New submission from Ryan Lortie:
http://bugs.python.org/file19849/mkdirs.tr.diff introduced a patch with this
code in it:
+def _get_masked_mode(mode):
+mask = umask(0)
+umask(mask)
+return mode ~mask
This changes the umask of the entire process. If another thread manages to
Steve Holden added the comment:
Is a fix really required? Are we really supposed to protect programmers from
their own folly by second-guessing when constant folding might be required and
when it might not? How is hte interpreter supposed to know the function isn't
called?
The simple
Ned Deily added the comment:
The issue associated with the patch in question is Issue9299. Adding possibly
affected releases and release managers for evaluation.
--
keywords: +security_issue
nosy: +georg.brandl, larry, ned.deily
priority: normal - high
versions: +Python 3.2, Python
STINNER Victor added the comment:
Is a fix really required?
Yes.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21074
___
___
Python-bugs-list
Georg Brandl added the comment:
yes, this seems bad enough for inclusion in security releases.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
Changes by STINNER Victor victor.stin...@gmail.com:
--
nosy: +haypo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Python-bugs-list
STINNER Victor added the comment:
http://bugs.python.org/file19849/mkdirs.tr.diff
This patch comes from issue #9299: changeset 89cda0833ba6 made in Python 3.2
beta 1. The change was not backported to Python 2.7.
--
___
Python tracker
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: _get_masked_mode in os.makedirs() is a serious security problem -
os.makedirs() is not thread-safe: umask is set temporary to 0, serious security
problem
___
Python tracker
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: os.makedirs() is not thread-safe: umask is set temporary to 0, serious
security problem - os.makedirs(exist_ok=True) is not thread-safe: umask is set
temporary to 0, serious security problem
STINNER Victor added the comment:
The shell command umask calls umask(022) to get the current umask, and then
call umask() with result of the first call.
022 is the default umask, it's probably safer to call umask(0o22) in
_get_masked_mode() instead of umask(0).
Attached patch makes this
Antoine Pitrou added the comment:
I think the behaviour that an error is raised if the permissions are not the
same is a nuisance that does not correspond to actual use cases (*). People who
care about permissions so much that they expect an error can do the check
themselves, or call chmod().
Antoine Pitrou added the comment:
(note that Victor's patch is of course not an actual fix, only a mitigation; if
someone is relying on a stricter umask they will still be vulnerable to this)
--
___
Python tracker rep...@bugs.python.org
Nick Coghlan added the comment:
This seems to be working on the buildbots for 3.5 now (buildbot failures appear
to be due to other issues).
However, I'd still like to discuss the idea of backporting this to 3.4.1.
From a Fedora point of view, it's still *very* easy to flip an environment
INADA Naoki added the comment:
For example. I want to write test like this:
@unittest.skip(This test requires huge memory)
def test_largebuf():
client = self.create_client()
data = b'x' * (2**32 - 1)
client.send(data)
--
___
Python
Antoon Pardon added the comment:
I included a patch (against 2.7) that seems to make the test work.
The patch prohibits the delim group to match a space.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17829
Marc-Andre Lemburg added the comment:
Some comments:
* Please provide some background information how widely the encoding is used. I
get less than 1000 hits in Google when looking for TCVN 5712:1993. Now, the
encoding was a standard in Vietnam, but it has been updated in 1999 to TCVN
Marc-Andre Lemburg added the comment:
Retargeting to 3.5, since all other releases don't allow addition of new
features.
--
versions: +Python 3.5 -Python 2.7, Python 3.2
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21081
STINNER Victor added the comment:
I think the behaviour that an error is raised if the permissions are not the
same is a nuisance that does not correspond to actual use cases (*).
I was also surprised that makedirs() checks for the exact permission.
We can probably document that
STINNER Victor added the comment:
For example. I want to write test like this:
@unittest.skip(This test requires huge memory)
There is @test.support.bigmemtest(size=_2G, memuse=1) decorator which
is more convinient than the skip decorators. See
Lib/test/test_bigmem.py.
You can use
New submission from Brandon Rhodes:
Content-Disposition is an optional header field. In its absence, the MUA may
use whatever presentation method it deems suitable. — RFC 2183
The email.message.Message class should gain a get_content_disposition() method
with the three possible return values
Brandon Rhodes added the comment:
Thanks — done! http://bugs.python.org/issue21083
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21079
___
___
New submission from wjssz:
When open a file with characters above the range (U+-U+), IDLE quit
without any report. For example, open this file \Lib\test\test_re.py
The below is Traceback info, the last line tells the reason. I just hope IDLE
say something before quit, so we can know
wjssz added the comment:
When open a file with characters above the range (U+-U+), IDLE quit
without any report. For example, open this file C:\Python33\lib\test\test_re.py
The below is Traceback info, the last line tells the reason. I just hope IDLE
say something before quit, so we
Ezio Melotti added the comment:
See #13153.
--
nosy: +ezio.melotti, serhiy.storchaka
resolution: - duplicate
status: open - pending
type: crash - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21084
Jean Christophe André added the comment:
* Please provide some background information how widely the encoding is used.
I get less than 1000 hits in Google when looking for TCVN 5712:1993.
Here is the background for the need for this encoding.
The recent laws[0] in Vietnam have set TCVN
Giampaolo Rodola' added the comment:
(replying here 'cause rietveld keeps giving me an exception when I submit a
reply)
On 2014/03/28 00:49:47, haypo wrote:
http://bugs.python.org/review/21076/diff/11457/Lib/signal.py
File Lib/signal.py (right):
Marc-Andre Lemburg added the comment:
Thanks for your answers. I think the best way forward would be to some
up with an official encoding map of the TCVN 5712:1999 encoding,
translate that into a format that gencodec.py can use and then
add the generated codec to Python 3.5.
We can then add the
Brett Cannon added the comment:
New version based on Eric's review.
--
Added file: http://bugs.python.org/file34650/no_frozen__file__.diff
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20942
Brett Cannon added the comment:
It actually does break backwards-compatibility as an attribute will disappear
on frozen modules for anyone who uses the imp API. While the chances of
actually breaking someone's code is very small, there is still a chance. But
I'm only -0 on backporting so
Changes by Remi Pointel pyt...@xiri.fr:
--
nosy: +rpointel
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Python-bugs-list mailing
Changes by Barry A. Warsaw ba...@python.org:
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20895
___
___
Python-bugs-list mailing
Boštjan Mejak added the comment:
I would say go for it. I don't think anyone's code would break.
Anyway, if people see that something in the new version of Python breaks their
code, they down-grade; otherwise they read the changelog and fix their code
accordingly. So no worries here. :)
New submission from dellair jie:
Folks,
Is Cygwin supported by Python? We met the following error when compiling Python
3.3.2 on Cygwin 1.7.17:
gcc -c -Wno-unused-result -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes
-I. -IInclude -I./Include-DPy_BUILD_CORE -o Modules/main.o
Changes by Benjamin Peterson benja...@python.org:
--
priority: high - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Giampaolo Rodola' added the comment:
New patch in attachment provides 3 enum containers and overrides all the
necessary signal module APIs so that they interoperate with enums on both get
and set.
I decided *not* to rename signamodule.c to _signamodule.c in this patch so that
it is easier to
Andreas Schwab added the comment:
342 tests OK.
2 tests altered the execution environment:
test_site test_warnings
33 tests skipped:
test_codecmaps_cn test_codecmaps_hk test_codecmaps_jp
test_codecmaps_kr test_codecmaps_tw test_curses test_dbm_gnu
test_dbm_ndbm test_devpoll
Changes by Morten Z morten...@gmail.com:
Added file: http://bugs.python.org/file34652/hello_win.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21086
___
dellair jie added the comment:
We've found a workaround to handle the timestr manually.
Thanks,
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20163
___
dellair jie added the comment:
Victor,
I did do ./configure, without any parameters. Should I use it with
--without-signal-module option? Will all signals be disabled if this option
is specified?
From Python document, it mentions Windows support the following signals:
signal.SIGINT,
STINNER Victor added the comment:
./Modules/signalmodule.c:745:5: error: ‘siginfo_t’ has no member named
‘si_band’
This code is conditional, it is surrounded by:
#if defined(HAVE_SIGWAITINFO) || defined(HAVE_SIGTIMEDWAIT)
Does Windows support sigwaitinfo() or sigtimedwait()? I would be
R. David Murray added the comment:
cygwin is not officially supported. We do accept patches that improve cygwin
support when they are narrowly targted and well motivated.
--
nosy: +r.david.murray
___
Python tracker rep...@bugs.python.org
anon added the comment:
From what I can tell it's fairly easy to just add bits_at to int.
Indeed something like a mutable int type might be nice but that's really
outside the scope of this. And adding bits_at to int would still be desirable
anyway.
--
Jean Christophe André added the comment:
I will prepare the official encoding map(s) based on the standard(s).
I'll also have to check which encoding correspond to my current encoding map,
since this is the one useful in real life.
Please also provide a patch for the documentation
I
Eric Snow added the comment:
Latest patch LGTM.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20942
___
___
Python-bugs-list mailing list
Eric Snow added the comment:
As I've thought about it, I've gone from -0 to +1 on applying this to both 3.4
and 3.5. The bug and fix should impact very little* code. In fact, I doubt
anyone would have noticed if Nick hadn't. :) It would be nice to have this
right in 3.4.
* Effectively
Changes by Terry J. Reedy tjre...@udel.edu:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Python-bugs-list
Boštjan Mejak added the comment:
This patch can easily be incorporated into Python 3.4.1. It doesn't break
backwards compatibility.
--
nosy: +Zvezdoslovec
versions: +Python 3.4
___
Python tracker rep...@bugs.python.org
Terry J. Reedy added the comment:
In the thread that started here
https://mail.python.org/pipermail/python-dev/2014-March/133492.html
in this message.
https://mail.python.org/pipermail/python-dev/2014-March/133671.html
Josiah Carlson posted a pastebin link about how to actually use the pipes.
New submission from Eric Snow:
While reviewing code[1] for issue 20942, I noticed that when someone uses
imp.frozen_init[2], the module is removed from sys.modules in some error cases.
However, this should not be done when the module already exists (e.g. reload).
As Brett pointed out in his
Eric Snow added the comment:
The only concrete example I can think of that would be impacted is using PJE's
lazy loader on a frozen module, and even that is unlikely to trigger the error
case.
--
nosy: +pje
___
Python tracker rep...@bugs.python.org
Boštjan Mejak added the comment:
I'm setting Python 3.4 to also be affected by this issue. Thank you, Brett, for
making the patch. I hope this gets commited soon.
--
versions: +Python 3.4
___
Python tracker rep...@bugs.python.org
Roman O. Vlasov added the comment:
To reproduce the 100% CPU load problem, we used a simple python TLS client on
separate linux PC with Traffic control utility (tc):
tc qdisc change dev eth0 root netem delay 5000ms
After in-depth analyzing, we realized that _ssl.c behaves differently
Antoine Pitrou added the comment:
How come OpenSSL returns SSL_ERROR_WANT_READ if the socket is blocking?
Perhaps Windows returns a non-blocking socket for accept()?
Have you tried with Python 3?
--
nosy: +giampaolo.rodola
type: resource usage - behavior
Terry J. Reedy added the comment:
https://mail.python.org/pipermail/python-dev/2014-March/133641.html
from Victor Stinner gives example code using asyncio
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18823
Antoine Pitrou added the comment:
Possibly it should be done for all ssl APIs returning a constant. Are there
others?
There's SSLContext.verify_mode, but it simply mirrors the configuration chosen
by the user.
--
___
Python tracker
Giampaolo Rodola' added the comment:
Updated patch following Victor's suggestions is in attachment.
--
Added file: http://bugs.python.org/file34655/signals4.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21076
Eric Snow added the comment:
Martin: are you okay with Claudiu's latest patch?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19714
___
___
New submission from Masayuki Yamamoto:
There is a test code that is RB characters display on screen. I expected
displaying R to right, and displaying B to bottom. It was run as expected
in Python 2.7.3 and 3.2.3 on Cygwin.
But they were displayed reverse in Python 3.4.0. And when addch()
New submission from Eric Snow:
In Python/sysmodule.c (_PySys_Init), the SET_SYS_FROM_STRING_BORROW macro is
created right next to SET_SYS_FROM_STRING. However, while SET_SYS_FROM_STRING
is unset at the end of _PySys_Init, SET_SYS_FROM_STRING_BORROW is not unset.
I expect that it should be.
R. David Murray added the comment:
Hmm. This might be related to issue 20731?
--
nosy: +r.david.murray
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21086
___
Morten Z added the comment:
Yes, sounds like a duplicate of http://bugs.python.org/issue20731
But with the fix applied 2014-03-01, is the bug expected to be in 3.4 released
2014-03-17 ?
--
___
Python tracker rep...@bugs.python.org
Ned Deily added the comment:
It looks like the arguments were inadvertently swapped during the conversion to
Argument Clinic. The Library Reference doc says:
window.addch(y, x, ch[, attr])
but the Argument Clinic docstring for 3.4.0 says:
Help on built-in function addch:
addch(...) method
Changes by Ned Deily n...@acm.org:
--
keywords: +3.4regression
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21088
___
___
Python-bugs-list
Larry Hastings added the comment:
That's my fault. That conversion was done at a time when there were a lot
fewer eyes looking at AC.
It should obviously be fixed, and a test added to the regression test suite.
It'd also be nice if running the curses test didn't make reading the result
Eric Snow added the comment:
Here's a basic patch. It introduces __main__ in import.rst and then identifies
the cases where __spec__ is set to None or otherwise.
There are a few :ref: links to labels on other pages that I had trouble with.
I'll address those when I put up a new draft after
Changes by koobs koobs.free...@gmail.com:
--
nosy: +koobs
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Python-bugs-list mailing
Eric Snow added the comment:
A related addition (Lib/test/test_importlib/test_api.py -
test_reload_namespace_changed):
changeset: 86819:88c3a1a3c2ff3c3ab3f2bd77f0d5d5e5c1b37afa
parent: 86816:13a05ed33cf7
user:Eric Snow ericsnowcurren...@gmail.com
date:Thu Oct 31 22:22:15
Terry J. Reedy added the comment:
I just pulled and recompiled and got makefile error messages that I do not
remember seeing:
13EXEC : error : ..\..\tix-8.4.3.4 doesn't exist.
13C:\Program Files
(x86)\MSBuild\Microsoft.Cpp\v4.0\Microsoft.MakeFile.Targets(38,5): error
MSB3073: The command
Raymond Hettinger added the comment:
Special cases aren't special enough to break the rules.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21074
___
Raymond Hettinger added the comment:
FWIW, I concur with Steve Holden and recommend closing this.
It would be ashamed to hack-up constant-folding to handle an arcane case of an
uncalled function that does space intensive constant operation.
--
assignee: - rhettinger
nosy: +rhettinger
Terry J. Reedy added the comment:
Raymond, what I think you meant is that in 2.x, 'True' is a builtin name that
can be shadowed by a user assignment True = 'not true' whereas in 3.x it is a
keyword name like None that cannot be changed (None = 'some' fails even in
2.7).
I checked and the
Guido van Rossum added the comment:
For anyone watching this still, the fix introduced in this issue caused a
security vulnerability, see http://bugs.python.org/issue21082 .
--
nosy: +gvanrossum
___
Python tracker rep...@bugs.python.org
New submission from ivank:
I intentionally corrupted a zpool to induce an I/O error in a file, in this
case, /usr/lib/x86_64-linux-gnu/gconv/IBM1390.so
# ls -l /usr/lib/x86_64-linux-gnu/gconv/IBM1390.so
-rw-r--r-- 1 root root 231,496 2014-03-24 06:26
/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so
Zachary Ware added the comment:
Terry J. Reedy added the comment:
I just pulled and recompiled and got makefile error messages that I do not
remember seeing:
13EXEC : error : ..\..\tix-8.4.3.4 doesn't exist.
This is the output of this line:
snip 7 lines
13C:\Program Files
Changes by Florent Xicluna florent.xicl...@gmail.com:
--
nosy: +flox
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21082
___
___
Python-bugs-list
Steve Holden added the comment:
How about: A simple JSON decoder that converts between JSON string
representations and Python data structures?
--
nosy: +holdenweb
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19871
Steve Holden added the comment:
This is an easy issue?
--
nosy: +holdenweb
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20098
___
___
Roundup Robot added the comment:
New changeset c88a7c38eb0d by Benjamin Peterson in branch '3.4':
undefine SET_SYS_FROM_STRING_BORROW after its done being used (closes #21089)
http://hg.python.org/cpython/rev/c88a7c38eb0d
New changeset c73b71363d4c by Benjamin Peterson in branch 'default':
Nick Coghlan added the comment:
Yeah, as noted in my original comment, +0 for it's just a bug from me, as it
was a quirk of the way this particular frozen module is initialised.
--
___
Python tracker rep...@bugs.python.org
Ethan Furman added the comment:
Downside to this patch (stoneleaf.01) is that custom AttributeErrors raised in
__getattr__ are overridden, which is a pretty severe regression.
--
___
Python tracker rep...@bugs.python.org
Changes by Ethan Furman et...@stoneleaf.us:
Removed file: http://bugs.python.org/file34648/issue1615.stoneleaf.01.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1615
___
Changes by Ethan Furman et...@stoneleaf.us:
--
Removed message: http://bugs.python.org/msg215091
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1615
___
Ethan Furman added the comment:
Downside to this patch (stoneleaf.02) is that custom AttributeErrors raised in
__getattr__ are overridden, which is a pretty severe regression.
(Removed, renamed, and reloaded patch.)
--
Added file:
Nick Coghlan added the comment:
Looks like a reasonable general structure to me.
For label references, you don't want to include the leading underscore - that's
part of the label syntax, not the label itself.
--
___
Python tracker
Eric Snow added the comment:
Thanks, Benjamin.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue21089
___
___
Python-bugs-list mailing list
Nick Coghlan added the comment:
Bringing over Barry's suggestion from the current python-ideas thread [1]:
@classmethod
def fill(cls, length, value=0):
# Creates a bytes of given length with given fill value
[1]
Roundup Robot added the comment:
New changeset deb71529aad1 by Raymond Hettinger in branch '3.4':
Issue 21014: Use booleans instead of 0 and 1 in examples.
http://hg.python.org/cpython/rev/deb71529aad1
--
nosy: +python-dev
___
Python tracker
Eric Snow added the comment:
That did the trick, Nick. I swear there's always something I forget about
ReST. :)
Otherwise do you have any objections to the patch? I imagine there's more we
could put in the section (for language spec purposes), but I figure what I have
there is good enough
Nick Coghlan added the comment:
is some cases is a typo, but otherwise, yeah, may as well commit this so the
website gets updated while we decide what else (if anything) we want to cover.
--
___
Python tracker rep...@bugs.python.org
Raymond Hettinger added the comment:
Samuel, thanks for the patch. And, Terry, thanks for looking at it.
Applied the first two changes to 3.4 and 3.5. Skipped, the third suggested
change in introduction.rst. That was not a boolean example, it was just the
number 1 in a section about how
Roundup Robot added the comment:
New changeset 21d8222b667f by Eric Snow in branch 'default':
Issue #19697: Document cases where __main__.__spec__ is None.
http://hg.python.org/cpython/rev/21d8222b667f
--
nosy: +python-dev
___
Python tracker
Roundup Robot added the comment:
New changeset 4972475ae2e7 by Eric Snow in branch '3.4':
Issue #19697: Document cases where __main__.__spec__ is None.
http://hg.python.org/cpython/rev/4972475ae2e7
--
___
Python tracker rep...@bugs.python.org
Eric Snow added the comment:
Wish I had done that in the opposite direction. Anyway, thanks Nick.
--
resolution: - fixed
stage: test needed - committed/rejected
status: open - closed
versions: +Python 3.5
___
Python tracker rep...@bugs.python.org
Josh Rosenberg added the comment:
Why would we need bytes.fill(length, value)? Is b'\xVV' * length (or if value
is a variable containing int, bytes((value,)) * length) unreasonable?
Similarly, bytearray(b'\xVV) * length or bytearray((value,)) * length is both
Pythonic and performant. Most
New submission from Brandon Rhodes:
I love properties and think they should be everywhere. But consistency is more
important, so I suspect that EmailMessage.is_attachment should be demoted to a
normal method. Why? Because if it remains a property then I am likely to first
write:
if
Changes by Chris Rebert pyb...@rebertia.com:
--
nosy: +cvrebert
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19837
___
___
Python-bugs-list
Changes by Chris Rebert pyb...@rebertia.com:
--
nosy: +cvrebert
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17909
___
___
Python-bugs-list
Changes by Chris Rebert pyb...@rebertia.com:
--
nosy: +cvrebert
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10976
___
___
Python-bugs-list
R. David Murray added the comment:
Also, to me 'fill' implies something is being filled, not that something is
being created.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20895
___
New submission from Chris Rebert:
Python 3.3.4 (default, Feb 21 2014, 18:00:34)
[GCC 4.2.1 Compatible Apple LLVM 5.0 (clang-500.2.79)] on darwin
Type help, copyright, credits or license for more information.
from json import dumps
dumps({True: True, False: False, None: None, 42: 42})
'{false:
1 - 100 of 114 matches
Mail list logo