[issue42050] ensurepip fails if cwd contains illformed setup.cf

[Hartmut Goebel]

New submission from Hartmut Goebel :

If the current directory contains a ill-formed setup.cfg, setting up a virtual 
env fails, caused by ensurepip failing:

Expected behaviour:
running ensurepip should completely ignore the content of the current working 
directory.

How to reproduce:

$ rm -rf /tmp/v2
$ mkdir /tmp/v2
$ cd /tmp/v2
$ cat > setup.cfg < [options]
> setuptools_requires
> EOF
$ python3 -m venv /tmp/v2/_venv
Error: Command '['/tmp/v2/_venv/bin/python3', '-Im', 'ensurepip', '--upgrade', 
'--default-pip']' returned non-zero exit status 2.
$ /tmp/v2/_venv/bin/python3 -Im ensurepip --upgrade --default-pip
Looking in links: /tmp/tmpimoh6tke
Collecting setuptools
Collecting pip
Installing collected packages: setuptools, pip
Exception:
…
configparser.ParsingError: Source contains parsing errors: 'setup.cfg'
[line  2]: 'setuptools_requires\n'


Environment:
Tested with both Python 3.8.2 and 3.7.6

--
components: Library (Lib)
messages: 378706
nosy: htgoebel
priority: normal
severity: normal
status: open
title: ensurepip fails if cwd contains illformed setup.cf
type: crash
versions: Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42051] plistlib inherits XML vulnerabilities: we should document them

[STINNER Victor]

New submission from STINNER Victor :

The XML documentation starts with a red warning:

"Warning: The XML modules are not secure against erroneous or maliciously 
constructed data. If you need to parse untrusted or unauthenticated data see 
the XML vulnerabilities and The defusedxml Package sections. "
https://docs.python.org/dev/library/xml.html

I suggest to add the same warning to the plistlib library which uses the XML 
parser internally to handle XML files.

--
components: Library (Lib)
messages: 378707
nosy: vstinner
priority: normal
severity: normal
status: open
title: plistlib inherits XML vulnerabilities: we should document them
type: security
versions: Python 3.10, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42051] plistlib inherits XML vulnerabilities: we should document them

[STINNER Victor]

Change by STINNER Victor :


--
nosy: +serhiy.storchaka

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41919] Modify test_codecs to use the new codecs.unregister() function

[STINNER Victor]

STINNER Victor  added the comment:


New changeset c9f696cb96d1c362d5cad871f61da520572d9b08 by Hai Shi in branch 
'master':
bpo-41919, test_codecs: Move codecs.register calls to setUp() (GH-22513)
https://github.com/python/cpython/commit/c9f696cb96d1c362d5cad871f61da520572d9b08


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41919] Modify test_codecs to use the new codecs.unregister() function

[STINNER Victor]

Change by STINNER Victor :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36034] Suprise halt caused by -Werror=implicit-function-declaration in ./Modules/posixmodule.c

[Alexey Izbyshev]

Change by Alexey Izbyshev :


--
resolution:  -> not a bug

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36534] tarfile and zipfile: handling Windows (path) illegal characters in archive member names

[STINNER Victor]

STINNER Victor  added the comment:

zipfile is also impacted by the issue of reserved Windows filenames like "NUL". 
ZipFile._sanitize_windows_name() does not handle them.

--
title: tarfile: handling Windows (path) illegal characters in archive member 
names -> tarfile and zipfile: handling Windows (path) illegal characters in 
archive member names

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42052] pathlib.Path should not call str() internally to allow inheritance

[conchylicultor]

New submission from conchylicultor :

I'm writing a subclass of `pathlib.Path` with custom `__fspath__`.

To prevent bad usages (users should use `os.fspath(path)` instead of 
`str(path)` to access the underlying path), I would like to overwrite `str`:


```
class MyPath(pathlib.PosixPath):

  def __fspath__(self) -> str:
# Custom fspath

  def __str__(self) -> str:
raise TypeError(
f'Please do not use `str()` directly:'
' * For display: Use, f-string, `.format` or `repr`'
' * To access the path string: Use `os.fspath`, as per PEP 519'
)

  def __format__(self, format_spec) -> str:
return format(super().__str__(), format_spec)
```

However, this is breaking pathlib internal, as `str(self)` is used at many 
places. It would be nice if all internal `str()` calls where replaced by some 
`self._str()`.

I also think it would be more semantically correct if some of the `__str__` 
call where replaced by `__fspath__`, like: 
https://github.com/python/cpython/blob/b30934e9afb0af3f8e2e5f0992445be775b3c630/Lib/pathlib.py#L748

--
components: Library (Lib)
messages: 378710
nosy: conchylicultor
priority: normal
severity: normal
status: open
title: pathlib.Path should not call str() internally to allow inheritance
versions: Python 3.10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42051] plistlib inherits XML vulnerabilities: we should document them

[Ronald Oussoren]

Ronald Oussoren  added the comment:

Is there something we could do in plistlib to avoid those problems? 

Plist XML files are not arbitrary XML. In particular disabling entity 
definitions would avoid the problems mentioned as plist files should not 
contain those. That said, a quick glance at the xml.etree module doesn't seem 
to have a documented way to disable entities.

--
nosy: +ronaldoussoren

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue15795] Zipfile.extractall does not preserve file permissions

[Nikolay]

Nikolay  added the comment:

Is there any chance that the pull request will be accepted? I'm a bit tired of 
using workaround every time I need unzip something on linux.

--
nosy: +kulakov-n

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue24828] Segfault when using store-context AST node in a load context

[Serhiy Storchaka]

Change by Serhiy Storchaka :


--
resolution:  -> out of date
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42052] pathlib.Path should not call str() internally to allow inheritance

[conchylicultor]

conchylicultor  added the comment:

Closing this as I realize that even if this was solved, it would still not 
fully resolve the issue. Basically I want to control how __fspath__ and __str__ 
behave externally (for users), but internal fspath and str should always call 
`super()`

--
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42046] Unable to write to file without elevated privileges

[john_miller]

john_miller  added the comment:

Short summary:
>icacls.exe C:\Python38-32\python.exe lists Mandatory Label\Low Mandatory 
>Level:(I)(NW) ** This might be the problem. Removing "L" with icacls might 
>work.
>User integrity level is usually "Medium"
>**When a user attempts to launch an executable file, the new process is 
>created with the minimum of the user integrity level and the file integrity 
>level.**
>NOT TESTED "icacls.exe" with option "/setintegritylevel Medium" applied to all 
>relevant files in the Python-directory could changee the low integrity-level 
>inherited from "C:\".

---
The python-process runs under the username "Username" according to the 
>whoami.exe (in python.exe launched from a non-elevated console)
COMPUTERNAME\username
0
>whoami.exe (in python.exe launched from an elevated console)
COMPUTERNAME\username
0
>whoami.exe (launched directly from non-elevated console)
COMPUTERNAME\username

>icacls.exe "C:\Users\Username\Desktop" 
C:\Users\Username\Desktop NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  COMPUTERNAME\Username:(I)(OI)(CI)(F)
>icacls.exe "C:\Users\Username"
C:\Users\Username NT AUTHORITY\SYSTEM:(OI)(CI)(F)
  BUILTIN\Administrators:(OI)(CI)(F)
  COMPUTERNAME\Username:(OI)(CI)(F)
  COMPUTERNAME\HomeUsers:(RX)

(I used to UNIX-syntax as a short-hand for specified permissions relating to a 
specified user. I can see how that could introduce misunderstandings for 
everyone glancing over the text.)

I used procexp.exe to dig around the Security-tab of the active processes:
A difference between the processes seems to relate to MIC-labels on the running 
processes[1], especially when compared to a notepad.exe launched from a 
non-elevated console.

cmd.exe (Non-elevated) Medium -> python.exe Low
cmd.exe (Elevated) High -> python.exe High
cmd.exe (Non-elevated) Medium -> notepad.exe Medium

Low -> Mandatory Label\Low Mandatory Level
Medium -> Mandatory Label\Medium Mandatory Level
High-> Mandatory Label\High Mandatory Level

It seems this labeling system is checked before Discretionary Access Control 
List's (DACL) come into play.[2]

>Windows defines four integrity levels: low, medium, high, and system. Standard 
>users receive medium, elevated users receive high. Processes you start and 
>objects you create receive your integrity level (medium or high) or low if the 
>executable file's level is low; system services receive system integrity. 
>Objects that lack an integrity label are treated as medium by the operating 
>system; this prevents low-integrity code from modifying unlabeled objects. 
>Additionally, Windows ensures that processes running with a low integrity 
>level cannot obtain access a process which is associated with an app container.

>**When a user attempts to launch an executable file, the new process is 
>created with the minimum of the user integrity level and the file integrity 
>level.** 
>This means that the new process will never execute with higher integrity than 
>the executable file. If the administrator user executes a low integrity 
>program, the token for the new process functions with the low integrity level. 
>This helps protect a user who launches untrustworthy code from malicious acts 
>performed by that code. The user data, which is at the typical user integrity 
>level, is write-protected against this new process.

The file integrity-level can be modified with icacls.exe and it's 
"/setintegritylevel [(CI)(OI)]Level"-option (Level= one element of 
{L,M,H,Low,Medium,High}).

(In theory "icacls.exe C:\Python38-32\python.exe /setintegritylevel Medium" 
might do the trick. I haven't tested this. I wonder if icacls would still list 
an integrity-level on the file for files that have Medium integrity.)

I'll also look into System Access Control List's (SACL)[4] too as mentioned in 
[2].

Using SetACL.exe [5], I found nothing of note:
>SetACL.exe -on "C:\Windows\system32\notepad.exe" -ot file -actn list -lst 
>"f:tab;w:d,s,o,g;i:y"
for SACL-part: Everyone   write+WRITE_OWNER+WRITE_DAC+DELETE   audit   
audit_success+audit_fail
>SetACL.exe -on "C:\Python38-32\python.exe" -ot file -actn list -lst 
>"f:tab;w:d,s,o,g;i:y"
for SACL-part: [empty]


>icacls.exe C:\Python38-32\python.exe BUILTIN\Administrators:(I)(F)
   NT AUTHORITY\SYSTEM:(I)(F)
   BUILTIN\User:(I)(RX)
   NT AUTHORITY\Authenticated Users:(I)(M)
   Mandatory Label\Low Mandatory Level:(I)(NW) ** This 
might be the problem. Removing "L" with icacls might work.
>icacls.exe C:\Python38-32
C:\Python38-32 BUILTIN\Administrators:(I)(F)
   BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
   NT AUTHORITY\SYSTEM:(I)(F)
   NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
   BUILTIN\User:(I)(OI)(CI)(RX)
   NT AUTHORITY\Authenticated Users:(I)

[issue33387] Simplify bytecodes for try-finally, try-except and with blocks.

[Xavier Morel]

Xavier Morel  added the comment:

The 3.9 changelog mentions WITH_EXCEPT_FINISH but that seems to have ultimately 
been called WITH_EXCEPT_START, maybe it shoudl be updated also?

--
nosy: +xmorel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[Vinay Sajip]

Vinay Sajip  added the comment:


New changeset e9959c71185d0850c84e3aba0301fbc238f194a9 by Necdet Can Atesman in 
branch 'master':
bpo-42011: Update documentation of logging.Filter.filter() (GH-22692)
https://github.com/python/cpython/commit/e9959c71185d0850c84e3aba0301fbc238f194a9


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42030] Drop support for dynload_aix

[Batuhan Taskaya]

Change by Batuhan Taskaya :


--
nosy: +BTaskaya, pablogsal

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42046] Unable to write to file without elevated privileges

[Eryk Sun]

Eryk Sun  added the comment:

> icacls.exe C:\Python38-32\python.exe lists Mandatory Label\
> Low Mandatory Level:(I)(NW) ** This might be the problem. Removing "L"
> with icacls might work.
>
> **When a user attempts to launch an executable file, the new process is
> created with the minimum of the user integrity level and the file 
> integrity level.**

The token mandatory policy [1] for a standard logon is 
TOKEN_MANDATORY_POLICY_NO_WRITE_UP (1) and 
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN (2). The above quote applies to the 
latter. For an elevated logon, the mandatory policy is just 
TOKEN_MANDATORY_POLICY_NO_WRITE_UP, so setting a low-integrity label on 
python.exe has no effect on a new process created from an elevated security 
context. The following queries demonstrate the mandatory policy for both cases:

standard logon:

>>> GetTokenInformation(-4, TokenMandatoryPolicy)
3

elevated logon:

>>> GetTokenInformation(-4, TokenMandatoryPolicy)
1

> >icacls.exe C:\
> C:\ BUILTIN\Administrators:(F)
> BUILTIN\Administrators:(OI)(CI)(IO)(F)
> NT AUTHORITY\SYSTEM:(F)
> NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)
> BUILTIN\User:(OI)(CI)(RX)
> NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)(M)
> NT AUTHORITY\Authenticated Users:(AD)
> Mandatory Label\Low Mandatory Level:(OI)(CI)(NW)

Something has modified the security on the root directory of your system drive. 
The low-integrity no-write-up (NW) label that's inheritable by directories (CI) 
and files (OI) is the source of the problem. It's supposed to be a 
high-integrity no-write-up (NW) label that applies to files in the root 
directory (OI)(NP) and not to the root directory itself (IO) or subdirectories 
(no CI):

Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)

> I used to UNIX-syntax as a short-hand for specified permissions relating
> to a specified user. I can see how that could introduce misunderstandings
> for everyone glancing over the text.

I was concerned that you were using a third-party tools such as MSYS2 bash to 
check permissions. POSIX rwx access for a user can be computed in terms of 
effective permissions and generic read, write, and execute access rights. But 
there's no equivalent to POSIX owner and group permissions. Access for a user 
SID has to be computed against all entries in the DACL and the mandatory label.

[1] 
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-token_mandatory_policy

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28660] TextWrapper break_long_words=True, break_on_hyphens=True on long words

[Irit Katriel]

Change by Irit Katriel :


--
keywords: +patch
nosy: +iritkatriel
nosy_count: 3.0 -> 4.0
pull_requests: +21688
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22721

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28660] TextWrapper break_long_words=True, break_on_hyphens=True on long words

[Irit Katriel]

Irit Katriel  added the comment:

textwrap does not actually apply the break-on-hyphen algorithm at all to long 
words. It just chops them up into depth-sized pieces. 

The PR I just submitted looks for hyphens and uses them as cut points if they 
exist, without any attempt to understand their context.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33387] Simplify bytecodes for try-finally, try-except and with blocks.

[Mark Shannon]

Change by Mark Shannon :


--
pull_requests: +21689
pull_request: https://github.com/python/cpython/pull/22723

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Steve Dower]

Steve Dower  added the comment:

Thanks for doing the PR, Paul.

Honestly, I'd rather document in subprocess that Popen("python") is not a good 
idea, and should use either sys.executable or shutil.which depending on what 
you mean. This is a platform-independent gotcha, as it's very easy to reproduce 
the failure (e.g. run on Linux where "python"==Python 2.x).

Describing the current state of how venv works in the venv docs is fine, and 
what you've got there is accurate (might be easier to follow on first reading 
if it leads with Python picking up the venv based on the launched executable, 
rather than anything in the terminal's environment).

My concern is that we don't make this level of detail a documented guarantee, 
and can still change it between major versions without the deprecation period. 
I'm happy to guarantee intended uses, and it might be worth figuring out what 
those are (e.g. does double-clicking in Explorer matter? what about the Run 
window? Desktop shortcuts? With/without activation? etc.) and likely we'd have 
to clarify which ones don't work the same for the symlink vs. redirector 
options.

IOW, if someone writes an actual spec (and we all agree on it), we can 
guarantee that. Without it, I'd rather implementation internals remain internal.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[miss-islington]

Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 4.0 -> 5.0
pull_requests: +21690
pull_request: https://github.com/python/cpython/pull/22724

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[miss-islington]

Change by miss-islington :


--
pull_requests: +21691
pull_request: https://github.com/python/cpython/pull/22725

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33387] Simplify bytecodes for try-finally, try-except and with blocks.

[Mark Shannon]

Mark Shannon  added the comment:

Yes, thanks for pointing that out.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42030] Drop support for dynload_aix

[Benjamin Peterson]

Benjamin Peterson  added the comment:

I think we should just axe it.

--
nosy: +benjamin.peterson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[Vinay Sajip]

Vinay Sajip  added the comment:


New changeset 8f7eab788aedcf1a23ef9be767e1b3502a6bbd5c by Miss Skeleton (bot) 
in branch '3.8':
bpo-42011: Update documentation of logging.Filter.filter() (GH-22692) (GH-22724)
https://github.com/python/cpython/commit/8f7eab788aedcf1a23ef9be767e1b3502a6bbd5c


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[Vinay Sajip]

Vinay Sajip  added the comment:


New changeset dff9161821032acfd2588d42d88511ebdbabaaf3 by Miss Skeleton (bot) 
in branch '3.9':
bpo-42011: Update documentation of logging.Filter.filter() (GH-22692) (GH-22725)
https://github.com/python/cpython/commit/dff9161821032acfd2588d42d88511ebdbabaaf3


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42011] Documentation for logging.Filter.filter reports the wrong return type

[Vinay Sajip]

Change by Vinay Sajip :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue28660] TextWrapper break_long_words=True, break_on_hyphens=True on long words

[Irit Katriel]

Irit Katriel  added the comment:

Actually I see what Serhiy meant about the hyphen algorithm - the regex 
breaking up words. Yes, this is applied to long words and the reason he stated 
for this issue is correct.

It is probably possible to make that regex understand width and long-words, but 
it would be more complicated and will need to be recalculated for each width. I 
think long words are not the typical input, so it's better to handle them 
separately and keep the rest simple.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42053] fwalk: incorrect boolean test for non-fd arguments

[dubiousjim]

New submission from dubiousjim :

`Lib/os.py` has at line 464, in definition of `fwalk`:

```
if not isinstance(top, int) or not hasattr(top, '__index__'):
```

If I understand this test correctly, it should be requiring that the name/fd is 
NEITHER an int NOR has an __index__ method. As written, anything which fails 
the left-hand side (and so is an int) will probably have an __index__ method, 
so the right-hand side is idle.

Proposed fix: change `or` to `and`.

--
components: Library (Lib)
messages: 378725
nosy: dubiousjim
priority: normal
severity: normal
status: open
title: fwalk: incorrect boolean test for non-fd arguments
type: behavior
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42030] Drop support for dynload_aix

[Kevin]

Kevin  added the comment:

Ok, I have updated the PR to remove it completely.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Paul Moore]

Paul Moore  added the comment:

Fair enough. I think we have to be careful here - people do rely on how the 
"internal" aspects of virtual environments work, like it or not, and we've 
definitely broken people's code in the past as a result of taking a hardline 
"it's not documented, so it's not guaranteed" approach. (Disclaimer - we broke 
some of my code, so I'm not unbiased when I say the above ;-))

I take your point that this is a cross-platform issue, and as such would be 
worth putting in the `subprocess` documentation. When I looked, though, I 
couldn't really find anywhere that felt appropriate. I'll take a second look, 
but if you have any suggestions I'd appreciate it.

The bit that I *do* think is a venv gotcha is that it's entirely reasonable for 
a user to expect that if they run path\to\venv\Scripts\python.exe, then their 
Python script will be run by that executable. The redirector breaks that 
assumption, and while I'm fine with the idea that we don't want to document all 
of the details of the redirector, I *do* think we should document that you must 
not make that assumption.

How about this:

   The mechanism by which virtual enviroments are implemented means that
   you should not assume that the executable in the virtual environment
   is the one that will ultimately run your script. As a result, you
   should always use `sys.executable` to identify "this script's Python
   interpreter", as that is guaranteed to be set as you would expect.

I'm not completely happy with the above, but that's mostly because I'd rather 
just document how the process works (even if it's with a disclaimer "this is 
implementation detail and may change without notice"). But that's not my call 
to make, so I'll defer to you on that.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42030] Drop support for dynload_aix

[Benjamin Peterson]

Benjamin Peterson  added the comment:


New changeset 1dd6d956a3ddf2cf6d4a69241dba8cd1379421b9 by Kevin Adler in branch 
'master':
closes bpo-42030: Remove legacy AIX dynload support (GH-22717)
https://github.com/python/cpython/commit/1dd6d956a3ddf2cf6d4a69241dba8cd1379421b9


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[Zackery Spytz]

Change by Zackery Spytz :


--
keywords: +patch
nosy: +ZackerySpytz
nosy_count: 3.0 -> 4.0
pull_requests: +21692
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22726

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Steve Dower]

Steve Dower  added the comment:

> The bit that I *do* think is a venv gotcha is that it's entirely reasonable 
> for a user to expect that if they run path\to\venv\Scripts\python.exe, then 
> their Python script will be run by that executable.

This is still true, though, as much as it's ever been. The gotcha is that 
launching "python" may not launch "path\to\venv\Scripts\python.exe" even if 
that's the first entry on PATH.

For the documentation, we could phrase it more positively as "If you need the 
path to the Python executable, use sys.executable. Relying on explicit or 
implicit PATH resolution may result in the wrong version of Python being used, 
especially when the user has launched from a virtual environment."

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32549] Travis: Test with OpenSSL 1.1.0

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32659] Solaris "stat" should support "st_fstype"

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31878] Cygwin: _socket module does not compile due to missing ioctl declaration

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33483] build system requires explicit compiler, but should discover it

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[miss-islington]

Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 4.0 -> 5.0
pull_requests: +21693
pull_request: https://github.com/python/cpython/pull/22727

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[Raymond Hettinger]

Raymond Hettinger  added the comment:


New changeset a22a19f3548f6064035e7c59a19cda1e9506db92 by Zackery Spytz in 
branch 'master':
bpo-40341: Remove some "discouraged solutions" in Doc/faq/programming.rst 
(GH-22726)
https://github.com/python/cpython/commit/a22a19f3548f6064035e7c59a19cda1e9506db92


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33394] the build of the shared modules is quiet/non-visible when GNU make gets passed macros

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue33483] build system requires explicit compiler, but should discover it

[Benjamin Peterson]

Change by Benjamin Peterson :


--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[Raymond Hettinger]

Change by Raymond Hettinger :


--
versions: +Python 3.10 -Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Gregory P. Smith]

Gregory P. Smith  added the comment:

FWIW I think your numbers look good, a small needle cut-off is likely a good 
idea.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Gregory P. Smith]

Gregory P. Smith  added the comment:

Another potential algorithm to consider in large needle situations is a 
Rabin-Karp rolling hash string search.

If used, it's the kind of algorithm that I'd probably bail out to an alternate 
method on if a run of Rabin-Karp started having a high percentage of false 
positive failed comparisons (suggesting data antagonistic to the chosen rolling 
hash algorithm(s) which would degenerate performance back to Needle*Haystack 
territory).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42054] email message get_content throws KeyError for content main types font and model

[Mark Sapiro]

New submission from Mark Sapiro :

With Policy = email.policy.default, there are handlers for get_content() only 
for content types 'text', 'audio', 'image', 'video', 'application', 
'message/rfc822', 'message/external-body' and 'message'. While these are the 
only main types listed in RFC 6838, RFC 8081 adds 'font' and RFC 2077 defines 
'model' there are several registered 'font' and 'model' types at 
https://www.iana.org/assignments/media-types/media-types.xhtml

It would be good if get_content() returned content, even if only raw bytes, for 
those types.

--
messages: 378738
nosy: msapiro
priority: normal
severity: normal
status: open
title: email message get_content throws KeyError for content main types font 
and model
versions: Python 3.10, Python 3.6, Python 3.7, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Dennis Sweeney]

Dennis Sweeney  added the comment:

I'm doing a couple more timing tests to try to understand exactly when the 
cutoff should be applied (based on some combination of needle and haystack 
lengths).

Can the rolling hash algorithm be made to go sublinear like O(n/m)? It looked 
like it was pretty essential that it hash/unhash each and every haystack 
character. You could probably do a bloom-like check where you jump ahead by the 
needle length sometimes, but you'd then have to re-hash the m characters in the 
new window anyway.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42046] Unable to write to file without elevated privileges

[john_miller]

john_miller  added the comment:

I changed the integrity-level of "C:\" to "Mandatory Label\High Mandatory 
Level:(OI)(NP)(IO)(NW)" which seems to have fixed the problem.

Thanks for the help.

I guess I must have directly or through some other application indirectly 
changed the integrity level of "C:\".

Regarding:
>The token mandatory policy [1] for a standard logon is 
>TOKEN_MANDATORY_POLICY_NO_WRITE_UP (1) and 
>TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN (2). The above quote applies to the 
>latter. For an elevated logon, the mandatory policy is just 
>TOKEN_MANDATORY_POLICY_NO_WRITE_UP, so setting a low-integrity label on 
>python.exe has no effect on a new process created from an elevated security 
>context. The following queries demonstrate the mandatory policy for both cases:

Could this be affected by User-Account-Control (UAC) being set to the highest 
level?

Starting python.exe from a non-elevated shell (user is administrator):
>>> import win32security
>>> import win32api
>>> import win32con
>>> process = win32api.GetCurrentProcess()
>>> processtoken = win32security.OpenProcessToken(process, 
>>> win32con.MAXIMUM_ALLOWED)
>>> win32security.GetTokenInformation(processtoken, 
>>> win32security.TokenMandatoryPolicy)
3 (TOKEN_MANDATORY_POLICY_NO_WRITE_UP and 
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN)

Starting python.exe from an elevated shell (user is administrator):
>>> import win32security
>>> import win32api
>>> import win32con
>>> process = win32api.GetCurrentProcess()
>>> processtoken = win32security.OpenProcessToken(process, 
>>> win32con.MAXIMUM_ALLOWED)
>>> win32security.GetTokenInformation(processtoken, 
>>> win32security.TokenMandatoryPolicy)
1 (TOKEN_MANDATORY_POLICY_NO_WRITE_UP)

I assume in this case the following sentence would apply with the 
"python.exe"-file's integrity level being set to Low:
>**When a user attempts to launch an executable file, the new process is 
>created with the minimum of the user integrity level and the file integrity 
>level.**
As the shell is started with medium integrity level and the file is set to low 
integrity level the process would get created with low integrity level.

Regarding the integrity settings:
This seems to be problem affecting other people too.
https://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning-windows_7/cs-integrity-level-set-to-low-by-essentials-full/e61e537e-54fb-4923-93bc-784a0b583f1a
https://answers.microsoft.com/en-us/windows/forum/windows_7-winapps/root-of-systemdrive-keeps-getting-low-integrity/6cfd967d-17f5-44a1-beaa-1ad1ffe28faa
https://answers.microsoft.com/en-us/windows/forum/all/root-of-systemdrive-keeps-getting-low-integrity/6cfd967d-17f5-44a1-beaa-1ad1ffe28faa
"C:\Program Files", "C:\Users" and "C:\Windows" seem to have their own DACL's.

(win32security.GetFileSecurity("C:\\", win32security.SACL_SECURITY_INFORMATION) 
fails on me even on an elevated prompt.
chml https://www.minasi.com/apps/ seems to be more descriptive with 
SACL-integrity policies (No write up, No read up, No execute up))
(icacls.exe seems to have undocumented options with /setintegritylevel 
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
"(NW)" is not directly mentioned. I'm assuming "(NR)" and "(NX)" might be the 
missing integrity policy options for an integrity level entry.)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Paul Moore]

Paul Moore  added the comment:

> This is still true, though, as much as it's ever been.

But it's *not*, if I understand the problem here. Windows resolves a bare 
"python" command by searching the directory containing the running executable 
first. I would reasonably assume that if I type

path/to/venv/scripts/python.exe foo.py

then the "running executable" is "path/to/venv/scripts/python.exe", and so the 
path containing the running executable is "path/to/venv/scripts", so a search 
for "python" will locate "path/to/venv/scripts/python.exe", because that's how 
Windows path search rules work. The problem is that that exe is a redirector, 
and the script is *actually* being run by the system Python.

Of course, the assumption I made is flawed, because there's never been anything 
saying that a program called "python.exe" can't do anything it likes in the 
process of running a script, including redirecting. But it's been the case for 
a long time, and IMO the introduction of the redirector counts as a 
user-visible behaviour change, and we should therefore explicitly point it out.

I really don't see why you are so reluctant to include this. I'm not asking 
that we guarantee any behaviour, or that we commit ourselves to anything. Just 
that we note that people ought not to be making a specific assumption (which it 
appears from this issue, people *have* been making).

> we could phrase it more positively

Cool, I'll update the PR to add this statement or something similar to the 
subprocess docs in the next couple of days.

I'm not going to fight to keep the comments in the venv documentation. I'm 
disappointed, and I feel like we'll end up with people relying on *more* of the 
implementation details because we're keeping things vague, but I have more 
important things to debate, so I'll drop this :-)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19270] Document that sched.cancel() doesn't distinguish equal events and can break order

[Bar Harel]

Change by Bar Harel :


--
pull_requests: +21694
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/22729

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Gregory P. Smith]

Gregory P. Smith  added the comment:

I assume a rolling hash is linear at best, even if you do add some skip ahead 
checks.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42055] Python Nuget Packages for Windows Installation: Request for more versions

[Matias Grioni]

New submission from Matias Grioni :

Hello,

The python nuget feed here, https://www.nuget.org/packages/python, has a lot of 
the versions post 3.5. However, it is missing some bug fix and security fix 
versions. For example, it has no versions after 3.6.8, which had security fixes 
until 3.6.12.

Is there a specific reason for excluding these? I can't tell any pattern 
related to security or bug fix versions for each of the minor versions.

Thanks,

Matias

--
components: Installation, Windows
messages: 378743
nosy: matgrioni, paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Python Nuget Packages for Windows Installation: Request for more versions
type: enhancement
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42028] Regression in mimetypes for image/bmp

[Raymond Hettinger]

Change by Raymond Hettinger :


--
nosy: +steve.dower

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[Raymond Hettinger]

Raymond Hettinger  added the comment:


New changeset 0fbddb14dc03f61738af01af88e7d8aa8df07336 by Miss Skeleton (bot) 
in branch '3.9':
bpo-40341: Remove some "discouraged solutions" in Doc/faq/programming.rst 
(GH-22726) (GH-22727)
https://github.com/python/cpython/commit/0fbddb14dc03f61738af01af88e7d8aa8df07336


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue40341] Programming FAQ includes actively discouraged solutions; Should those be removed?

[Raymond Hettinger]

Raymond Hettinger  added the comment:

Dominik, thanks for the suggestion.

Zackery, thanks for the PR.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41988] No hyphen in broken up word in documentation

[Terry J. Reedy]

Terry J. Reedy  added the comment:

I am closing because word breakage when wrapping and justifying is an 
OS-browswer issue.  I see the image as having two hyphenation bugs, but whoever 
wrote that viewer might disagree.

The displayed paragraph is the first bullet point in the doc.  With Firefox on 
Windows 10, the default wrapping (narrower than my full screen width) is after 
'paramont' and 'learn at'.

  Decimal “is based on a floating-point model which was designed with people in 
mind, and necessarily has a paramount
  guiding principle – computers must provide an arithmetic that works in the 
same way as the arithmetic that people learn at
  school.” – excerpt from the decimal arithmetic specification.

If I enlarge the text with Cntl-Mousewheel, even up to to the max 300%, Firefox 
rewraps but never breaks words; it only justifies with spaces.

With MS Edge and Google Chrome, the default breaks are after 'has a' and 'as 
the' and the max enlargements are 400/500%, but the behavior is otherwise the 
same -- rewrapping and justification with spaces, no word breaks.

  Decimal “is based on a floating-point model which was designed with people in 
mind, and necessarily has a
  paramount guiding principle – computers must provide an arithmetic that works 
in the same way as the
  arithmetic that people learn at school.” – excerpt from the decimal 
arithmetic specification.

Safari on my Macbook Mohave, does break words, and has nec-essarily, 
arith-metic, and ap-plication (later in the text), which are correct.

In the image, rewrapping is done by breaking words according to some local 
algorithm.  Short pieces as in ne-cessarily and ap-plications are hyphenated 
but the 'big' pieces of arith metic are not.  This looks like a browser bug, 
but might be a local standard.  According to both Google and my paper 
dictionary, the first hyphenation should be nec-essarily, as in Safari, which 
is an exception to the general rule of 'before a single consonant', as in 
spe-ci-fi-ca-tion.  But maybe some group disagrees with this exception.

--
nosy: +mdk, terry.reedy
resolution:  -> third party
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41988] No hyphen in broken up word in documentation

[Terry J. Reedy]

Terry J. Reedy  added the comment:

Raymond, what viewer are you using when you see unhyphenated word breaks?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41966] datetime.time issue with pickling in PyPy

[Dean]

Change by Dean :


--
keywords: +patch
pull_requests: +21695
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22731

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41989] htmlparser unclosed script tag causes data loss

[Terry J. Reedy]

Terry J. Reedy  added the comment:

Waylan, 3.7 and before only get security fixes.

To me, this might be considered an enhancement rather than bug fix, but I will 
leave that to Ezio.

--
nosy: +terry.reedy
versions:  -Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42055] Python Nuget Packages for Windows Installation: Request for more versions

[Paul Moore]

Paul Moore  added the comment:

Python 3.6.9 and later were source-only security fix releases. We don't provide 
*any* binary releases for those versions, the nuget distribution is no 
different in that respect.

The release schedule for Python 3.6 is at 
https://www.python.org/dev/peps/pep-0494/. There are similar PEPs for the 
release schedules of other versions.

--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Tim Peters]

Tim Peters  added the comment:

I don't think Rabin-Karp is worth trying here. The PR is provably worst-case 
linear time, and the constant factor is already reasonably small. Its only real 
weakness I can see is that it can be significantly (but seemingly not 
dramatically) slower than the status quo, in what are exceptionally good cases 
for the status quo, and perhaps most often due to the increased preprocessing 
cost of the new code (which is relatively most damaging if the needle is found 
early in the haystack - in which cases preprocessing can be close to a pure 
waste of time).

The status quo and the PR both enjoy sublinear (O(len(haystack) / len(needle)) 
cases too, but R-K doesn't.

Where R-K is a "go to" choice is when an app needs to search the same large 
text for several strings (Wikipedia has a decent description of R-K can be 
adapted to that) - but Python has no string API that does such a thing (closest 
is joining the search-for strings via "|" for a regexp search).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Tim Peters]

Tim Peters  added the comment:

Removed 3.8 from the Versions list. The code was functioning as designed, and 
the O(n*m) worst case bounds were always known to be possible, so there's no 
actual bug here.

--
versions:  -Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42010] Generic types accept indexing/subscripting, causing confusion

[Terry J. Reedy]

Terry J. Reedy  added the comment:

Subscription of list and dict (only with '') and ??? is at least puzzling.  
Removal of a new feature after release is a bad idea.  But this new feature, 
expansion of subscription, needs to documented in
https://docs.python.org/3/reference/expressions.html#subscriptions
as legal code.

The current first line

 "A subscription selects an item of a sequence (string, tuple or list) or 
mapping (dictionary) object:"

is no longer always true.  This suggested replacement is:

 "Subscription of a sequence (string, tuple or list) or mapping (dictionary) 
object selects an item from the collection."

Then at the end, add something like

 "Subscription of certain type objects creates a Generic Alias.

where 'Generic Alias links to where such are documented.

--
assignee:  -> docs@python
components: +Documentation -Interpreter Core
nosy: +docs@python, terry.reedy
stage: patch review -> needs patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41972] bytes.find consistently hangs in a particular scenario

[Tim Peters]

Tim Peters  added the comment:

And changed the "Type" field to "performance", because speed is the only issue 
here.

--
type: behavior -> performance

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42010] Generic types accept indexing/subscripting, causing confusion

[Guido van Rossum]

Guido van Rossum  added the comment:

That sentence has been a lie for a long time (from the start?).

Any type can define __getitem__ and get this behavior, though in this case it 
is done through __class_getitem__ (PEP NNN).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42028] Regression in mimetypes for image/bmp

[Steve Dower]

Steve Dower  added the comment:

Yep, looks like the extra entry can just be removed. Guess we missed it in 
issue4963

Care to submit a PR?

--
versions: +Python 3.10 -Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32215] sqlite3 400x-600x slower depending on formatting of an UPDATE statement in a string

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31522] _mboxMMDF.get_string() fails to pass param to get_bytes()

[Irit Katriel]

Irit Katriel  added the comment:

This seems complete, can it be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31522] _mboxMMDF.get_string() fails to pass param to get_bytes()

[Irit Katriel]

Irit Katriel  added the comment:

Well, the PR doesn't have a unit test so maybe not.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35414] A reference counting bug in PyState_RemoveModule()

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Steve Dower]

Steve Dower  added the comment:

> I'm not asking that we guarantee any behaviour, or that we commit ourselves 
> to anything. Just that we note that people ought not to be making a specific 
> assumption

Which is a fine intent, it's just the running assumption is that if it's in the 
documentation, it's supported (e.g. the distutils discussion). So no matter how 
carefully we document something as unsupported, people will still argue that 
it's supported because it's in the docs 🤷‍♂️

> which it appears from this issue, people *have* been making

We'd need Mark to weigh in (or possibly track down and ask a colleague), but I 
expect the assumption is that subprocess.Popen("python") searches PATH first. 
I've honestly never encountered anyone who deliberately depended on the 
application directory search (at least the first time, some who have discovered 
it have used it, though it tends to surprise colleagues when they do).

> I'll update the PR to add this statement or something similar to the 
> subprocess docs in the next couple of days.

No rush. We've got the sprints next week, and I don't have any major time 
consuming projects, so will probably get a few easier PRs done. Looks like I 
can edit your PR, so I can finish it up if you want to just move on :)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35436] Add missing PyErr_NoMemory() calls

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?  2.7 is no longer relevant.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42055] Python Nuget Packages for Windows Installation: Request for more versions

[Matias Grioni]

Matias Grioni  added the comment:

Thanks Paul. I was confused by the 3.7.9 version on the feeds since it is a 
security fix version, but didn't do a more through check.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35525] Incorrect keyword name in NNTP.starttls() documentation

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35847] RISC-V needs CTYPES_PASS_BY_REF_HACK

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42055] Python Nuget Packages for Windows Installation: Request for more versions

[Steve Dower]

Steve Dower  added the comment:

Python 3.7.9 was a special case, as mentioned on the download page: 
https://www.python.org/downloads/release/python-379/

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36179] _hashopenssl has reference leaks in OOM case

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36285] Integer overflow in array.array.remove()

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed? It was not backported to 3.7, but that's over now right?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36398] A possible crash in structseq.c's structseq_repr()

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36531] PyType_FromSpec wrong behavior with multiple Py_tp_members

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed? Or did you keep it open in order to add a unit test?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue36583] Do not swallow exceptions in the _ssl module

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31922] Can't receive replies from multicast UDP with asyncio

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42041] venv subprocess call to python resolves to wrong interpreter

[Paul Moore]

Paul Moore  added the comment:

> We'd need Mark to weigh in (or possibly track down and ask a colleague), but 
> I expect the assumption is that subprocess.Popen("python") searches PATH 
> first.

I'm sure it was, TBH. The executable directory side of things is really just on 
digging a bit deeper - "well, Windows actually uses the executable directory, 
but that's not relevant because I ran the venv Python". That's when the 
mistaken assumption happens.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26423] Integer overflow in wrap_lenfunc() on 64-bit build of Windows with len > 2**31-1

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue35525] Incorrect keyword name in NNTP.starttls() documentation

[Tal Einat]

Tal Einat  added the comment:

Indeed, this can be closed :)

Thanks for the report Colin, thanks for the PR Harmandeep, and thanks for the 
reminder to close this Irit!

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37553] SendfileUsingSendTest tests timeout too short for Windows ARM32

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42056] Configure on Apple ARM: "Unexpected output of 'arch' on OSX"

[Misty De Méo]

New submission from Misty De Méo :

Configure's `arch` check on Macs running with Apple Silicon CPUs will fail 
because the list of acceptable architectures is hardcoded to Intel and PowerPC: 
https://github.com/python/cpython/blob/master/configure.ac#L2486-L2496

This needs a clause that adds "arm64" as an acceptable arch.

--
components: Build
messages: 378776
nosy: mistydemeo
priority: normal
severity: normal
status: open
title: Configure on Apple ARM: "Unexpected output of 'arch' on OSX"
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37428] SSLContext.post_handshake_auth implicitly enables cert validation

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed? 2.7 is no longer relevant.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42056] Configure on Apple ARM: "Unexpected output of 'arch' on OSX"

[Misty De Méo]

Change by Misty De Méo :


--
keywords: +patch
pull_requests: +21696
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/22732

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37440] httplib should enable post-handshake authentication for TLS 1.3

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed? 2.7 is no longer relevant.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38094] unneeded assignment to wb.len in PyBytes_Concat using buffer protocol

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38041] IDLE Shell: Refine restart line

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue37555] _CallList.__contains__ doesn't always respect ANY.

[Irit Katriel]

Irit Katriel  added the comment:

Does this need a backport? It's in 3.9 but not 3.8.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue38041] IDLE Shell: Refine restart line

[Terry J. Reedy]

Terry J. Reedy  added the comment:

Yes, the further changes I am thinking about should be a new issue.

--
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32820] Add and document __format__ method for IPv[46]Address

[Irit Katriel]

Irit Katriel  added the comment:

Do these PRs need to be backported? They're in 3.9 but not 3.8.

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32498] urllib.parse.unquote raises incorrect errormessage when string parameter is bytes

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed? (It's intended as a 3.9-only change).

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue42046] Unable to write to file without elevated privileges

[Eryk Sun]

Eryk Sun  added the comment:

> processtoken = win32security.OpenProcessToken(process, 
> win32con.MAXIMUM_ALLOWED)
> win32security.GetTokenInformation(processtoken, 
> win32security.TokenMandatoryPolicy)

FYI, starting with Windows 8, the system supports pseudo-handles for the access 
token of the current process -- (HANDLE)-4 -- and the current thread -- 
(HANDLE)-5, which don't have to be opened and closed. In the API, they're 
available as the inlined functions GetCurrentProcessToken() and 
GetCurrentThreadToken(). These pseudo-handles have TOKEN_QUERY and 
TOKEN_QUERY_SOURCE access, so they can be used with token queries, i.e. 
GetTokenInformation(-4, TokenInformationClass).

> As the shell is started with medium integrity level and the file is set to 
> low 
> integrity level the process would get created with low integrity level.

Yes, because the access token of shell, which is a limited medium-integrity 
logon, has a mandatory policy that includes 
TOKEN_MANDATORY_POLICY_NEW_PROCESS_MIN.

> "C:\Program Files", "C:\Users" and "C:\Windows" seem to have their own DACL's.

Those directories have protected DACLs with custom security, so they don't 
inherit the inheritable entries from the root directory. For example:

>>> sd = GetNamedSecurityInfo(r'C:\Program Files', SE_FILE_OBJECT,
... DACL_SECURITY_INFORMATION)
>>> sd.GetSecurityDescriptorControl()[0] & SE_DACL_PROTECTED
4096

That said, Python's installer doesn't set custom security on the installation 
directory, and that's not likely to change. It just relies on inheritance. If 
you install in "C:\Python38-32", and the inheritable security from the root 
directory is problematic, then you need to resolve the problem manually, as you 
have done.

> win32security.GetFileSecurity("C:\\", 
> win32security.SACL_SECURITY_INFORMATION) 
> fails on me even on an elevated prompt.

Querying audit entries in the SACL of an object (SACL_SECURITY_INFORMATION) 
requires ACCESS_SYSTEM_SECURITY access, which requires SeSecurityPrivilege to 
be enabled. Administrators have this privilege, but it's disabled by default. 

Some entries in the SACL can be read with just READ_CONTROL access: the 
mandatory label (LABEL_SECURITY_INFORMATION -- WRITE_OWNER access to set), 
security resource attributes (ATTRIBUTE_SECURITY_INFORMATION -- WRITE_DAC 
access to set), and the central access policy identifier 
(SCOPE_SECURITY_INFORMATION -- ACCESS_SYSTEM_SECURITY access to set).

> "(NW)" is not directly mentioned. I'm assuming "(NR)" and "(NX)" might be the 
> missing integrity policy options for an integrity level entry.

I don't think icacls.exe allows setting no-read-up and no-execute-up access 
control. "NR" and "NX" appear to be ignored. For example:

>>> cmd = r'icacls C:\Temp\spam.txt /setintegritylevel H:(NW)(NR)(NX)'
>>> subprocess.call(cmd)
processed file: C:\Temp\spam.txt
Successfully processed 1 files; Failed processing 0 files
0

>>> sd = GetNamedSecurityInfo(r'C:\Temp\spam.txt', SE_FILE_OBJECT,
... LABEL_SECURITY_INFORMATION)
>>> sacl = sd.GetSecurityDescriptorSacl()
>>> (acetype, aceflags), mask, sid = sacl.GetAce(0)

>>> acetype == SYSTEM_MANDATORY_LABEL_ACE_TYPE
True
>>> aceflags == 0
True
>>> LookupAccountSid(None, sid)
('High Mandatory Level', 'Mandatory Label', 10)

But only the no-write-up access control is set:

>>> mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
True

--
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue31202] Windows pathlib.Path.glob(pattern) fixed part of the pattern changed to lowercase whereas it should be unchanged.

[Irit Katriel]

Irit Katriel  added the comment:

Can this be closed?

--
nosy: +iritkatriel

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32820] Add and document __format__ method for IPv[46]Address

[Eric V. Smith]

Eric V. Smith  added the comment:

Re: backporting

A quick test shows this feature is not in 3.8. We can't add new features to 
3.8, so I'd say "no, it doesn't need to be backported".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com