[issue2004] tarfile extractall() allows local attacker to overwrite files while extracting
Martin v. Löwis added the comment: Lars, can you take a look? -- assignee: - lars.gustaebel nosy: +lars.gustaebel, loewis __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2004 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1976] pybsddb leak in using cursors
Gregory P. Smith added the comment: Fix committed as r60544 in trunk and r60545 in release25-maint. i assume it'll be merged into py3k in the regular py3k merge sweeps. -- resolution: - accepted status: open - closed versions: +Python 2.5, Python 2.6 __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1976 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2003] Incorrect definition of new-style class
Georg Brandl added the comment: Thanks for the delightful analysis! Fixed in r60550 :) -- nosy: +georg.brandl resolution: - fixed status: open - closed __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2003 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2002] Make int() fall back to trunc()
Jeffrey Yasskin added the comment: There is also part of this patch that touches classobject.c but I'm not yet sure what the visible effect of that change would be or what the change was hoping to accomplish. All classic classes take the (m m-nb_int) branch, so without the change to classobject.c, they'd never hit the fallback to __trunc__. The unfortunate side-effect is that when you call int() or long() on a classic class without the right methods, you get an AttributeError complaining about __trunc__ instead of about __int__. Since long() already mistakenly complained about __int__, I didn't consider this a showstopper, but it should be possible to fix if you want. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2002 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1692335] Fix exception pickling: Move initial args assignment to BaseException.__new__
Martin v. Löwis added the comment: I tested exception_pickling_25.diff, and it may break existing code. In 2.5.1, Exception(Hello,4).__reduce__() gives (type 'exceptions.Exception', ('Hello', 4)) With the patch, it gives TypeError: can't pickle Exception objects IMO, that is an unacceptable change for a bugfix release. Aside: please give unique file names to the patches, or remove patches if you want to replace a previous patch. -- nosy: +loewis _ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1692335 _ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2005] posixmodule expects sizeof(pid_t/gid_t/uid_t) = sizeof(long)
New submission from Christian Heimes: The posix module except that a pid_t, uid_t and gid_t always fit into a long or can be parsed by i. On some OSes and combination of 64bit typess and 32bit long it's an invalid assumption. The code should use long long where available or at least do some overflow checks. See r1983 -- components: Extension Modules keywords: easy messages: 62026 nosy: tiran priority: normal severity: normal status: open title: posixmodule expects sizeof(pid_t/gid_t/uid_t) = sizeof(long) type: behavior versions: Python 2.6, Python 3.0 __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2005 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2004] tarfile extractall() allows local attacker to overwrite files while extracting
Changes by Christian Heimes: -- priority: - high versions: +Python 2.6, Python 3.0 __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2004 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2001] Pydoc interactive browsing enhancement
Changes by Giampaolo Rodola': -- nosy: +giampaolo.rodola __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2001 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1941] 2.6 stdlib using with statement
Benjamin Peterson added the comment: I could break this patch into per-module patches. Then as authors approved them, they could gradually be committed. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1941 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1682] Move Demo/classes/Rat.py to Lib/rational.py and fix it up.
Guido van Rossum added the comment: FWIW, if Rational(Decimal(...)) is to be accepted, then Decimal(Rational(...)) should also be accepted, and arguably mixed binary operations as well (Rational(...) + Decimal(...) etc.). -- assignee: gvanrossum - jyasskin __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1682 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2002] Make int() fall back to trunc()
Raymond Hettinger added the comment: Go for it. -- assignee: gvanrossum - jyasskin resolution: - accepted __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2002 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1682] Move Demo/classes/Rat.py to Lib/rational.py and fix it up.
Raymond Hettinger added the comment: I would rather drop it than see that mess. FWIW, there is a difference. Rational(Decimal(...)) takes place without reference to a decimal.Context and is always lossless. In contrast, Decimal(Rational(...)) is context sensitive (the division is subject to rounding and precision limits) and is typically lossy as would be the case with Decimal(Rational(1, 3)) which like most rationals cannot be exactly represented in Decimal. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1682 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2002] Make int() fall back to trunc()
Guido van Rossum added the comment: Guido, are these basically the mechanics you intended? All calls to PyNumber_Int() and PyNumber_Long() attempt the usual path and if those would fail, it tries __trunc__ if it exists and coerces the result of that call back to an int or long. Yes, that's exactly what I suggested. The logic looks basically correct, but I'm not sure what it buys us since the returned Integral has to be converted back to an int or long anyway. Unless it's already an int or long. I would expect a type that wants to play along with the ABCs defined in numbers.py will define __trunc__ and not __int__ (since the latter isn't part of the ABC) but it would have to be a pretty esoteric type not to return an int or long. On the plus side, it does not slow down the common case where PyNumber_Int() and PyNumberLong() would ordinarily succeed. Great -- so no penalty for builtin types. An alternative to this patch would be to have math.trunc() try to return __trunc__() and if it doesn't exist, fallback to __int__. That avoids having arbitrary Integrals forced back into ints/longs, but it may not be what you guys were after. Definitely not -- that would imply that math.trunc(42) would return the integer 42! Either way will allow a user to define a __trunc__() method and have math.trunc() return an arbitrary Integral, not necessarily and int or long. Correct, and that's as intended. There is also part of this patch that touches classobject.c but I'm not yet sure what the visible effect of that change would be or what the change was hoping to accomplish. Looks like Jeffrey expained that already. __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2002 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2002] Make int() fall back to trunc()
Jeffrey Yasskin added the comment: Submitted as r60566. -- status: open - closed __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2002 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2006] asyncore loop lacks timers and work tasks
Bill Janssen added the comment: Looks like Giampaolo has already submitted a patch for part of this, in http://bugs.python.org/issue1641 -- nosy: +giampaolo.rodola, josiahcarlson __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2006 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue909005] asyncore fixes and improvements
Bill Janssen added the comment: I should point out that I'm doing a big project with SSL and Python, using Medusa, and asyncore. I've been re-working the 2.6 and 3.x SSL support (with guidance from Giampolo :-) so that true async capability is possible for SSL. -- nosy: +janssen Tracker [EMAIL PROTECTED] http://bugs.python.org/issue909005 ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2006] asyncore loop lacks timers and work tasks
New submission from Bill Janssen: I've been reading asyncore lately, and feel that it's showing its age. Most loops of this sort (we developed something similar for ILU, about 15 years ago) contain handlers for timers and work tasks, in addition to input handling. For timers, typically there's a list of tasks and times, often with a repeat period. A system timer is set to the time of the next task to fire, and the select() loop is exited when it fires. The loop handler then looks down the list of timer tasks, and executes those ready to run. Similarly, most loops of this sort include a list of work tasks, and a policy for executing them, such as take one task from the front of the list and run it, then do the select. This allows background tasks to get run that don't have associated input or output fds. -- components: Library (Lib) messages: 62034 nosy: janssen severity: normal status: open title: asyncore loop lacks timers and work tasks type: behavior versions: Python 2.6 __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue2006 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1953] Compact int and float freelists
Neal Norwitz added the comment: I think sys is appropriate for clearing the cache. Lib/test/regrtest.py still has a reference to gc rather than sys. Why do the CompactFreeList APIs return an int that is always 0? Seems like they should return a real value or be void. I'm not sure why you changed the functions to keep a block_list_length. I doubt this API would be requested very often. Seems like it would be better to just calculate when necessary (or perhaps not even add the APIs). The only issue I have with the patch is the casting in the printf calls. These can lose information. On Win64, long is 32-bits, but size_t is 64-bits. See PY_FORMAT_SIZE_T in Include/pyport.h for how to handle this. -- assignee: nnorwitz - tiran resolution: - accepted __ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1953 __ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue1750076] Python 2.5+ skips while statements in debuggers
Neal Norwitz added the comment: I was hoping you could get rid of my entire hack. I didn't (still don't) completely understand the intention of the code, so can't really offer any more advice. IMO, the patch is an improvement so you should check it in. -- assignee: nnorwitz - amaury.forgeotdarc resolution: - accepted _ Tracker [EMAIL PROTECTED] http://bugs.python.org/issue1750076 _ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com