[issue36260] Cpython/Lib vulnerability found and request a patch submission

[Nick Sung]

New submission from Nick Sung :

Dear Python Community, 

We’ve found a vulnerability in cpython Lib and already received a cve number 
(CVE-2019-9674)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9674

We also have a patch for this vulnerability, please tell us what to do next.
Since we don’t want to uncover the vulnerability before it get fixed.

JUN-WEI SONG

--
components: Library (Lib)
messages: 337650
nosy: krnick
priority: normal
severity: normal
status: open
title: Cpython/Lib vulnerability found and request a patch submission
type: security
versions: Python 3.4, Python 3.5, Python 3.6, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36260] Cpython/Lib vulnerability found and request a patch submission

[KunYu Chen]

KunYu Chen  added the comment:

Dear community,

I am one of the discoverer of this vulnerability, please tell us what to do 
next :D 

Kunyu Chen

--
nosy: +18z

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36260] Cpython/Lib vulnerability found and request a patch submission

[Karthikeyan Singaravelan]

Karthikeyan Singaravelan  added the comment:

You can find the process to report security vulnerabilities at 
https://www.python.org/news/security/ . Please email the details to 
secur...@python.org and who will analyze the report before public disclosure.

--
nosy: +xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36240] Definitions of time

[Mark Dickinson]

Change by Mark Dickinson :


--
nosy: +belopolsky, mark.dickinson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36259] exception text is being sourced from the wrong file

[Ronald Oussoren]

Change by Ronald Oussoren :


--
versions: +Python 2.7, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34711] Lib/http/server.py: Return HTTPStatus.NOT_FOUND if path.endswith(/) and not a directory

[Stéphane Wirtel]

Stéphane Wirtel  added the comment:

Hi Michael,

I think no, because 3.6 is in security mode.

--
nosy: +matrixise
versions:  -Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34506] Traceback logged when SSL handshake fails

[Harmon]

Change by Harmon :


--
nosy: +Harmon758

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36260] Cpython/Lib vulnerability found and request a patch submission

[STINNER Victor]

Change by STINNER Victor :


--
nosy: +vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36233] xml ElementTree quotation marks of xml version string

[Johann Krauter]

Johann Krauter  added the comment:

The xml parser of OpenCV (3.4.5) in C++ is not able to load such xml file.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36042] Setting __init_subclass__ and __class_getitem__ methods are in runtime doesnt make them class method.

[Inada Naoki]

Change by Inada Naoki :


--
resolution:  -> not a bug
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32846] Deletion of large sets of strings is extra slow

[Inada Naoki]

Inada Naoki  added the comment:

I thought compact set implementation similar to dict sicne Python 3.6 may fix 
this issue.
But as discussion with Raymond on Python-Dev ML, I conclude the merits of 
compact implementation is not significant enough.
I abandoned compact set branch.

Now I don't have any idea to fix this issue in foreseeable future.
Please use dict instead.

--
resolution:  -> wont fix
stage: needs patch -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28956] return list of modes for a multimodal distribution instead of raising a StatisticsError

[Steven D'Aprano]

Steven D'Aprano  added the comment:

I'm closing this issue in favour of Raymond's #35892, thank you to everyone 
even if your PRs didn't get used, I appreciate your efforts.

--
resolution:  -> rejected
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36261] email examples should not gratuitously mess with preamble

[era]

New submission from era :

Several of the examples in the email module documentation modify the preamble.

This is not good practice. The email MIME preamble is really only useful for 
communicating information about MIME itself, not for general human-readable 
content like 'Our family reunion'.

The MIME preamble is problematic because it typically only supports ASCII and 
often defaults to an English-language message, even when applications are used 
in locales where English is not widely understood.  For this reason, it is 
moderately useful to be able to override the preamble from Python code; but 
this should by no means be done routinely, and the documentation should 
certainly not demonstrate this in basic examples.

--
components: email
messages: 337657
nosy: barry, era, r.david.murray
priority: normal
severity: normal
status: open
title: email examples should not gratuitously mess with preamble
type: behavior
versions: Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36018] Add a Normal Distribution class to the statistics module

[Steven D'Aprano]

Steven D'Aprano  added the comment:

I've done some spot checks of NormDist.pdf and .cdf and compared the results to 
those returned by my TI Nspire calculator.

So far, the PDF has matched that of the Nspire to 12 decimal places (the limit 
the calculator will show), but the CDF differs on or about the 8th decimal 
place:


py> x = statistics.NormalDist(2, 1.3)
py> x.cdf(5.374)
0.9952757439207682
# Nspire normCdf(-∞, 5.372, 2, 1.3) returns 0.995275710979
# difference of 3.294176820212158e-08


py> x.cdf(-0.23)
0.04313736707891003
# Nspire normCdf(-∞, -0.23, 2, 1.3) returns 0.043137332077
# difference of 3.500191003008579e-08

Wolfram Alpha doesn't help me decide which is correct, as it doesn't show 
enough decimal places.

https://www.wolframalpha.com/input/?i=CDF[+NormalDistribution[2,+1.3],+5.374+]

https://www.wolframalpha.com/input/?i=CDF[+NormalDistribution[2,+1.3],+-0.23+]


Do we care about this difference? Should I raise a new ticket for it?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35892] Fix awkwardness of statistics.mode() for multimodal datasets

[Steven D'Aprano]

Steven D'Aprano  added the comment:

Looks good to me, I'm happy to accept it.

Thank you for your efforts Raymond, can I trouble you to do the merge yourself 
please, I'm still having issues using the Github website.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36018] Add a Normal Distribution class to the statistics module

[Mark Dickinson]

Mark Dickinson  added the comment:

According to GP/Pari, the correctly value for the first result, to the first 
few dozen places, is:

0.995275743920768157605659214368609706759611629000344854339231928536087783251913252354...

I'm assuming you meant 5.374 rather than 5.372 in the first Nspire result.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36226] multipart/related header causes false positive StartBoundaryNotFoundDefect and MultipartInvariantViolationDefect

[Christian Schmidbauer]

Christian Schmidbauer  added the comment:

@martin.panter: I see a relation to issue 29353, but I don't see why this 
report here is a duplicate. Could you elaborate on this?

Issue 29991 contains parts of what I reported here, but it is closed "resolved" 
and refers back to 29353.

I also tried your patch "policy-flag.patch" and it did not help in the regard 
of the bug here and tests which are included in the PR.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36018] Add a Normal Distribution class to the statistics module

[Mark Dickinson]

Mark Dickinson  added the comment:

Below is the full transcript from Pari/GP: note that I converted the float 
inputs to exact Decimal equivalents, assuming IEEE 754 binary64. Summary: both 
Python results look fine; it's Nspire that's inaccurate here.


mirzakhani:~ mdickinson$ /opt/local/bin/gp
GP/PARI CALCULATOR Version 2.11.1 
(released)
i386 running darwin (x86-64/GMP-6.1.2 
kernel) 64-bit version
   compiled: Jan 24 2019, Apple LLVM version 10.0.0 
(clang-1000.11.45.5)
  threading engine: single
   (readline v8.0 enabled, extended 
help enabled)

   Copyright (C) 2000-2018 The PARI 
Group

PARI/GP is free software, covered by the GNU General Public License, and comes 
WITHOUT ANY WARRANTY WHATSOEVER.

Type ? for help, \q to quit.
Type ?17 for how to get moral (and possibly technical) support.

parisize = 800, primelimit = 50
? \p 200
   realprecision = 211 significant digits (200 digits displayed)
? ncdf(x, mu, sig) = (2 - erfc((x - mu) / sig / sqrt(2))) / 2
%1 = (x,mu,sig)->(2-erfc((x-mu)/sig/sqrt(2)))/2
? ncdf(5.37366604491419275291264057159423828125, 2, 
1.3000444089209850062616169452667236328125)
%2 = 
0.99527574392076815760565921436860970675961162900034485433923192853608778325191325235412640687571628164064779657215907190523884572141701976336760387216713270956350229484865180142256611330976179584951493
? ncdf(-0.2300099920072216264088638126850128173828125, 2, 
1.3000444089209850062616169452667236328125)
%3 = 
0.043137367078910025352120502108682523151629166877357644882244088336773338416883044522024586619860574718679715351558322591944140762629090301623352497457372937783778706411712862062109829239761761597057063

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36234] test_os: add tests for invalid uid type

[STINNER Victor]

STINNER Victor  added the comment:


New changeset 876e82b4f32075e1bd21750bf852a103035fce23 by Victor Stinner in 
branch 'master':
bpo-36234: Add more tests to PosixUidGidTests (GH-12234)
https://github.com/python/cpython/commit/876e82b4f32075e1bd21750bf852a103035fce23


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36234] test_os: add tests for invalid uid type

[miss-islington]

Change by miss-islington :


--
pull_requests: +12255

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36234] test_os: add tests for invalid uid type

[STINNER Victor]

STINNER Victor  added the comment:


New changeset 701af605df336c9e32751e9031266a2da60656c1 by Victor Stinner in 
branch '2.7':
bpo-36234: test_os: check TypeError for invalid uid type (GH-12235)
https://github.com/python/cpython/commit/701af605df336c9e32751e9031266a2da60656c1


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36234] test_os: add tests for invalid uid type

[miss-islington]

miss-islington  added the comment:


New changeset 24872e1e15a816fb8e79c2885cafb7d785393547 by Miss Islington (bot) 
in branch '3.7':
bpo-36234: Add more tests to PosixUidGidTests (GH-12234)
https://github.com/python/cpython/commit/24872e1e15a816fb8e79c2885cafb7d785393547


--
nosy: +miss-islington

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36234] test_os: add tests for invalid uid type

[STINNER Victor]

STINNER Victor  added the comment:

Thanks David Malcolm :-)

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue4459] bdist_rpm should enable --fix-python by default

[STINNER Victor]

STINNER Victor  added the comment:

I reopen the issue. The command still needs --fix-python and distutils2 project 
has been abandonned.

Bug report in RHEL:
https://bugzilla.redhat.com/show_bug.cgi?id=1673325

--
nosy: +vstinner
resolution: rejected -> 
status: closed -> open
versions: +Python 3.8 -Python 3.0

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[Charalampos Stratakis]

New submission from Charalampos Stratakis :

Coverity report on dtoa.c. It was run on python2 but the same code resides on 
python3.

Error: RESOURCE_LEAK (CWE-772): [#def89]
Python-2.7.15/Python/dtoa.c:1846: alloc_fn: Storage is returned from allocation 
function "s2b".
Python-2.7.15/Python/dtoa.c:526:9: alloc_fn: Storage is returned from 
allocation function "multadd".
Python-2.7.15/Python/dtoa.c:479:13: alloc_fn: Storage is returned from 
allocation function "Balloc".
Python-2.7.15/Python/dtoa.c:371:13: alloc_fn: Storage is returned from 
allocation function "PyMem_Malloc".
Python-2.7.15/Objects/object.c:2348:5: alloc_fn: Storage is returned from 
allocation function "malloc".
Python-2.7.15/Objects/object.c:2348:5: return_alloc_fn: Directly returning 
storage allocated by "malloc".
Python-2.7.15/Python/dtoa.c:371:13: var_assign: Assigning: "rv" = 
"PyMem_Malloc(len * 8UL)".
Python-2.7.15/Python/dtoa.c:379:5: return_alloc: Returning allocated memory 
"rv".
Python-2.7.15/Python/dtoa.c:479:13: var_assign: Assigning: "b1" = "Balloc(b->k 
+ 1)".
Python-2.7.15/Python/dtoa.c:486:13: var_assign: Assigning: "b" = "b1".
Python-2.7.15/Python/dtoa.c:491:5: return_alloc: Returning allocated memory "b".
Python-2.7.15/Python/dtoa.c:526:9: var_assign: Assigning: "b" = "multadd(b, 10, 
*s++ - 48)".
Python-2.7.15/Python/dtoa.c:530:5: return_alloc: Returning allocated memory "b".
Python-2.7.15/Python/dtoa.c:1846: var_assign: Assigning: "bd0" = storage 
returned from "s2b(s0, nd0, nd, y)".
Python-2.7.15/Python/dtoa.c:2249: leaked_storage: Variable "bd0" going out of 
scope leaks the storage it points to.
 2247|   
 2248| undfl:
 2249|-> return sign ? -0.0 : 0.0;
 2250|   
 2251| ovfl:

Error: RESOURCE_LEAK (CWE-772): [#def90]
Python-2.7.15/Python/dtoa.c:2006: alloc_fn: Storage is returned from allocation 
function "diff".
Python-2.7.15/Python/dtoa.c:952:5: alloc_fn: Storage is returned from 
allocation function "Balloc".
Python-2.7.15/Python/dtoa.c:371:13: alloc_fn: Storage is returned from 
allocation function "PyMem_Malloc".
Python-2.7.15/Objects/object.c:2348:5: alloc_fn: Storage is returned from 
allocation function "malloc".
Python-2.7.15/Objects/object.c:2348:5: return_alloc_fn: Directly returning 
storage allocated by "malloc".
Python-2.7.15/Python/dtoa.c:371:13: var_assign: Assigning: "rv" = 
"PyMem_Malloc(len * 8UL)".
Python-2.7.15/Python/dtoa.c:379:5: return_alloc: Returning allocated memory 
"rv".
Python-2.7.15/Python/dtoa.c:952:5: var_assign: Assigning: "c" = "Balloc(a->k)".
Python-2.7.15/Python/dtoa.c:962:5: var_assign: Assigning: "xc" = "c".
Python-2.7.15/Python/dtoa.c:996:5: return_alloc: Returning allocated memory "c".
Python-2.7.15/Python/dtoa.c:2006: var_assign: Assigning: "delta" = storage 
returned from "diff(bb, bd)".
Python-2.7.15/Python/dtoa.c:2016: noescape: Resource "delta" is not freed or 
pointed-to in "cmp".
Python-2.7.15/Python/dtoa.c:890:13: noescape: "cmp(Bigint *, Bigint *)" does 
not free or save its parameter "a".
Python-2.7.15/Python/dtoa.c:2129: noescape: Resource "delta" is not freed or 
pointed-to in "ratio".
Python-2.7.15/Python/dtoa.c:1179:15: noescape: "ratio(Bigint *, Bigint *)" does 
not free or save its parameter "a".
Python-2.7.15/Python/dtoa.c:2249: leaked_storage: Variable "delta" going out of 
scope leaks the storage it points to.
 2247|   
 2248| undfl:
 2249|-> return sign ? -0.0 : 0.0;
 2250|   
 2251| ovfl:

--
components: Interpreter Core
messages: 337668
nosy: cstratak
priority: normal
severity: normal
status: open
title: Coverity scan: Python/dtoa.c resource leak
versions: Python 2.7, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[Charalampos Stratakis]

Change by Charalampos Stratakis :


--
nosy: +mark.dickinson, vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[STINNER Victor]

STINNER Victor  added the comment:

* bpo-9009 discussed maintenance of Python/dtoa.c
* Python/dtoa.c asks to frequently update it from "upstream" 
http://www.netlib.org/fp/dtoa.c
* The upstream is also mentioned in the license: 
https://docs.python.org/dev/license.html#strtod-and-dtoa

... in practice, it seems like Python became the "upstream". I see lot of 
changes, but I'm not sure that version maintained by David M. Gay on 
http://www.netlib.org/fp/dtoa.c has been updated since Mark Dickinson copied it 
to Python/dtoa.c:

commit b08a53a99def3fa949643974f713b5b189e21bc7
Author: Mark Dickinson 
Date:   Thu Apr 16 19:52:09 2009 +

Issue #1580: use short float repr where possible.
 - incorporate and adapt David Gay's dtoa and strtod
   into the Python core
 - on platforms where we can use Gay's code (almost
   all!), repr(float) is based on the shortest
   sequence of decimal digits that rounds correctly.
 - add sys.float_repr_style attribute to indicate
   whether we're using Gay's code or not
 - add autoconf magic to detect and enable SSE2
   instructions on x86/gcc
 - slight change to repr and str:  repr switches
   to exponential notation at 1e16 instead of
   1e17, str switches at 1e11 instead of 1e12

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[STINNER Victor]

STINNER Victor  added the comment:

Julia copied the same file. See:

* https://bugs.llvm.org//show_bug.cgi?id=31928
* https://bugs.freebsd.org/216770
* https://bugs.python.org/issue30104: "It was decided to not touch dtoa.c to 
not diverge from upstream."

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36233] xml ElementTree quotation marks of xml version string

[Serhiy Storchaka]

Serhiy Storchaka  added the comment:

Then report a bug to OpenCV.

I do not think that changing quotation marks in the xml declaration will help 
much, since likely that parser has other flaws (for example what about using 
single quotes for attributes?).

Changing quotation marks for sure will break many tests, in particularly our 
own tests. Needed a stronger reason to overcome this.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[STINNER Victor]

Change by STINNER Victor :


--
keywords: +patch
pull_requests: +12256
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27916] Use time.monotonic instead of time.time where appropriate

[Cheryl Sabella]

Cheryl Sabella  added the comment:

multiprocessing was changed to use time.monotonic in issue 34054.  Based on the 
other feedback on this thread, I'm going to close this.

--
nosy: +cheryl.sabella
resolution:  -> rejected
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35900] Add pickler hook for the user to customize the serialization of user defined functions and types.

[Pierre Glaser]

Pierre Glaser  added the comment:

Update:

Instead of changing permission on some attributes of function objects 
(__globals__ and __closure__), we added an optional argument called 
state_setter to save_reduce. This expects a callable that will be saved inside 
the object's pickle string, and called when setting the state of the object 
instead of using the default way in load_build.
This allows for external flexibility when setting custom pickling behavior of 
built-in types (in our use-cases: function and classes). I updated the patches 
so that anyone interested can take a look.

Also, we tested the cloudpickle package against these patches (see 
https://github.com/cloudpipe/cloudpickle/pull/253). The tests run fine, and we 
observe a 10-30x speedup for real-life use-cases. We are starting to hit 
convergence on the implementation :)

--
Added file: https://bugs.python.org/file48203/pickler_hook.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36240] Definitions of time

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +p-ganssle

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

New submission from STINNER Victor :

$ ./python -m test -v test_hashlib -m test_scrypt
...
ERROR: test_scrypt (test.test_hashlib.KDFTests)
--
Traceback (most recent call last):
  File "/home/vstinner/prog/python/master/Lib/test/test_hashlib.py", line 941, 
in test_scrypt
result = hashlib.scrypt(password, salt=salt, n=n, r=r, p=p)
ValueError: Invalid parameter combination for n, r, p, maxmem.
...

The patch pass with the following patch:
---
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index e560c18b63..22682ea86d 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -770,6 +770,7 @@ _hashlib_scrypt_impl(PyObject *module, Py_buffer *password, 
Py_buffer *salt,
 return NULL;
 }
 
+#if 0
 /* let OpenSSL validate the rest */
 retval = EVP_PBE_scrypt(NULL, 0, NULL, 0, n, r, p, maxmem, NULL, 0);
 if (!retval) {
@@ -778,6 +779,7 @@ _hashlib_scrypt_impl(PyObject *module, Py_buffer *password, 
Py_buffer *salt,
 "Invalid parameter combination for n, r, p, maxmem.");
 return NULL;
}
+#endif
 
 key_obj = PyBytes_FromStringAndSize(NULL, dklen);
 if (key_obj == NULL) {
---

$ ./python -m test.pythoninfo|grep -E '^ssl|libc_ver'
platform.libc_ver: glibc 2.28
ssl.HAS_SNI: True
ssl.OPENSSL_VERSION: OpenSSL 1.1.1b FIPS  26 Feb 2019
ssl.OPENSSL_VERSION_INFO: (1, 1, 1, 2, 15)
ssl.OP_ALL: 0x8054
ssl.OP_NO_TLSv1_1: 0x1000

Note: I don't think that libxcrypt is related, but just in case:

$ rpm -q libxcrypt
libxcrypt-4.4.4-1.fc29.x86_64
libxcrypt-4.4.4-1.fc29.i686
vstinner@apu$ 

Note 2: It seems like bpo-27928 "Add hashlib.scrypt" is still open whereas it 
has been implemented in Python 3.6.

--
assignee: christian.heimes
components: SSL
messages: 337674
nosy: christian.heimes, vstinner
priority: normal
severity: normal
status: open
title: test_hashlib.test_scrypt() fails on Fedora 29
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36240] Definitions of time

[Alexander Belopolsky]

Alexander Belopolsky  added the comment:

How about replacing "formerly known as Greenwich Mean Time, or GMT" with "which 
superseded Greenwich Mean Time or GMT as the basis of international 
timekeeping"?

I don't think Python reference manual is the right place to explain the 
difference between UTC and GMT, but since we have time.gmtime() function, GMT 
should still be mentioned.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35647] Cookie path check returns incorrect results

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
pull_requests: +12257

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16385] evaluating literal dict with repeated keys gives no warnings/errors

[Rémi Lapeyre]

Rémi Lapeyre  added the comment:

Guido van Rossum said in 
https://mail.python.org/pipermail/python-ideas/2019-March/055726.html: "this 
was an explicit design
decision that I made nearly 30 years ago".

I think the best way to avoid silently accepting such values would be to use 
@gregory.p.smith to use a function call to create the dictionary since 
duplicate keyword arguments raise an exception there.

I suggest to close this bug report since it works as expected.

--
nosy: +remi.lapeyre
versions: +Python 3.7, Python 3.8 -Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36261] email examples should not gratuitously mess with preamble

[R. David Murray]

R. David Murray  added the comment:

I don't see "several", can you point to the other instances?  I only see that 
one case you mention (for reference, it is in Doc/includes/email-mime.py).  The 
other case of setting preamble is actually correct ("You will not see this in a 
MIME-aware mail reader").  We could change email-mime to say the same thing.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36261] email examples should not gratuitously mess with preamble

[R. David Murray]

R. David Murray  added the comment:

We could also change both of them to be more correct and say something like "If 
you are reading this your browser probably does not support MIME, and you will 
have to find a MIME aware email client or decode the message by hand."  That 
demonstrates what the preamble is actually for.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36261] email examples should not gratuitously mess with preamble

[R. David Murray]

Change by R. David Murray :


--
stage:  -> needs patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35647] Cookie path check returns incorrect results

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
pull_requests: +12258

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue16385] evaluating literal dict with repeated keys gives no warnings/errors

[Jonathan Fine]

Jonathan Fine  added the comment:

This is was closed and tagged as resolved in 2012. The status has not been 
changed since then.

Using dict(a=1, ...) provides a workaround, but only when the keys are valid as 
variable names. The general workaround is something like
helper([
(1, 'a'),
(2, 'b'),
#etc
])

The helper is necessary:
>>> [(1, 2)] * 5
[(1, 2), (1, 2), (1, 2), (1, 2), (1, 2)]
>>> dict([(1, 2)] * 5)
{1: 2}

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35647] Cookie path check returns incorrect results

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
versions: +Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36231] no "proper" header files on macOS 10.14 Mojave

[Erik Bray]

Erik Bray  added the comment:

Perhaps it would be better if the `xcrun --show-sdk-path` thing were run at 
configure-time and its result shoved into a variable we can read with 
sysconfig.get_config_var()

--
nosy: +erik.bray

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35121] Cookie domain check returns incorrect results

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
pull_requests: +12259
stage: commit review -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

STINNER Victor  added the comment:

Python 3.7 is also affected, but not Python 2.7.

--
versions: +Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

Change by STINNER Victor :


--
keywords: +patch
pull_requests: +12260
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35121] Cookie domain check returns incorrect results

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
pull_requests: +12261

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

STINNER Victor  added the comment:

I tried but failed to identify when test_hashlib started to fail whereas it was 
fine previously. IMHO it can only be a changed in OpenSSL.

It might be a different between Fedora packages openssl-1.1.1b-1.fc29 (built at 
2019-02-28) and openssl-1.1.1b-2.fc29 (built at 2019-03-01). 

Other older packages:
* openssl-1.1.1a-1.fc29 (2019-01-15)
* openssl-1.1.1-3.fc29 (2018-09-17)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36264] os.path.expanduser should not use HOME on windows

[Anthony Sottile]

New submission from Anthony Sottile :

The current code for `os.path.expanduser` in `ntpath` uses `HOME` in preference 
to `USERPROFILE` / `HOMEDRIVE\\HOMEPATH`

I can't find any documentation of `HOME` being relevant on windows (only on 
posix).  For example, wikipedia only mentions `USERPROFILE` / 
`HOMEDRIVE\\HOMEPATH` options: 
https://en.wikipedia.org/wiki/Home_directory#Default_home_directory_per_operating_system

Seems to be (one of) the direct causes of a downstream bug for me: 
https://github.com/pre-commit/pre-commit/issues/960

(msys sets `HOME` to a bogus value if `HOMEDRIVE` is set, then python uses it)

My proposal is to remove these lines and change the `elif` to an `if`:

https://github.com/python/cpython/blob/d9bd8ec2a40ea67bc4248a72943a409ee645ddf3/Lib/ntpath.py#L302-L304

--
components: Library (Lib), Windows
messages: 337683
nosy: Anthony Sottile, paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: os.path.expanduser should not use HOME on windows
type: behavior
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

STINNER Victor  added the comment:

Attached PR 12280 fix the issue: the salt wasn't passed to EVP_PBE_scrypt() and 
so the function fails with "missing salt".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36263] test_hashlib.test_scrypt() fails on Fedora 29

[STINNER Victor]

STINNER Victor  added the comment:

Oh, the Fedora package of OpenSSL 1.1.1b includes this downstream patch:

https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl-1.1.1-evp-kdf.patch

Extract of the changelog:

* Thu Feb 28 2019 Tomáš Mráz  1.1.1b-1
- update to the 1.1.1b release
- EVP_KDF API backport from master
- SSH KDF implementation for EVP_KDF API backport from master

The patch changes the behavior for (salt=NULL, saltlen=0). Previously, it was 
handled as (salt="", saltlen=0), but now the function fails with "missing salt".

The patch has code to handle (pass=NULL, passlen=any value) as (pass="", 
passlen=0):

https://src.fedoraproject.org/rpms/openssl/blob/master/f/openssl-1.1.1-evp-kdf.patch#_705

+/* Maintain existing behaviour. */
+if (pass == NULL) {
+pass = empty;
+passlen = 0;
 }

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36018] Add a Normal Distribution class to the statistics module

[Steven D'Aprano]

Steven D'Aprano  added the comment:

> I'm assuming you meant 5.374 rather than 5.372 in the first Nspire result.

Yes, that was a typo, sorry.

Thanks for checking into the results.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36264] os.path.expanduser should not use HOME on windows

[Anthony Sottile]

Change by Anthony Sottile :


--
keywords: +patch
pull_requests: +12262
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36184] [EASY] test_gdb.test_threads() is specific to _POSIX_THREADS, fail on FreeBSD

[STINNER Victor]

STINNER Victor  added the comment:

I am running FreeBSD 12. I don't recall the minor version (12.1 maybe?).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36265] Remove ABCs from collections

[Jakub Wilk]

New submission from Jakub Wilk :

This happens with Python from git master (d9bd8ec2a4):

>>> from collections import Hashable
:1: DeprecationWarning: Using or importing the ABCs from 
'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it 
will stop working

I was already already using Python 3.8, so I expected the import to fail,
as promised in the warning message.

--
components: Library (Lib)
messages: 337688
nosy: jwilk
priority: normal
severity: normal
status: open
title: Remove ABCs from collections
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36265] Remove ABCs from collections

[Karthikeyan Singaravelan]

Karthikeyan Singaravelan  added the comment:

Please see https://github.com/python/cpython/pull/10596 . pip is incompatible 
with this change.

--
nosy: +serhiy.storchaka, xtreak

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36262] Coverity scan: Python/dtoa.c resource leak

[Mark Dickinson]

Mark Dickinson  added the comment:

> ... in practice, it seems like Python became the "upstream".

Yes; unfortunately, we changed things enough that updating from upstream became 
impractical. At some point we should take a look at changes made to the 
upstream dtoa.c since our adoption of it, and figure out whether any of those 
changes need to be applied to our copy. That's not going to be an easy task. It 
would be easier if there were upstream testcases (and regression tests in 
particular), but as far as I'm aware there aren't any.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36240] Definitions of time

[Paul Ganssle]

Paul Ganssle  added the comment:

I also think it would be ideal to avoid getting into too much detail about the 
definitions of UTC and GMT in a general sense. Instead, we should probably 
refer to some better source on the matter and maybe focus on how UTC and GMT 
are used *in this document*?

For example, the `gmtime` function is explicitly defined in terms of UTC in the 
documentation, and just has a possibly slightly inaccurate name. Perhaps a 
wording like "Occasionally the abbreviations 'GMT' and 'UTC' are used 
interchangeably, despite the fact that this is somewhat inaccurate. For more 
information about the difference between UTC and GMT, see ."

As something of an aside, the same bullet point says this:

> The acronym UTC is not a mistake but a compromise between English and French.

This came up recently on the tz mailing list, where it was claimed that there 
is no contemporary evidence to support this: 
https://mm.icann.org/pipermail/tz/2019-March/027736.html

It may be worth removing this sentence or rewording it to be more neutral, like 
"The acronym UTC is not a mistake but conforms to an earlier, language-agnostic 
naming scheme for time standards: UT0, UT1, etc." I can move the discussion of 
the "UTC acronym" wording into a separate ticket if it's distracting from this 
one.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36256] parser module fails on legal input

[Brett Cannon]

Brett Cannon  added the comment:

I would be curious to hear what Pablo has to say with the new parser having 
landed and if there's something we should be exposing from that code to replace 
what's in 'parser' today? (Either w/o semantic change or a new API.)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36256] parser module fails on legal input

[Pablo Galindo Salgado]

Pablo Galindo Salgado  added the comment:

> I would be curious to hear what Pablo has to say with the new parser having 
> landed and if there's something we should be exposing from that code to 
> replace what's in 'parser' today? (Either w/o semantic change or a new API.)

:)

One small clarification is that the parser is the same, what has changed is the 
parser generator. What is exposed in the parser modules today is the parse 
trees (in a very raw form). 

One thing we can do is expose the parser component that lib2to3/pgen2 has as a 
substitute/complement to the parser module (which is not exposed as part of the 
new pgen - I know, is confusing). This is very useful and complementary to the 
AST (for example, black is using a forked version of this component to obtain 
the CST as it can do round tripping - code->CST->NEW_CST->code). This piece is 
in pure Python and can read the parser tables that pgen generates. It also will 
have the advantage of forcing us to synchronize to the current grammar (black 
had to fork it among other things because the one in lib2to3 was out of date). 
This idea and all the challenges are already been discussed here:

https://bugs.python.org/issue7

The major problem with the parser module is that is unsynchronized with the 
actual parser, it has a very raw API and is moderately unmaintained (as this 
bug reveals). We would need to evaluate if we want to spend effort into 
synchronizing them, deprecating completely the parser module, substitute it 
with a new python version or wait until we have a completely new non-LL(1) C 
parser to ask these questions.

What do you think?

As a side note, the problem described in this bug was more or less foreseen. 
This is in the header of Modules/parsemodule.c:

*  To debug parser errors like
*  "parser.ParserError: Expected node type 12, got 333."
*  decode symbol numbers using the automatically-generated files
*  Lib/symbol.h and Include/token.h.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26826] Expose new copy_file_range() syscall in os module.

[Giampaolo Rodola']

Giampaolo Rodola'  added the comment:

Little update about this. According to:
http://man7.org/linux/man-pages/man2/copy_file_range.2.html
...it seems glibc 2.27 released on 2018-02-01 includes copy_file_range(). I'm 
not the best candidate for giving advice on C syscalls 
definitions/availability, but FWIW this works on my Linux 4.15:

#if defined(__linux__) && \
defined(SYS_copy_file_range) && \
defined(__GLIBC_PREREQ) && \
__GLIBC_PREREQ(2, 27)
...
#endif

I think (but not sure) this is supposed to fix this condition, which appears to 
be the major blocker here:
https://github.com/python/cpython/blob/9a177061cd7190eabf40efd31e8981e0bccd5dc4/Lib/test/test_os.py#L258-L261

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36256] parser module fails on legal input

[A. Skrobov]

A. Skrobov  added the comment:

> The major problem with the parser module is that is unsynchronized with the 
> actual parser

The parser module is "sort of" synchronised with the actual parser, in that it 
uses the same _PyParser_Grammar; this doesn't mean they always behave the same, 
as this bug shows :-)

(But before #26526, it used to be much worse, with the parser module having a 
completely independent re-implementation of the parser.)

> As a side note, the problem described in this bug was more or less foreseen. 
> This is in the header of Modules/parsemodule.c:

Just to clarify, the bug is not about the cryptic exception message, it's about 
the exception firing when it shouldn't.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36256] parser module fails on legal input

[Giampaolo Rodola']

Change by Giampaolo Rodola' :


--
nosy:  -giampaolo.rodola

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34711] Lib/http/server.py: Return HTTPStatus.NOT_FOUND if path.endswith(/) and not a directory

[Michael Felt]

Michael Felt  added the comment:

On 11/03/2019 09:42, Stéphane Wirtel wrote:
> Stéphane Wirtel  added the comment:
>
> Hi Michael,
>
> I think no, because 3.6 is in security mode.
Clear reason. Maybe makes the baclport to 3.7 more opportune. Thx for
the reply!
>
> --
> nosy: +matrixise
> versions:  -Python 3.6
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34373] test_time errors on AIX

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:43, Michael Felt wrote:
> Michael Felt  added the comment:
>
> Could this alos be backported to Version 3.7 and 3.6 - thx!
As 3.6 is in security mode - I guess only 3.7 then.
> --
> versions: +Python 3.6, Python 3.7
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36266] Which module could not be found?

[Phillip M. Feldman]

New submission from Phillip M. Feldman :

I have a module that contains an import statement that imports a large number 
of items.  This import was failing with the following error message:

ImportError: DLL load failed: The specified module could not be found.

The message would be so much more helpful if it named the offending DLL and 
module.

--
components: Interpreter Core
messages: 337698
nosy: phillip.m.feld...@gmail.com
priority: normal
severity: normal
status: open
title: Which module could not be found?
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue11192] test_socket error on AIX

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:40, Michael Felt wrote:
> Michael Felt  added the comment:
>
> Could this also be backported to Version 3.7 and 3.6 (I do not expect it to 
> be backported to 2.7, but I had mistakenly removed it 2.7 when I changed it 
> to 3.8 - and should have added 3.6 and 3.7 then).
Likewise: As 3.6 is in security mode - I guess only 3.7 then.
>
> --
> versions: +Python 2.7, Python 3.6, Python 3.7
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34490] transport.get_extra_info('sockname') of test_asyncio fails on AIX

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:37, Michael Felt wrote:
> Michael Felt  added the comment:
>
> Could this also be backported to Version 3.6?
Ignore this since 3.6 is in security mode.
>
> --
> versions: +Python 3.6
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue34720] Fix test_importlib.test_bad_traverse for AIX

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:31, Michael Felt wrote:
> Michael Felt  added the comment:
>
> could this be backported to versions 3.7, and if applicable, to version 3.6
Only 3.7 - As 3.6 is in security mode.
>
> --
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35633] test_eintr fails on AIX since fcntl functions were modified

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:34, Michael Felt wrote:
> Michael Felt  added the comment:
>
> Could this also be backported to version 3.6?
>
> --
> versions: +Python 3.6
Not to worry: As 3.6 is in security mode.
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35704] On AIX, test_unpack_archive_xztar fails with default MAXDATA settings

[Michael Felt]

Michael Felt  added the comment:

On 10/03/2019 19:25, Michael Felt wrote:
> Michael Felt  added the comment:
>
> Could this also be backported to 3.7 and 3.6 please?
Only 3.7 I guess - As 3.6 is in security mode.
>
> --
> versions: +Python 3.6, Python 3.7
>
> ___
> Python tracker 
> 
> ___
>

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36216] urlsplit does not handle NFKC normalization

[Steve Dower]

Steve Dower  added the comment:

> A missed print statement in the 2.7 patch is causing the tests to fail.

How does that cause tests to fail? Is it going to stderr? Or just causing an 
error.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36085] Enable better DLL resolution

[Steve Dower]

Steve Dower  added the comment:

In the absence of any other comments, here's my proposal.

* call SetDefaultDllDirectories() in Py_Main (i.e. not when embedded) to ensure 
secure search paths are always used
* ensure LoadLibrary when used in ctypes or importing will use the correct flags
* add sys._adddlldirectory() and sys._removedlldirectory() as CPython-specific 
functions for extending the search path (for use by packages currently 
modifying PATH at runtime)
* add check for KB2533623 to the installer and block if it is not present

Any thoughts? The only one I'm not 100% committed to is the 
SetDefaultDllDirectories call, but I'd rather ship it in alpha/beta releases 
and pull it out later if necessary. Passing the flags to LoadLibrary should 
have the same effect anyway, so I don't think changing the defaults in 
python.exe will make the current scenarios worse.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32951] Prohibit direct instantiation of SSLSocket and SSLObject

[Cheryl Sabella]

Cheryl Sabella  added the comment:

Can this issue be closed as resolved?

--
nosy: +cheryl.sabella

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28124] Rework SSL module documentation

[Cheryl Sabella]

Cheryl Sabella  added the comment:

Can this issue be closed as resolved?  It looks like the changes have been 
merged even though the first PR still has an 'open' status.  Thanks!

--
nosy: +cheryl.sabella

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue21314] Document '/' in signatures

[Cheryl Sabella]

Cheryl Sabella  added the comment:

There are a few other open issues about positional-only keywords (for example, 
#10789 and #8350).  I wasn't sure what, if anything, could be done with those 
now that the '/' is available and documented.

--
nosy: +cheryl.sabella

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36229] Linear-time list, set, and bytearray ops.

[Brandt Bucher]

Change by Brandt Bucher :


--
title: Linear-time ops for some mutable collections. -> Linear-time list, set, 
and bytearray ops.

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36267] User input to argparse raises Index_Error: "-a=" on a 'store_true' action

[paul j3]

New submission from paul j3 :

Test case:

parser = argparse.ArgumentParser()
parser.add_argument("-a", action="store_true")
args = parser.parse_args("-a=".split())

raises an Index_Error, which is not caught by the argparse error mechanism.

This is an unusual case, the coincidence of several user errors - 'store_true' 
which shouldn't take an argument and a short optional with a bare =.  So it's 
unlikely to occur.  Still, argparse shouldn't ever respond to a command line 
value with an uncaught error.

The traceback shows that it occurs during the handling of the explicit_arg in 
consume_optional.

Traceback (most recent call last):
  File "argparseRaiseIndexError.py", line 5, in 
args = parser.parse_args("-a=".split())
  File "/usr/lib/python3.6/argparse.py", line 1743, in parse_args
args, argv = self.parse_known_args(args, namespace)
  File "/usr/lib/python3.6/argparse.py", line 1775, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python3.6/argparse.py", line 1981, in _parse_known_args
start_index = consume_optional(start_index)
  File "/usr/lib/python3.6/argparse.py", line 1881, in consume_optional
option_string = char + explicit_arg[0]
IndexError: string index out of range

The issue was raised in a Stackoverflow question, where I and the poster 
explore why it occurs, and possible fixes.

https://stackoverflow.com/questions/54662609/python-argparse-indexerror-for-passing-a

--
components: Library (Lib)
messages: 337709
nosy: paul.j3
priority: normal
severity: normal
stage: needs patch
status: open
title: User input to argparse raises Index_Error:  "-a=" on a 'store_true' 
action
type: crash

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36268] Change default tar format to modern POSIX 2001 (pax) for better portability/interop, support and standards conformance

[C.A.M. Gerlach]

New submission from C.A.M. Gerlach :

I propose changing tarfile.DEFAULT_FORMAT to be tarfile.PAX_FORMAT , rather 
than the legacy tarfile.GNU_FORMAT for Python 3.8. This would offer several 
benefits:

• Removes limitations of the old GNU tar format, including in max UID/GID 
values and bits in device major and minor numbers, and is the most flexible and 
feature-rich tar format currently
• Encodes all filenames as UTF-8 in a portable way, ensuring consistent and 
correct handling on all platforms, avoid errors like [this 
one](https://stackoverflow.com/questions/19902544/tarfile-produce-garbled-file-name-in-the-tar-gz-archivement)
 and generally ensure expected, sensible defaults
• Is the current interoperable POSIX standard, used by all modern platforms 
(Linux, Unix, macOS, and third-party unarchivers on Windows) rather than a 
vendor-specific extension like GNU tar
• Backwards compatible with any unarchiver capable of reading ustar format, 
unlike GNU tar as the extended pax headers will just be ignored
• Fixes bpo-30661, support tarfile.PAX_FORMAT in shutil.make_archive (was 
proposed as a fix to the same, but it was never followed up on and the issue 
remains open)

This change would have no effect on reading existing archives, only writing new 
ones, and should be broadly compatible with any remotely modern system, as pax 
support is included in all the widely used libraries/systems:

* POSIX 2001 (major Unix vendors), released in 2001 (18 years ago)
* GNU tar 1.14 (Linux, etc), released in 2004 (15 years ago)
* bsdtar/libtar ~1.2.51 (BSD, macOS, etc), at least as of 2006 (13 years ago), 
with significant bug fixes up through 2011 (8 years ago)
* 7-zip (Windows) at some point before 2011 (>8 years ago), with significant 
bug fixes up to 2011 (8 years ago)
* Python 2.6, released in 2008 (11 years ago)

Furthermore, essentially every existing archiver supports ustar format, which 
would allow interoperability on very old/exotic platforms that don't support 
pax for some reason (and would certainly not support GNU). Therefore, it should 
be more than safe to make the change now, with archivers on the three major 
platforms supporting the modern standard for nearly a decade, and any esoteric 
ones at least as likely to support the POSIX standard as the vendor-specific 
GNU extension.

Is there any particular reason why we shouldn't make this change? Is there a 
particular group/list I should contact to follow up about seeing this 
implemented? It seems it should only require a one-line change 
[here](https://stackoverflow.com/questions/19902544/tarfile-produce-garbled-file-name-in-the-tar-gz-archivement),
 aside from updating the docs and presumably the NEWS file, which I would be 
willing to do (I would think it should make a fairly straightforward first 
contribution).

--
components: Library (Lib)
messages: 337710
nosy: CAM-Gerlach
priority: normal
severity: normal
status: open
title: Change default tar format to modern POSIX 2001 (pax) for better 
portability/interop, support and standards conformance
type: behavior
versions: Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36216] urlsplit does not handle NFKC normalization

[Jeremy Kloth]

Jeremy Kloth  added the comment:

>
> How does that cause tests to fail? Is it going to stderr? Or just causing
> an error.
>

It is causing an "unexpected output error".  When the test is re-run at the
end, it is run in verbose mode so the extra output is ignored and thus
passes at that point.

>

--
nosy: +jeremy.kloth

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36268] Change default tar format to modern POSIX 2001 (pax) for better portability/interop, support and standards conformance

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +lars.gustaebel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36229] Linear-time list, set, and bytearray ops.

[Pablo Galindo Salgado]

Change by Pablo Galindo Salgado :


--
nosy: +pablogsal

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36267] User input to argparse raises Index_Error: "-a=" on a 'store_true' action

[Karthikeyan Singaravelan]

Change by Karthikeyan Singaravelan :


--
nosy: +xtreak
versions: +Python 2.7, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36184] [EASY] test_gdb.test_threads() is specific to _POSIX_THREADS, fail on FreeBSD

[Joshua Jay Herman]

Joshua Jay Herman  added the comment:

I was able to reproduce this on FreeBSD 12.0.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36184] [EASY] test_gdb.test_threads() is specific to _POSIX_THREADS, fail on FreeBSD

[Kubilay Kocak]

Change by Kubilay Kocak :


--
nosy: +koobs

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36235] distutils.sysconfig.customize_compiler() overrides CFLAGS var with OPT var if CFLAGS env var is set

[Kubilay Kocak]

Change by Kubilay Kocak :


--
nosy: +koobs

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35132] python-gdb error: Python Exception Type does not have a target

[Lisa Roach]

Lisa Roach  added the comment:


New changeset 1ceb3a3d172dcf0ddff38d5d6b559443ad065b84 by Lisa Roach in branch 
'master':
bpo-35132: Fixes missing target in gdb pep0393 check. (GH-11848)
https://github.com/python/cpython/commit/1ceb3a3d172dcf0ddff38d5d6b559443ad065b84


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35132] python-gdb error: Python Exception Type does not have a target

[miss-islington]

Change by miss-islington :


--
pull_requests: +12263

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35931] pdb: "debug print(" crashes with SyntaxError

[miss-islington]

miss-islington  added the comment:


New changeset 3e936431e23b424b1e4665e8165c245924f0ab02 by Miss Islington (bot) 
(Daniel Hahler) in branch 'master':
bpo-35931: Gracefully handle any exception in pdb debug command (GH-12103)
https://github.com/python/cpython/commit/3e936431e23b424b1e4665e8165c245924f0ab02


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35931] pdb: "debug print(" crashes with SyntaxError

[miss-islington]

Change by miss-islington :


--
pull_requests: +12264

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36159] Modify Formatter Class to handle arbitrary objects

[Lisa Roach]

Lisa Roach  added the comment:

Can you give an example use case for this? F-strings are the newer method of 
string interpolation, I'm not sure it's worth putting effort into adding 
features to string.Formatter.

--
nosy: +lisroach

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35931] pdb: "debug print(" crashes with SyntaxError

[miss-islington]

miss-islington  added the comment:


New changeset 1c4580d1f563173f5d6ec990b46bd38f4ae901a1 by Miss Islington (bot) 
in branch '3.7':
[3.7] bpo-35931: Gracefully handle any exception in pdb debug command 
(GH-12103) (GH-12285)
https://github.com/python/cpython/commit/1c4580d1f563173f5d6ec990b46bd38f4ae901a1


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35931] pdb: "debug print(" crashes with SyntaxError

[Zachary Ware]

Zachary Ware  added the comment:

Thanks for catching that and fixing it before 3.7.3!

--
priority: release blocker -> normal
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
type:  -> behavior

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35924] curses segfault resizing window

[Lisa Roach]

Lisa Roach  added the comment:

I am able to confirm the repro, I haven't been able to find the root cause of 
it yet though. Trying to dig into it.

--
nosy: +lisroach

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35647] Cookie path check returns incorrect results

[Ned Deily]

Ned Deily  added the comment:


New changeset 5565b1db6f37f244890369e0d68a3e906aca28b9 by Ned Deily (Miss 
Islington (bot)) in branch '3.6':
bpo-35647: Fix path check in cookiejar (GH-11436) (GH-12268)
https://github.com/python/cpython/commit/5565b1db6f37f244890369e0d68a3e906aca28b9


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36216] urlsplit does not handle NFKC normalization

[Ned Deily]

Ned Deily  added the comment:


New changeset 23fc0416454c4ad5b9b23d520fbe6d89be3efc24 by Ned Deily (Steve 
Dower) in branch '3.6':
[3.6] bpo-36216: Add check for characters in netloc that normalize to 
separators (GH-12201) (GH-12215)
https://github.com/python/cpython/commit/23fc0416454c4ad5b9b23d520fbe6d89be3efc24


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35854] EnvBuilder and venv symlinks do not work on Windows on 3.7.2

[Ned Deily]

Ned Deily  added the comment:

Can we close this issue now?

--
nosy: +ned.deily

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36085] Enable better DLL resolution

[Eryk Sun]

Eryk Sun  added the comment:

> call SetDefaultDllDirectories() in Py_Main (i.e. not when embedded) 
> to ensure secure search paths are always used

That will require rewriting many scripts and packages that use ctypes or cffi 
to load DLLs. It would also break DLLs that internally rely on modifying PATH 
for a delayed load, though I hope that's uncommon. I think it's easier for 
everyone else if we implement this just for extension-module loading with the 
LoadLibraryExW flags. 

Also, if I'm understanding your intention, loading an extension may fail when 
Python is embedded if the process is using the legacy DLL search path. So, like 
with ctypes, we'll be forcing embedding applications to update how they load 
DLLs in order to comply with us, else they'll have to accept that some packages 
won't work without the SetDefaultDllDirectories call.

> ensure LoadLibrary when used in ctypes or importing will use the 
> correct flags

ctypes calls LoadLibraryW, which uses the default that's set by 
SetDefaultDllDirectories, if that's what we eventually decide is the best 
course of action.

If we decide to not call SetDefaultDllDirectories, then we should provide a way 
for ctypes packages to update to using the secure search path instead of 
relying on the legacy search path. We could rewrite the ctypes LoadLibrary 
wrapper to call LoadLibraryExW instead of LoadLibraryW and support the flags in 
the CDLL `mode` parameter, which is currently unused in Windows.

> add sys._adddlldirectory() and sys._removedlldirectory() as CPython-
> specific functions for extending the search path (for use by packages 
> currently modifying PATH at runtime)

I'd prefer some way for scripts and packages to configure their shared-library 
search paths as static data. The implementation would be kept private in the 
interpreter. 

I know there's debate about removing ".pth" files. But maybe we could  
implement something similar for the DLL search path with package and script 
".pthext" files. These would contain a list of directories (relative to the 
script or package) that extend the shared-library search path.

> add check for KB2533623 to the installer and block if it is not
> present

Also, at runtime we can raise a SystemError if AddDllDirectory isn't found via 
GetProcAddress. This supports portable Python installations.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com