[issue41282] Deprecate and remove distutils

Change by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue43002] Exception chaining accepts exception classes

Ram Rachum added the comment: People barely know how to use the right form of this feature. Providing them with a wrong form that's confusingly similar to the right form and fails silently is an unfortunate choice. "Or just don't do anything. A `raise exception` inside an except block will

[issue43006] Changed behaviour of inspect.signature() in Python 3.10

New submission from Zac Hatfield-Dodds : Consider the following snippet, which passes on Python 3.9 and earlier: import inspect def f(x: int = None): pass print(inspect.signature(constructor)) assert inspect.signature(constructor).parameters["a"].annotation == int

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Eryk Sun added the comment: > I've found a catch via ProcessHacker: CreateFile() with > GENERIC_WRITE (or FILE_GENERIC_WRITE) additionally grants > FILE_READ_ATTRIBUTES for some reason. CreateFileW always requests at least SYNCHRONIZE and FILE_READ_ATTRIBUTES access. The I/O manager

[issue43004] No type variables left in collections.abc.Callable

Tyler Yep added the comment: Got it, thanks! -- resolution: -> fixed stage: -> resolved status: open -> closed ___ Python tracker ___

[issue43004] No type variables left in collections.abc.Callable

Ken Jin added the comment: This seems to be a duplicate of Issue40494. It has already been fixed in Python 3.10, and in Python 3.9.2 (which isn't out yet). You can see the what's new for it here https://docs.python.org/3/whatsnew/3.9.html#notable-changes-in-python-3-9-2. The expected

[issue42980] argparse: GNU-style help formatter

Will Noble added the comment: Ya I was following the precedent of non-documentation figuring that formal documentation should be done for the entire class and that would be a much larger undertaking and maybe involve further refactoring. I could potentially undertake that task in the future

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Ryan Hileman added the comment: Just updated the PR with another much simpler attempt, using a new READ_AUDIT flag (aliased to READ_RESTRICTED, and newtypes documentation updated). I re-ran timings for the new build, and in all cases they match or slightly beat my previous reported timings.

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Steve Dower added the comment: > I think it could make sense to: > 1. Alias READ_RESTRICTED to a new READ_AUDIT flag and use the latter instead, > as it is more clear. > 2. Update the newtype docs to mention READ_AUDIT and remove documentation for > the the unused RESTRICTED flags. > 3.

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Ryan Hileman added the comment: I agree that READ_RESTRICTED would work, and I'm strongly in support of refactoring my patch around that kind of flag, as it simplifies it quite a bit and the if statement is already there. However, using the seemingly legacy RESTRICTED flag names for audit

[issue43005] Package Relative Imports - double dot doc example not working

Guido van Rossum added the comment: This is not a bug in Python. Please ask a user forum for help understanding (for example, https://discuss.python.org/c/users/7). -- nosy: +gvanrossum resolution: -> not a bug stage: -> resolved status: open -> closed

[issue43005] Package Relative Imports - double dot doc example not working

New submission from Ixio : I've been trying to do a double dot import without success, I've tried going back to the official documentation in order to figure it out however even the example shown does not work. Official example :

[issue43004] No type variables left in collections.abc.Callable

Change by Guido van Rossum : -- nosy: +kj ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue43002] Exception chaining accepts exception classes

Steven D'Aprano added the comment: It is intended behaviour. `raise ... from` is a general mechanism that you can call anywhere, it is not just limited to raising from the previous exception. It is designed for explicitly setting the chained exception to some arbitrary exception. See the

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Éric Araujo added the comment: Too bad that semicolon is not recommended nowadays, it was a nice way to avoid ampersand HTML escape issues! One server software that generates links using semicolons is debbugs:

[issue42800] Traceback objects allow accessing frame objects without triggering audit hooks

Steve Dower added the comment: I'm fine with either approach, though adding the READ_RESTRICTED flag would also be fine. The audit trailing leading to a bypass is very important, and traversing frames to find functions in their locals or closures is very useful. This is nothing like a

[issue43004] No type variables left in collections.abc.Callable

New submission from Tyler Yep : The following code crashes when I try to run it, even though it passes when I use `from typing import Callable` instead. ``` from collections.abc import Callable from typing import Any, TypeVar V = TypeVar("V") Function = Callable[[list[V], V, V], float] def

[issue42957] os.readlink produces wrong result on windows

Steve Dower added the comment: I agree with Eryk (unsurprisingly, we discussed this change *a lot* back when it was made ~3 years ago). os.readlink is the lowest-level API that gives a reliable result. os.path.realpath is the high-level API that probably does what most users want most of

[issue42966] argparse: customizable help formatter

paul j3 added the comment: Years ago I proposed a `format_wrapper`, a Format class factory https://bugs.python.org/issue12806#msg218395 also https://bugs.python.org/issue39809 There I show that the formatter may be lambda formatter = lambda prog: argparse.HelpFormatter(prog,

[issue42875] argparse incorrectly shows help string on a new line in case of long command string

paul j3 added the comment: This issue is discussed in: https://bugs.python.org/issue34724 argparse subparser help indent too short and https://stackoverflow.com/questions/3215/max-help-position-is-not-works-in-python-argparse-library -- ___

[issue42980] argparse: GNU-style help formatter

paul j3 added the comment: I was thinking of a refactoring that included the ', '.join(...) loop, but on further thought your refactoring might be enough for the case I raised. For example: def _format_option_with_args(self, option_string, args_string): if

[issue42955] Add sys.module_names: list of stdlib module names (Python and extension modules)

Change by Andre Roberge : -- nosy: +aroberge ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42606] Support POSIX atomicity guarantee of O_APPEND on Windows

Alexey Izbyshev added the comment: > FYI, here are the access rights applicable to files Thanks, I checked that mapping in headers when I was writing _Py_wopen_noraise() as well. But I've found a catch via ProcessHacker: CreateFile() with GENERIC_WRITE (or FILE_GENERIC_WRITE) additionally

[issue42997] Improve error message for missing : before suites

Change by Andre Roberge : -- nosy: +aroberge ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42973] argparse: mixing optional and positional arguments... not again

Change by Glenn Linderman : -- nosy: +v+python ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue42990] Improve the C code for calling Python code: _PyEval_EvalCode()

Change by Guido van Rossum : -- nosy: +gvanrossum ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue41282] Deprecate and remove distutils

Change by Steve Dower : -- keywords: +patch pull_requests: +23122 stage: -> patch review pull_request: https://github.com/python/cpython/pull/23142 ___ Python tracker ___

[issue42992] Tkinter bbox coordinates incorrectly drawn

Ron Hoffmann added the comment: Thank you for your response. I have been fighting this issue in a large piece of code for quite some time. So I wrote a small test script as you asked for and the problem will not reproduce. All behaviour of code is as expected. I must therefore assume there

[issue42992] Tkinter bbox coordinates incorrectly drawn

E. Paine added the comment: I cannot reproduce. Taking a rectangle as an example, canvas.bbox(canvas.create_rectangle(5, 5, 100, 100, width=1)) returns `(4, 4, 101, 101)` (rather than `(5, 5, 100, 100)`) because of rounding while calculating the outline. As a result, running

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

Ken Jin added the comment: I have updated the PR to do the following: - removed html_getfile - implement a unique secret as suggested above Now it says: >>> python.exe -m pydoc -b Server ready at

[issue42504] Failure to build with MACOSX_DEPLOYMENT_TARGET=11 on Big Sur

Lonny Kapelushnik added the comment: I believe this is causing issues when trying to install pyjq (https://github.com/doloopwhile/pyjq/issues/54). @ronaldoussoren are you still planning on creating a patch for this? Or should we plan on fixing it downstream? -- nosy: +lonnylot

[issue42990] Improve the C code for calling Python code: _PyEval_EvalCode()

Change by Mark Shannon : -- keywords: +patch pull_requests: +23121 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/24298 ___ Python tracker

[issue43003] Parts of the API will be removed in Python 4.0 ?

New submission from Michael Clerx : The unicode C-API documentation has a deprecation warning on this page: https://docs.python.org/3.9/c-api/unicode.html#deprecated-py-unicode-apis stating some functions are Deprecated since version 3.3, will be removed in version 4.0. But as far as I

[issue42990] Improve the C code for calling Python code: _PyEval_EvalCode()

Mark Shannon added the comment: Rather than: f = create_frame_or_gen(...); if () return f; retval = _PyEval_EvalFrame(tstate, f, 0); _PyObject_GC_TRACK(f); return retval; I was thinking: f = create_frame(...); if () return make_gen(f); retval = _PyEval_EvalFrame(tstate, f,

[issue43002] Exception chaining accepts exception classes

New submission from Ram Rachum : I saw this line of code today: https://github.com/hyperledger/sawtooth-sdk-python/commit/c27b962541c9ae68fd1e6dc691ddee883234f112#diff-eb008203eae2160c5e14c42e5fd2eee164709a93bf5136fa79cc256d4e46eaffR92 I was about to tell this guy that his code is bad since

[issue42722] Add --debug command line option to unittest to enable post-mortem debugging

Dominik Vilsmeier added the comment: Is anybody interested in reviewing the PR? It seems like a useful enhancement to me. -- versions: +Python 3.10 ___ Python tracker ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Adam Goldschmidt added the comment: I haven't noticed, I'm sorry. I don't mind closing mine, just thought it could be a nice first contribution. Our PRs are different though - I feel like if we are to implement this, we should let the developer choose the separator and not limit to just `&`

[issue42996] hashlib documentation references an obsolete RFC 2898

Change by Illia Volochii : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Senthil Kumaran added the comment: Ken, Please don't close your PR. I will review it. It has a CLA signed which is helpful. On Fri, Jan 22, 2021 at 4:53 AM Ken Jin wrote: > > Ken Jin added the comment: > > Adam, I linked a PR 2 days ago here > https://github.com/python/cpython/pull/24271 ,

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Ken Jin added the comment: Adam, I linked a PR 2 days ago here https://github.com/python/cpython/pull/24271 , it has the test suite passing and the appropriate changes to cgi.py. Would you like to review it? Or since you submitted a PR, would you prefer I close mine instead? --

[issue42967] [security] urllib.parse.parse_qsl(): Web cache poisoning - `; ` as a query args separator

Change by Adam Goldschmidt : -- pull_requests: +23120 pull_request: https://github.com/python/cpython/pull/24297 ___ Python tracker ___

[issue42996] hashlib documentation references an obsolete RFC 2898

miss-islington added the comment: New changeset b745a6143ae79efe00aa46affe5ea31a06b0b532 by Illia Volochii in branch 'master': bpo-42996: Update a reference to PKCS #5 in hashlib docs to version 2.1 (GH-24289) https://github.com/python/cpython/commit/b745a6143ae79efe00aa46affe5ea31a06b0b532

[issue42955] Add sys.module_names: list of stdlib module names (Python and extension modules)

STINNER Victor added the comment: Another potential use case: restrict pydoc web server to stdlib modules, see bpo-42988. -- ___ Python tracker ___

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: > Python's http.server at least warns about this in the docs: > https://docs.python.org/3/library/http.server.html > and limits the serving to the current dir (and subdirs). I would be fine with a warning in the pydoc documentation, but I dislike warnings

[issue42990] Improve the C code for calling Python code: _PyEval_EvalCode()

Change by STINNER Victor : -- title: Improve the C code for calling Python code -> Improve the C code for calling Python code: _PyEval_EvalCode() ___ Python tracker ___

[issue42990] Improve the C code for calling Python code

STINNER Victor added the comment: PyObject * _PyEval_EvalCode(PyThreadState *tstate, PyObject *_co, PyObject *globals, PyObject *locals, PyObject *const *args, Py_ssize_t argcount, PyObject *const *kwnames, PyObject *const *kwargs, Py_ssize_t

[issue43001] python3.9.1 test_embed test_tabnanny failed

New submission from Alexei S : == Tests result: FAILURE then FAILURE == 396 tests OK. 2 tests failed: test_embed test_tabnanny 27 tests skipped: test_bz2 test_curses test_dbm_gnu test_dbm_ndbm test_devpoll test_gdb test_idle test_ioctl test_kqueue test_lzma test_msilib

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

STINNER Victor added the comment: Fidget-Spinner wrote on the PR: > AFAIK no. However, pydoc currently works by calling inspect on files it sees > in path, and this may reveal private code as Marc-Andre Lemburg pointed out > on the bpo. I will try the random url token he suggested via >

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

Serhiy Storchaka added the comment: Why not limit the serving to sys.path? -- nosy: +serhiy.storchaka ___ Python tracker ___ ___

[issue42985] AMD64 Arch Linux Asan 3.x fails: command timed out: 1200 seconds without output

STINNER Victor added the comment: For faulthandler.enable(), maybe we reset SIGSEGV signal handler to the default handler if __has_feature(address_sanitizer) is true: https://clang.llvm.org/docs/AddressSanitizer.html#conditional-compilation-with-has-feature-address-sanitizer But we cannot do

[issue41798] [C API] Revisit usage of the PyCapsule C API with multi-phase initialization API

STINNER Victor added the comment: New changeset 2f12a1b7ecc9e0cf39b4c6994473e6cb9989f81b by Hai Shi in branch 'master': bpo-41798: Allocate the _curses._C_API on the heap memory (GH-24186) https://github.com/python/cpython/commit/2f12a1b7ecc9e0cf39b4c6994473e6cb9989f81b --

[issue42988] Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

Marc-Andre Lemburg added the comment: On 22.01.2021 01:28, STINNER Victor wrote: > > STINNER Victor added the comment: > >> I'd suggest to print a big warning on the console, explaining that the web >> server will potentially make all content accessible by the user visible to >> anyone

[issue27477] IDLE: Switch search dialogs to ttk widgets, and other refinement

Terry J. Reedy added the comment: #33987 was reopened, 4 patches merged and backported, and reclosed. This is only open for other possible refinements listed above. -- ___ Python tracker

[issue43000] All SSL requests fail with WRONG_VERSION_NUMBER when a packet sniffer is open

Christian Heimes added the comment: I'm not familiar with Telerik Fiddler and don't have access to the tool. From the description on its Wikipedia page, it sounds like the tool is an active interceptor that uses a man-in-the-middle attack approach. Python's ssl module wraps OpenSSL. All