Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +facundobatista, mark.dickinson, rhettinger, skrah
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13701
___
Antoine Pitrou pit...@free.fr added the comment:
Well I was sure I had added this code for a reason, but the tests seem to run
without...
Just a comment: the test isn't ProcessPoolExecutor-specific, so it should
really be in the generic tests.
--
Antoine Pitrou pit...@free.fr added the comment:
Yes, using synchronization primitives or doing I/O in Python signal handlers
isn't a good idea. Perhaps the signal docs should be clearer about that.
Of course, this wasn't ever safe code, and we're changing it (to have the
signal handler
Erno Tukia erno.tu...@iki.fi added the comment:
In Python 2.6 PLAIN authentication works, in Python 3.1 not.
Lib/test/test_imaplib.py does not test IMAP4.authenticate() or
IMAP4.login_cram_md5() functions, only IMAP4.login().
I would still like to go back to imaplib._Authenticator.encode()
Ralf Schlatterbeck r...@runtux.com added the comment:
Fine, I see what you mean, this involves very careful reading of the RFC
and could have been a little more verbose ...
Right. Should have been a ')'
Adding the RFC tests would be great (patches gladly accepted). Fixes
for ones we fail
Vinay Sajip vinay_sa...@yahoo.co.uk added the comment:
@Éric: you may also be interested in a standalone launcher which I wrote for
the pythonv branch:
https://bitbucket.org/vinay.sajip/simple_launcher/
This is built using Visual Studio and is not based on setuptools code, but uses
the same
Mark Dickinson dicki...@gmail.com added the comment:
Did you have specific changes in mind?
While we're still maintaining 2.x and 3.x code in parallel, there's a benefit
to not having the versions of decimal.py diverge too much. Given that the
2.3-compatible code isn't actually broken, I'm
Antoine Pitrou pit...@free.fr added the comment:
CRicky's proposed changed looks reasonable to me - although it would be better
with a unit test too :)
--
nosy: +gvanrossum, pitrou
___
Python tracker rep...@bugs.python.org
Erno Tukia erno.tu...@iki.fi added the comment:
I tried to fix the problem and the correct fix is to change
oup = ''
to
oup = b''
in imaplib._Authenticator.encode() function, and not what I suggested in my
previous post.
After changing that PLAIN authentication works.
--
Ralf Schlatterbeck r...@runtux.com added the comment:
enclosed please find a fixed patch -- decode_header consolidates
multiple encoded strings with the same encoding into a single entry in
the returned parts.
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source
Éric Araujo mer...@netwok.org added the comment:
test_string.diff looks good, except that it should probably only test the
exception type, not the message (they are not a guaranteed part of the Python
language and may change arbitrarily between versions or implementations (e.g.
PyPy), so
R. David Murray rdmur...@bitdance.com added the comment:
Well, a caution that tweaking the regex can have unexpected consequences as
past issues have proven (but by all means go for it), and a note that the
parsing strategy is going to change completely in email6 (see
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +eric.araujo
title: Common path prefix - Add function to get common path prefix
type: behavior - enhancement
versions: +Python 3.3 -Python 3.1
___
Python tracker rep...@bugs.python.org
R. David Murray rdmur...@bitdance.com added the comment:
Gah, that's what I get for not reading carefully (or looking at the patch
first). Your test change is fine, of course.
--
___
Python tracker rep...@bugs.python.org
R. David Murray rdmur...@bitdance.com added the comment:
Would you be interested in providing a patch that includes tests? I think
Antoine set up a test framework for testing the login as part of issue 4471.
--
___
Python tracker
Charles-François Natali neolo...@free.fr added the comment:
That's because SocketListener uses SO_REUSEADDR.
It seems that, with SO_REUSEADDR, Windows allows binding to a port even though
there's a socket already bound to the same port in the LISTEN state: this is
wrong, the semantics of
New submission from Patrick von Reth patrick.vonr...@gmail.com:
when extracting http://www.openssl.org/source/openssl-1.0.0d.tar.gz with
python3.2 on windows 7 extraction fails with
File C:\python32\lib\tarfile.py, line 2175, in extract
set_attrs=set_attrs)
File
Changes by Patrick von Reth patrick.vonr...@gmail.com:
--
title: relative symlinks in tarfile.extract broken - relative symlinks in
tarfile.extract broken (windows)
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13702
Jeff Yurkiw j...@cyan.com added the comment:
That would probably work too.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13685
___
___
Éric Araujo mer...@netwok.org added the comment:
Where was this fixed? It is still a problem in Python 2.6.6.
I assumed it was fixed after looking at the code: clean does take build-*
options from the build command.
For example, if I do:
python setup.py build_ext --compiler=mingw32
Charles-François Natali neolo...@free.fr added the comment:
Should be fixed now.
Vilmos, thanks for the patch!
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Antoine Pitrou pit...@free.fr added the comment:
There's a length MSDN article about this:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621%28v=vs.85%29.aspx
Executive summary: it's a can of worms.
However, let me point out the following sentence:
“Ports without
Charles-François Natali neolo...@free.fr added the comment:
The core of the problem is that we don't just want those methods to be atomic
or thread-safe, but reentrant (or rather async-safe).
As such, protecting by a lock isn't enough (and it's not really feasible in
Python).
Note that the
Antoine Pitrou pit...@free.fr added the comment:
Note that another solution would be to use a dedicated thread for
signal management (like Java does), but that's another story.
That sounds like a good solution in the middle-term. Are there any
drawbacks? (apart from launching a thread)
Charles-François Natali neolo...@free.fr added the comment:
OK, so just removing SO_REUSEADDR on Windows should do the trick...
Seriously, why can't they simply conform to existing standards :-(
If someone wants to provide a patch + test, go ahead!
--
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 572ddf2770bc by Sandro Tosi in branch '3.2':
Issue #9349: add argparse.SUPPRESS to help doc
http://hg.python.org/cpython/rev/572ddf2770bc
New changeset 17b7b856cbe8 by Sandro Tosi in branch '2.7':
Issue #9349: add
Changes by Sandro Tosi sandro.t...@gmail.com:
--
nosy: +sandro.tosi
resolution: - fixed
stage: - committed/rejected
status: open - closed
versions: +Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9349
Guido van Rossum gu...@python.org added the comment:
(This is in reference to issue 11662.)
I can't think of a way that this proposed change would bring back the original
vulnerability, so go ahead.
--
___
Python tracker rep...@bugs.python.org
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
assignee: - rhettinger
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13701
___
___
New submission from Barry A. Warsaw ba...@python.org:
This is already publicly known and in deep discussion on python-dev. The
proper fix is still TBD. Essentially, hash collisions can be exploited to DoS
a web framework that automatically parses input forms into dictionaries.
Start here:
Changes by Guido van Rossum gu...@python.org:
--
nosy: +gvanrossum
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +christian.heimes, pitrou
stage: - needs patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
Jason R. Coombs jar...@jaraco.com added the comment:
I recently encountered this error, and in the process of troubleshooting,
developed this one-line to reproduce the problem. I'm including it here for
posterity (and in case anybody wants to test a given version of Python for the
error):
Phill beer...@gmail.com added the comment:
@neologix: nah its fine, if you guys are gonna re open this one I wont worry
about opening a new bug.
If the above gets solved on windows my problem will just go away, thanks
--
versions: +Python 2.6 -Python 2.7, Python 3.2, Python 3.3
Christian Heimes li...@cheimes.de added the comment:
I had a short chat with Guido yesterday. I'll try to sum up the conversation.
Guido, please correct me if I got something wrong or missed a point.
Guido wants the fix as simple and less intrusive as possible as he wants to
provide/apply a
Antoine Pitrou pit...@free.fr added the comment:
We haven't agreed whether the randomization should be enabled by
default or disabled by default. IMHO it should be disabled for all
releases except for the upcoming 3.3 release.
I think on the contrary it must be enabled by default. Leaving
New submission from Christian Heimes li...@cheimes.de:
All proposed fixes for a randomized hashing function raise and fall with
a good random number generator to feed the random seed. The seed must be
created very early in the startup phase of the interpreter, preferable
before the basic types
Antoine Pitrou pit...@free.fr added the comment:
(for the record, you can use the create patch button which creates a
reviewable diff)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
Christian Heimes li...@cheimes.de added the comment:
I think on the contrary it must be enabled by default. Leaving security
holes open is wrong.
We can't foresee the implications of the randomization and only a small number
of deployments is affected by the problem. But I won't start a
Erno Tukia erno.tu...@iki.fi added the comment:
Here's a patch with test.
I am not an IMAP guru, so please verify my patch.
--
keywords: +patch
Added file: http://bugs.python.org/file24132/issue13700.patch
___
Python tracker rep...@bugs.python.org
Guido van Rossum gu...@python.org added the comment:
I'm with Antoine -- turn it on by default. Maybe there should be a release
candidate to test the waters.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
Barry A. Warsaw ba...@python.org added the comment:
On Jan 03, 2012, at 08:24 PM, Antoine Pitrou wrote:
I think on the contrary it must be enabled by default. Leaving security
holes open is wrong.
Unless there's evidence of performance regressions or backward
incompatibilities, I agree.
Changes by STINNER Victor victor.stin...@haypocalc.com:
--
nosy: +haypo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
STINNER Victor victor.stin...@haypocalc.com added the comment:
Unless there's evidence of performance regressions
or backward incompatibilities, I agree.
If hash() is modified, str(dict) and str(set) will change for example. It may
break doctests. Can we consider that the application should
Benjamin Peterson benja...@python.org added the comment:
Barry, when this gets fixed, shall we coordinate release times?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
Ralf Schlatterbeck r...@runtux.com added the comment:
Attached please find a patch that
- keeps all spaces between non-encoded and encoded parts
- doesn't create spaces between non-encoded and encoded parts in case
these are already there or not needed (because they are non-ctext
characters
Erno Tukia erno.tu...@iki.fi added the comment:
Here's another patch that should fix the CRAM-MD5 authentication. My previous
patch is required with this one. The patch includes a test.
--
Added file: http://bugs.python.org/file24134/cram_md5.patch
Changes by Dave Malcolm dmalc...@redhat.com:
--
nosy: +dmalcolm
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 4fad6b811c8b by Sandro Tosi in branch '2.7':
Issue #6031: improve serve_forever() description
http://hg.python.org/cpython/rev/4fad6b811c8b
New changeset 4a30d36a9c69 by Sandro Tosi in branch '3.2':
Issue #6031:
Sandro Tosi sandro.t...@gmail.com added the comment:
yep indeed, I've removed the deadlock part and committed.
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
versions: +Python 3.3 -Python 3.1
___
Python tracker
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset 25c2d24e1b11 by Antoine Pitrou in branch '3.2':
Issue #13636: Weak ciphers are now disabled by default in the ssl module
http://hg.python.org/cpython/rev/25c2d24e1b11
New changeset ace54f5e75d7 by Antoine Pitrou in
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset f9122975fd80 by Antoine Pitrou in branch '2.7':
Issue #13636: Weak ciphers are now disabled by default in the ssl module
http://hg.python.org/cpython/rev/f9122975fd80
--
Barry A. Warsaw ba...@python.org added the comment:
On Jan 03, 2012, at 09:43 PM, Benjamin Peterson wrote:
Barry, when this gets fixed, shall we coordinate release times?
Yes!
--
___
Python tracker rep...@bugs.python.org
Sandro Tosi sandro.t...@gmail.com added the comment:
Hi Georg, I've verified doc search works with 2.6.[467], so if the fix is so
easy to just add that js, could you please give it a look? TIA
--
nosy: +sandro.tosi
___
Python tracker
Christian Heimes li...@cheimes.de added the comment:
Randomized hashing destabilizes the unit tests of Python, too. Here are the
outputs of four test runs:
11 tests failed:
test_collections test_dbm test_dis test_gdb test_inspect
test_packaging test_set test_symtable test_ttk_textonly
New submission from Sinisa Segvic sinisa.seg...@fer.hr:
Hi,
The documentation says:
If the finally clause raises another exception (...) the saved exception is
lost.
This does not appear to be true.
In the example below the backtrace shows both exceptions.
import math
try:
... 1/0
Changes by STINNER Victor victor.stin...@haypocalc.com:
--
keywords: +patch
Added file: http://bugs.python.org/file24135/3106cc0a2024.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
Martin v. Löwis mar...@v.loewis.de added the comment:
I disagree with that approach, basically because I disagree that we need a C
implementation of MT. Platforms that don't provide /dev/urandom will just have
to be less secure. Using the current time (in milliseconds if available) plus
the
Changes by Alex Gaynor alex.gay...@gmail.com:
--
nosy: +alex
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
___
___
Python-bugs-list mailing
Changes by Alex Gaynor alex.gay...@gmail.com:
--
nosy: +alex
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Python-bugs-list mailing
Sinisa Segvic sinisa.seg...@fer.hr added the comment:
Link to the documentation:
http://docs.python.org/py3k/reference/compound_stmts.html#id2
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13705
Roundup Robot devn...@psf.upfronthosting.co.za added the comment:
New changeset c39fbb24b3f4 by Benjamin Peterson in branch '3.2':
exception support is correct now (closes #13705)
http://hg.python.org/cpython/rev/c39fbb24b3f4
--
nosy: +python-dev
resolution: - fixed
stage: -
New submission from Stefan Krah stefan-use...@bytereef.org:
It used to be possible to specify Unicode fill characters in numeric
formatting:
Python 3.3.0a0 (default:1dd6908df8f5, Jul 16 2011, 11:16:00)
[GCC 4.4.3] on linux2
Type help, copyright, credits or license for more information.
Christian Heimes li...@cheimes.de added the comment:
We already have a C implementation of MT in Modules/_randommodule.c. I just
suggest that we move the implementation to a place, where we can use it as seed.
--
___
Python tracker
Benjamin Peterson benja...@python.org added the comment:
It's still possible; it's just apparently limited to ASCII characters.
--
nosy: +benjamin.peterson
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13706
Changes by Ezio Melotti ezio.melo...@gmail.com:
--
nosy: +ezio.melotti
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13706
___
___
Stefan Krah stefan-use...@bytereef.org added the comment:
Hum, somehow I always refuse to acknowledge that ASCII is a subset
of Unicode. :)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13706
Changes by Stefan Krah stefan-use...@bytereef.org:
--
title: Unicode fill characters no longer work in numeric formatting -
non-ascii fill characters no longer work in numeric formatting
___
Python tracker rep...@bugs.python.org
Eric V. Smith e...@trueblade.com added the comment:
I assume this is left over from the PEP 393 changes. I think the right thing to
do is delete this code from line 277 of formatter_unicode.c:
if (format-fill_char 127 || format-align 127 ||
format-sign 127) {
STINNER Victor victor.stin...@haypocalc.com added the comment:
I assume this is left over from the PEP 393 changes.
Correct.
I'm not sure such a restriction needs to exist any more.
The restriction was introduced to simplify the implementation. maxchar has to
be computed exactly in
Martin v. Löwis mar...@v.loewis.de added the comment:
Removing the if condition would be incorrect. The maximum char is computed at
the beginning of the formatting. If, during formatting, need for a padding
character is determined, the padding character must not be larger than the
maximum
Terry J. Reedy tjre...@udel.edu added the comment:
Santiago, if you are still running 2.6.5 code, use the most recent 2.6 docs at
http://docs.python.org/release/2.6.6/
This will have all the corrections made after the 2.6.5 release. Contrary to
what you might think the header line says, there
Terry J. Reedy tjre...@udel.edu added the comment:
Sorry, /George/Georg/
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8416
___
___
Stefan Krah stefan-use...@bytereef.org added the comment:
Actually the issue is not restricted to numeric formatting. It's not
possible to pad a Unicode string with a non-ascii whitespace:
format(abcd, \u20077)
Traceback (most recent call last):
File stdin, line 1, in module
ValueError: fill
Paul McMillan p...@mcmillan.ws added the comment:
I agree that we should enable randomness by default, and provide an easy way
for users to disable it if necessary (unit test suites that explicitly depend
on order being an obvious candidate).
I'll link my proposed algorithm change here, for
Changes by Ezio Melotti ezio.melo...@gmail.com:
--
nosy: +ezio.melotti
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8416
___
___
Python-bugs-list
STINNER Victor victor.stin...@haypocalc.com added the comment:
Christian Heimes proposes the following change in its randomhash branch (see
issue #13704):
-x = (Py_uhash_t) *p 7;
+x = Py_RndHashSeed + ((Py_uhash_t) *p 7);
for (i = 0; i len; i++)
x = (103U * x) ^
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever, ezio.melotti, michael.foord
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
___
Christian Heimes li...@cheimes.de added the comment:
Victor, please ignore my code related to hash randomization for now. I've
deliberately not linked my branch to this bug report. I'm well aware that it's
not secure and that it's pretty easy to reverse engineer the seed from a hash
of a
New submission from Terry J. Reedy tjre...@udel.edu:
Current 3.2.2 docs:
id(object) Return the “identity” of an object. This is an integer which is
guaranteed to be unique and constant for this object during its lifetime.
[model]
hash(object) Return the hash value of the object (if it has
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: -ezio.melotti, michael.foord
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
___
Terry J. Reedy tjre...@udel.edu added the comment:
In #13707 I suggest a change to the current hash() entry which is needed
independently of this issue, because the default hash (for object()), being
tied to id() is already limited to an object's lifetime. But this change will
become more
Changes by Alex Gaynor alex.gay...@gmail.com:
--
nosy: +alex
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13707
___
___
Python-bugs-list mailing
STINNER Victor victor.stin...@haypocalc.com added the comment:
Paul first proposition (on python-dev) was to replace:
...
x = (ord(s[0]) 7)
while i length:
x = intmask((103*x) ^ ord(s[i]))
...
by:
...
x = (ord(s[0]) 7)
while i length:
x
Martin v. Löwis mar...@v.loewis.de added the comment:
-1. The hash has nothing to do with the lifetime, but with the value of an
object.
--
nosy: +loewis
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13707
Antoine Pitrou pit...@free.fr added the comment:
I'm in private contact with Paul and we are working together. He has
done extended research and I'll gladly follow his expertise. I've
already discussed the issue with small strings, but I can't recall if
it was a private mail to Paul or a
Antoine Pitrou pit...@free.fr added the comment:
I've committed a conservative version of the patch, plus a test.
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Santiago Gala sg...@apache.org added the comment:
Still http://docs.python.org/release/2.6.6/search.html?q=regular+expression
works, while
http://docs.python.org/release/2.6.5/search.html?q=regular+expression
fails, and http://docs.python.org/release/2.6.5/searchindex.js gives a
404, while
STINNER Victor victor.stin...@haypocalc.com added the comment:
https://gist.github.com/0a91e52efa74f61858b5
Please, attach directly a file to the issue, or copy/paste the code in your
comment. Interesting part the code:
---
#Proposed replacement
#--
import
Antoine Pitrou pit...@free.fr added the comment:
r = array.array('l', os.urandom(2**size_exponent))
len_r = len(r)
r size should not depend on the size of a long. You should write something
like:
sizeof_long = ctypes.sizeof(ctypes.c_long)
r_bits = 8
r = array.array('l',
Antoine Pitrou pit...@free.fr added the comment:
For the record, here is what man urandom says about random seed size:
“[...] no cryptographic primitive available today can hope to promise
more than 256 bits of security, so if any program reads more than
256 bits (32 bytes) from the
Changes by Zhiping Deng kofreesty...@gmail.com:
--
nosy: +Zhiping.Deng
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13703
___
___
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
assignee: christian.heimes - rhettinger
nosy: +rhettinger
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13704
___
Changes by Ramchandra Apte maniandra...@gmail.com:
--
nosy: ramchandra.apte
priority: normal
severity: normal
status: open
title: Document ctypes.wintypes
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13708
New submission from Ramchandra Apte maniandra...@gmail.com:
Document ctypes.wintypes.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13708
___
Changes by Ramchandra Apte maniandra...@gmail.com:
--
assignee: - docs@python
components: +Documentation
nosy: +docs@python
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13708
___
Terry J. Reedy tjre...@udel.edu added the comment:
Martin, I do not understand. The default hash is based on id (as is default
equality comparison), not value. Are you OK with hash values changing if the
'value' changes? My understanding is that changing hash values for objects in
sets and
Antoine Pitrou pit...@free.fr added the comment:
You can define a __hash__ that changes if the object changes. It is not
recommended, but it's possible. So I agree with Martin that your proposed
clarification is wrong.
(I also think that it wouldn't bring anything, either)
Suggest closing as
New submission from Ramchandra Apte maniandra...@gmail.com:
In section 15.17.1.17 in the ctypes documentation, the documentation says
It is funny to see that on linux the sort function seems to work much more
efficiently, it is doing less comparisons
It is quite interesting to see that the
1 - 100 of 133 matches
Mail list logo