Re: Contributing to cpython

2022-12-06 Thread Thomas Passin 

On 12/6/2022 11:18 PM, ramvikram singh wrote:

the issue is that after reading the issue I am not able to think how to
modify the code, this is where I am stuck

On Wed, Dec 7, 2022 at 1:54 AM ramvikram singh 
wrote:


Greetings,
I learnt python this year and visiting the python issue tab for the last
two months, but there is a problem which I am facing I understand the issue
after reading the few times but I can't think about how to modify the code
as per the issue. Could you please help me with this?



No one can help you because you have said nothing about the issue.  It 
is as if I were to write "I am having a problem with my car.  Can you 
help me?". And before you can think about modifying the code, you need 
to understand what the issue is, why it is happening, how that could be 
changed, and why that would be a safe kind of change to make. After 
that, you would be prepared to think about details of the code.  And 
that thinking would need to include ways in which you could verify that 
you can make the problem occur and how you can test to make sure that it 
is fixed after changes to the code.


--
https://mail.python.org/mailman/listinfo/python-list

Re: How to convert a raw string r'\xdd' to '\xdd' more gracefully?

2022-12-06 Thread Thomas Passin 

On 12/6/2022 9:23 PM, Jach Feng wrote:

s0 = r'\x0a'
At this moment it was done by

 def to1byte(matchobj):
 return chr(int('0x' + matchobj.group(1), 16))
 s1 = re.sub(r'\\x([0-9a-fA-F]{2})', to1byte, s0)

But, is it that difficult on doing this simple thing?

--Jach


I'm not totally clear on what you are trying to do here.  But:

s1 = r'\xdd'  # s1[2:] = 'dd'
n1 = int(s1[2:], 16)  # = 221 decimal or 0xdd in hex
# So
chr(n1) == 'Ý'  # True
# and
'\xdd' == 'Ý' # True

So the conversion you want seems to be chr(int(s1[2:], 16)).

Of course, this will only work if the input string is exactly four 
characters long, and the first two characters are r'\x', and the 
remaining two characters are going to be a hex string representation of 
a number small enough to fit into a byte.


If you know for sure that will be the case, then the conversion above 
seems to be about as simple as it could be.  If those conditions may not 
always be met, then you need to work out exactly what strings you may 
need to convert, and what they should be converted to.



--
https://mail.python.org/mailman/listinfo/python-list

Re: How to convert a raw string r'\xdd' to '\xdd' more gracefully?

2022-12-06 Thread Jach Feng 
MRAB 在 2022年12月7日 星期三上午11:04:43 [UTC+8] 的信中寫道:
> On 2022-12-07 02:23, Jach Feng wrote: 
> > s0 = r'\x0a' 
> > At this moment it was done by 
> > 
> > def to1byte(matchobj): 
> > return chr(int('0x' + matchobj.group(1), 16)) 
> > s1 = re.sub(r'\\x([0-9a-fA-F]{2})', to1byte, s0) 
> > 
> > But, is it that difficult on doing this simple thing? 
> >
> You could try this: 
> 
> >>> s0 = r'\x0a' 
> >>> ast.literal_eval('"%s"' % s0) 
> '\n'
Not work in my system:-(

Python 3.8.8 (tags/v3.8.8:024d805, Feb 19 2021, 13:08:11) [MSC v.1928 32 bit 
(Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> s0 = r'\x0a'
>>> import ast
>>> ast.literal_eval("%s" % s0)
Traceback (most recent call last):
  File "", line 1, in 
  File "C:\Users\Jach\AppData\Local\Programs\Python\Python38-32\lib\ast.py", 
line 59, in literal_eval
node_or_string = parse(node_or_string, mode='eval')
  File "C:\Users\Jach\AppData\Local\Programs\Python\Python38-32\lib\ast.py", 
line 47, in parse
return compile(source, filename, mode, flags,
  File "", line 1
\x0a
   ^
SyntaxError: unexpected character after line continuation character
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Contributing to cpython

2022-12-06 Thread ramvikram singh 
the issue is that after reading the issue I am not able to think how to
modify the code, this is where I am stuck

On Wed, Dec 7, 2022 at 1:54 AM ramvikram singh 
wrote:

> Greetings,
> I learnt python this year and visiting the python issue tab for the last
> two months, but there is a problem which I am facing I understand the issue
> after reading the few times but I can't think about how to modify the code
> as per the issue. Could you please help me with this?
>
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: How to convert a raw string r'\xdd' to '\xdd' more gracefully?

2022-12-06 Thread MRAB 

On 2022-12-07 02:23, Jach Feng wrote:

s0 = r'\x0a'
At this moment it was done by

 def to1byte(matchobj):
 return chr(int('0x' + matchobj.group(1), 16))
 s1 = re.sub(r'\\x([0-9a-fA-F]{2})', to1byte, s0)

But, is it that difficult on doing this simple thing?


You could try this:

>>> s0 = r'\x0a'
>>> ast.literal_eval('"%s"' % s0)
'\n'

--
https://mail.python.org/mailman/listinfo/python-list

Re: FTP without username and password

2022-12-06 Thread Dennis Lee Bieber 
On Tue, 6 Dec 2022 20:42:42 +0100, ^Bart 
declaimed the following:

>
>I tried the written Python code but it needs to insert a username and 
>password so it's a different service than TFTP but maybe there's also a 
>code to do it in Python! ;)
>

It's a whole different protocol. TFTP is simplified to the point it
will fit on embedded devices which don't need security (the assumption
being that one has the embedded device physically present, FTP assumes
distributed networks).

https://wiki.python.org/moin/tftp


-- 
Wulfraed Dennis Lee Bieber AF6VN
wlfr...@ix.netcom.comhttp://wlfraed.microdiversity.freeddns.org/
-- 
https://mail.python.org/mailman/listinfo/python-list

How to convert a raw string r'\xdd' to '\xdd' more gracefully?

2022-12-06 Thread Jach Feng 
s0 = r'\x0a'
At this moment it was done by

def to1byte(matchobj):
return chr(int('0x' + matchobj.group(1), 16))
s1 = re.sub(r'\\x([0-9a-fA-F]{2})', to1byte, s0)

But, is it that difficult on doing this simple thing?

--Jach
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: Contributing to cpython

2022-12-06 Thread Thomas Passin 

On 12/6/2022 3:24 PM, ramvikram singh wrote:

Greetings,
I learnt python this year and visiting the python issue tab for the last
two months, but there is a problem which I am facing I understand the issue
after reading the few times but I can't think about how to modify the code
as per the issue. Could you please help me with this?


There is a page about contributing work on code to Python at

https://devguide.python.org

It starts out:

"This guide is a comprehensive resource for contributing to Python – for 
both new and experienced contributors."


You should study this guide carefully.  If you don't know how to use 
git, clone a repo, work with git branches, what a pull request is, and 
so forth, you need to get some basic familiarity with working with those 
tools and concepts.You should be able to file new issues on GitHub 
and contribute to their discussion thread.  If you want to actually 
contribute code, you should be able to build Python yourself, as covered 
in the guide.


After that, you should remember that while help is welcome, the Python 
code base has a long history and a change that seems obvious to you may 
not work because of other constraints on that part of the codebase.  I 
once suggested a change in a particular function for finding executable 
files so that it would look in some other locations too. I learnt that 
this function was intended for internal use by distutils, and that it 
needed its quirks to work properly in its intended use.  No one wanted 
to take a chance on changing it.


I'm not saying you cannot or should not try to contribute useful 
changes.  I'm only saying that you need to get prepared - do your 
homework - first, and to not be discouraged if your first efforts are 
not accepted.


--
https://mail.python.org/mailman/listinfo/python-list

[Python-announce] [RELEASE] Python 3.11.1, 3.10.9, 3.9.16, 3.8.16, 3.7.16, and 3.12.0 alpha 3 are now available

2022-12-06 Thread Łukasz Langa 
Greetings! We bring you a slew of releases this fine Saint Nicholas / 
Sinterklaas day. Six simultaneous releases has got to be some record. There’s 
one more record we broke this time, you’ll see below.

In any case, updating is recommended due to security content:

3.7 - 3.12: gh-98739 : Updated 
bundled libexpat to 2.5.0 to fix CVE-2022-43680 
 (heap use-after-free).
3.7 - 3.12: gh-98433 : The IDNA 
codec decoder used on DNS hostnames by socket or asyncio related name 
resolution functions no longer involves a quadratic algorithm to fix 
CVE-2022-45061 . This prevents 
a potential CPU denial of service if an out-of-spec excessive length hostname 
involving bidirectional characters were decoded. Some protocols such as urllib 
http 3xx redirects potentially allow for an attacker to supply such a name.
3.7 - 3.12: gh-11 : python 
-m http.server no longer allows terminal control characters sent within a 
garbage request to be printed to the stderr server log.
3.8 - 3.12: gh-87604 : Avoid 
publishing list of active per-interpreter audit hooks via the gc module.
3.9 - 3.10 (already released in 3.11+ before): gh-97514 
: On Linux the multiprocessing 
module returns to using filesystem backed unix domain sockets for communication 
with the forkserver process instead of the Linux abstract socket namespace. 
Only code that chooses to use the “forkserver” start method is affected. This 
prevents Linux CVE-2022-42919  
(potential privilege escalation) as abstract sockets have no permissions and 
could allow any user on the system in the same network namespace (often the 
whole system) to inject code into the multiprocessing forkserver process. This 
was a potential privilege escalation. Filesystem based socket permissions 
restrict this to the forkserver process user as was the default in Python 3.8 
and earlier.
3.7 - 3.10: gh-98517 : Port 
XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454 
.
3.7 - 3.9 (already released in 3.10+ before): gh-68966 
: The deprecated mailcap module 
now refuses to inject unsafe text (filenames, MIME types, parameters) into 
shell commands to address CVE-2015-20107 
. Instead of using such text, 
it will warn and act as if a match was not found (or for test commands, as if 
the test failed).
 
Python
 3.12.0 alpha 3

Get it here, read the change log, sing a GPT-3-generated Sinterklaas song:

https://www.python.org/downloads/release/python-3120a3/ 


216 new commits since 3.12.0 alpha 2 last month.

 
Python
 3.11.1

Get it here, see the change log, read the recipe for quark soup:

https://www.python.org/downloads/release/python-3111/ 


A whopping 495 new commits since 3.11.0. This is a massive increase of changes 
comparing to 3.10 at the same stage in the release cycle: there were “only” 339 
commits between 3.10.0 and 3.10.1.

 
Python
 3.10.9

Get it here, read the change log, see circular patterns:

https://www.python.org/downloads/release/python-3109/ 


165 new commits.

 
Python
 3.9.16

Get it here, read the change log, consider upgrading to a newer version:

https://www.python.org/downloads/release/python-3916/ 


Security-only release with no binaries. 10 commits.

 
Python
 3.8.16

Get it here, see the change log, definitely upgrade to a newer version:

https://www.python.org/downloads/release/python-3816/ 


Security-only release with no binaries. 9 commits.

[RELEASE] Python 3.11.1, 3.10.9, 3.9.16, 3.8.16, 3.7.16, and 3.12.0 alpha 3 are now available

2022-12-06 Thread Łukasz Langa 
Greetings! We bring you a slew of releases this fine Saint Nicholas / 
Sinterklaas day. Six simultaneous releases has got to be some record. There’s 
one more record we broke this time, you’ll see below.

In any case, updating is recommended due to security content:

3.7 - 3.12: gh-98739 : Updated 
bundled libexpat to 2.5.0 to fix CVE-2022-43680 
 (heap use-after-free).
3.7 - 3.12: gh-98433 : The IDNA 
codec decoder used on DNS hostnames by socket or asyncio related name 
resolution functions no longer involves a quadratic algorithm to fix 
CVE-2022-45061 . This prevents 
a potential CPU denial of service if an out-of-spec excessive length hostname 
involving bidirectional characters were decoded. Some protocols such as urllib 
http 3xx redirects potentially allow for an attacker to supply such a name.
3.7 - 3.12: gh-11 : python 
-m http.server no longer allows terminal control characters sent within a 
garbage request to be printed to the stderr server log.
3.8 - 3.12: gh-87604 : Avoid 
publishing list of active per-interpreter audit hooks via the gc module.
3.9 - 3.10 (already released in 3.11+ before): gh-97514 
: On Linux the multiprocessing 
module returns to using filesystem backed unix domain sockets for communication 
with the forkserver process instead of the Linux abstract socket namespace. 
Only code that chooses to use the “forkserver” start method is affected. This 
prevents Linux CVE-2022-42919  
(potential privilege escalation) as abstract sockets have no permissions and 
could allow any user on the system in the same network namespace (often the 
whole system) to inject code into the multiprocessing forkserver process. This 
was a potential privilege escalation. Filesystem based socket permissions 
restrict this to the forkserver process user as was the default in Python 3.8 
and earlier.
3.7 - 3.10: gh-98517 : Port 
XKCP’s fix for the buffer overflows in SHA-3 to fix CVE-2022-37454 
.
3.7 - 3.9 (already released in 3.10+ before): gh-68966 
: The deprecated mailcap module 
now refuses to inject unsafe text (filenames, MIME types, parameters) into 
shell commands to address CVE-2015-20107 
. Instead of using such text, 
it will warn and act as if a match was not found (or for test commands, as if 
the test failed).
 
Python
 3.12.0 alpha 3

Get it here, read the change log, sing a GPT-3-generated Sinterklaas song:

https://www.python.org/downloads/release/python-3120a3/ 


216 new commits since 3.12.0 alpha 2 last month.

 
Python
 3.11.1

Get it here, see the change log, read the recipe for quark soup:

https://www.python.org/downloads/release/python-3111/ 


A whopping 495 new commits since 3.11.0. This is a massive increase of changes 
comparing to 3.10 at the same stage in the release cycle: there were “only” 339 
commits between 3.10.0 and 3.10.1.

 
Python
 3.10.9

Get it here, read the change log, see circular patterns:

https://www.python.org/downloads/release/python-3109/ 


165 new commits.

 
Python
 3.9.16

Get it here, read the change log, consider upgrading to a newer version:

https://www.python.org/downloads/release/python-3916/ 


Security-only release with no binaries. 10 commits.

 
Python
 3.8.16

Get it here, see the change log, definitely upgrade to a newer version:

https://www.python.org/downloads/release/python-3816/ 


Security-only release with no binaries. 9 commits.

Re: Contributing to cpython

2022-12-06 Thread Barry 


> On 6 Dec 2022, at 20:55, ramvikram singh  wrote:
> 
> Greetings,
> I learnt python this year and visiting the python issue tab for the last
> two months, but there is a problem which I am facing I understand the issue
> after reading the few times but I can't think about how to modify the code
> as per the issue. Could you please help me with this?

no one can help as you have not explained what the issue is.

Barry 

> -- 
> https://mail.python.org/mailman/listinfo/python-list
> 

-- 
https://mail.python.org/mailman/listinfo/python-list

Contributing to cpython

2022-12-06 Thread ramvikram singh 
Greetings,
I learnt python this year and visiting the python issue tab for the last
two months, but there is a problem which I am facing I understand the issue
after reading the few times but I can't think about how to modify the code
as per the issue. Could you please help me with this?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: FTP without username and password

2022-12-06 Thread Grant Edwards 
On 2022-12-06, ^Bart  wrote:
>> In general, "anonymous FTP" is done technically with a username and
>> password. Can you look at how the device tries to connect, and then
>> make that username (probably "anonymous") and that password (could be
>> anything, traditionally was an email address) valid for fetching?
>
> Thanks for your reply, I needed a TFTP to upload a no brand firmware in 
> a Wildix antenna, I solved with a free software of SolarWinds, there's 
> something also for Linux!
>
> I tried the written Python code but it needs to insert a username and 
> password so it's a different service than TFTP but maybe there's also a 
> code to do it in Python! ;)

The Python code you showed was implementing an FTP server. That's a
completely different protocol from TFTP. There are TFTP
implementations for Pythong. This one works well: 
https://github.com/msoulier/tftpy

--
Grant


-- 
https://mail.python.org/mailman/listinfo/python-list

Re: FTP without username and password

2022-12-06 Thread ^Bart 

In general, "anonymous FTP" is done technically with a username and
password. Can you look at how the device tries to connect, and then
make that username (probably "anonymous") and that password (could be
anything, traditionally was an email address) valid for fetching?


Thanks for your reply, I needed a TFTP to upload a no brand firmware in 
a Wildix antenna, I solved with a free software of SolarWinds, there's 
something also for Linux!


I tried the written Python code but it needs to insert a username and 
password so it's a different service than TFTP but maybe there's also a 
code to do it in Python! ;)



ChrisA


Regards.
^Bart
--
https://mail.python.org/mailman/listinfo/python-list

Re: FTP without username and password

2022-12-06 Thread ^Bart 

The code above already does make the directory available without a
username and password. Do you mean you need the directory to be
*writable* without a username and password? If so try the '-w' option.


Thanks for your reply, I solved by TFTP SolarWind free tool, like what I 
wrote in another post I needed it to upload a no brand firmware in a 
Wildix antenna.


Regards.
^Bart
--
https://mail.python.org/mailman/listinfo/python-list

[Python-announce] Lona: a simple pythonic framework to write responsive web apps in full Python

2022-12-06 Thread Florian Scherf 
Web: https://lona-web.org/1.x/
Github: https://github.com/lona-web-org/lona/


What is Lona?
=

Lona is a web application framework, designed to write responsive web apps in
full Python.

Web is a solved problem in Python since ages, but traditionally Python handles
only the server side. If you want to have client side interaction like click
events or you want update content live, you have to write an additional
Javascript application.

Lona handles the server side and the client side, and provides a simple,
pythonic API to write self contained views.

Lona is very easy to use. You can write a whole web app, using only one simple
Python script.

https://lona-web.org/1.x/demos/


Get involved!
=

I released 1.10.5 yesterday. Lona is pretty stable and well tested right now,
but a major release is right around the corner. Helping hands, feedback and
new ideas in any form are very welcome.


Best regards,
Florian Scherf 
___
Python-announce-list mailing list -- python-announce-list@python.org
To unsubscribe send an email to python-announce-list-le...@python.org
https://mail.python.org/mailman3/lists/python-announce-list.python.org/
Member address: arch...@mail-archive.com

Re: FTP without username and password

2022-12-06 Thread Chris Angelico 
On Wed, 7 Dec 2022 at 02:51, ^Bart  wrote:
>
> Hi Guys,
>
> usually I use this code on my Debian Bullseye:
>
> # python3 -m pyftpdlib -i 192.168.0.71 -p 21 -d /home/my_user/ftp
>
> It works, it's simply easy and perfect but... a device in my lan needs a
> ftp folder without username and password!
>
> I tried to search on internet how to set the code above to be available
> without username and password but... I didn't understand how to fix it :\
>
> Obviously I could use a workaround like Samba or another machine where I
> have a Vsftp server but... I'd like to fix Python! ;)
>

I assume it HAS to be FTP, otherwise you'd set up something much more
secure like ssh (or scp or sshfs, which are built on it), done with an
authorized key rather than a password.

In general, "anonymous FTP" is done technically with a username and
password. Can you look at how the device tries to connect, and then
make that username (probably "anonymous") and that password (could be
anything, traditionally was an email address) valid for fetching?

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: FTP without username and password

2022-12-06 Thread Jon Ribbens via Python-list 
On 2022-12-06, ^Bart  wrote:
> Hi Guys,
>
> usually I use this code on my Debian Bullseye:
>
> # python3 -m pyftpdlib -i 192.168.0.71 -p 21 -d /home/my_user/ftp
>
> It works, it's simply easy and perfect but... a device in my lan needs a 
> ftp folder without username and password!
>
> I tried to search on internet how to set the code above to be available 
> without username and password but... I didn't understand how to fix it :\

The code above already does make the directory available without a
username and password. Do you mean you need the directory to be
*writable* without a username and password? If so try the '-w' option.
-- 
https://mail.python.org/mailman/listinfo/python-list

FTP without username and password

2022-12-06 Thread ^Bart 

Hi Guys,

usually I use this code on my Debian Bullseye:

# python3 -m pyftpdlib -i 192.168.0.71 -p 21 -d /home/my_user/ftp

It works, it's simply easy and perfect but... a device in my lan needs a 
ftp folder without username and password!


I tried to search on internet how to set the code above to be available 
without username and password but... I didn't understand how to fix it :\


Obviously I could use a workaround like Samba or another machine where I 
have a Vsftp server but... I'd like to fix Python! ;)


Regards.
^Bart
--
https://mail.python.org/mailman/listinfo/python-list