Charalampos Stratakis added the comment:
Also on Fedora the same set of security policies can be set as RHEL8 by
utilizing 'update-crypto-policies --set NEXT'
--
___
Python tracker
<https://bugs.python.o
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +10140
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Charalampos Stratakis :
Added file: https://bugs.python.org/file47977/setup.py
___
Python tracker
<https://bugs.python.org/issue35257>
___
___
Python-bug
Charalampos Stratakis added the comment:
So to better illustrate the actual issue I'll be using an example from the
python documentation [0][1].
Get the demo.c and the setup.py. Compile cpython first with --with-lto and then
compile the demo.c with ./python3 setup.py build.
You will n
Charalampos Stratakis added the comment:
And here is the difference between compiling the extension with the current
tip, comparing to applying my current draft PR:
Master branch with the linker flags propagated:
running build
running build_ext
building 'demo' extension
crea
Change by Charalampos Stratakis :
--
pull_requests: +10161, 10162
___
Python tracker
<https://bugs.python.org/issue28015>
___
___
Python-bugs-list mailin
Change by Charalampos Stratakis :
--
pull_requests: +10161, 10162, 10163
___
Python tracker
<https://bugs.python.org/issue28015>
___
___
Python-bugs-list mailin
Change by Charalampos Stratakis :
--
pull_requests: +10161
___
Python tracker
<https://bugs.python.org/issue28015>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
PR has been finalized.
--
nosy: +vstinner
___
Python tracker
<https://bugs.python.org/issue35257>
___
___
Python-bug
Change by Charalampos Stratakis :
--
title: Add LDFLAGS_NODIST for the LDFLAGS not intended for propagation to C
extensions. -> Avoid leaking linker flags into distutils.
___
Python tracker
<https://bugs.python.org/issu
Charalampos Stratakis added the comment:
Hi Ned,
I recently pushed a fix on the master and 3.7 for this exact issue:
https://bugs.python.org/issue35351 but it builds on top of
https://github.com/python/cpython/pull/10922 which is not yet in 3.6.
Thus 3.7 is fine for the rc cutoff.
However
Charalampos Stratakis added the comment:
The PR is pending another round of review.
--
___
Python tracker
<https://bugs.python.org/issue35257>
___
___
Python-bug
Charalampos Stratakis added the comment:
Maybe a release blocker for 3.7.2 and 3.6.8?
--
nosy: +cstratak, ned.deily
___
Python tracker
<https://bugs.python.org/issue35
Charalampos Stratakis added the comment:
This change fixes a regression introduced in 3.6.8rc1 with
https://bugs.python.org/issue31354
--
___
Python tracker
<https://bugs.python.org/issue35
Charalampos Stratakis added the comment:
And also 3.7.2rc1
--
___
Python tracker
<https://bugs.python.org/issue35257>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
Small correction. This regression has been on 3.7 for some time now (since it
was the master branch then), but then I requested to have the buggy commit
backported to 3.6 to fix the --with-lto flag there. Which unfortunately
introduced the issue to
New submission from Charalampos Stratakis :
Results from a recent static analysis scan for python2:
Error: USE_AFTER_FREE (CWE-825):
Python-2.7.15/Modules/_bsddb.c:6697: freed_arg: "free" frees "name".
Python-2.7.15/Modules/_bsddb.c:6715: pass_freed_arg: Passing freed p
Charalampos Stratakis added the comment:
Indeed it's not a bug per se, more like code readability issue, if however it's
not deemed as an issue, it can be closed.
--
___
Python tracker
<https://bugs.python.o
Change by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue35752>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
Possibly relevant:
https://fedoraproject.org/wiki/Changes/PPC64LE_Float128_Transition#Detailed_Description
But the work is not complete.
--
___
Python tracker
<https://bugs.python.org/issue35
Charalampos Stratakis added the comment:
Closing this as it's not really a bug in the code, and I don't think spending
too much time on python2 is worth it.
--
stage: -> resolved
status: open -> closed
___
Python tracker
<http
Change by Charalampos Stratakis :
--
pull_requests: +11696
___
Python tracker
<https://bugs.python.org/issue1294959>
___
___
Python-bugs-list mailing list
Unsub
Change by Charalampos Stratakis :
--
pull_requests: +11696, 11697
___
Python tracker
<https://bugs.python.org/issue1294959>
___
___
Python-bugs-list mailin
Change by Charalampos Stratakis :
--
pull_requests: +11696, 11698
___
Python tracker
<https://bugs.python.org/issue1294959>
___
___
Python-bugs-list mailin
Charalampos Stratakis added the comment:
Hi Brett,
Those issues should be reported on Red Hat's bugzilla, if it's definite that
the kernel version (or a new cpython release downstream) is the one to blame
for it.
Also RHEL 7's python version while being 2.7.5, carries
Change by Charalampos Stratakis :
--
pull_requests: +11910
___
Python tracker
<https://bugs.python.org/issue32947>
___
___
Python-bugs-list mailing list
Unsub
Change by Charalampos Stratakis :
--
pull_requests: +11911
___
Python tracker
<https://bugs.python.org/issue29136>
___
___
Python-bugs-list mailing list
Unsub
Change by Charalampos Stratakis :
--
pull_requests: +11913
___
Python tracker
<https://bugs.python.org/issue33570>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
Fedora 29 has openssl 1.1.1 which seems to be related.
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue35
Charalampos Stratakis added the comment:
Getting those failures on RHEL8 as well, which can be worked around by setting
the env OPENSSL_CONF=/non-existing-file
==
ERROR: test_protocol_sslv23 (test.test_ssl.ThreadedTests
Charalampos Stratakis added the comment:
SSLContext.minimum_version is added here on the master branch:
https://github.com/python/cpython/commit/698dde16f60729d9e3f53c23a4ddb8e5ffe818bf
But I'd be also reluctant to partially backport a new feature to fix the test
Charalampos Stratakis added the comment:
Since this newly added assertion [0] fails for aarch64 shouldn't this be
considered a regression?
And taking into account the timeframe, a release blocker for 3.6.1?
--
nosy: +cstratak
___
Python tr
Charalampos Stratakis added the comment:
[0]
https://github.com/python/cpython/commit/a86339b83fbd0932e0529a3c91935e997a234582#diff-39e8978a35ab16f78e60027c61b810f7R413
--
___
Python tracker
<http://bugs.python.org/issue29
Charalampos Stratakis added the comment:
In order to reproduce:
Apply the python.patch from bz1268226_reproducer2.tar.gz
Compile python
Run the reproduce4.py from bz1268226_reproducer2.tar.gz
As indicated by the reproducer, the status returned by os.wait() for the child
is 139.
I will
Charalampos Stratakis added the comment:
Patch for protecting the key list while forking.
--
Added file:
http://bugs.python.org/file46753/0001-Protect-key-list-during-fork.patch
___
Python tracker
<http://bugs.python.org/issue29
Changes by Charalampos Stratakis :
--
pull_requests: +687
___
Python tracker
<http://bugs.python.org/issue29640>
___
___
Python-bugs-list mailing list
Unsub
Changes by Charalampos Stratakis :
--
pull_requests: +698
___
Python tracker
<http://bugs.python.org/issue23699>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
Sent a PR against the master branch. What do you think about it?
Would it make sense as well for python 3.6 now?
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue23
Charalampos Stratakis added the comment:
Bumped upon a similar issue today where a package I was working on couldn't
import a module from one of its dependencies (which was not the case in python
3.5).
One of the lines that fail is this [0] with:
ModuleNotFoundError: No module
Changes by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue29943>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
Currently we haven't updated to Python 3.6.1 at Fedora 26 due to this issue.
While it is a release blocker for 3.6.2, what can be done for 3.6.1?
--
___
Python tracker
<http://bugs.python.org/is
Charalampos Stratakis added the comment:
Just a small note here for the documentation patch.
yum is deprecated in Fedora, and dnf is now the default package manager, so the
respective instructions for Fedora should reflect that.
--
nosy: +cstratak
Charalampos Stratakis added the comment:
For what it's worth, in Fedora 26 we already rebased Python to 3.6.1, so this
issue now is non existent for our ecosystem, and we are not shipping 3.6.0 in
any way now.
--
___
Python tracker
Changes by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue29243>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue29712>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
Downstream backporting of PEP 538 to the 3.6 branch also depends on this fix.
Would it be beneficial in any way to cherry-pick it for 3.6?
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.
Changes by Charalampos Stratakis :
--
pull_requests: +1619
___
Python tracker
<http://bugs.python.org/issue28787>
___
___
Python-bugs-list mailing list
Unsub
Changes by Charalampos Stratakis :
--
pull_requests: +1642
___
Python tracker
<http://bugs.python.org/issue28787>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
Full build log
--
nosy: +cstratak
Added file: http://bugs.python.org/file46856/build.log
___
Python tracker
<http://bugs.python.org/issue30
Charalampos Stratakis added the comment:
All the dependencies dragged.
gdb is of version 7.11. The failures do not happen with gdb 7.12 (which exists
in later Fedora releases).
--
Added file: http://bugs.python.org/file46857/root.log
___
Python
Charalampos Stratakis added the comment:
Note: test_gdb is skipped on later Fedora's actually (possibly due to gdb
package no being dragged at the minimal buildroot) so the issue might still be
there, so the gdb version might have no effect on that. Will investigate
fu
Charalampos Stratakis added the comment:
So the issue wasn't restricted to a specific gdb version or distro release, as
due to some issues dependency issues the gdb binary wasn't pulled in the
buildroot which makes test_gdb to get skipped.
So I was able to reproduce it on my
Charalampos Stratakis added the comment:
A 'defined(__aarch64__)' can be used for the arm64 arch. I will add it to your
patch and test it on an arm64 machine to see if the test passes.
--
nosy: +cstratak
___
Python tracker
<http://bu
Changes by Charalampos Stratakis :
--
nosy: +ishcherb
___
Python tracker
<http://bugs.python.org/issue30353>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue9146>
___
___
Python-bugs-list mailing list
Unsubscribe:
Changes by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<http://bugs.python.org/issue9216>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
This bug affects also the 3.6 branch. Can the fix be backported?
--
___
Python tracker
<http://bugs.python.org/issue30
Change by Charalampos Stratakis :
--
pull_requests: +12107
___
Python tracker
<https://bugs.python.org/issue13096>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
It seems the python2 backport was incomplete as a PyMem_Free is missing, making
buf leak.
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue13
Change by Charalampos Stratakis :
--
nosy: +vstinner
___
Python tracker
<https://bugs.python.org/issue13096>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Charalampos Stratakis :
Coverity scan on python2 resulted in this error.
Python-2.7.15/Modules/_ctypes/cfield.c:1297: alloc_fn: Storage is returned from
allocation function "PyString_FromString".
Python-2.7.15/Objects/stringobject.c:143:5: alloc_fn: Storage i
Charalampos Stratakis added the comment:
Also the change from PyUnicode_FromStringAndSize to PyBytes_FromStringAndSize
happened here: https://bugs.python.org/issue8966
--
___
Python tracker
<https://bugs.python.org/issue36
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12108
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Charalampos Stratakis :
There are two places [0][1] in the code where NULL is returned but the fd
handle is not closed.
[0] https://github.com/python/cpython/blob/2.7/Modules/linuxaudiodev.c#L129
[1] https://github.com/python/cpython/blob/2.7/Modules/linuxaudiodev.c#L133
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12161
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Charalampos Stratakis :
Coverity scan reports a leak on _hotshot.c:
Python-2.7.15/Modules/_hotshot.c:442: alloc_arg: "unpack_string" allocates
memory that is stored into "s1".
Python-2.7.15/Modules/_hotshot.c:329:5: alloc_fn: Storage is returned from
New submission from Charalampos Stratakis :
Coverity report on dtoa.c. It was run on python2 but the same code resides on
python3.
Error: RESOURCE_LEAK (CWE-772): [#def89]
Python-2.7.15/Python/dtoa.c:1846: alloc_fn: Storage is returned from allocation
function "s2b".
Python-2.7
Change by Charalampos Stratakis :
--
nosy: +mark.dickinson, vstinner
___
Python tracker
<https://bugs.python.org/issue36262>
___
___
Python-bugs-list mailin
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12298
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Charalampos Stratakis :
Coverity scan reports this for bufferedio.c :
Error: RESOURCE_LEAK (CWE-772): [#def23]
Python-2.7.15/Modules/_io/bufferedio.c:1353: alloc_fn: Storage is returned from
allocation function "PyString_FromStringAndSize".
Python-2.7.
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12300
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Charalampos Stratakis :
Coverity reports a leak within the json module:
Error: RESOURCE_LEAK (CWE-772): [#def26]
Python-2.7.15/Modules/_json.c:1367: alloc_fn: Storage is returned from
allocation function "PyString_FromStringAndSize".
Python-2.7.15/Objects/stringo
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12301
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
New submission from Charalampos Stratakis :
The coverity scan was run on python2, however the same defect seems to exist in
python3 as well.
Error: RESOURCE_LEAK (CWE-772): [#def69]
Python-2.7.15/Objects/longobject.c:3793: alloc_fn: Storage is returned from
allocation function "_PyLon
Change by Charalampos Stratakis :
--
keywords: +patch
pull_requests: +12304
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issu
Change by Charalampos Stratakis :
--
versions: -Python 2.7, Python 3.7
___
Python tracker
<https://bugs.python.org/issue36292>
___
___
Python-bugs-list mailin
Charalampos Stratakis added the comment:
This code is unreachable. Will mark it as such.
--
___
Python tracker
<https://bugs.python.org/issue36292>
___
___
Pytho
Change by Charalampos Stratakis :
--
pull_requests: +12305
___
Python tracker
<https://bugs.python.org/issue18368>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
On my system with openssl 1.1.1b, by reducing the PAYLOAD_SIZE the test passes
successfully.
It starts failing when it's bigger than 1024 * 95
--
___
Python tracker
<https://bugs.python.org/is
New submission from Charalampos Stratakis :
In tokenizer.c we have those lines of code [0]:
if (final_length < needed_length && final_length)
/* should never fail */
buf = PyMem_REALLOC(buf, final_length);
return buf;
If however that realloc fails, the memory allocated in
Change by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue36276>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue36659>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Charalampos Stratakis :
--
nosy: +cstratak
___
Python tracker
<https://bugs.python.org/issue35907>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
A small clarification on the differences of those two CVE's.
CVE-2019-9740: CLRF sequences are not properly handled in python built-in
modules urllib/urllib2 in the query part of the url parameter of urlopen()
function
CVE-2019-9947: CLRF sequ
Charalampos Stratakis added the comment:
Unfortunately the yp_prot.h and ypclnt.h [0] headers have also moved to a
different package.
Currently they reside at /usr/include/nsl/rpcsvc/*.h
[0]
https://github.com/python/cpython/blob/f3031b8a7ad71d3b6ed05da7f3041d9efbe773cf/Modules/nismodule.c
New submission from Charalampos Stratakis :
Currently in Fedora glibc stopped providing libcrypt[0] a change which is
slowly being upstreamed as well[1] in favor of the libxcrypt project[2].
This causes a segfault when importing the crypt module as python assumes that
crypt.h is always
Change by Charalampos Stratakis :
--
versions: +Python 3.6, Python 3.7, Python 3.8
___
Python tracker
<https://bugs.python.org/issue32635>
___
___
Python-bug
Change by Charalampos Stratakis :
--
components: +Extension Modules
___
Python tracker
<https://bugs.python.org/issue32635>
___
___
Python-bugs-list mailin
Change by Charalampos Stratakis :
--
pull_requests: +5130
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issue32635>
___
___
Python-
New submission from Charalampos Stratakis :
Original bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1537489
As soon as strict symbol checking was enabled on the development branch of
Fedora, our build of CPython started failing due to undefined symbols when
compiling ctypes.
Build
Change by Charalampos Stratakis :
--
components: +Build
___
Python tracker
<https://bugs.python.org/issue32647>
___
___
Python-bugs-list mailing list
Unsubscribe:
Charalampos Stratakis added the comment:
Relevant part from the build log:
running build_ext
building '_ctypes' extension
gcc -pthread -Wno-unused-result -Wsign-compare -DDYNAMIC_ANNOTATIONS_ENABLED=1
-DNDEBUG -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOU
Charalampos Stratakis added the comment:
Unfortunately when trying to reproduce it by compiling from source and adding
the '-z defs' flag to the linker, undefined symbol issues appeared for all the
extension modules of the stdlib.
--
components: +Extensi
Change by Charalampos Stratakis :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Charalampos Stratakis :
--
pull_requests: +5374
___
Python tracker
<https://bugs.python.org/issue9216>
___
___
Python-bugs-list mailing list
Unsub
Charalampos Stratakis added the comment:
So what would be the best way to proceed from here?
Add a check or just link to dl unconditionally?
--
___
Python tracker
<https://bugs.python.org/issue32
Charalampos Stratakis added the comment:
@Stephane,
Currently the flag has been disabled on rawhide due to too many breakages but
the bug is still there if you add '-z defs' to the linker flags.
More info:
https://src.fedoraproject.org/rpms/redhat-rp
Charalampos Stratakis added the comment:
Just tested it for python3 on a rawhide system with the flag enabled and it
works, ctypes is compiled successfully.
python2 is not affected the same way though, various modules fail there with
different undefined references issues when setting the
Charalampos Stratakis added the comment:
Attaching the build log from python2. Near the end you can see the undefined
references errors.
--
Added file: https://bugs.python.org/file47426/py2buildlog
___
Python tracker
<https://bugs.python.
Charalampos Stratakis added the comment:
Reopenning the issue.
python2 is still failing with the fix applied:
gcc -pthread -fPIC -fno-strict-aliasing -O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
-fexceptions -fstack-protector-strong -grecord
101 - 200 of 293 matches
Mail list logo
