Rémi Rampin added the comment:
Here it goes
- Clarified that _proxy suffix should be lowercase
- Indented ..note: blocks under function/class
--
Added file: http://bugs.python.org/file43944/python-3.5-httpoxy.patch
___
Python tracker <
Changes by Rémi Rampin <remiram...@gmail.com>:
Added file: http://bugs.python.org/file43943/python-2.7-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file: http://bugs.python.org/file43801/python-3.5-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file: http://bugs.python.org/file43800/python-2.7-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Rémi Rampin added the comment:
I was away for a bit, I will make the requested changes tonight.
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file: http://bugs.python.org/file43796/python-2.7-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file: http://bugs.python.org/file43797/python-3.5-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Added file: http://bugs.python.org/file43801/python-3.5-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Rémi Rampin added the comment:
- Added CVE number
- Link to full note on getproxies() doc
- Improved comment on uppercase (lowercase will be preferred to mIxED_case too)
--
Added file: http://bugs.python.org/file43800/python-2.7-httpoxy.patch
Changes by Rémi Rampin <remiram...@gmail.com>:
Added file: http://bugs.python.org/file43797/python-3.5-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Added file: http://bugs.python.org/file43796/python-2.7-httpoxy.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file:
http://bugs.python.org/file43779/python-2.7-httpoxy-mitigation.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Removed file:
http://bugs.python.org/file43780/python-3.5-httpoxy-mitigation.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Rémi Rampin added the comment:
I am willing to work on documentation and tests if there is an interest in the
patch.
On Windows, if REQUEST_METHOD is set, it is probably safe to assume that HTTP_*
variables come from the web server: setting this variable is not the way we set
a proxy
Changes by Rémi Rampin <remiram...@gmail.com>:
--
keywords: +patch
Added file: http://bugs.python.org/file43779/python-2.7-httpoxy-mitigation.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
Changes by Rémi Rampin <remiram...@gmail.com>:
Added file: http://bugs.python.org/file43780/python-3.5-httpoxy-mitigation.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python
New submission from Rémi Rampin:
https://httpoxy.org/
It is possible to set the HTTP_PROXY in CGI scripts by passing the Proxy
header. If the script is a Python script and downloads files, urllib will
happily use the attacker-supplied proxy to make requests.
This should be mitigated like
Changes by Rémi Rampin remiram...@gmail.com:
--
nosy: +remram
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue24251
___
___
Python-bugs-list mailing
Rémi Rampin added the comment:
To me this is much more than a compatibility problem. The way it worked before
made a lot of sense, and just felt like the correct solution to accept a flag
in multiple places.
Having a --verbose flag is something everybody should consider (Python has a
decent
Changes by Rémi Rampin remiram...@gmail.com:
--
nosy: +remram
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue9351
___
___
Python-bugs-list mailing
Rémi Rampin added the comment:
It looks like the previous comments were addressed in the latest patch. Is this
still planned for 3.5? Alpha 1 is next week according to PEP478.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org
Changes by Rémi Rampin remiram...@gmail.com:
--
nosy: +remram
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14910
___
___
Python-bugs-list mailing
Rémi Rampin added the comment:
I might use your workaround in ReproZip
(https://github.com/ViDA-NYU/reprozip/issues/89), thanks. I agree that it
doesn't look pretty...
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23058
New submission from Rémi Rampin:
This works correctly on Python 3.4.
On Python 2.7, argparse seems to completely and silently ignore arguments in
some conditions, for instance this setup will cause --verbose to be ignored on
the main parser:
options = argparse.ArgumentParser(add_help
Rémi Rampin added the comment:
Interestingly, this worked before my upgrade 2.7.8 - 2.7.9.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue23058
New submission from Rémi Rampin:
warnings._processoptions is called very early, before site-packages are
enabled. Because of this, using a non-standard 'category' will almost certainly
fail with the message:
Invalid -W option ignored: invalid module name: '...'
The -W option would
Rémi Rampin added the comment:
It already does auto-import, but it does it before site-packages are set up,
meaning that it fails in any practical setup.
See _getcategory(), called by _processoptions():
https://hg.python.org/cpython/file/b15c5a66213f/Lib/warnings.py#l148
New submission from Rémi Rampin:
While this is obviously a programming error, distutils currently has no check
for the 'sources' list being empty, which might or might not result in a
self-explanatory error message once the CCompiler's link() method is called
(the exact error depends
28 matches
Mail list logo
