[issue27263] IDLE sets the HOME environment variable breaking scripts

Eryk Sun added the comment: This affects all Tkinter applications on Windows. For example, in Python 2.7: import Tkinter import ctypes libc = ctypes.CDLL('msvcr90') libc.getenv.restype = ctypes.c_char_p >>> libc.getenv(b"HOME") >>> root = Tkinter.Tk() >>>

[issue24136] document PEP 448: unpacking generalization

Jelle Zijlstra added the comment: This updates reference_calls_syntax_update.diff. The previous patch's grammard had a mistake; it was missing commas between arguments. I believe all other patches in this diff are now obsolete. -- Added file:

[issue20699] Document that binary IO classes work with bytes-likes objects

Martin Panter added the comment: New patch that I plan to commit: * Use bytes instead of str * bytes, bytearray or memoryview for readinto() methods * bytes or memoryview for write() methods * Added single “Changed in version 2.7” notice under the IOBase class (rather than every version of

[issue24136] document PEP 448: unpacking generalization

Jelle Zijlstra added the comment: Here's what I found reviewing what needs to be done here: - Neil's What's New patch apparently made it into the 3.5 release notes. - moigagoo's two patches haven't been committed. The text of both looks ok to me, but the patches don't apply cleanly. Other

[issue27127] Never have GET_ITER not followed by FOR_ITER

Serhiy Storchaka added the comment: As Dino noted in msg266453, this leaves the iterable on the stack while the loop is running. I think opcode reworking shouldn't change behavior. You should call GET_ITER or FOR_BEGIN before calling generator code. --

[issue15476] Index "code object" and link to code object definition

Martin Panter added the comment: Yes it seems you even fixed the problem with the definition list, which I thought was not fixable :) -- stage: needs patch -> commit review ___ Python tracker

[issue27127] Never have GET_ITER not followed by FOR_ITER

Demur Rumed added the comment: I should've kept gitfit & forbegin more separated as issues. Attached is gitfit2, which only folds the GET_ITER into the comprehension if it isn't a generator so to pass test_genexps -- Added file: http://bugs.python.org/file43300/gitfit2.patch

[issue27264] python 3.4 vs. 3.5 strftime same locale different output on Windows

New submission from David Perra: The execution of these commands in python 3.4.x (Windows 10 Home) import locale from datetime import datetime locale.setlocale(locale.LC_ALL, 'Spanish') datetime.strftime(datetime.now(), '%a %d %b %Y') renders the output

[issue17797] Visual C++ 11.0 reports fileno(stdin) == 0 for non-console program

Changes by Mark Lawrence : -- nosy: -BreamoreBoy ___ Python tracker ___ ___

[issue24567] random.choice IndexError due to double-rounding

Serhiy Storchaka added the comment: Ping. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue25455] Some repr implementations don't check for self-referential structures

Serhiy Storchaka added the comment: Ping. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue27260] Missing equality check for super objects

Changes by Jelle Zijlstra : -- priority: normal -> low type: -> enhancement ___ Python tracker ___

[issue25628] Make namedtuple "verbose" and "rename" parameters into keyword only arguments

Serhiy Storchaka added the comment: Ping. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue18844] allow weights in random.choice

Serhiy Storchaka added the comment: Raymond, do you have a time for this issue? -- ___ Python tracker ___ ___

[issue27260] Missing equality check for super objects

Jelle Zijlstra added the comment: This came up as part of a static analysis script that compares sets of method calls, including calls to methods on super(). The check was giving incorrect results because identical super() objects were comparing as different. super() is documented

[issue13451] sched.py: speedup cancel() method

Serhiy Storchaka added the comment: Ping. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue27238] Bare except: usages in turtle.py

Jelle Zijlstra added the comment: Thanks for the review and comments. This patch addresses your comments and changes the __file__-related one to catch Exception. -- Added file: http://bugs.python.org/file43299/issue27238-cr.patch ___ Python tracker

[issue17900] Recursive OrderedDict pickling

Serhiy Storchaka added the comment: I think it is too late to revert this change. Is it worth to add a workaround for PyYAML if it still hasn't fixed serialization of OrderedDicts? -- ___ Python tracker

[issue17394] Add slicing support to collections.deque

Serhiy Storchaka added the comment: Raymond, do you have a time to make a review? -- ___ Python tracker ___

[issue27242] Make the docs for NotImplemented & NotImplementedError unambigous

Martin Panter added the comment: Emanuel, have you seen ? From my experience, install Sphinx, and then “make -C Doc/ html”. About the patch, I think the “.. note” boxes should be intended under the

[issue27262] IDLE: move Aqua context menu code to maxosx

Serhiy Storchaka added the comment: "bindtag" is an arbitrary string. Usually this is a name of Tk widget class of or "all". bindtags() allows to retrieve or set a list of bindtags associated with a widget. By default they are: full path of a widget, name of Tk class of widgets, full path of

[issue8491] Need readline command and keybinding information

Martin Panter added the comment: Thanks for the patch. I left a couple review comments. Also, this new paragraph should be outside the “Note” box, which is specifically about libedit aka Editline, not Gnu Readline. -- stage: needs patch -> patch review

[issue15476] Index "code object" and link to code object definition

Tommy Beadle added the comment: Martin, thanks for the suggestion that worked. I believe this patch should have all of the issues addressed. -- Added file: http://bugs.python.org/file43298/0001-Issue-15476-Make-code-object-its-own-entry-in-the-do.patch

[issue26446] Mention in the devguide that core dev stuff falls under the PSF CoC

Evelyn Mitchell added the comment: Thank you for your help Berker. -- nosy: +Evelyn Mitchell Added file: http://bugs.python.org/file43297/patchCoreDevCoC ___ Python tracker

[issue27187] Relax __all__ location requirement in PEP 8

Changes by Ian Lee : Added file: http://bugs.python.org/file43296/issue-27187-patch3.txt ___ Python tracker ___

[issue27187] Relax __all__ location requirement in PEP 8

Ian Lee added the comment: Good catch. I'm uploading a new patch that addresses ``from __future__`` imports issue explicitly. -- ___ Python tracker ___

[issue27263] IDLE sets the HOME environment variable breaking scripts

Jarrod Petz added the comment: Worked around this by setting HOME to be USERPROFILE before IDLE starts Rather then change the system/user environment permanently. I edited the Idle script which the windows shortcut seems to run below. C:\Python35\Lib\idlelib\idle.pyw At the top of the script

[issue27127] Never have GET_ITER not followed by FOR_ITER

Demur Rumed added the comment: Didn't see Raymond's response before posting, forbegin3 at least exists as a completion of the experiment to a passes-tests state. The tracing hacks to support an instruction corresponding to two separate lines support rejecting this idea --

[issue27127] Never have GET_ITER not followed by FOR_ITER

Demur Rumed added the comment: Attaching forbegin3.patch. It reintroduces GET_ITER for the sole purpose of eagerly throwing. I decided to reuse GET_ITER over something like TEST_ITER as this way we can have GET_ITER flow into FOR_BEGIN & rely on the fast path of iter(iter(x))

[issue26446] Mention in the devguide that core dev stuff falls under the PSF CoC

Berker Peksag added the comment: Thanks for the patch Evelyn. The patch looks good to me. I have a couple of suggestions: 1. It seems like https://docs.python.org/devguide/coredev.html#responsibilities is a better place to put this 2. Core committers -> Core developers 3. PSF CoC -> PSF

[issue26446] Mention in the devguide that core dev stuff falls under the PSF CoC

Changes by Evelyn Mitchell : Added file: http://bugs.python.org/file43294/patchCoreCoC ___ Python tracker ___

[issue8491] Need readline command and keybinding information

Changes by Evelyn Mitchell : Added file: http://bugs.python.org/file43293/patch8491 ___ Python tracker ___

[issue25738] http.server doesn't handle RESET CONTENT status correctly

Susumu Koshiba added the comment: A patch for 3.5 attached. -- Added file: http://bugs.python.org/file43292/issue25738_http_reset_content_3.5_02.patch ___ Python tracker

[issue27261] io.BytesIO.truncate does not work as advertised

Changes by Xiang Zhang : -- nosy: +alexandre.vassalotti, serhiy.storchaka ___ Python tracker ___

[issue27261] io.BytesIO.truncate does not work as advertised

Xiang Zhang added the comment: Is this a bug or a documentation matter? Inspecting BytesIO.truncate's code, it does resizing similar to list, this seems to be a designed feature, which conflicts with the documented behaviour. -- nosy: +xiang.zhang

[issue25738] http.server doesn't handle RESET CONTENT status correctly

Susumu Koshiba added the comment: Great, thanks for checking. Attaching patch for 2.7. 3.5 will follow. -- Added file: http://bugs.python.org/file43291/issue25738_http_reset_content_2.7_02.patch ___ Python tracker

[issue25738] http.server doesn't handle RESET CONTENT status correctly

Martin Panter added the comment: Patch 07 looks fine. I presume you still want to do the porting to 3.5 and 2.7. -- ___ Python tracker ___

[issue27263] IDLE sets the HOME environment variable breaking scripts

Jarrod Petz added the comment: It also makes things none deterministic. As when I am off the domain or my network drive H:\ is unavailable it works and uses USERPROFILE. -- ___ Python tracker

[issue27263] IDLE sets the HOME environment variable breaking scripts

New submission from Jarrod Petz: It seems IDEL is setting the environment variable 'HOME' on windows. Specifically I am on windows 8.1 This is extremly annoying and bad as according the code and doco, os.path.expanduser will preference this variable above others such as USERPROFILE.

[issue27262] IDLE: move Aqua context menu code to maxosx

New submission from Terry J. Reedy: Put the AquaTk code added to pyshell.main in #24801 where it should have gone originally. (My fault, ultimately.) See aqua_context.diff. This is a step in factoring main (currently about 170 lines) into a manageable number of function calls. I will try

[issue27180] Doc/pathlib: Please describe the behaviour of Path().rename() is depends on the platform (same as os.rename())

Changes by Evelyn Mitchell : Added file: http://bugs.python.org/file43289/patch27180 ___ Python tracker ___

[issue27251] TypeError in logging.HTTPHandler.emit; possible python 2 to 3 conversion issue

Changes by Berker Peksag : -- stage: test needed -> resolved ___ Python tracker ___

[issue27180] Doc/pathlib: Please describe the behaviour of Path().rename() is depends on the platform (same as os.rename())

Berker Peksag added the comment: Could you please send your patch in unified diff format? See https://docs.python.org/devguide/patch.html for details. -- nosy: +berker.peksag stage: needs patch -> patch review ___ Python tracker

[issue27261] io.BytesIO.truncate does not work as advertised

Martin Panter added the comment: BytesIO is supposed to implement IOBase. I would treat this as a bug in existing versions too. -- nosy: +martin.panter stage: -> needs patch versions: +Python 2.7, Python 3.5 ___ Python tracker

[issue27187] Relax __all__ location requirement in PEP 8

John Mark Vandenberg added the comment: The revised text says __dunder__ should appear before any imports, however __future__ imports must appear first for obvious reasons. Does this need to be mentioned in the pep? -- ___ Python tracker

[issue27252] Make dict views copyable

Raymond Hettinger added the comment: See also: http://bugs.python.org/issue27253 -- ___ Python tracker ___

[issue27253] More efficient deepcopying of Mapping

Raymond Hettinger added the comment: Is this ever needed? I'm not sure whether all these patches are being driven by reasonable use cases or whether it is just something that could be done. I thought the whole point of the views was to avoid copying. If so, there is a design principle that

[issue27255] More opcode predictions

Raymond Hettinger added the comment: Serhiy, please slow down and stop rewriting every single thing you see. Your rate of patches is prolific and hard to digest. Please give some consideration that the people who came before you (lots of them) put a lot of thought into what was done and

[issue27255] More opcode predictions

Changes by Raymond Hettinger : -- assignee: -> rhettinger ___ Python tracker ___

[issue27260] Missing equality check for super objects

Raymond Hettinger added the comment: Why would you need this? Also, would it interfere with super's ability to use the __eq__ method for a parent class? class A: def __eq__(self, other): return True class B(A): def __eq__(self, other):

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Christian Heimes added the comment: Thanks Theodore! Your analysis was exactly what I was aiming for when I requested a thorough security analysis in form of a PEP. The correct choice of CPRNG is important for the overall security. I'm mostly concerned with the behavior of os.urandom(),

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Theodore Tso added the comment: I ran the experiment Colm asked me to run --- and yes, if you boot a system with Python 3.5.1 with the boot options "init=/usr/bin/python3", you're going to have a bad time. The problem is that in a KVM environment where things are very quiet, especially if

Re: [issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

On 07.06.2016 22:27, Theodore Tso wrote: > > Secondly, when I decided to add this behavior to getrandom(2), it was because > people were really worried that people would be using /dev/urandom for > security-critical things (e.g., initializing ssh host session keys, when > they'd _really_

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: Ted - I'd suggest the following to test. Boot an arbitrary Linux system with init=/usr/bin/python3 (assuming filesystems mounted etc). Python 3.5.1 (on Linux) will call getrandom() in blocking mode very early in its startup; if this happens before the pool is

[issue27261] io.BytesIO.truncate does not work as advertised

New submission from Justus Winter: % python3.6 -c "import io; b=io.BytesIO(); assert b.truncate(42) == 42; assert len(b.getbuffer()) == 42, 'expected length 42, got {}'.format(len(b.getbuffer()))" Traceback (most recent call last): File "", line 1, in AssertionError: expected length 42, got

[issue27260] Missing equality check for super objects

New submission from Jelle Zijlstra: >>> class Foo: pass ... >>> super(Foo) == super(Foo) False Will submit a patch later -- assignee: Jelle Zijlstra components: Library (Lib) messages: 267747 nosy: Jelle Zijlstra priority: normal severity: normal status: open title: Missing equality

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: Thanks for weighing in Theodore, I think that matches what Colm's last suggestion was, and what I was personally OK with. To seed our SipHash function using GRND_NONBLOCK since it's likely that will be fine, and worst case we're just using it for some hash

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Theodore Tso added the comment: Hi. Colm alerted me to this bug, so I thought I would chime in as the author of Linux's getrandom(2) function. First of all, if you are OK with reading from /dev/urandom, then you might as well use getrandom's GRND_NONBLOCK flag. They are logically

[issue27187] Relax __all__ location requirement in PEP 8

Barry A. Warsaw added the comment: Thanks for the patch! -- ___ Python tracker ___ ___ Python-bugs-list

[issue27187] Relax __all__ location requirement in PEP 8

Roundup Robot added the comment: New changeset cf8e888b9555 by Barry Warsaw in branch 'default': Relax __all__ location. https://hg.python.org/peps/rev/cf8e888b9555 -- nosy: +python-dev resolution: -> fixed stage: -> resolved status: open -> closed

[issue27251] TypeError in logging.HTTPHandler.emit; possible python 2 to 3 conversion issue

Changes by Vinay Sajip : -- resolution: -> fixed status: open -> closed ___ Python tracker ___

[issue27251] TypeError in logging.HTTPHandler.emit; possible python 2 to 3 conversion issue

Roundup Robot added the comment: New changeset 11ebd14076b4 by Vinay Sajip in branch '3.5': Fixed #27251: corrected string/bytes handling in credentials. https://hg.python.org/cpython/rev/11ebd14076b4 New changeset 12d939477b4f by Vinay Sajip in branch 'default': Fixed #27251: merged fix from

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: I've spoken with Ted Ts'o (one advantage of working for Google) and taken a look in the Linux kernel source, and things are actually better than we'd feared. Firstly, calling getrandom() with GRND_NONBLOCK and a buffer size of less than or equal to 32 bytes

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: > Once this has been done, it will never block again, and happily send you poor > random data if the entropy pool has been completely wiped of any entropy data > - without telling you. This doesn't actually happen in real life, once urandom has been

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Changes by Christian Heimes : -- nosy: -christian.heimes ___ Python tracker ___ ___

[issue27258] Exception in BytesGenerator.flatten

New submission from Hans-Peter Jansen: Attached mail, parsed with email.message_from_binary_file results in: Traceback (most recent call last): File "./mail_filter.py", line 616, in ret = main.run() File "./mail_filter.py", line 605, in run self.process(fp) File

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Marc-Andre Lemburg added the comment: On 07.06.2016 21:12, Cory Benfield wrote: > >> Python hash randomization only happens once. So it's not a matter of how >> early we try the attack, it's a matter of how early we seed Python hash >> randomization. > > Sorry Larry, I was insufficiently

[issue27259] Possible missing deprecation warnings?

New submission from Mark Summerfield: In the docs for the array module: https://docs.python.org/dev/library/array.html#module-array Note 1 in the table of type codes says that the 'u' type is deprecated and will go in Python 4.0. Since the array.fromunicode() and array.tounicode() methods

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Larry Hastings added the comment: I fear I may be changing my mind a little bit. However, I skipped breakfast--and now it's looking like a late lunch--so I simply have to step away for a while. Expect me to post in about two hours when I get some calories down and finally make up my tiny

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: Colm, Great, then I think there's general agreement, we just need someone to review the nonblocking_urandom_noraise.patch (which my C is not strong enough to feel comfortable doing). That still leaves the `import random` issue, but I think we can reopen

[issue26632] @public - an __all__ decorator

Barry A. Warsaw added the comment: On Jun 04, 2016, at 07:47 PM, Zachary Ware wrote: >So, +1 anyway. I think this would be rather worthwhile, especially in the >stdlib. Thanks! I still like it and plan on continuing to use it in my code. I would recommend you playing with the third party

[issue27257] get_addresses results in traceback with a valid? header

New submission from Hans-Peter Jansen: In the course of replacing an old Python 2.7 email filter tool with a rewritten Python3 version, I stumbled across a ugly case, where such an header: To: unlisted-recipients: ;, ""@pop.kundenserver.de (no To-header on input) results in a

[issue27081] Cannot capture sys.stderr output from an uncaught exception in a multiprocessing Process using a multiprocessing Queue

Changes by ppperry : -- title: Multiprocessing is not robust against sys.stderr changes involving queues -> Cannot capture sys.stderr output from an uncaught exception in a multiprocessing Process using a multiprocessing Queue

[issue27256] header indentation destroyed

Changes by Hans-Peter Jansen : Added file: http://bugs.python.org/file43286/mf.9__mi0bf.out ___ Python tracker ___

[issue27256] header indentation destroyed

New submission from Hans-Peter Jansen: In the course of replacing an old Python 2.7 email filter tool with a rewritten Python3 version, I stumbled across a ugly case, where such an header: X-Microsoft-Exchange-Diagnostics:

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Cory Benfield added the comment: > Python hash randomization only happens once. So it's not a matter of how > early we try the attack, it's a matter of how early we seed Python hash > randomization. Sorry Larry, I was insufficiently clear (relying on context from earlier). I totally agree

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Larry Hastings added the comment: > This is only a DoS vector if you can hit the server so early in the boot > process that it doesn't have enough entropy. Python hash randomization only happens once. So it's not a matter of how early we try the attack, it's a matter of how early we seed

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Cory Benfield added the comment: > So you are intentionally accepting a new vector for DoS attacks, and calling this non-reduced security? This is only a DoS vector if you can hit the server so early in the boot process that it doesn't have enough entropy. The *second* enough entropy has been

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: Donald - Oh, that's interesting; thank you. I guess that system-crontab-generator is being called before that in the boot process. The most common trigger case, I guess, will then be cloud containers and VMs which are spun up for single applications. I think

[issue27254] heap overflow in Tkinter module

Serhiy Storchaka added the comment: Minimal reproducer: from tkinter import Tk Tk(className='A'*0xf) This looks as Tcl/Tk problem. -- nosy: +serhiy.storchaka type: security -> crash versions: +Python 3.5, Python 3.6 -Python 3.3, Python 3.4 ___

[issue25958] Implicit ABCs have no means of "anti-registration"

Changes by Ethan Furman : -- nosy: +ethan.furman ___ Python tracker ___ ___

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: > specifically, early in the boot process, although not I think just on the > first boot of a system; Debian at least by default does not attempt to > preserve its entropy pool across a reboot.) Look at /etc/init.d/urandom in the initscripts package in Jessie

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: To clarify what the various patches do: 3.5.1 as released: os.urandom and hash secret initialization both attempt getrandom() in preference to reading /dev/urandom. Under certain circumstances, this will block, possibly indefinitely. Changeset 9de508dc4837:

[issue27242] Make the docs for NotImplemented & NotImplementedError unambigous

Emanuel Barry added the comment: More tweaks after Ethan's comments. This is starting to get way outside of the realm of NotImplemented, but it still makes for a good reference to point confused users at. -- Added file:

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Matthias Klose added the comment: On 07.06.2016 16:47, Christian Heimes wrote: > > Christian Heimes added the comment: > > PSRT VETO! > > In the light of the upcoming release 3.5.2 I'm now putting on my PSRT hat > (Python Security Response Team) and proclaim a veto against any and all >

[issue27127] Never have GET_ITER not followed by FOR_ITER

Raymond Hettinger added the comment: I don't think this should go forward. The current FOR_ITER and JUMP_ABSOLUTE combination is very efficient and shouldn't be changed lightly. It is the inside of the loop that matters -- the GET_ITER step is outside of the loop and isn't expensive. Also,

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Larry Hastings added the comment: That reminds me. I want to be clear: I think it's preferable that os.urandom() blocks when insufficient entropy is available. If Victor's patch changed that, it should be backed out. (Since non-blocking urandom is useful, perhaps in 3.6 os.urandom() should

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Colm Buckley added the comment: Larry - To the first point: The combination of Victor's changeset 9de508dc4837 (based on my patch) and my most recent nonblocking_urandom_noraise patch (which is on top of 9de508dc4837) will do what you suggest for the hash secret initialization - ie: it is

[issue27255] More opcode predictions

New submission from Serhiy Storchaka: Currently the PREDICT() macros is used for predicticting following pair of opcodes in the ceval loop: LIST_APPEND JUMP_ABSOLUTE SET_ADD JUMP_ABSOLUTE MAP_ADD JUMP_ABSOLUTE COMPARE_OP POP_JUMP_IF_FALSE COMPARE_OP POP_JUMP_IF_TRUE GET_ITER FOR_ITER FOR_ITER

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: > As a final note, let me steer you towards this comment in Python/random.c: > > /* Issue #25003: Don' use getentropy() on Solaris (available since > * Solaris 11.3), it is blocking whereas os.urandom() should not block. */ > > Yes: we already had this

[issue27255] More opcode predictions

Changes by Serhiy Storchaka : -- priority: normal -> low ___ Python tracker ___

[issue27252] Make dict views copyable

Raymond Hettinger added the comment: I think we should stop adding features like this without actual user requests and real use cases to show necessity and to inform the design. -- ___ Python tracker

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Larry Hastings added the comment: Everybody: let's drop discussing "hashlib" unless someone says it actually is a problem. I think it was always, as we say in English, a "red herring". > The secret for SipHash is composed of two 64bit integers. The entire > _Py_HashSecret_t struct is 24

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: I've attached a minimal patch for making it so ``import random`` does not block, it does this by changing what the default instance of Random() is seeded with, from os.urandom() to the time based fallback it currently employs. It does not change the behavior

[issue27254] heap overflow in Tkinter module

New submission from Emin Ghuliev: /* This is used to get the application class for Tk 4.1 and up */ argv0 = (char*)attemptckalloc(strlen(className) + 1); //<=== classname allocated if (!argv0) { PyErr_NoMemory(); Py_DECREF(v); return NULL; }

[issue27252] Make dict views copyable

Serhiy Storchaka added the comment: I didn't encounter this. -- ___ Python tracker ___ ___ Python-bugs-list

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Christian Heimes added the comment: On 2016-06-07 19:36, Donald Stufft wrote: > > Donald Stufft added the comment: > >> Possible resolutions: >> * accept possible low-entropy initialization of the hash secret; using the >> patches supplied here by myself and Victor. >> * add a command-line

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Christian Heimes added the comment: On 2016-06-07 19:46, Larry Hastings wrote: > > Larry Hastings added the comment: > > Thank you for summarizing the debate. It made it a lot easier to > >> * blocking initialization of the hash secret. This occurs regardless of >> script contents; at

[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

Donald Stufft added the comment: > I don't follow whose patch does what. But here's what I find acceptable, > from a high level. > > * The semantics as presented by the documentation must be preserved. > os.urandom() and other operations that declare they're safe for cryptographic > use

[issue23496] Steps for Android Native Build of Python 3.4.2

Changes by Chris Rebert : -- nosy: +cvrebert ___ Python tracker ___ ___

  1   2   3   >