue15073] commands.getoutput() is broken

Amaury Forgeot d'Arc added the comment: The documentation http://docs.python.org/library/commands.html prominently says "Platforms: Unix". This module does not work on Windows. You should really use the subprocess module: >>> import subprocess >>> output = subprocess.check_output("dir", shell=T

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: FWIW, Petri's example also explains why leaking the expected length of the string is considered an acceptable optimisation in most reimplementations of this signature check comparison: the attacker is assumed to already know the expected length of the signature

[issue12508] Codecs Anomaly

Changes by Serhiy Storchaka : -- versions: +Python 2.7, Python 3.3 Added file: http://bugs.python.org/file26013/fffd-2.py ___ Python tracker ___ _

[issue1598083] Top-level exception handler writes to stdout unsafely

Serhiy Storchaka added the comment: It looks like another reason to replace codecs.open on io.open. -- nosy: +storchaka ___ Python tracker ___

[issue15061] hmac.secure_compare() leaks information about length of strings

Martin v. Löwis added the comment: > That's why the vulnerable cases are far more likely to be related to > *signature* checking. In those you can generally provide both the > hash input (the message) and the hash target (the purported > "signature"). I see. I wonder how feasible this attack is

[issue5067] Error msg from using wrong quotes in JSON is unhelpful

Serhiy Storchaka added the comment: Patch adapted for Python 3.3. Consistently changed messages in C code, docs and docstrings. -- components: +Documentation nosy: +storchaka versions: +Python 2.7, Python 3.2, Python 3.3 -Python 2.6 Added file: http://bugs.python.org/file26014/json-mes

[issue15061] hmac.secure_compare() leaks information about length of strings

Changes by Armin Rigo : -- nosy: -arigo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org

[issue15076] Sometimes couldn't import os, shown 'import site' failed, use -v for trackback

New submission from Leon Zhang : Hello Experts, I am using Python 2.6.2 on a Linux machine. I found sometimes I have problem to run my simple python script. > Linux version and Python version < leonz@fxcsgbu2c1% uname -a SunOS fxcsgbu2c1 5.8 Generic_117350-06 sun4u sparc SUNW,U

[issue15061] hmac.secure_compare() leaks information about length of strings

Christian Heimes added the comment: Oh dead god, what have I done ... I threw a small stone and caused a major landslide. :) I'm all with Nick on this topic. A correctly named and documented function provides a tool to users that greatly reduced the change of a side channel attack. It's all

[issue15075] XincludeTest failure in test_xml_etree

Eli Bendersky added the comment: After some tinkering I found which test when run before test_xml_etree causes it to crash: $ ./python -m test.regrtest test___all__ test_xml_etree [1/2] test___all__ [2/2] test_xml_etree Fatal Python error: Segmentation fault Current thread 0x7f771ecec700:

[issue15061] hmac.secure_compare() leaks information about length of strings

Antoine Pitrou added the comment: > I could wrap up a quick C implementation if you like. The operator > module is a better place for a total_compare() function. Do you a > agree? I think the function is fine in either hashlib or hmac. Putting it in one of these modules is a hint that it's secu

[issue15077] Regexp match goes into infinite loop

New submission from Moriyoshi Koizumi : A peculiar pair of a regexp and a target string causes the runtime into an infinite loop. The same expression works with Perl. -- components: Regular Expressions files: x.py messages: 162883 nosy: ezio.melotti, moriyoshi, mrabarnett priority: nor

[issue15075] XincludeTest failure in test_xml_etree

Eli Bendersky added the comment: As suspected, the cause is that xinclude_loader manages to somehow import the C version of ET, although test_xml_etree tries to enforce the Python version. This is probably because test___all__ imports all modules and leaves stuff in the import cache. What ca

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: As a first step, I'm going to make a change to: 1. Rename the function to "compare_digest" 2. Remove the support for comparing strings 3. Update the documentation to be much clearer about its limitations (including why it's considered OK to leak the expected len

[issue15078] Change os.sendfile so its arguments are stable

New submission from Larry Hastings : As I keep saying on python-dev: I think that the argument list for a function should be stable. If you have a function where some abilities are only available on certain platforms, it's best to always accept default no-op parameters for those parameters, r

[issue14423] Getting the starting date of iso week from a week number and a year.

Erik Cederstrand added the comment: I would like to point out that http://bugs.python.org/issue12006 provides a solution (including patches) based on %G%, V and %u directives for use in strptime()/strftime(). These directives are defined in (FreeBSD) libc, and PHP has them, too. I think the

[issue15061] hmac.secure_compare() leaks information about length of strings

Roundup Robot added the comment: New changeset f36af3766a20 by Nick Coghlan in branch 'default': Issue #15061: Don't oversell the capabilities of the new non-shortcircuiting comparison function in hmac http://hg.python.org/cpython/rev/f36af3766a20 -- nosy: +python-dev

[issue14955] hmac.secure_compare() is not time-independent for unicode strings

Nick Coghlan added the comment: As a result of the discussions on #15061, I removed unicode comparison support altogether in f36af3766a20 (updating the warning on the hexdigest() method accordingly). Are folks happy to close this issue on that basis? (I'll raise the question of a separate C

[issue15036] mailbox.mbox fails to pop two items in a row, flushing in between

Petri Lehtinen added the comment: As I suspected, all single-file mailboxes(mbox, MMDF, Babyl) have this issue. Attached a patch with tests. -- keywords: +patch Added file: http://bugs.python.org/file26017/issue15036.patch ___ Python tracker

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: OK, the worst aspects (the misleading name and documentation) have been dealt with, so that leaves the questions of: 1. Avoiding leaking the length information (seems unnecessary, since most digests are part of protocols where they have a known, published lengt

[issue15061] hmac.secure_compare() leaks information about length of strings

Antoine Pitrou added the comment: > 2. Providing a C implementation via the operator module (given the > restriction to bytes values, and the assumption of caching for all > relevant integers, would a C reimplementation really be buying us much > additional security?) I like the fact that a C i

[issue15061] hmac.secure_compare() leaks information about length of strings

Christian Heimes added the comment: Am 15.06.2012 14:21, schrieb Antoine Pitrou: > I like the fact that a C implementation can be audited much more easily. > Who knows what kind of effects the Python implementation can trigger, if > some optimizations get added in the future. Secondly we can pr

[issue15073] commands.getoutput() does not work on windows

R. David Murray added the comment: Hmm. Maybe issue 10197 should be reclassified as an enhancement... -- nosy: +r.david.murray resolution: wont fix -> duplicate superseder: -> subprocess.getoutput fails on win32 title: commands.getoutput() is broken -> commands.getoutput() does not wo

[issue15061] hmac.secure_compare() leaks information about length of strings

Antoine Pitrou added the comment: > > The point of supporting unicode would precisely be to avoid a > > unicode->bytes conversion when unicode strings are received. > > A byte-wise comparison of the memory representation would work IFF both > sides have the same type and unicode kind. Anything

[issue15077] Regexp match goes into infinite loop

Serhiy Storchaka added the comment: This is not infinite loop. This is O(2**len(prefix_before_first_quote)) computation. Measure times of matching for "INSER(`id`...", "INSERT(`id`...", "INSERT (`id`...", "INSERT I(`id`...", etc. Better use r'''(?:[^`';]+|'(?:''|[^'])*'|`(?:``|[^`])*`)+;''' r

[issue15078] Change os.sendfile so its arguments are stable

Changes by Antoine Pitrou : -- nosy: +giampaolo.rodola, neologix ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue15073] commands.getoutput() does not work on windows

Pavel Fedin added the comment: I see it's deprecated and dropped, but anyway, why not to fix it to work on Windows? From 10197 i see the fix is quite simple, and there is lots of legacy code i believe. -- ___ Python tracker

[issue15074] Strange behaviour of python cmd module. (Ignores slash)

Peter Otten <__pete...@web.de> added the comment: Not a python bug. You are ommitting an important detail of the stackoverflow example in your code: # we want to treat '/' as part of a word, so override the delimiters readline.set_completer_delims(' \t\n;') Please turn to the Python mailing li

[issue15061] hmac.secure_compare() leaks information about length of strings

Nick Coghlan added the comment: (Ah, the dangers of using a real text editor for edit fields. This got rather long, but I think it's all still relevant) I'm persuaded that a C implementation is a good idea in the long run. However, I *don't* think we should rush the design of it. It doesn't s

[issue15078] Change os.sendfile so its arguments are stable

Serhiy Storchaka added the comment: I believe, that instead of a integer flags will be better and more portable to use boolean parameters (diskio=True, wait=True, sync=False). All additional parameters should be keyword-only. os.sendfile(out, in, offset, nbytes, *, headers=None, trailers=None

[issue15052] Outdated comments in build_ssl.py

Jeremy Kloth added the comment: I would suggest trying to build OpenSSL (build_ssl.py) *without* Perl installed. On Windows (7,64-bit at least) a dialog box pops up many times asking which program to use to run XXX.pl. This is using the externals from svn.python.org. -- nosy: +jeremy.

[issue15019] String termination on Linux

Amaury Forgeot d'Arc added the comment: Jānis: > Prints "11 This is not what I get on Linux: I see "11 Hithere:)" because the console chooses to not print the \x00. The character is present in the output stream though. Did you really got a truncated output? How did you run the above script

[issue15068] fileinput requires two EOF when reading stdin

Joey Geralnik added the comment: First off, I'm a complete noob looking at the python source code for the first time so forgive me if I've done something wrong. What if the length of the chunk is checked as well? The following code works fine: import sys while True: chunk = sys.stdin.rea

[issue15066] make install error: ImportError: No module named _struct

suzhengchun added the comment: Thank for your attention. I try it: suzc@linux-opensuse:22:02:51:Python-2.7.3$ PYTHONPATH=/WORK/suzc/installed/python/lib/python2.7 ./python -c 'import sys; print(sys.path)' ['', '/WORK/suzc/installed/python/lib/python2.7', '/WORK/suzc/installed/python/lib/pyth

[issue15068] fileinput requires two EOF when reading stdin

Serhiy Storchaka added the comment: > The patch I've attached checks if the number of bytes read from the file is > less than the size of the buffer (which means that the file has ended). >From io.RawIOBase.read docs: """ Read up to n bytes from the object and return them. As a convenience,

[issue15068] fileinput requires two EOF when reading stdin

Joey Geralnik added the comment: But this is calling the readlines function, which continually reads from the file until more bytes have been read than the specified argument. >From bz2.readlines: "size can be specified to control the number of lines read: no further lines will be read once t

[issue15068] fileinput requires two EOF when reading stdin

Joey Geralnik added the comment: Forget other filelike objects. The FileInput class only works with actual files, so the readlines function should always return at least as many bytes as its first parameter. Is this assumption wrong? -- ___ Python

[issue15068] fileinput requires two EOF when reading stdin

R. David Murray added the comment: fileinput should work (for some definition of work) for anything that can be opened by name using the open syscall on unix. That includes many more things than files. Named pipes are a particularly interesting example in this context. -- _

[issue15068] fileinput requires two EOF when reading stdin

R. David Murray added the comment: So the real question is: does readlines block until the byte count is satisified? It might, but the docs for io.IOBase.readlines leave open the possibility that fewer lines will be read, and do not limit that to the EOF case. It's not clear, however, if th

[issue15068] fileinput requires two EOF when reading stdin

R. David Murray added the comment: The _pyio.py version of readlines does read until the count is equaled or exceeded. This could, however, be an implementation detail and not part of the spec. -- ___ Python tracker

[issue15068] fileinput requires two EOF when reading stdin

Antoine Pitrou added the comment: Le vendredi 15 juin 2012 à 14:41 +, Serhiy Storchaka a écrit : > >From io.RawIOBase.read docs: > > """ > Read up to n bytes from the object and return them. As a convenience, if > n is unspecified or -1, readall() is called. Otherwise, only one system > cal

[issue15068] fileinput requires two EOF when reading stdin

Serhiy Storchaka added the comment: > Forget other filelike objects. The FileInput class only works with actual > files, No. sys.stdin can be reassigned before using FileInput. And FileInput has openhook parameter (for read compressed files or get files from Web, for example). > so the readl

[issue15068] fileinput requires two EOF when reading stdin

Antoine Pitrou added the comment: > > so the readlines function should always return at least as many bytes as > > its first parameter. Is this assumption wrong? > > qwert > 'qwert\n' > > You type five characters "qwert" end press . Python immediately > receives these six characters, and ret

[issue15061] hmac.secure_compare() leaks information about length of strings

Antoine Pitrou added the comment: > Secondly, it seems to me that the proposed lower level feature may > make more sense as a bytes method rather than as a function in the > operator module. If it's a function, though, it can compare all kinds of buffer-like objects (bytearrays, memoryviews, et

[issue14955] hmac.secure_compare() is not time-independent for unicode strings

Jon Oberheide added the comment: Sounds good to me, Nick. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue15064] multiprocessing should use more context manager

Changes by Tshepang Lekhonkhobe : -- nosy: +tshepang ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mai

[issue15068] fileinput requires two EOF when reading stdin

Serhiy Storchaka added the comment: > But sys.stdin does not implement RawIOBase, it implements TextIOBase. sys.stdin.buffer.raw implements RawIOBase. -- ___ Python tracker ___

[issue15068] fileinput requires two EOF when reading stdin

Serhiy Storchaka added the comment: > > > > qwert > > 'qwert\n' Oh, it seems that the mail server again ate some lines of my examples. > Well, did you try readline() or readlines()? Yes, it's my mistake, I used readline(). -- ___ Python tracker

[issue14904] test_unicode_repr_oflw (in test_bigmem) crashes

Roundup Robot added the comment: New changeset 1c9635109079 by Antoine Pitrou in branch '2.7': Skip test_bigmem.test_unicode_repr_oflw, since it crashes (issue #14904). http://hg.python.org/cpython/rev/1c9635109079 -- nosy: +python-dev ___ Python tra

[issue15079] pickle: Possibly misplaced test

New submission from Stefan M : After issue7455 was fixed, a test was created to reflect the fix (Lib/test/pickletester.py @ AbstractPickleModuleTests.test_bad_input). The test makes sure that an UnpicklingError is raised whenever pickled data attempts to pop on an empty stack. Although tests o

[issue15068] fileinput requires two EOF when reading stdin

Antoine Pitrou added the comment: > Oh, it seems that the mail server again ate some lines of my examples. This is a bug in the e-mail gateway. You can lobby for a fix at http://psf.upfronthosting.co.za/roundup/meta/issue264 -- ___ Python tracker <

[issue15079] pickle: Possibly misplaced test

R. David Murray added the comment: It would be best to have the pickle tests always run against both the C and python code. We do this for other modules that have C versions of some or all of the Python code. And yes, making the two consistent is also good. Since pickle is generally not us

[issue14933] Misleading documentation about weakrefs

Roundup Robot added the comment: New changeset 69177ff1a643 by Antoine Pitrou in branch '3.2': Issue #14933: fix misleading doc about weakref support in extension types. http://hg.python.org/cpython/rev/69177ff1a643 New changeset b17c8005e08a by Antoine Pitrou in branch 'default': Issue #14933:

[issue14933] Misleading documentation about weakrefs

Changes by Antoine Pitrou : -- resolution: -> fixed stage: -> committed/rejected status: open -> closed ___ Python tracker ___ ___ P

[issue14059] Implement multiprocessing.Barrier

Roundup Robot added the comment: New changeset 2d2f206d040e by Richard Oudkerk in branch 'default': Issue #14059: Implement multiprocessing.Barrier http://hg.python.org/cpython/rev/2d2f206d040e -- nosy: +python-dev ___ Python tracker

[issue15026] Faster UTF-16 encoding

Antoine Pitrou added the comment: Serhiy, the tests crash here in debug mode: $ ./python -m test -v test_unicode == CPython 3.3.0a4+ (default:b17c8005e08a+, Jun 15 2012, 19:28:56) [GCC 4.5.2] == Linux-2.6.38.8-desktop-10.mga-x86_64-with-mandrake-1-Official little-endian == /home/antoine/cpy

[issue14874] Faster charmap decoding

Changes by Antoine Pitrou : -- stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://m

[issue15075] XincludeTest failure in test_xml_etree

Eli Bendersky added the comment: Here is a patch that solves the current problem. A longer term solution would be to have a cleaner test plan for ET in general, without monkey-patching at all, and without state that causes test-order dependencies. -- keywords: +patch Added file: http

[issue15036] mailbox.mbox fails to pop two items in a row, flushing in between

Roundup Robot added the comment: New changeset 0add70dd3c43 by Petri Lehtinen in branch '2.7': #15036: Make a repeated changes and flushes work with single-file mailboxes http://hg.python.org/cpython/rev/0add70dd3c43 New changeset 714b8f91f3d4 by Petri Lehtinen in branch '3.2': #15036: Make a r

[issue15008] PEP 362 "Signature Objects" reference implementation

Yury Selivanov added the comment: Attaching the new version of the patch. Summary: 1. 'is_*' family was replaced with 'Parameter.kind' 2. 'signature()' function was updated to check for '__wrapped__' attribute in all callables 3. 'is_implemented' -> 'implemented' 4. Added support for POSITION

[issue15036] mailbox.mbox fails to pop two items in a row, flushing in between

Changes by Petri Lehtinen : -- resolution: -> fixed stage: needs patch -> committed/rejected status: open -> closed ___ Python tracker ___ __

[issue15036] mailbox.mbox fails to pop two items in a row, flushing in between

R. David Murray added the comment: The news item isn't completely clear. It sounds like the mailbox is now automatically being flushed between pops, but what you really fixed is popping if the *application* does a flush between them, right? -- ___

[issue15074] Strange behaviour of python cmd module. (Ignores slash)

Changes by Ned Deily : -- resolution: -> invalid status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue15079] pickle: Possibly misplaced test

Changes by Collin Winter : -- nosy: -collinwinter ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.

[issue15026] Faster UTF-16 encoding

Serhiy Storchaka added the comment: > Serhiy, the tests crash here in debug mode: My fault. It's operator precedence issue in the assert expression. Gcc warns about it: Objects/unicodeobject.c: In function ‘_PyUnicode_EncodeUTF16’: Objects/unicodeobject.c:5401: warning: suggest parentheses aro

[issue15026] Faster UTF-16 encoding

Roundup Robot added the comment: New changeset acca141fda80 by Antoine Pitrou in branch 'default': Issue #15026: utf-16 encoding is now significantly faster (up to 10x). http://hg.python.org/cpython/rev/acca141fda80 -- nosy: +python-dev ___ Python tr

[issue15026] Faster UTF-16 encoding

Antoine Pitrou added the comment: Thank you for the quick turnaround! The patch is now pushed in 3.3. -- resolution: -> fixed stage: -> committed/rejected status: open -> closed ___ Python tracker __

[issue15080] Cookie library doesn't parse date properly

New submission from Jeremy Gillick : The cookie library doesn't seem to support the standard date format (RFC 822) for the expire property while parsing a cookie. For example, in the Python prompt: >>> import Cookie >>> cookie = Cookie.SimpleCookie('bcookie="123"; Expires=Sat, 14-Jun-

  1   2   >