[issue32606] Email Header Injection Protection Bypass

Change by Dalton Campbell : -- nosy: +barry ___ Python tracker ___ ___

[issue32606] Email Header Injection Protection Bypass

New submission from Dalton Campbell : The protection's implemented in https://github.com/python/cpython/blob/master/Lib/email/header.py to prevent Email Header injection can be bypassed by specifying an injected additional header in the following format:

[issue32232] building extensions as builtins is broken in 3.7

Pablo Galindo Salgado added the comment: It seems that Microsoft compiler does not handle well the circular dependencies between Include/pystate.h and Include/internal/pystate.h so I have included guards for Windows in the new include for Include/pystate.h and deactivated

[issue32232] building extensions as builtins is broken in 3.7

Pablo Galindo Salgado added the comment: I have put together a PR with Matthias' patch and a test. -- nosy: +pablogsal ___ Python tracker

[issue32232] building extensions as builtins is broken in 3.7

Change by Pablo Galindo Salgado : -- pull_requests: +5103 stage: -> patch review ___ Python tracker ___

[issue32603] Deprecation warning on strings used in re module

Change by Pablo Galindo Salgado : -- keywords: +patch pull_requests: +5102 stage: -> patch review ___ Python tracker ___

[issue32574] asyncio.Queue, put() leaks memory if the queue is full

Change by José Melero Fernández : -- versions: +Python 3.5 ___ Python tracker ___

[issue32591] Deprecate sys.set_coroutine_wrapper and replace it with more focused API(s)

Guido van Rossum added the comment: Yes, I'm OK with this plan. Note that I've only read Nathaniel's original message and Yury's last message, and I've not reviewed the PR, but getting rid of that eyesore sounds good, and it seems you two have reached agreement. --

[issue32502] uuid1() fails if only 64-bit interface addresses are available

Change by bbayles : -- keywords: +patch pull_requests: +5101 stage: needs patch -> patch review ___ Python tracker ___

[issue32378] test_npn_protocols broken with LibreSSL 2.6.1+

Change by Christian Heimes : -- pull_requests: +5100 ___ Python tracker ___ ___

[issue27682] wsgiref: Windows Error 10053, ConnectionAbortedError: [WinError 10053] An established connection was aborted by the software in your host machine

William Hingston added the comment: I'm still seeing this with Python 3.6.3 Django 2.0.1 Windows 10 Pro Version 1709 Was this determined to be a Django bug? -- nosy: +William Hingston ___ Python tracker

[issue32424] Synchronize copy methods between Python and C implementations of xml.etree.ElementTree.Element

Gordon P. Hemsley added the comment: >> As discussed above, starting with msg309074, __deepcopy__() is being added >> to the Python implementation because it already exists in the C >> implementation. > > Python implementation shouldn't copy all implementation

[issue32603] Deprecation warning on strings used in re module

Pablo Galindo Salgado added the comment: +1 to this. I have seen a lot of regular expressions not using raw strings that makes use of "\d" and friends. I will work on a patch to the docs if that's ok. -- nosy: +pablogsal ___

[issue31687] test_semaphore_tracker() of test_multiprocessing_spawn fails randomly (race condition?)

STINNER Victor added the comment: To reproduce the issue, someone should increase the system load to make the system slower and make timeouts more likely, and change the order in which processes are run. I'm using the "stress" utility on Linux for that. But

[issue32583] Crash during decoding using UTF-16/32 and custom error handler

Xiang Zhang added the comment: Another way to crash: >>> import codecs >>> def replace_with_longer(exc): ... exc.object = b'\xa0\x00' * 100 ... return ('\ufffd', exc.end) ... >>> codecs.register codecs.register( codecs.register_error( >>>

[issue32597] Bad detection of clang

Stefan Krah added the comment: > https://bugs.python.org/issue20767 was showing the issue and imho badly fixed. You do realize that the fix was proposed by FreeBSD people and that the upstream Clang issue is still open? -- nosy: +skrah

[issue32583] Crash during decoding using UTF-16/32 and custom error handler

Change by Xiang Zhang : -- stage: patch review -> needs patch ___ Python tracker ___ ___

[issue32583] Crash during decoding using UTF-16/32 and custom error handler

Xiang Zhang added the comment: The problem is utf16 decoder almost always assumes that two bytes decodes to one unicode character, so when allocating memory, it assumes (bytes_number+1)/2 unicode slots is enough, there is even a comment in the code. And in

[issue29833] Avoid raising OverflowError if possible

Change by Serhiy Storchaka : -- dependencies: +chr raises OverflowError ___ Python tracker ___

[issue24334] SSLSocket extra level of indirection

Change by Christian Heimes : -- pull_requests: +5099 stage: needs patch -> patch review ___ Python tracker ___

[issue32472] Mention of __await__ missing in Coroutine Abstract Methods

Change by Andrew Svetlov : -- resolution: not a bug -> stage: resolved -> status: closed -> open ___ Python tracker ___

[issue32589] Statistics as a result from timeit

Terry J. Reedy added the comment: If we agree that the patch is wrong, we should reject it and close this issue. -- ___ Python tracker

[issue32476] Add concat functionality to ElementTree xpath find

Change by John Jolly : -- pull_requests: +5098 stage: -> patch review ___ Python tracker ___

[issue32591] Deprecate sys.set_coroutine_wrapper and replace it with more focused API(s)

Yury Selivanov added the comment: Guido, I'd like to go forward with this and merge Nathaniel's PR. Quick summary: * This issue adds new APIs: a sys.set_coroutine_origin_tracking_depth(depth) function and a 'cr_origin' property to native coroutine objects. * By using

[issue32550] STORE_ANNOTATION bytecode is unnecessary and can be removed.

Guido van Rossum added the comment: There is very little code that depends on __annotations__ at all, and none of it is very subtle. All actual type checking is done by separate tools (mypy, pytype, PyCharm) that don't import the code and don't care about __annotations__. The

[issue29302] add contextlib.AsyncExitStack

Nick Coghlan added the comment: Explicitly noting some API design decisions from the review of https://github.com/python/cpython/pull/4790: 1. AsyncExitStack will define __aenter__ and __aexit__ but *not* __enter__ and __exit. This makes it unambiguous which form of with

[issue32594] File object 'name' attribute inconsistent type and not obviously documented

R. David Murray added the comment: Ah, yes. When I said "this has been discussed previously", that's the issue I was thinking of but couldn't find. -- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> State clearly that open()

[issue31429] TLS cipher suite compile time option for downstream

Christian Heimes added the comment: My PR is ready for review. -- nosy: +alex, dstufft, janssen ___ Python tracker ___

[issue32503] Avoid creating small frames in pickle protocol 4

Change by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue32594] File object 'name' attribute inconsistent type and not obviously documented

Serhiy Storchaka added the comment: Isn't this a duplicate of issue18534? -- nosy: +serhiy.storchaka ___ Python tracker

[issue32503] Avoid creating small frames in pickle protocol 4

Serhiy Storchaka added the comment: New changeset 1211c9a9897a174b7261ca258cabf289815a40d8 by Serhiy Storchaka in branch 'master': bpo-32503: Avoid creating too small frames in pickles. (#5127)

[issue32430] Simplify Modules/Setup{,.dist,.local}

Julien Palard added the comment: I don't see a use case where one want to edit a file without having his work being tracked by git, can someone shed a light to me on this? I understand that to modify a single configuration point (a path, whatever) a configure option

[issue32602] Test ECDSA and dual mode context

Change by Christian Heimes : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue32602] Test ECDSA and dual mode context

Christian Heimes added the comment: New changeset bd5c7d238c01b90fbfae8ea45b47bd601900abaf by Christian Heimes in branch 'master': bpo-32602: Test ECDSA certs (#5247) https://github.com/python/cpython/commit/bd5c7d238c01b90fbfae8ea45b47bd601900abaf --

[issue32583] Crash during decoding using UTF-16/32 and custom error handler

Change by Serhiy Storchaka : -- components: +Interpreter Core nosy: +serhiy.storchaka stage: test needed -> patch review versions: +Python 3.6 -Python 3.5 ___ Python tracker

[issue32430] Simplify Modules/Setup{,.dist,.local}

Antoine Pitrou added the comment: Le 20/01/2018 à 14:22, STINNER Victor a écrit : > > I don't see how adding an option to make one path configurable would make the > build process more complicated. Do you think implementing and maintaing an option has no cost? > It seems

[issue32430] Simplify Modules/Setup{,.dist,.local}

STINNER Victor added the comment: > Because we don't want to maintain more config options? Really, I don't to > want to further complicate our build process. I don't see how adding an option to make one path configurable would make the build process more

[issue25910] Fixing links in documentation

R. David Murray added the comment: @guido: in roundup, by default anyone can change the issue title. I imagine he is a new user who just didn't understand that he was doing so. (And indeed, the account was created on 1/19). --

[issue32295] User friendly message when invoking bdist_wheel sans wheel package.

Change by TestUserEWDurbin : -- status: pending -> open title: User friendly message when invoking bdist_wheel sans wheel package -> User friendly message when invoking bdist_wheel sans wheel package. ___ Python tracker

[issue32430] Simplify Modules/Setup{,.dist,.local}

Antoine Pitrou added the comment: > Why not adding an option in Makefile or configure to allow to specify a > different path to a custom Setup file? Because we don't want to maintain more config options? Really, I don't to want to further complicate our build process.

[issue30693] tarfile add uses random order

STINNER Victor added the comment: I now agree to leave Python 2.7 and 3.6 unchanged. -- ___ Python tracker ___

[issue32589] Statistics as a result from timeit

STINNER Victor added the comment: > For you particular need it is easy to write an explicit loop and gather the > statistics that your need. I concur with Serhiy: >>> loops=2**15; values = [value/loops for value in t.repeat(10, loops)] >>> import statistics >>>

[issue32589] Statistics as a result from timeit

Serhiy Storchaka added the comment: I concur with Victor. This will defeat the purpose of timeit. And making the type of the result depending on arguments usually means a bad design. For you particular need it is easy to write an explicit loop and gather the

[issue32598] Use autoconf to detect OpenSSL and libssl features

Christian Heimes added the comment: Thanks, Andrew -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue32598] Use autoconf to detect OpenSSL and libssl features

Christian Heimes added the comment: New changeset ff5be6e8100276647e0077e80869fc022d1bb53f by Christian Heimes in branch 'master': bpo-32598: Use autoconf to detect usable OpenSSL (#5242) https://github.com/python/cpython/commit/ff5be6e8100276647e0077e80869fc022d1bb53f

[issue30693] tarfile add uses random order

Serhiy Storchaka added the comment: If make this change you need to make similar changes in other places that recursively add files to archives: shutil, zipapp, distutils, and maybe more. -- versions: -Python 2.7, Python 3.6

[issue32226] Implement PEP 560: Core support for typing module and generic types

Ivan Levkivskyi added the comment: New changeset d911e40e788fb679723d78b6ea11cabf46caed5a by Ivan Levkivskyi in branch 'master': bpo-32226: PEP 560: improve typing module (#4906) https://github.com/python/cpython/commit/d911e40e788fb679723d78b6ea11cabf46caed5a

[issue25910] Fixing links in documentation

Change by Serhiy Storchaka : -- title: How many "critical"-level open issues are there? -> Fixing links in documentation ___ Python tracker

[issue30491] Add a lightweight mechanism for detecting un-awaited coroutine objects

Nathaniel Smith added the comment: I have a patch for this, but it will be simplest if we can merge https://github.com/python/cpython/pull/5250 (for bpo-32591) first, because they touch a lot of overlapping code. -- ___ Python

[issue32589] Statistics as a result from timeit

STINNER Victor added the comment: "but after looking more closely at the PR, I see that the statistics gathered are from the (default) 100 runs of each call to timer.timeit()." Ah, don't do that. Timeit runs the same code multiple times and computes the average to

[issue32589] Statistics as a result from timeit

STINNER Victor added the comment: For minimum vs average, see: https://bugs.python.org/issue28240 -- ___ Python tracker ___

[issue25910] How many "critical"-level open issues are there?

STINNER Victor added the comment: "I will issue a separate PR for it, and then we're good to close this issue." Ok. -- title: Fixing links in documentation -> How many "critical"-level open issues are there? ___ Python

[issue32591] Deprecate sys.set_coroutine_wrapper and replace it with more focused API(s)

Change by Nathaniel Smith : -- keywords: +patch pull_requests: +5097 stage: -> patch review ___ Python tracker ___

[issue29708] support reproducible Python builds

Change by Chih-Hsuan Yen : -- nosy: -yan12125 ___ Python tracker ___ ___

[issue32589] Statistics as a result from timeit

Steven D'Aprano added the comment: On Fri, Jan 19, 2018 at 11:48:46PM +, STINNER Victor wrote: > The timeit module of the stdlib computes 5 values by default... I'm > not sure that it's revelant to compute the standard deviation only on > 5 values. I made the

[issue32582] chr raises OverflowError

Serhiy Storchaka added the comment: Perhaps this issue should be raised on Python-Dev, since it changes the old and well-known behavior of buildins. I think that ValueError is more appropriate, but in past we decided to keep OverflowError for compatibility. If