Mart Sõmermaa m...@mrts.pri.ee added the comment:
Ah, right you are. Attaching an initial alpha-quality patched shutil.py
and a script to test the attack.
Run the script by sourcing it with . test_issue4489.sh, not by executing
(job control won't work in this case).
Added file:
Changes by Mart Sõmermaa m...@mrts.pri.ee:
Added file: http://bugs.python.org/file12483/test_issue4489.sh
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4489
___
Mart Sõmermaa m...@mrts.pri.ee added the comment:
And here's the diff so you can review what I was up to.
Note that this does not yet fix the problem (although the logic looks
about right), I have to examine the problem more thoroughly.
--
keywords: +patch
Added file:
Mart Sõmermaa m...@mrts.pri.ee added the comment:
Aha, got it -- while removing /a/b/c/d, there's no easy way to detect
that b or c has become a symlink.
I.e.
given directory tree
a
`-- b
|-- c
`-- d
1. os.rmdir('/a/b/c') succeeds
2. execution is suspended
3. '/a/b' is made a symlink
Mart Sõmermaa m...@mrts.pri.ee added the comment:
A blunt, ineffective solution would be to walk the tree before removing
it and recording path : inode pairs in a dict on first pass and then
checking that the inodes have not changed during removal on second pass.
If no clever bulletproof fix
Changes by Georg Brandl ge...@python.org:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3671
___
___
Changes by Georg Brandl ge...@python.org:
--
resolution: - works for me
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3644
___
Antoine Pitrou pit...@free.fr added the comment:
A blunt, ineffective solution would be to walk the tree before removing
it and recording path : inode pairs in a dict on first pass and then
checking that the inodes have not changed during removal on second pass.
There's no way to do the
Changes by Mart Sõmermaa m...@mrts.pri.ee:
Removed file: http://bugs.python.org/file12483/test_issue4489.sh
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4489
___
Mart Sõmermaa m...@mrts.pri.ee added the comment:
Fixed a minor bug in test script and added Perl test as well.
Perl with File-Path-2.07 passes the test.
Added file: http://bugs.python.org/file12485/test_issue4489.sh
___
Python tracker
Mart Sõmermaa m...@mrts.pri.ee added the comment:
Antoine, what if we add another function, rmtree_safe() that uses
chdir() and document that it is protected from the race condition but
may have the side effect of changing the current dir in threaded
environment?
Antoine Pitrou pit...@free.fr added the comment:
Antoine, what if we add another function, rmtree_safe() that uses
chdir() and document that it is protected from the race condition but
may have the side effect of changing the current dir in threaded
environment?
I don't have any strong
Mart Sõmermaa m...@mrts.pri.ee added the comment:
Replying to previous comment:
There's no way to do the check inode then remove sequence atomically.
Right, although the attack window would be tiny, this is not a real
solution.
___
Python tracker
anatoly techtonik techto...@gmail.com added the comment:
For MSYS gzip added a bugreport here:
https://sourceforge.net/tracker2/index.php?func=detailaid=2474481group_id=2435atid=102435
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4750
Antoine Pitrou pit...@free.fr added the comment:
I think you should report the bug to Redhat and see what they have to
say about it. It may be a bug in the libc of that particular version. In
any case I think it is highly inlikely to be a bug in Python itself.
Antoine Pitrou pit...@free.fr added the comment:
FWIW, I've opened a separate bug entry for the creation of the openat(),
etc. wrappers: #4761.
Those functions seem to exist on recent Linux distros (even Debian stable).
___
Python tracker
ebfe knabberknusperh...@yahoo.de added the comment:
Whenever the documentation says you must not it really says don't do
that or your application *will* crash, burn and die... Of course I can
allocate storage for the string, copy it's content and then free or -
nothing will happen. How would it
Antoine Pitrou pit...@free.fr added the comment:
For me, when I read You must not provide storage for the string
itself, it obviously means I mustn't do so *before calling the
PyArg_ParseTuple function*. It is also obvious that I am allowed to copy
the returned contents wherever I want, and it
Martin v. Löwis mar...@v.loewis.de added the comment:
Whenever the documentation says you must not it really says don't do
that or your application *will* crash, burn and die... Of course I can
allocate storage for the string, copy it's content and then free or -
nothing will happen. How
Georg Brandl ge...@python.org added the comment:
I don't see a reason to keep this open any longer.
--
resolution: - works for me
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4746
New submission from David M. Beazley beaz...@users.sourceforge.net:
Documentation for the email package needs to be more clear about the
usage of strings and bytes. In particular:
1. All operations that parse email messages such as message_from_file()
or message_from_string() operate on
Changes by Georg Brandl ge...@python.org:
--
assignee: georg.brandl - barry
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4766
___
Allan Crooks a...@users.sourceforge.net added the comment:
In the interests of getting this fixed (and not letting it die), should
I submit a proper patch? I suppose I would have to do one for each
version of Python that is affected (which is all of them, really).
New submission from David M. Beazley beaz...@users.sourceforge.net:
The documentation describes classes such as
email.mime.MIMEText()
email.mime.MIMEMultipart()
email.mime.MIMEApplication()
etc...
However, it's confusing because none of these classes are actually found
in email.mime.
Suggest
Martin v. Löwis mar...@v.loewis.de added the comment:
Notice that the example function doesn't actually work; it gives
_tkinter.TclError: wrong # args: should be .148002724.148002500 insert
index chars ?tagList chars tagList ...?
___
Python tracker
Martin v. Löwis mar...@v.loewis.de added the comment:
Thanks again for the patch. Merged into recent branches as r68006,
r68007, r68008, and r68009
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3248
Changes by Martin v. Löwis mar...@v.loewis.de:
--
resolution: - accepted
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3248
___
Guilherme Polo ggp...@gmail.com added the comment:
On Mon, Dec 29, 2008 at 2:02 PM, Martin v. Löwis rep...@bugs.python.org wrote:
Martin v. Löwis mar...@v.loewis.de added the comment:
Notice that the example function doesn't actually work; it gives
_tkinter.TclError: wrong # args: should
Martin v. Löwis mar...@v.loewis.de added the comment:
Committed into various branches as r68010, r68011, r68012, and r68013
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3767
Alan Brooks alancbro...@gmail.com added the comment:
I also get this exact same problem. Mac OS 10.5.6 on an Intel MacBook
trying to install the release version of 2.6.1. I found it was failing to
build _Res, but worked around by *not* using --enable-universalsdk.
--
nosy: +lanny
New submission from David M. Beazley beaz...@users.sourceforge.net:
The email.generator.Generator class does not work correctly message
objects created with binary data (MIMEImage, MIMEAudio, MIMEApplication,
etc.). For example:
from email.mime.image import MIMEImage
data =
Antoine Pitrou pit...@free.fr added the comment:
Nick, sorry for waving at you again, but do you have time for a review?
Otherwise, is it ok if I commit the patch as is?
(it solves the problems and there's no API or feature change anyway)
___
Python tracker
Changes by Benjamin Peterson benja...@python.org:
--
assignee: - barry
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4768
___
___
New submission from David M. Beazley beaz...@users.sourceforge.net:
The whole point of base64 encoding is to safely encode binary data into
text characters. Thus, the base64.b64decode() function should equally
accept text strings or binary strings as input. For example, there is a
reasonable
Benjamin Peterson benja...@python.org added the comment:
I think this is a good improvement, and I hope it can make it into 2.7/3.1.
Several comments on patch:
- I don't like the name SkipException SkipTest is better IMO.
- TestResult.addSkipped should be changed to TestResult.addSkip.
- I'm
David M. Beazley beaz...@users.sourceforge.net added the comment:
Note: This problem applies to all of the other decoders/encoders in the
base64 too (b16, b32, etc.)
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4769
Benjamin Peterson benja...@python.org added the comment:
Fixed in r68014 and r68016.
--
nosy: +benjamin.peterson
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4764
New submission from David M. Beazley beaz...@users.sourceforge.net:
See Issue 4869 for a related bug.
Most of the functions in binascii are meant to go from binary data to
textual representations (hex digits, base64, binhex, etc.). There are
numerous problems:
1. Misleading error messages.
Amaury Forgeot d'Arc amaur...@gmail.com added the comment:
The patch was applied in trunk, release26-maint and py3k.
Can this issue be closed, or do you plan to merge it into release30-maint?
--
nosy: +amaury.forgeotdarc
___
Python tracker
Martin v. Löwis mar...@v.loewis.de added the comment:
Malte, thanks again for the patch; committed into the various branches
as r68018, r68019, r68020, r68021.
As annunciated, I reject the test; I don't think there is a reasonable
way to test for this bug.
--
status: open - closed
Amaury Forgeot d'Arc amaur...@gmail.com added the comment:
Item 1 was most probably fixed recently with r67929.
Concerning item 2, I think it was decided that binascii is a bytes-only
module.
I suggest to close this issue as out of date.
--
nosy: +amaury.forgeotdarc
Martin v. Löwis mar...@v.loewis.de added the comment:
Thanks for the review. Committed (with the proposed change) as r68022
and r68023.
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
David M. Beazley beaz...@users.sourceforge.net added the comment:
Given the low-level nature of this module, I can understand the
motivation to make it all bytes.
However, I'm going to respectfully disagree with that and claim that
making binascii all bytes really goes against the whole
Martin v. Löwis mar...@v.loewis.de added the comment:
Since there was no feedback from the OP, I'm closing this as works for me.
--
resolution: - works for me
status: open - closed
___
Python tracker rep...@bugs.python.org
Martin v. Löwis mar...@v.loewis.de added the comment:
This is a duplicate of issue 4008.
--
nosy: +loewis
resolution: - duplicate
status: open - closed
superseder: - IDLE: checksyntax() doesn't support Unicode?
___
Python tracker
Martin v. Löwis mar...@v.loewis.de added the comment:
This is a duplicate of issue 4008
--
nosy: +loewis
resolution: - duplicate
status: open - closed
superseder: - IDLE: checksyntax() doesn't support Unicode?
___
Python tracker
Martin v. Löwis mar...@v.loewis.de added the comment:
Here is a new patch that fixes this issue, and the duplicate issues
(#4410, and #4623).
It doesn't try to eliminate code duplication, but fixes coding_spec by
decoding always to Latin-1 first until the coding is known. It fixes
check_syntax
New submission from David M. Beazley beaz...@users.sourceforge.net:
The hashlib documentation has incorrect examples showing the use of the
hexdigest() method:
hashlib.sha224(bNobody inspects the spammish
repetition).hexdigest()
b'a4337bc45a8fc544c03f52dc550cd6e1e87021bc896588bd79e901e2'
Benjamin Peterson benja...@python.org added the comment:
Shouldn't hash algorithms give bytes results anyway?
--
components: +Library (Lib) -Documentation
nosy: +benjamin.peterson
priority: - release blocker
___
Python tracker rep...@bugs.python.org
David M. Beazley beaz...@users.sourceforge.net added the comment:
The digest() method of hashes does produce bytes (correct). The
hexdigest() method produces a string, but it is also shown as producing
bytes in the examples.
___
Python tracker
New submission from dontbugme pythonbugsbugme...@spamavert.com:
makesockaddr() in socketmodule.c will fall through from AF_BLUETOOTH to
AF_PACKET if none of Bluetooth protocols match. That's not a very
appropriate thing to do.
--
messages: 78483
nosy: dontbugme
severity: normal
status:
Benjamin Peterson benja...@python.org added the comment:
Fixed in r68027.
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4771
___
Tarek Ziadé ziade.ta...@gmail.com added the comment:
Yes, I was waiting to merge it to release30-maint then close it.
I'll do it then close it.
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4400
___
New submission from David M. Beazley beaz...@users.sourceforge.net:
A file-like object u returned by the urlopen() function in both Python
2.6/3.0 has a method info() that returns a 'HTTPMessage' object. For
example:
::: Python 2.6
from urllib2 import urlopen
u =
Tarek Ziadé ziade.ta...@gmail.com added the comment:
I am not sure what is the best way to merge it from 3k branch to
release30-maint since the original change was done with an automatic
merge from trunk to 3k branch with several other changes, then a slight
fix so the 2.x code works under 3.x.
Tarek Ziadé ziade.ta...@gmail.com added the comment:
This would require a detailed description on how such a feature would work.
--
nosy: +tarek
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4673
Martin v. Löwis mar...@v.loewis.de added the comment:
Assigning to Benjamin, since he merged the change to 3k.
For the record, the revisions are these: r67926, r67944, r67948
--
assignee: tarek - benjamin.peterson
nosy: +benjamin.peterson, loewis
priority: - release blocker
Benjamin Peterson benja...@python.org added the comment:
On Mon, Dec 29, 2008 at 3:51 PM, Martin v. Löwis rep...@bugs.python.org wrote:
Martin v. Löwis mar...@v.loewis.de added the comment:
Assigning to Benjamin, since he merged the change to 3k.
For the record, the revisions are these:
Changes by Benjamin Peterson benja...@python.org:
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4400
___
___
Changes by Tarek Ziadé ziade.ta...@gmail.com:
--
assignee: - tarek
nosy: +tarek
priority: - low
resolution: - accepted
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4646
___
Changes by Jeff Hall hall.j...@gmail.com:
--
nosy: +laxrulz777
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4755
___
___
Python-bugs-list mailing
David M. Beazley beaz...@users.sourceforge.net added the comment:
Verified that 2to3 does not fix this.
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4773
___
Tarek Ziadé ziade.ta...@gmail.com added the comment:
applied with a test in r68033, thanks for the patch !
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4646
___
anatoly techtonik techto...@gmail.com added the comment:
I attach patch for Python 2.6 gzip
I clarified the meaning of self.name to be the basename corresponding to
FNAME field in GZIP file header.
There is a trace of deprecated gzip.filename API - I haven't found any
references to it in
New submission from Alain Spineux alain.spin...@gmail.com:
This is a test script, to help me to understand why I have unexpected
result in application.
But I got a more unexpected result, and probably wrong error message
about the read-only cursor.
The full script is at the end.
I got this only
Changes by Benjamin Peterson benja...@python.org:
--
assignee: - jcea
nosy: +jcea
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4774
___
___
Changes by dedded ded...@verizon.net:
--
nosy: +dedded
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3023
___
___
Python-bugs-list mailing list
Jesús Cea Avión j...@jcea.es added the comment:
Alain, you are seeing a resource exhaustion problem. Somewhere memory is
leaking. That is, the programs are leaking memory.
bsddb was vastly improved in python 2.6. In particular, memory leaks and
resource tree deallocations. Can you consider use
Nick Coghlan ncogh...@gmail.com added the comment:
Fixed using a lazy call to PyType_Ready in PyObject_Hash:
2.7: r68051
2.6: r68052
Forward-port to Py3k still to come.
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4701
New submission from David Morley mor...@ai.sri.com:
There is a systemic error in the Python documentation on time (such as
http://docs.python.org/library/time.html). The term UTC is used
incorrectly in the documentation where the term UT1 should be used.
The difference is that UTC includes
Kevin Walzer wordt...@users.sourceforge.net added the comment:
The attached patch to configDialog.py fixes this problem--all that was
needed was to remove the internal padding in the buttons.
--
keywords: +patch
nosy: +wordtech
type: - behavior
Added file:
Changes by Guilherme Polo ggp...@gmail.com:
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue3833
___
___
Python-bugs-list mailing list
Unsubscribe:
Guilherme Polo ggp...@gmail.com added the comment:
Jimmy Retzlaff (msg73003):
I'm seeing the same symptoms that are described in issue 1543 with the
2.6b3 MSIs. Namely, when you run one of the MSIs (either 32-bit or
64-bit) then the other will refuse to install. This is on XP Pro x64 SP2.
Guilherme Polo ggp...@gmail.com added the comment:
Uhm ? The builtin cmp wasn't removed.
--
nosy: +gpolo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4760
___
Benjamin Peterson benja...@python.org added the comment:
Shall we close this as works for me? The files aren't included in
Subversion and are built when 2to3 is used, so I don't see the problem.
--
nosy: +benjamin.peterson
___
Python tracker
New submission from steve21 steve872929...@yahoo.com.au:
'data_files' and 'package_dir' are arguments for distutils.core.setup
that some packages use in their setup.py.
However, the manual entry for distutils.core. setup, at
Gabriel Genellina gagsl-...@yahoo.com.ar added the comment:
I believe a patch against the trunk would be enough, but should include
a test case.
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4643
Chris Morrow ch...@as701.net added the comment:
This patch doesn't appear to work for python2.5.1 -
Python 2.5.1 (r251:54863, Jun 15 2008, 18:24:51)
[GCC 4.3.0 20080428 (Red Hat 4.3.0-8)] on linux2
Type help, copyright, credits or license for more information.
from nntplib import NNTP
conn =
Derek Morr derekm...@psu.edu added the comment:
Yes. The patch is against 2.6. It uses the socket.create_connection()
helper function, which was added in 2.6. See http://svn.python.org/view?
rev=54546view=rev for the commit message.
If you really want to apply it to 2.5, it's trivial to adapt
Chris Morrow ch...@as701.net added the comment:
oh crap :( I saw the 2.6 AFTER I posted the message :( sorry. grr, have
to find a fix for 2.5 I suppose now.
Thanks.
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1664
New submission from Chris Morrow ch...@as701.net:
nntplib.py on python2.5 is not IPv6 ready. The below patch at least
makes connections on both ipv4 and ipv6 to servers.
This was taken out of bug: http://bugs.python.org/issue1664
if that helps...
platform:
Linux hostnamehere
anatoly techtonik techto...@gmail.com added the comment:
I attach for Python 2.5 as well. People will use gzip module for a long
time to build packages and patch will help them to get correct archives.
Added file: http://bugs.python.org/file12490/python25.issue4750.diff
Nick Coghlan ncogh...@gmail.com added the comment:
Forward port to 3.x:
3.1: r68058
3.0: r68060
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4701
83 matches
Mail list logo