Riccardo Schirone added the comment:
> So far, we at openSUSE had to package at least SQLAlchemy, Twisted, yarl and
> furl. The author of the first one acknowledged use of semicolon as a bug. I
> don't think it was so bad.
Did you upstream fixes for those packages?
Asking b
Riccardo Schirone added the comment:
This CVE was reported against Python, however it does not seem to be Python's
fault for supporting the `;` separator, which was a valid separator for older
standards.
@AdamGold for this issue to become a real security problem, it seems that the
Change by Riccardo La Marca :
--
nosy: +altendky, paul.moore, serhiy.storchaka, steve.dower, tim.golden,
vstinner, zach.ware
___
Python tracker
<https://bugs.python.org/issue43
Change by Riccardo La Marca :
--
nosy: +monkeyman79, paul.j3, r.david.murray, v+python
___
Python tracker
<https://bugs.python.org/issue43061>
___
___
Python-bug
New submission from Riccardo La Marca :
This is a link with some examples of the required functionality:
https://stackoverflow.com/questions/65952314
--
messages: 385909
nosy: Riccardo La Marca
priority: normal
severity: normal
status: open
title: subprocess: feature request: Get only
New submission from Riccardo Coccioli :
The documentation for the logging.Filter().filter() method states:
#-
Is the specified record to be logged? Returns 0 for no, nonzero for yes. If
deemed appropriate, the record may be modified in-place.
#-
While its implementation returns a
Riccardo Polignieri added the comment:
> `locale.getlocale()` is now returning strange results
Not really "strange results" - fact is, now "getlocale()" returns the locale
name *as if* it were already set from the beginnning (because it is, at least
in part).
Befo
Riccardo Schirone added the comment:
I agree I don't see a clear vulnerability here.
--
nosy: +rschiron
___
Python tracker
<https://bugs.python.org/is
Riccardo Polignieri added the comment:
Three years later, this problem seems on the way to fix itself
(https://xkcd.com/1822/).
Versioned shebangs (and versioned "/env" shebangs) used to be a more prominent
issue when you needed a way to tell Python 2 / Python 3 scripts apart
Change by Riccardo Polignieri :
--
nosy: +ricpol
___
Python tracker
<https://bugs.python.org/issue38671>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Riccardo La Marca :
PyDev console: starting.
Python 3.8.0 (v3.8.0:fa919fdf25, Oct 14 2019, 10:23:27)
[Clang 6.0 (clang-600.0.57)] on darwin
>>> int(123456789012345678901234567890)
123456789012345678901234567890
>>> int(123456789012345
Change by Riccardo La Marca :
Added file: https://bugs.python.org/file48756/Code.png
___
Python tracker
<https://bugs.python.org/issue38968>
___
___
Python-bugs-list m
Change by Riccardo La Marca :
Removed file: https://bugs.python.org/file48755/Schermata 2019-12-04 alle
12.09.36.png
___
Python tracker
<https://bugs.python.org/issue38
Change by Riccardo La Marca :
--
files: Schermata 2019-12-04 alle 12.09.36.png
nosy: Riccardo La Marca
priority: normal
severity: normal
status: open
title: int method works improperly
versions: Python 3.8
Added file: https://bugs.python.org/file48755/Schermata 2019-12-04 alle
Riccardo Schirone added the comment:
The glibc issue mentioned in the first comment is CVE-2016-10739 .
--
___
Python tracker
<https://bugs.python.org/issue38
Riccardo Schirone added the comment:
I have created https://bugs.python.org/issue38576 to address CVE-2019-18348.
@gregory.p.smith if you have particular complains about these CVEs feel free to
let me know (even privately). I think the security impact of these flaws is: an
application that
New submission from Riccardo Schirone :
Copy-pasted from https://bugs.python.org/issue30458#msg347282
The commit b7378d77289c911ca6a0c0afaf513879002df7d5 is incomplete: it doesn't
seem to check for control characters in the "host" part of the URL, only in the
Riccardo Schirone added the comment:
CVE-2019-18348 has been assigned to the issue explained in
https://bugs.python.org/issue30458#msg347282 . Maybe a separate bug for it
would be better though. CVE-2019-18348 is about injecting CRLF in HTTP requests
through the *host* part of a URL
Riccardo Schirone added the comment:
CVE-2019-16056 has been assigned to this issue.
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056 .
--
nosy: +rschiron
___
Python tracker
<https://bugs.python.org/issue34
Riccardo Schirone added the comment:
Will the flaw outlined in https://bugs.python.org/issue30458#msg347282 be fixed
in python itself? If so, I think a CVE for python should be requested to MITRE
(I can request one, in that case).
Moreover, does it make sense to create a new bug to track
Riccardo Schirone added the comment:
CVE-2018-20852 has been assigned to this flaw.
--
___
Python tracker
<https://bugs.python.org/issue35121>
___
___
Python-bug
Riccardo Schirone added the comment:
> > A second problem comes into the game. Some C libraries like glibc strip the
> > end of the hostname (strip at the first newline character) and so HTTP
> > Header injection is still possible is this case:
> > https://bugzilla
Riccardo Schirone added the comment:
As far as I know you can't request a hostname with spaces in it (which seems to
be a precondition to trigger this bug) so I think an attacker cannot even
create a malicious CA that would be mistakenly accepted by match_hostname.
--
Riccardo Schirone added the comment:
Did anybody request a CVE for this issue? I think it deserves one as it is a
security issue and it may leak cookies to wrong domains. Does anybody have
anything against assigning a CVE to this issue? If not, I would try to get one
from MITRE
Riccardo Schirone added the comment:
> CVE-2019-10160 has been assigned by Red Hat to this flaw.
For clarity, CVE-2019-10160 has been assigned to the bug introduced with the
fix for the functional regression mentioned in this bug, and not to the bug
itself explained in the first comm
Riccardo Schirone added the comment:
The fix for python-2.7
(https://github.com/python/cpython/pull/13815/files#diff-b577545d73dd0cdb2c337a4c5f89e1d7R183)
causes errors when netloc contains characters that can't be encoded by 'ascii'
codec.
You can see it by do
Riccardo Magliocchetti added the comment:
Friendly ping, would be helpful to get this resolved for 3.8.0. Thanks!
--
___
Python tracker
<https://bugs.python.org/issue36
Riccardo Murri added the comment:
> you should be handling errors properly in the first place,
> e.g. by changing your mount_sshfs manager to:
>
> @contextmanager
> def mount_sshfs(localdir, remote):
> subprocess.run(f"sshfs {remote} {lo
New submission from Riccardo Murri :
The behavior of `tempfile.TemporaryDirectory()` is to delete the
temporary directory when done; this behavior cannot be turned off
(there's no `delete=False`like `NamedTemporaryFile` has instead).
However, in case a filesystem has been mounted o
New submission from Riccardo Coccioli :
It seems that importlib.import_module() is not thread-safe if the loaded module
raises an Exception on Python 3.4 and 3.5. I didn't find any thread-unsafe
related information in Python's documentation.
The frequency of the failure appears to
Riccardo Magliocchetti added the comment:
@Vinay Do you have any update on this? thanks
--
___
Python tracker
<https://bugs.python.org/issue36015>
___
___
Pytho
Riccardo Magliocchetti added the comment:
Looking at Modules/_io/fileio.c::_io_FileIO___init___impl it seems an int for
nameobj is just fine. Not sure I am looking at the right code though :)
--
___
Python tracker
<https://bugs.python.
Riccardo Magliocchetti added the comment:
Yeah, I'm not sure the pr is just papering over the real issue :) Need to check
what io.open sets on name. IF it setting the fd as name instead of creating a
string that would be still be a bug in Python to me. Could you please wait a
bit for
Change by Riccardo Magliocchetti :
--
keywords: +patch
pull_requests: +11933
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Riccardo Magliocchetti :
When debugging uwsgi logging issues with python3.7 i got this on python 3.7.2:
Traceback (most recent call last):
File "/usr/lib/python3.7/logging/__init__.py", line 269, in
_after_at_fork_weak_calls
_at_fork_weak_calls('release
Riccardo Mottola added the comment:
https://github.com/python/cpython/pull/9125
should close it
--
resolution: -> fixed
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
New submission from Riccardo Mottola :
Backport proposal of fix for closed issue 32502
The patch was directly adapted from
https://github.com/python/cpython/commit/d69794f4df81de731cc66dc82136e28bee691e1e
applied to 2.7 and tested working for me.
Discussion ongoing MacPorts requested to
Riccardo Polignieri added the comment:
> the error should be better
Yes, that's what I maeant - sorry I should have phrased better.
I marked by mistake a couple of f-strings for translation and totally forgot
about it for a while... it took me some time to figure out what was going
New submission from Riccardo Polignieri :
Tested (on windows) with python 3.6, but I guess it's the same in py3.7:
# test.py
def hello(x):
print(_(f'hello {x}'))
> py pygettext.py test.py
Traceback (most recent call last):
File "C:\Program Files\Python36\Tools\i
Change by Riccardo Coccioli :
--
pull_requests: +4008
___
Python tracker
<https://bugs.python.org/issue31334>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Riccardo Coccioli :
--
nosy: +Riccardo Coccioli
___
Python tracker
<https://bugs.python.org/issue31786>
___
___
Python-bugs-list mailing list
Unsub
Riccardo Coccioli added the comment:
Although it's documented as -1 in Linux man page [1], from my quick tests I was
not able to get any error with negative values different from -1 and it seems
to wait indefinitely as expected. Looking also at its implementation in [2], it
doesn'
Riccardo Coccioli added the comment:
This can actually be reproduced with Python 2.7 too (thanks @thiell to let me
know). At first I thought that it was not because it doesn't repro with the
stock macOS-shipped Python 2.7.10 on macOS Sierra 10.12.6, where the
select.poll() is not availab
Changes by Riccardo Coccioli :
--
pull_requests: +3320
___
Python tracker
<http://bugs.python.org/issue31334>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Riccardo Coccioli:
According to the Python documentation for the 'poll.poll([timeout])' method in
the 'select' module, any negative value for the 'timeout' parameter is valid
and should have the same behaviour [1]:
"If timeout is o
New submission from Riccardo Magliocchetti:
I have an issue related to this while trying to compile statically Python 3.6.1
(but latest master looks the same) against a static musl.
The problem is that i have AF_CAN defined because it's defined in
linux/socket.h but by not h
Riccardo Magliocchetti added the comment:
I have an issue related to this while trying to compile statically Python 3.6.1
against a static musl.
The problem is that i have AF_CAN defined because it's defined in
linux/socket.h but by not having HAVE_LINUX_CAN_H defined in pyconfig.
Riccardo Polignieri added the comment:
@Jens Lindgren
I know, pretty annoying right? But see previous answer by Paul here
http://bugs.python.org/issue28686#msg287181
> The Unix ability to have 2 different versions of Python on PATH
> and select which you use based on executable name d
Riccardo Polignieri added the comment:
Paul:
> When inside a venv:
- If you want to execute a script, use a shebang of #!/usr/bin/env python and
then use `py myscript.py`
Yes, I'm totally on board with this - that is, as far as I run my own scripts.
I just wonder, what if one d
Riccardo Polignieri added the comment:
Paul:
> it's not possible to tell by inspection the version of a Python interpreter.
True, but it's an implementation detail. Couldn't be solved? Versioned
interpreters a la Linux, of course, or maybe how about including some kind
Riccardo Polignieri added the comment:
> I'm inclined to say YAGNI, and we simply leave "/usr/bin/env python3"
> undefined.
I can't say I'm really happy with this answer. Fact is,
1) you almost always have to work from within a virtual env these days,
2) you
Riccardo added the comment:
Great, i solved trying to avoid calls to python code in parallel regions.
Thanks for pointing me in right direction, i wasn’t thinking at all to the GIL,
i was convinced i had tryed everything and that it was a bug..
Regards
On 10 Sep 2014, at 05:50, Stefan Behnel
New submission from Riccardo:
Hi,
I found this strange behaviour of PyArray_FromAny that manifest only inside a
parallel region of openmp.
I am using python 2.7.4 and numpy 1.8.0
*** Reference count error detected
an attempt was made to deallocate 12 (d) ***
and this is due to the
New submission from Riccardo Murri:
The `argparse` module (tested with 2.7, but other versions might be
affected) checks the `default` value of an option too early: if the
default value raises an exception, then command-line parsing stops.
Consider for example the following code
New submission from Riccardo Rotondo :
Hello, I'm having trouble with pyobj since I have installed Python 2.6.4 by
official dmg download here.
Befor I used python pre-installed in Snow Leopard and everything worked ok. Now
I can't import pyobjc.
I tried to perform easy_install py
New submission from Riccardo Attilio Galli :
there are discrepancies in the online documentation of
strftime
in time.strftime http://docs.python.org/library/time.html
and datetime.strftime (http://docs.python.org/library/datetime.html)
In particular, seems like datetime.strftime is the one up
56 matches
Mail list logo
