[issue24097] Use after free in PyObject_GetState

Roundup Robot added the comment: New changeset eed36e19f8b8 by Serhiy Storchaka in branch '3.4': Issue #24097: Fixed crash in object.__reduce__() if slot name is freed inside https://hg.python.org/cpython/rev/eed36e19f8b8 New changeset 99839a1c9c6d by Serhiy Storchaka in branch '3.5': Issue

[issue6953] readline documenation needs work

Changes by Hideaki Takahashi : -- nosy: +hideaki_t ___ Python tracker ___ ___

[issue20923] ConfigParser should nested [] in section names.

Terry J. Reedy added the comment: Victor, I reopened this a a doc issue to add the sentence that would have cut short the discussion. Please leave it. -- resolution: fixed -> status: closed -> open ___ Python tracker

[issue25729] update pure python datetime.timedelta creation

Brian Kearns added the comment: Bug fixes are to the test suite itself, and the name cleanup, minor. Best classified as enhancement, apply where applicable. -- ___ Python tracker

[issue6953] readline documentation needs work

Changes by Mark Lawrence : -- title: readline documenation needs work -> readline documentation needs work ___ Python tracker ___

[issue20923] ConfigParser should nested [] in section names.

Changes by Terry J. Reedy : -- assignee: docs@python -> terry.reedy ___ Python tracker ___

[issue24097] Use after free in PyObject_GetState

Changes by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue20923] Explain ConfigParser 'valid section name' and .SECTCRE

Changes by Terry J. Reedy : -- title: ConfigParser should nested [] in section names. -> Explain ConfigParser 'valid section name' and .SECTCRE ___ Python tracker

[issue25638] Verify the etree_parse and etree_iterparse benchmarks are working appropriately

Serhiy Storchaka added the comment: Updated to tip. -- Added file: http://bugs.python.org/file41167/etree_iterparse_2.patch ___ Python tracker ___

[issue19687] Fixes for elementtree integer overflow

Roundup Robot added the comment: New changeset e5eac1d692ad by Serhiy Storchaka in branch '3.4': Issue #19687: Fixed possible integer overflows in ElementTree. https://hg.python.org/cpython/rev/e5eac1d692ad New changeset 745fd5550bc0 by Serhiy Storchaka in branch '2.7': Issue #19687: Fixed

[issue19687] Fixes for elementtree integer overflow

Serhiy Storchaka added the comment: Possible integer overflows in 3.5 was already fixed by issue23450. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed versions: +Python 2.7 ___ Python tracker

[issue25677] Syntax error caret confused by indentation

R. David Murray added the comment: Two options on portability, I think: either use splitlines() on the decoded result, or add a 'universal_newlines' keyword argument to assert_python_failure and friends that would get passed to Popen. I'd favor the latter, as other users of script_helpers

[issue25730] invisible sidebar content with code snippets

Terry J. Reedy added the comment: Hiroaki, please include a bit of text explanation. What 'default.css' are you referring to? If it is a Sphinx file and not in the CPython repository /Doc, then this should be closed here and reopened on the separate Sphinx tracker. In any case, this is not

[issue25729] update pure python datetime.timedelta creation

Brian Kearns added the comment: Updated again -- Added file: http://bugs.python.org/file41165/timedelta3.patch ___ Python tracker ___

[issue21224] BaseHTTPRequestHandler, update the protocol version to http 1.1 by default?

STINNER Victor added the comment: Sorry, I read the issue very quickly. I don't understand why the default is not changed. -- ___ Python tracker ___

[issue25715] Python 3.5.1 installer shows wrong upgrade path

Steve Dower added the comment: Man, dealing with the launcher is hard. But I've got it about as good as I can: * when installing 3.5.1 over 3.5.0, user has the option to update/not update the launcher (no option to uninstall at that time) * after installing 3.5.1, launcher can be added via

[issue25696] "make -j9 install" fails because bininstall target requires the libainstall target

Martin Panter added the comment: $(LIBPC) is a single directory name, so I suggest dropping the “for” loop. Patch 2 should avoid the practical race condition. But there is technically still a race with “libainstall” and “bininstall” both testing and creating the same directory. Maybe we

[issue22100] Use $HOSTPYTHON when determining candidate interpreter for $PYTHON_FOR_BUILD.

Martin Panter added the comment: What is $HOSTPYTHON? It does not appear to be used or mentioned anywhere. You mention it as if it is commonly known, but if you are proposing a new configuration variable, perhaps you should document it. The Gnu version of “which” seems to work fine with

[issue25622] Enable ctypes.test.test_values.Win_ValuesTestCase for non-Windows

Roundup Robot added the comment: New changeset 6a8fbb97c8d8 by Martin Panter in branch 'default': Issue #25622: Rename to PythonValuesTestCase and enable for non-Windows https://hg.python.org/cpython/rev/6a8fbb97c8d8 -- nosy: +python-dev ___ Python

[issue25677] Syntax error caret confused by indentation

Martin Panter added the comment: Another way to get universal newlines I have used in other cases is to use TextIOWrapper. It might be easier if you really need that multi-line RE search: text = TextIOWrapper(BytesIO(stderr), "ascii").read() -- nosy: +martin.panter

[issue14044] IncompleteRead error with urllib2 or urllib.request -- fine with urllib, wget, or curl

Martin Panter added the comment: Closing this as being a bug in the web server, rather than Python. If someone wants to add a way to force a HTTP 1.0 response, or a way to get all valid data before raising the exception, I suggest opening a new report. -- resolution: -> third party

[issue21224] BaseHTTPRequestHandler, update the protocol version to http 1.1 by default?

Martin Panter added the comment: Changing it could break existing code written for the HTTP 1.0 behaviour. The main effect mentioned at is that in HTTP 1.0 mode, a server may send a

[issue25677] Syntax error caret confused by indentation

Michael Layzell added the comment: Sorry for the delay, I finally got around to adding a test. I'm mildly concerned about the portability of the check, but it seems to work locally. If people have suggestions about how to make the check more portable, let me know! -- Added file:

[issue25735] math.factorial doc should mention integer return type

New submission from John Yeung: The math module docs state Except when explicitly noted otherwise, all return values are floats. But math.factorial isn't what I would call explicit about returning int: math.factorial(x) Return x factorial. Raises ValueError if x is not integral or is

[issue25729] update pure python datetime.timedelta creation

Brian Kearns added the comment: Updated patch per review -- Added file: http://bugs.python.org/file41164/timedelta2.patch ___ Python tracker ___

[issue20923] Explain ConfigParser 'valid section name' and .SECTCRE

R. David Murray added the comment: Yes, the doc issue is separate from the other bug, since that one will apply only to 3.6, and the doc changes apply to all maintenance releases. -- ___ Python tracker

[issue25723] ConfigParser should never write broken configurations

Terry J. Reedy added the comment: Newline (\n) and possibly \x00, if it necessarily causes an actual problem, are the only characters that we might reject by default. Rejecting anything else is unwarrented editorializing about what people 'should' use. As you said, people who want something

[issue25723] ConfigParser should never write broken configurations

SpaceOne added the comment: Isn't is an actual problem in the field? We had a vulnerability in our code due to this as we only sanitized the config values and didn't recognized that add_section() does no validation of input. -- ___ Python tracker

[issue25729] update pure python datetime.timedelta creation

Serhiy Storchaka added the comment: Looks you are missed Victor's and my comments. -- ___ Python tracker ___

[issue25730] invisible sidebar content with code snippets

hiroaki itoh added the comment: Ah, sorry I'd mistaked. I don't know if this is Sphinx issue, but CPython repo has Doc/tools/static, Doc/tools/templates, so I still think, this can be fixed by customizing these, for example overriding style at layout.html. --

[issue25723] ConfigParser should never write broken configurations

Terry J. Reedy added the comment: Can you explain how passing \n createda vulnerability (to who, doing what) that flagging \n would prevent? Your opening example (nicely presented, by the way) shows that passing \n allows one to do with one call what would otherwise take (in the case of the

[issue25300] Enable Intel MPX (Memory protection Extensions) feature

Stefan Krah added the comment: > Py_ssize_t ob_array[1] Py_VARIABLE_SIZE; /* Looks weird and confusing */ Yes, I dislike that, too. The question is why gcc has supported the "struct hack" for more than 20 years but needs an annotation just for MPX. Is the annotation also needed for the C99

[issue25730] invisible sidebar content with code snippets

Terry J. Reedy added the comment: Can you create either a specific patch or perhaps more important a test that fails now but should pass with a proper patch? -- stage: needs patch -> test needed ___ Python tracker

[issue25730] invisible sidebar content with code snippets

R. David Murray added the comment: Since it is a visual issue and we have no infrastructure for that kind of web view testing, I don't think a test is possible. -- nosy: +r.david.murray ___ Python tracker

[issue25251] Unknown MS Compiler version 1900

Ateik Al-Zehla added the comment: forget to tell you that even i deleted the cache, but nothing happened. it use the old code. -- ___ Python tracker ___

[issue25723] ConfigParser should never write broken configurations

R. David Murray added the comment: The issue would be if the section name came from user input. Then an attacker could craft a section name that would result in inserting arbitrary names and values into the config file. -- nosy: +r.david.murray

[issue21224] BaseHTTPRequestHandler, update the protocol version to http 1.1 by default?

Martin Panter added the comment: Victor, that chunked support for server requests is optional, and not actually required (my quote was wrong; see my message after the one you quoted). The client already does HTTP 1.1 by default: >>> http.client.HTTPConnection._http_vsn_str 'HTTP/1.1' It is

[issue25251] Unknown MS Compiler version 1900

Ateik Al-Zehla added the comment: thanks Matt for your replay. But I copied the lines to cygwinccompiler.py and it didn't work. and it pretend as there is no change happened to the file. To see if the execution goes through the code I changed message if raise ValueError to "God Help Me %s "

[issue25731] Assigning and deleting __new__ attr on the class does not allow to create instances of this class

Eryk Sun added the comment: For "del X.__new__", type_setattro in Objects/typeobject.c indirectly calls update_one_slot. This finds object.__new__ fom the base object class when it looks up __new__ on the type. Since __new__ for built-in types is special-cased to be a built-in method instead

[issue25698] test regressions introduced with the fix for #22995

Changes by Barry A. Warsaw : -- nosy: +barry ___ Python tracker ___ ___ Python-bugs-list

[issue25736] smtplib can't send 8bit encoded utf-8 message

Changes by Ervin Hegedüs : -- nosy: airween priority: normal severity: normal status: open title: smtplib can't send 8bit encoded utf-8 message type: behavior versions: Python 3.4 ___ Python tracker

[issue25736] smtplib can't send 8bit encoded utf-8 message

New submission from Ervin Hegedüs: Looks like smtplib can send only messages, which contains only 7bit (ascii) characters. Here is the example: # -*- coding: utf8 -*- import time import smtplib mailfrom = "m...@mydomain.com" rcptto = "m...@otherdomain.com" msg = """%s From: Me <%s> To: %s

[issue25731] Assigning and deleting __new__ attr on the class does not allow to create instances of this class

New submission from Stanisław Skonieczny (Uosiu): When moving from python 2.7 to 3.5 I have found a problem with patching __new__ method on the class. It was done this way: ''' patch('foo.bar.MyClass.__new__', return_value=mocked_instance) ''' In works with python 2.7, but in 3.5 it fails with:

[issue25730] invisible sidebar content with code snippets

Changes by Ezio Melotti : -- assignee: -> docs@python components: +Documentation nosy: +docs@python, ezio.melotti, georg.brandl, terry.reedy stage: -> needs patch type: -> behavior ___ Python tracker

[issue25718] itertools.accumulate __reduce__/__setstate__ bug

Serhiy Storchaka added the comment: In this case yes, you are unlucky. But this is an artificial example, and I don't think this happens in any real code. However specific meaning of None should be documented (there are other wrong words about __getstate__). --

[issue25705] Fix regex_compile benchmark crash

Florin Papa added the comment: No problem. Thank you for fixing this. -- ___ Python tracker ___ ___

[issue25732] functools.total_ordering does not correctly implement not equal behaviour

New submission from David Seddon: The documentation for functools.total_ordering states that rich comparison can be enabled on a class by specifying an __eq__ method, and one of __lt__(), __le__(), __gt__(), or __ge__(). If these instructions are followed, this results in an incorrect

[issue25572] _ssl doesn't build on OSX 10.11

STINNER Victor added the comment: > Homebrew supports OpenSSL and LibreSSL, but OpenSSL is in > /usr/local/opt/openssl and not in /usr/local/ssl (see setup.py) Does it make sense to add a configure option to specify the path to OpenSSL? > So, the next point, I am not sure, but the headers of

[issue25725] Memory leak on unpickling bogus data

Changes by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue25725] Memory leak on unpickling bogus data

Roundup Robot added the comment: New changeset c85eca74f3a5 by Serhiy Storchaka in branch '3.4': Issue #25725: Fixed a reference leak in pickle.loads() when unpickling https://hg.python.org/cpython/rev/c85eca74f3a5 New changeset 88ad2b8480b1 by Serhiy Storchaka in branch '3.5': Issue #25725:

[issue25721] Fix pybench always_display error

Florin Papa added the comment: Yes, thank you for fixing this. -- ___ Python tracker ___ ___ Python-bugs-list

[issue21224] BaseHTTPRequestHandler, update the protocol version to http 1.1 by default?

STINNER Victor added the comment: For HTTP 2, I consider that the protocol is too young. I prefer to move fast on a library hosted on PyPI, rather than puting something is the stable and "frozen" stdlib. -- nosy: +haypo ___ Python tracker

[issue7990] xml.etree.cElementTree lacks full dir() on Element

Roundup Robot added the comment: New changeset fef7f041c1a7 by Serhiy Storchaka in branch 'default': Issue #7990: dir() on ElementTree.Element now lists properties: "tag", https://hg.python.org/cpython/rev/fef7f041c1a7 -- nosy: +python-dev ___ Python

[issue21224] BaseHTTPRequestHandler, update the protocol version to http 1.1 by default?

STINNER Victor added the comment: > Similarly, I understand HTTP 1.1 requires chunked encoding support for > requests, but there is no support for that in the Python implementation. Hum, I don't understand exactly this issue. I understood that Python only has a "partial" implementation of the

[issue25721] Fix pybench always_display error

Changes by STINNER Victor : -- resolution: -> fixed status: open -> closed ___ Python tracker ___

[issue25733] Idle does not handle non-standard compile errors

New submission from ppperry: The following code: for a in range(26): for b in range(26): for c in range(26): for d in range(26): for e in range(26): for f in range(26): for g in range(26): for h in range(26): for i in range(26): for j in

[issue25703] test_sys is failed if standard stream is redirected in 2.7

Changes by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue25703] test_sys is failed if standard stream is redirected in 2.7

Roundup Robot added the comment: New changeset eb9d2e5bc8dc by Serhiy Storchaka in branch '2.7': Issue #25703: Skip test_43581 if one of stdout or stderr is redirected. https://hg.python.org/cpython/rev/eb9d2e5bc8dc -- nosy: +python-dev ___ Python

[issue25728] email parser ignores inner multipart boundary when outer message duplicates it

R. David Murray added the comment: I am open to (and will review) a patch that applies simple heuristics to trying to guess correctly about such messages, but only if it doesn't add too much complexity to the parser. I'm not certain I would consider it for a bug fix release, but I'll

[issue25733] Idle does not handle non-standard compile errors

Changes by ppperry : -- type: -> behavior ___ Python tracker ___ ___ Python-bugs-list

[issue25696] "MAKEFLAGS=-j9 make install" fails because bininstall target requires the libainstall target

STINNER Victor added the comment: To be clear: the bug doesn't occur when Python is not installed "in parallel" (without MAKEFLAGS=-j9). "For consistency with other things, I would suggest to add the following at the beginning of bininstall target (instead of making bininstall target depend

[issue25696] "make -j9 install" fails because bininstall target requires the libainstall target

Changes by STINNER Victor : -- title: "MAKEFLAGS=-j9 make install" fails because bininstall target requires the libainstall target -> "make -j9 install" fails because bininstall target requires the libainstall target ___

[issue25723] ConfigParser should never write broken configurations

Terry J. Reedy added the comment: We all know that blindly inserting external data into a database can be a bad idea. But raising ValueError if the data contains \n barely scratches the surface of a real defense. The external data should be checked before passing it to .add_section or as