[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Matej Cepl added the comment: You are right. Thank you. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue36522] http/client.py does not print duplicate header values in debug

Serhiy Storchaka added the comment: New changeset 461c416dd78a98f2bba7f323af8c9738e060b6f2 by Serhiy Storchaka (Matt Houglum) in branch 'master': bpo-36522: Print all values for headers with multiple values. (GH-12681) https://github.com/python/cpython/commit/461c416dd78a98f2bba7f323af8c9738e

[issue36522] http/client.py does not print duplicate header values in debug

Change by miss-islington : -- pull_requests: +12610 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue36521] Consider removing docstrings from co_consts in code objects

Change by Inada Naoki : -- nosy: +inada.naoki ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.py

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Karthikeyan Singaravelan added the comment: The docs state the tuple contains two dictionaries depending on how common the type is. I guess you want a merged dict to be provided as an API? I will leave it to @r.david.murray on that. -- ___ Python

[issue36521] Consider removing docstrings from co_consts in code objects

Raymond Hettinger added the comment: > co_consts[0] is used for setting the initial value of __doc__. Why is __doc__ set this way, but __name__ is set directly on the function object? Setting __doc__ from the code object seems like an odd implementation hack that puts the responsibility in

[issue36054] Way to detect CPU count inside docker container

Manjusaka added the comment: Yes, not only but also support get real memory limit. look at https://blogs.oracle.com/java-platform-group/java-se-support-for-docker-cpu-and-memory-limits -- ___ Python tracker __

[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Steve Dower added the comment: You need a "u" prefix on some of your strings or they're probably being immediately decomposed. The result of urlsplit should be unicode on Python 2 for a Unicode input, and yours are not. -- ___ Python tracker

[issue36522] http/client.py does not print duplicate header values in debug

Change by Roundup Robot : -- keywords: +patch pull_requests: +12608 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-l

[issue36521] Consider removing docstrings from co_consts in code objects

Serhiy Storchaka added the comment: co_consts[0] is used for setting the initial value of __doc__. See PyFunction_NewWithQualName(). consts = ((PyCodeObject *)code)->co_consts; if (PyTuple_Size(consts) >= 1) { doc = PyTuple_GetItem(consts, 0); if (!PyUnicode_Check(doc)

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: (I just found out that Cary is on vacation until 4/17.) -- ___ Python tracker ___ ___ Python-bu

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: One way would be to compile only their own source to bytecode using this flag. But I agree it doesn't look very viable in general. I'll talk to Cary offline. -- ___ Python tracker

[issue36522] http/client.py does not print duplicate header values in debug

New submission from Matt Houglum : This is a follow-up to https://bugs.python.org/issue33365. The fix for that issue (see https://github.com/python/cpython/pull/6611) added a statement to also print header values, but it does not account for the case where multiple values exist for the same

[issue18697] Unify arguments names in Unicode object C API documentation

Change by Rune Tynan : -- keywords: +patch pull_requests: +12607 stage: needs patch -> patch review ___ Python tracker ___ ___ Pytho

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

bigbigliang added the comment: Thank you for your answer. I am a student and very interested in python. I want to continue digging for Python bugs, but I am not good at this area. I want to keep looking for loopholes. from:bigbigliang Christian Heimes 于2019年4月3日周三 下午5:33写道： > > Christian Hei

[issue36521] Consider removing docstrings from co_consts in code objects

New submission from Raymond Hettinger : Function objects provide __doc__ as a documented writeable attribute. However, code objects also have the same information in co_consts[0]. When __doc__ is changed, the latter keeps a reference to the old string. Also, the disassembly shows that co_c

[issue36466] Adding a way to strip annotations from compiled bytecode

Raymond Hettinger added the comment: FYI, this partially breaks functools.singledispatch() and completely breaks both typing.NamedTuple() and dataclasses.dataclass(). A user may be able to avoid these in their own code, but I don't see how they can avoid it in third-party code. --

[issue18697] Unify arguments names in Unicode object C API documentation

Rune Tynan added the comment: Another inconsistency I've noticed is that the code sometimes refers to Py_ssize_t instances as a 'length' and sometimes as a 'size'. It seems like 'size' is the more common one in the docs, but the headers more often use 'length'. Which would be the better one

[issue36520] Email header folded incorrectly

New submission from Jonathan Horn : I encountered a problem with replacing the 'Subject' header of an email. After serializing it again, the utf8 encoding was wrong. It seems to be occurring when folding the internal header objects. Example: >> email.policy.default.fold_binary('Subject', >> e

[issue6721] Locks in the standard library should be sanitized on fork

Gregory P. Smith added the comment: I'd start with faulthandler.register with all_threads=True and see if that gives you what you need. https://docs.python.org/3/library/faulthandler.html -- ___ Python tracker

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Daniel Black added the comment: Thanks Karthikeyan. That is a bit cumbersome but gets it done. Any value seen in adding as proposed? -- ___ Python tracker ___ ___

[issue36479] Exit threads when interpreter is finalizing rather than runtime.

Change by Joannah Nanjekye : -- keywords: +patch pull_requests: +12606 stage: needs patch -> patch review ___ Python tracker ___ ___

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: Issue #36256 (a real bug) was backported to 3.7 but also includes a similar improvement regarding node names in error messages. I can revert it from 3.7 if you consider it should not be there. -- ___ Python

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Serhiy Storchaka added the comment: New changeset fd83a823a6f268dc97ee2bf7d8a1a88d948446e5 by Serhiy Storchaka (Zackery Spytz) in branch '2.7': bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) (GH-12678) https://github.com/python/cpython/commit/fd83a823a6f

[issue36440] more helpful diagnostics for parser module

Serhiy Storchaka added the comment: Why was this merged in 3.7? This is a new feature, not a bug fix. -- ___ Python tracker ___ ___

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: Thanks A. Skrobov for your contribution! :) -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue36440] more helpful diagnostics for parser module

Pablo Galindo Salgado added the comment: New changeset 513d142993bb8c13e6803727fa086e44eafc360f by Pablo Galindo in branch '3.7': [3.7] bpo-36440: include node names in ParserError messages, instead of numeric IDs (GH-12565) (GH-12671) https://github.com/python/cpython/commit/513d142993bb8c1

[issue12756] datetime.datetime.utcnow should return a UTC timestamp

Paul Ganssle added the comment: @tin utcnow is a semi-deprecated way to get a naive datetime that represents the time in UTC. The preferred replacement is to do this: from datetime import datetime, timezone datetime.now(tz=timezone.utc) Note that you can replace "timezone.utc" with

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Guido van Rossum added the comment: This will require a PEP discussion before it can move forward. -- ___ Python tracker ___ ___ Py

[issue36466] Adding a way to strip annotations from compiled bytecode

Guido van Rossum added the comment: @cary are you planning on updating with the suggested/requested improvements to the patch? If not, let us know and we'll see if someone else is interested in taking over. -- ___ Python tracker

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Change by Zackery Spytz : -- pull_requests: +12605 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://ma

[issue36260] Cpython/Lib vulnerability found and request a patch submission

Christian Heimes added the comment: The suggested approach is merely a heuristic that reduces the impact of a zipbomb. An attacker can circumvent the heuristic. In best case scenario, the approach just increases the cost factor for a successful DoS. For example an attacker may have to upload

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

miss-islington added the comment: New changeset 9c08eeb30ca0e551323467b62ae40e08e30839b3 by Miss Islington (bot) in branch '3.7': bpo-36504: Fix signed integer overflow in _ctypes.c's PyCArrayType_new(). (GH-12660) https://github.com/python/cpython/commit/9c08eeb30ca0e551323467b62ae40e08e308

[issue36260] Cpython/Lib vulnerability found and request a patch submission

Victor Kung added the comment: Hello Python community, I’m curious why the patch or pitfall prevention in ZipFile are not suggested. I have no idea if everyone read documentation in detail. It seems straightforward to add the methods in ZipFile with well documented rather than just warn in d

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Change by Stefan Behnel : -- keywords: +patch pull_requests: +12604 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-li

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Stefan Behnel added the comment: Seems like a reasonable request to me, even if it hasn't been touched or re-requested for years. Funny enough, DocumentFragment is currently documented as "not implemented" (as for Entity, Notation, CDATASection, CharacterData, DOMImplementation, DocumentTyp

[issue36504] Signed integer overflow in _ctypes.c's PyCArrayType_new()

Change by miss-islington : -- pull_requests: +12603 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by László Kiss Kollár : -- nosy: +lkollar ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue36466] Adding a way to strip annotations from compiled bytecode

Ivan Levkivskyi added the comment: +1 from me. There are two ways to enable this: * Add -OOO that would remove all three: asserts, docstrings, annotations * Add separate --O-asserts --O-docstrings --O-annotations (or similar) I think I like the second option more. @cary Please note that our

[issue36054] Way to detect CPU count inside docker container

Christian Heimes added the comment: The JVM parses cgroups information from the proc filesystem and evaluates CPU count from the cgroup cpu.shares and cpu.cfs. https://github.com/openjdk/jdk/blob/d5686b87f31d6c57ec6b3e5e9c85a04209dbac7a/src/hotspot/os/linux/os_linux.cpp#L5304-L5336 https://g

[issue35625] Comprehension doc doesn't mention buggy class scope behavior

Change by Aaron Hall : -- nosy: +Aaron Hall ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyth

[issue12756] datetime.datetime.utcnow should return a UTC timestamp

Agustin added the comment: Hi there, I was wondering if we re-open this issue breaking the backward compatibility now? -- nosy: +tin versions: +Python 3.9 -Python 2.7, Python 3.2 ___ Python tracker

[issue36054] Way to detect CPU count inside docker container

Manjusaka added the comment: Hi Stéphane: I have checked the JVM implantation about container improvements. I confirm that maybe we need a new Libary for container environment. I don't think that combine it into the os module is a good idea. I will make a PR during this week. -- ___

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Francisco Couzo added the comment: I just made the pull request, I totally forgot I mentioned I was going to work on this, sorry! -- ___ Python tracker ___ __

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Change by Francisco Couzo : -- pull_requests: +12602 stage: needs patch -> patch review ___ Python tracker ___ ___ Python-bugs-list

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- versions: +Python 3.6 -Python 3.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- components: +Library (Lib) versions: +Python 3.7 -Python 2.7, Python 3.2 ___ Python tracker ___ ___ Python-bugs-l

[issue13947] gdbm reorganize() leaves hanging file descriptor

Change by sds : -- type: -> behavior ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org

[issue21879] str.format() gives poor diagnostic on placeholder mismatch

Joannah Nanjekye added the comment: @franciscouzo any status on this? Do you need any help on this? -- ___ Python tracker ___ ___ P

[issue13947] gdbm reorganize() leaves hanging file descriptor

sds added the comment: I observe the same behavior on Linux 4.18.0-17-generic #18-Ubuntu with Python 3.6.7 (default, Oct 22 2018, 11:32:17) [GCC 8.2.0]. gdbm 1.14.1-6: after db = dbm.gnu.open("asdf","n") db["a"] = "124" db.reorganize() db.close() I see $ lsof ~/asdf COMMAND PID USER FD

[issue29259] Add tp_fastcall to PyTypeObject: support FASTCALL calling convention for all callable objects

Jeroen Demeyer added the comment: See also PEP 590, which has very similar ideas. Also PEP 580 is related to this. -- ___ Python tracker ___ __

[issue36519] Blake2b/s implementations have minor GIL issues

Christian Heimes added the comment: Thanks, I'll have a look. -- assignee: -> christian.heimes versions: +Python 3.6, Python 3.8 ___ Python tracker ___ __

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

bigbigliang added the comment: > > Certainly. > > -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https:/

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by Mario Corchero : -- nosy: +mariocj89 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.p

[issue36519] Blake2b/s implementations have minor GIL issues

Change by SilentGhost : -- nosy: +christian.heimes type: -> behavior ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue36519] Blake2b/s implementations have minor GIL issues

New submission from George King : I was browsing the Blake2b module implementation in master and noticed two subtle issues in blake2b_impl.c. There are two places where the GIL gets released; both of them appear flawed. py_blake2b_new_impl, line 221. The ALLOW_THREADS block fails to acquire/r

[issue33261] inspect.isgeneratorfunction fails on hand-created methods

Change by Petr Viktorin : -- stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mail

[issue6721] Locks in the standard library should be sanitized on fork

cagney added the comment: > Does your code use any C code that forks on its own without properly calling > the C Python PyOS_BeforeFork(), PyOS_AfterFork_Parent(), and > PyOS_AfterFork_Child() APIs? No. Is there a web page explaining how to pull a python backtrace from all the threads runn

[issue36517] typing.NamedTuple does not support mixins

Change by Guido van Rossum : -- nosy: -gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://ma

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

Change by Serhiy Storchaka : -- keywords: +patch pull_requests: +12601 stage: -> patch review ___ Python tracker ___ ___ Python-bug

[issue36518] Avoid conflicts when pass arbitrary keyword arguments to Python function

New submission from Serhiy Storchaka : This is yet one alternative to PEP 570. It does not solve all problems that PEP 570 is purposed to solve, but it significantly reduces the need in positional-only parameters. Currently the problem with implementing in Python functions that should accept

[issue36517] typing.NamedTuple does not support mixins

Change by Stéphane Wirtel : -- nosy: +rhettinger ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.

[issue36216] CVE-2019-9636: urlsplit does not handle NFKC normalization

Matej Cepl added the comment: I am trying to investigate the impact of this bug on Python 2.6 (yes, it is for SLE), and I have hard to replicate the steps in the description even on 2.7: ~$ ipython2 Python 2.7.15 (default, May 21 2018, 17:53:03) [GCC] Type "copyright", "credits" or "license"

[issue36517] typing.NamedTuple does not support mixins

Change by Karthikeyan Singaravelan : -- nosy: +gvanrossum, levkivskyi ___ Python tracker ___ ___ Python-bugs-list mailing list Unsub

[issue36517] typing.NamedTuple does not support mixins

New submission from Andrew Wason : Subclassing typing.NamedTuple an inheriting from a mixin class does not work. It does work for collections.namedtuple, and can be worked around by modifying typing.NamedTupleMeta: >>> import collections >>> import typing >>> >>> >>> class Mixin: ... def

[issue36514] -m switch revisited

Ronald Oussoren added the comment: Given a python script in a file named foo.py in the current directory: * python -m foo Should, and does, work. * python -m foo.py Raises an error, because the command tries to run the submodule "py" of module "foo" as the __main__ module. For scrip

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Karthikeyan Singaravelan added the comment: > However this seems to compete with the functionality of the types map so > another consideration is content-types_map where the content-type is the key > and the pair values are lists of valid filename extensions: There is mimetypes.MimeTypes().t

[issue9883] minidom: AttributeError: DocumentFragment instance has no attribute 'writexml'

Change by James Socol : -- nosy: -jamessocol ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyt

[issue36514] -m switch revisited

Colin Dick added the comment: No, the first example is expected, BUT the middle two work HENCE the last should NOT have a problem either... No? Because the middle two work, so should the last complete without any errors. There were no code changes, Therefore the problem is with python On Wed,

[issue36514] -m switch revisited

Ronald Oussoren added the comment: This is not a bug: * "python -m NAME" runs module (or package) NAME as a script, NAME should therefore be a module name and not a filename (and hence not have a .py suffix) * "python NAME" runs a script in file NAME and should therefore by a complete file

[issue36506] [security] CVE-2019-10268: An arbitrary execution vulnerability exists in the built-in function getattr

Christian Heimes added the comment: Could you please do us a favor and contact MITRE to get the CVE number revoked? Please CC secur...@python.org so we have a record of the emails. -- ___ Python tracker ___

[issue36516] Python Launcher can not recognize pyw file as Python GUI Script file type correctly.

Change by Jiongjiong Gao : -- keywords: +patch pull_requests: +12600 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-

[issue34430] Symmetrical chaining futures in asyncio.future.wrap_future

Alfred Sawaya added the comment: Can be closed if not needed by the community. -- resolution: -> wont fix stage: patch review -> resolved status: open -> closed ___ Python tracker __

[issue36053] pkgutil.walk_packages jumps out from given path if there is package with the same name in sys.path

Change by SilentGhost : -- nosy: +ncoghlan versions: -Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7 ___ Python tracker ___ ___

[issue36481] telnetlib process_rawq() callback

SilentGhost added the comment: As a general rule, your PR would have to include documentation (including a NEWS entry) and tests for the new functionality. Naturally, by itself it's not a guarantee that this suggestion would be accepted. -- nosy: +SilentGhost, giampaolo.rodola versio

[issue36489] add filename_extension_map and/or content-types_map dict(s) to mimetypes

Change by SilentGhost : -- components: +Library (Lib) nosy: +r.david.murray type: -> enhancement versions: +Python 3.8, Python 3.9 ___ Python tracker ___ _

[issue36514] -m switch revisited

SilentGhost added the comment: Colin, sorry, are you reporting an issue? Because I have trouble understanding what is. The examples you've posted seem to work as expected, no? -- nosy: +SilentGhost ___ Python tracker

[issue36505] PYTHON-CAN with vector

SilentGhost added the comment: Again, this is not the problem with Python as a language, its implementation in CPython or the standard library. Please, don't re-open this issue again. -- status: open -> closed ___ Python tracker

[issue36445] bus error in test_gil test on armhf running with 64bit kernel

Change by Matthias Klose : -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> unaligned memory access in the _sha3 extension ___ Python tracker ___