[issue8184] multiprocessing.managers will not fail if listening ocket already in use

Charles-François Natali added the comment: > Like I said, I dont know much about named pipes and im not even sure thats > how they are intended to work in this context. IE: if one process is > listening, can another listen on that named pipe as well? Under Unix, you'd get a EADDRINUSE with a

[issue9993] shutil.move fails on symlink source

Hynek Schlawack added the comment: Oh sorry, I didn't look into the doc patch. I unified both into one patch and added the versionchanged tag and also updated the docstring of shutil.move. -- Added file: http://bugs.python.org/file24149/shutil_move_symlinks.patch

[issue13703] Hash collision security issue

Mark Shannon added the comment: I agree. +1 for strings. -0 for numbers. This might cause problems with dict subclasses and the like, so I'm -1 on this. -- ___ Python tracker

[issue13703] Hash collision security issue

Mark Shannon added the comment: Without the context, that last message didn't make much sense. I agree with Terry that we should copy Perl and Ruby (for strings). I'm -1 on hash() returning a different value than dict uses internally. -- ___ Python

[issue13642] urllib incorrectly quotes username and password in https basic auth

Senthil Kumaran added the comment: Some review comments. Instead of doing the inline unquote like this - -auth = base64.b64encode(user_passwd).strip() +auth = base64.b64encode(unquote(user_passwd)).strip() It is better to do the explicitly above the b64 encoding step. J

[issue13718] Format Specification Mini-Language does not accept comma for percent value

New submission from Michael Kesper : http://docs.python.org/library/string.html#format-specification-mini-language mentions: Changed in version 2.7: Added the ',' option (see also PEP 378). PEP 378 tells me: The ',' option is defined as shown above for types 'd', 'e', 'f', 'g', 'E', 'G', '%',

[issue13609] Add "os.get_terminal_size()" function

Zbyszek Szmek added the comment: Following comments by Martin and Victor, here is next version: termsize.diff.4 Changes: - just check for defined(MS_WINDOWS) and rely on . - rename query_terminal_size to get_terminal_size_raw This way it should be clearer that the second one is low-level,

[issue8184] multiprocessing.managers will not fail if listening ocket already in use

Antoine Pitrou added the comment: Le vendredi 06 janvier 2012 à 02:18 +, Phill a écrit : > Phill added the comment: > > Rather than listening on a socket, listening on a named pipe > > eg: > address = (r'\\.\pipe\Test', 'AF_PIPE') > listener = Listener(*address) > conn = listener.accept()

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: Before continuing down the road of adding randomness to hash functions, please have a good read of the existing dictionary implementation: """ Major subtleties ahead: Most hash schemes depend on having a "good" hash function, in the sense of simulating ran

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: Demo patch implementing the collision limit idea for Python 2.7. -- Added file: http://bugs.python.org/file24151/hash-attack.patch ___ Python tracker _

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: The hash-attack.patch solves the problem for the integer case I posted earlier on and doesn't cause any problems with the test suite. Traceback (most recent call last): File "", line 1, in KeyError: 'too many hash collisions' It also doesn't change the

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: Stupid email interface again... here's the full text: The hash-attack.patch solves the problem for the integer case I posted earlier on and doesn't cause any problems with the test suite. >>> d = dict((x*(2**64 - 1), hash(x*(2**64 - 1))) for x in xrange(1,

[issue13041] argparse: terminal width is not detected properly

Zbyszek Szmek added the comment: New version to use after #13609 is implemented: patch2.diff -- Added file: http://bugs.python.org/file24152/patch2.diff ___ Python tracker ___ _

[issue13719] bdist_msi upload fails

New submission from Ralf Schmitt : Running setup.py bdist_msi upload fails with something like: c:\Python27\python.exe setup.py bdist_msi upload running bdist_msi running build running build_ext installing to build\bdist.win-amd64\msi running install_lib creating build\bdist.win-amd64 creating b

[issue8184] multiprocessing.managers will not fail if listening ocket already in use

Antoine Pitrou added the comment: (oops, hadn't seen Charles-François's answer before replying) -- ___ Python tracker ___ ___ Python-b

[issue13609] Add "os.get_terminal_size()" function

Zbyszek Szmek added the comment: One more comment on $COLUMNS overriding the actual terminal size: > Zbyszek, I just looked at [1] and I disagree that the environment > variable should have higher precedence. In fact, I believe it should > have lower precedence, and should be used as a fallback

[issue13609] Add "os.get_terminal_size()" function

Amaury Forgeot d'Arc added the comment: Some remarks on the Windows implementation in termsize.diff.4: - On Windows, the C runtime always sets fileno(stdout) to 1, so hardcoded values are OK. But on Unix, I'm quite sure that embedded interpreters (mod_python?) sometimes close the standard des

[issue13720] argparse print_help() fails if COLUMNS is set to a low value

New submission from Zbyszek Szmek : % cat test_argparse_narrow.py import argparse argparse.ArgumentParser().print_help() % COLUMNS=15 ./python test_argparse_narrow.py Traceback (most recent call last): File "test_argparse_narrow.py", line 2, in argparse.ArgumentParser().print_help() Fil

[issue13642] urllib incorrectly quotes username and password in https basic auth

Joonas Kuorilehto added the comment: > It is better to do the explicitly above the b64 encoding step. > Just as host has been unquoted. > > user_passwd, host = splituser(host) > host = unquote(host) Ok. So it needs to be done on the line after import bas

[issue13718] Format Specification Mini-Language does not accept comma for percent value

Changes by Ezio Melotti : -- nosy: +eric.smith, ezio.melotti ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: ht

[issue13718] Format Specification Mini-Language does not accept comma for percent value

Changes by Eric V. Smith : -- assignee: -> eric.smith ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://m

[issue13615] setup.py register fails with -r argument

Éric Araujo added the comment: Maybe related to (or same as) #11473. -- assignee: tarek -> eric.araujo components: +Distutils2 nosy: +alexis stage: -> test needed title: `setup.py register` fails with -r argument -> setup.py register fails with -r argument versions: +3rd party, Python

[issue11473] upload command no longer accepts repository by section name

Éric Araujo added the comment: This is a strange bug. I added a test using -r server2, using the already-existing PYPIRC_LONG_PASSWORD string as .pypirc contents. The test passes. To make sure changing one test would not affect another one, I created a new .pypirc file, PYPIRC_CUSTOM_SERVE

[issue13511] Specifying multiple lib and include directories on linux

Ray added the comment: Martin, did you read my last post? Did you read the updated topic? libdir and includedir are *not* the issue. So it makes sense to allow configuring multiple directories for python installation for darwin but not linux? Why? --

[issue13703] Hash collision security issue

STINNER Victor added the comment: hash-attack.patch does never decrement the collision counter. -- ___ Python tracker ___ ___ Python-

[issue13033] Add shutil.chowntree

Éric Araujo added the comment: Thanks for the patch. Before you do any more work, do other core developers agree that this function is a good addition or is it obsoleted by the generic improved-walk-with-callback that Nick is working on? Doc/library/shutil.rst: I don’t think the note direct

[issue1040439] Missing documentation on how to link with libpython

Éric Araujo added the comment: Attached patch adds the useful bits from the review I did; I hope you won’t think it’s pointless nitpicking. -- Added file: http://bugs.python.org/file24155/docembed-edits.patch ___ Python tracker

[issue13562] Notes about module load path

Éric Araujo added the comment: I did the markup edits but then found out that the doc for Py_Initialize in c-api/init already mentions the module load path and the module table, so I’m going to make another patch with just a link to that. -- ___ Py

[issue13719] bdist_msi upload fails

Éric Araujo added the comment: Thanks! Given the fragility of distutils, we try to add a test for every fix we commit, but I don’t remember if we already have a basic HTTP server to test the upload command. If not, I think I’ll commit this after manual testing (my Windows VM crashes on boot

[issue11473] upload command no longer accepts repository by section name

Changes by Éric Araujo : -- Removed message: http://bugs.python.org/msg150736 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue11473] upload command no longer accepts repository by section name

Éric Araujo added the comment: [copy/paste failure in my previous message, please disregard] > One possible factor is that my .pypirc is symlinked from ~/.pypirc to > config/python/.pypirc and > it's conceivable that Python 3.2.0 has some issues with symlink resolution > that caused it to not

[issue12415] Missing: How to checkout the Doc sources

Éric Araujo added the comment: I merely forgot, thanks for the prod. I’m taking your message as a +1 to the wording and will commit when the server I use for tunnels is back online. -- ___ Python tracker ___

[issue13716] distutils doc contains lots of XXX

Éric Araujo added the comment: Tarek ruled that time spent improving the distutils docs was time lost and better spent on distutils2. Accordingly, I only fix clear bugs in the doc but don’t improve them in any way. I’m inclined to close this as wontfix, or I can remove the XXX if you’re str

[issue1040439] Missing documentation on how to link with libpython

Antoine Pitrou added the comment: > Attached patch adds the useful bits from the review I did; I hope you > won’t think it’s pointless nitpicking. Looks good to me. -- ___ Python tracker ___

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: STINNER Victor wrote: > > STINNER Victor added the comment: > > hash-attack.patch does never decrement the collision counter. Why should it ? It's only used as local variable in the lookup function. Note that the limit only triggers on a per-key basis.

[issue12415] Missing: How to checkout the Doc sources

Éric Araujo added the comment: > http://docs.python.org/dev/documenting/building.html also needs to be updated > (it > still mentions Subversion and probably obsolete versions of Sphinx and other > packages). Well, the doc makefile still uses Subversion. As for the versions, if the ones liste

[issue12415] Missing: How to checkout the Doc sources

Ezio Melotti added the comment: http://docs.python.org/dev/documenting/building.html also needs to be updated (it still mentions Subversion and probably obsolete versions of Sphinx and other packages). If you are going to add the text proposed in your second message, you might want to drop a

[issue13691] pydoc help (or help('help')) claims to run a help utility; does nothing

Éric Araujo added the comment: IMO, help('help') should document the help function, not start an interactive help session (that’d be help()). -- nosy: +eric.araujo versions: +Python 3.3 -Python 2.6 ___ Python tracker

[issue12415] Missing: How to checkout the Doc sources

Ezio Melotti added the comment: > Well, the doc makefile still uses Subversion. Indeed, I was thinking about getting a CPython checkout with the doc, not about the tools used to built it (maybe it could be clarified). > I don’t understand: "p"s? >From "_Developpers's Guide: http://docs.python

[issue12415] Missing: How to checkout the Doc sources

Éric Araujo added the comment: > Indeed, I was thinking about getting a CPython checkout with the doc Right. I’ll edit my wording to mention Mercurial. >> I don’t understand: "p"s? >From "_Developpers's Guide: http://docs.python.org/devguide"; The curse of being French :) I always want to wri

[issue11473] upload command no longer accepts repository by section name

Jason R. Coombs added the comment: Windows symlinks, much like Unix symlinks, should dereference naturally when open is called, although there is a bug in later versions of the c runtime calling stat on a symlink. See issue6727 for details. -- title: upload command no longer accepts r

[issue13721] ssl.wrap_socket on a connected but failed connection succeeds and .peer_certificate gives AttributeError

New submission from Mads Kiilerich : According to http://docs.python.org/release/2.7.2/library/ssl wrap_socket can be used either on connected sockets or on un-connected sockets which then can be .connect'ed. In the latter case SSLSocket.connect() will (AFAIK) always raise a nice exception if

[issue13721] ssl.wrap_socket on a connected but failed connection succeeds and .peer_certificate gives AttributeError

Antoine Pitrou added the comment: > Alternatively all SSLSocket methods should take care not to dereference > self._sslobj and they should respond properly - preferably with a > socket/ssl exception. In getpeercert()'s case, I think None would be the right thing to return (as cipher() and com

[issue13703] Hash collision security issue

Marc-Andre Lemburg added the comment: Here's an example of hash-attack.patch finding an on-purpose programming error (hashing all objects to the same value): http://stackoverflow.com/questions/4865325/counting-collisions-in-a-python-dictionary (see the second example on the page for @Winston Ew

[issue9253] argparse: optional subparsers

Benjamin West added the comment: Ok, Steven, that sounds reasonable. I checked out git-svn python and started comparing diffs... I'm a little confused. What version of argparse should be patched to provide this feature? My HG version from https://code.google.com/p/argparse/ seems to contain

[issue9253] argparse: optional subparsers

Benjamin West added the comment: Ok, Steven, that sounds reasonable. I checked out git-svn python and started comparing diffs... I'm a little confused. What version of argparse should be patched to provide this feature? My HG version from https://code.google.com/p/argparse/ seems to contain

[issue13562] Notes about module load path

Changes by Eric Snow : -- nosy: +eric.snow ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.o

[issue13719] bdist_msi upload fails

Changes by Brian Curtin : -- components: +Windows nosy: +brian.curtin type: -> behavior ___ Python tracker ___ ___ Python-bugs-list m

[issue13609] Add "os.get_terminal_size()" function

Zbyszek Szmek added the comment: > Some remarks on the Windows implementation in termsize.diff.4: > - On Windows, the C runtime always sets fileno(stdout) to 1, so > hardcoded values are OK. > But on Unix, I'm quite sure that embedded interpreters (mod_python?) > sometimes close the standard d

[issue13562] Notes about module load path

Nam Nguyen added the comment: Please do keep the warning though. It is best to warn in both Python-C Py_Initialize() document and the Embedding tutorial. -- ___ Python tracker

[issue1521950] shlex.split() does not tokenize like the shell

Vinay Sajip added the comment: I've made a patch which implements this functionality, together with docs and tests. Please review. -- hgrepos: +99 nosy: +vinay.sajip stage: test needed -> patch review ___ Python tracker

[issue1521950] shlex.split() does not tokenize like the shell

Changes by Vinay Sajip : Added file: http://bugs.python.org/file24158/9e12275eec25.diff ___ Python tracker ___ ___ Python-bugs-list mailing

[issue13555] cPickle MemoryError when loading large file (while pickle works)

Charles-François Natali added the comment: Antoine, could you test the last version (test_pickle and if possible with the OP testcase)? I can't test it myself (32-bit machine with 1 GB). -- ___ Python tracker

[issue9993] shutil.move fails on symlink source

Roundup Robot added the comment: New changeset 1ea8b7233fd7 by Antoine Pitrou in branch 'default': Issue #9993: When the source and destination are on different filesystems, http://hg.python.org/cpython/rev/1ea8b7233fd7 -- nosy: +python-dev ___ Pytho

[issue9993] shutil.move fails on symlink source

Antoine Pitrou added the comment: Patch now committed to 3.3. Thank you Jonathan and Hynek! -- resolution: -> fixed stage: patch review -> committed/rejected status: open -> closed ___ Python tracker _

[issue13555] cPickle MemoryError when loading large file (while pickle works)

Antoine Pitrou added the comment: Le vendredi 06 janvier 2012 à 19:17 +, Charles-François Natali a écrit : > Charles-François Natali added the comment: > > Antoine, could you test the last version (test_pickle and if possible > with the OP testcase)? > I can't test it myself (32-bit machin

[issue13703] Hash collision security issue

Paul McMillan added the comment: > Those who use or advocate a simple randomized starting hash (Perl, Ruby, > perhaps MS, and the CCC presenters) are presuming that the randomized hash > values are kept private. Indeed, they should be (and the docs could note > this) unless an attacker has di

[issue13722] "distributions can disable the encodings package"

New submission from Antoine Pitrou : In _PyCodecRegistry_Init() (in Python/codecs.c), it is attempted to import the encodings module (so that the default search function gets registered) and failures get ignored following the same reasoning: /* Ignore ImportErrors... this is done s

[issue13703] Hash collision security issue

Changes by Pavel Labushev : -- nosy: +Arach ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.

[issue13703] Hash collision security issue

Terry J. Reedy added the comment: "You're suggesting that in order for a Python application to be secure, it's a requirement that we randomly kill and restart processes from time to time?" No, that is not what I said. -- ___ Python tracker

[issue13703] Hash collision security issue

Paul McMillan added the comment: > An attack can be based on trying to find many objects with the same > hash value, or trying to find many objects that, as they get inserted > into a dictionary, very often cause collisions due to the collision > resolution algorithm not finding a free slot. Ye

[issue13723] Regular expressions: (?:X|\s+)*$ takes a long time

New submission from Eric Promislow : This regular expression takes a few seconds to be evaluated against any text: (.*?)((?:X|\s+)*)$ This reg ex is much faster: (.*?)((?:X|\s)*)$ To be fair, Ruby's performance with the first regex is the same as Python's. PHP and JavaScript both fail to mat

[issue13723] Regular expressions: (?:X|\s+)*$ takes a long time

Changes by Alex Gaynor : -- nosy: +alex ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/

[issue13703] Hash collision security issue

Antoine Pitrou added the comment: > I'm in cautious agreement that collision counting is a better > strategy. Disagreed. Raising randomly is unacceptable (false positives), especially in a bugfix release. > The dict implementation performance would suffer from > randomization. Benchmarks ple

[issue13703] Hash collision security issue

Changes by Stefan Krah : -- nosy: +skrah ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org

[issue13724] socket.create_connection and multiple IP addresses

New submission from Mads Kiilerich : Forked from issue13721 where I was too lazy to report it separately: http://docs.python.org/release/2.7.2/library/socket#socket.create_connection doesn't describe how it loops over all IP addresses. That seems to be the functions main advantage (and a gotch

[issue13721] ssl.wrap_socket on a connected but failed connection succeeds and .peer_certificate gives AttributeError

Mads Kiilerich added the comment: I think it would be confusing if getpeercert returned None both for valid connections without certificates and also for invalid connections. I would almost prefer the current behaviour (AttributeError) if just it was documented and there was a documented way

[issue13511] Specifying multiple lib and include directories on linux

Martin v. Löwis added the comment: No, I only read the original message. I find it too tedious to read the entire set of messages just to find out what the issue may be. If an issue has sufficiently deviated from the original report, it is better closed, and a new issue is opened. Even after

[issue13609] Add "os.get_terminal_size()" function

STINNER Victor added the comment: > - fd argument is retained, because we might want to test terminals >  opened with openpty. You mean a terminal different than the one used for stdin, stdout and stderr? > - two functions: still there. I think that get_terminal_size() should >  provide an eas

[issue13609] Add "os.get_terminal_size()" function

Zbyszek Szmek added the comment: >> - fd argument is retained, because we might want to test terminals >> opened with openpty. > > You mean a terminal different than the one used for stdin, stdout and > stderr? For example, let's see what is the size of my two xterms: >>> os.get_terminal_siz

[issue13722] "distributions can disable the encodings package"

Amaury Forgeot d'Arc added the comment: Agreed. This behavior probably comes from the times when unicode was an optional feature. -- ___ Python tracker ___ ___

[issue13685] argparse does not sanitize help strings for % signs

Changes by Terry J. Reedy : -- nosy: +bethard ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pytho

[issue13686] Some notes on the docs of multiprocessing

Changes by Terry J. Reedy : -- nosy: +jnoller ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.pytho

[issue13691] pydoc help (or help('help')) claims to run a help utility; does nothing

Terry J. Reedy added the comment: I agree. It should explain the three options: help(object): help on object or class of object, except help('name'): help on object/module named 'name' help(): run utility, which starts with utility help help(help) prints unhelpful "Help on _Helper in module sit

[issue13692] 2to3 mangles from . import frobnitz

Terry J. Reedy added the comment: If this is fixed in 3.2, can this be closed? -- nosy: +terry.reedy ___ Python tracker ___ ___ Pytho

[issue13721] ssl.wrap_socket on a connected but failed connection succeeds and .peer_certificate gives AttributeError

Antoine Pitrou added the comment: > I hope the proper fix will ensure that an exception always is raised > if the ssl handshake fails - and that a successful wrap_socket means > that the ssl negotiation did succeed with the given constraints. It > might however only be feasible to fix that for 3

[issue13724] socket.create_connection and multiple IP addresses

Antoine Pitrou added the comment: > http://docs.python.org/release/2.7.2/library/socket#socket.create_connection > doesn't describe how it loops over all IP addresses. That seems to be the > functions main advantage (and a gotcha) compared to creating the socket and > connecting directly. We

[issue13720] argparse print_help() fails if COLUMNS is set to a low value

Terry J. Reedy added the comment: The code works fine on 3.2.2, Win7, IDLE, narrowest window possible (about 14 chars), which actually wraps to the window width. (In command window, lines are fixed length and scroll bar is added if window is narrowed.) What system and version are you running?

[issue13691] pydoc help (or help('help')) claims to run a help utility; does nothing

Devin Jeanpierre added the comment: > IMO, help('help') should document the help function, not start an interactive > help session (that’d be help()). Ahhh, that explains it. help('help') isn't ever meant to be called; it's supposed to be: >>> help() ... help> help ... the call to "help" at

[issue9253] argparse: optional subparsers

Éric Araujo added the comment: You should work in the 3.3 standard library, i.e. on Lib/argparse.py in the default branch of the CPython Mercurial repository. See the devguide for more info. Thanks! -- ___ Python tracker

[issue13691] pydoc help (or help('help')) claims to run a help utility; does nothing

Changes by Ezio Melotti : -- nosy: +ezio.melotti stage: -> needs patch type: -> behavior ___ Python tracker ___ ___ Python-bugs-list