Senthil Kumaran added the comment:
Here is he patch against the default that would address this reported issue.
Same would go for other 3.x branches. The 2.7 only can just see the addition of
getcode() documented.
--
assignee: - orsenthil
keywords: +patch
stage: - patch review
type:
Serhiy Storchaka added the comment:
Thank you for review and enlightenment Gregory. Here is an updated patch which
doesn't change an ABI.
--
Added file: http://bugs.python.org/file28951/cStringIO64_2.patch
___
Python tracker rep...@bugs.python.org
New submission from Christian Heimes:
In the light of Ruby's recent issues and man in the middle attacks on PyPI
(http://www.reddit.com/r/Python/comments/17rfh7/warning_dont_use_pip_in_an_untrusted_network_a/)
we should include secure uploads in distutils.
Martin has created a SSH uploader
Antoine Pitrou added the comment:
Martin has created a SSH uploader for distutils
http://pypi.python.org/pypi/pypissh. I suggest that we include the
feature in the next security update for Python 2.6 to 3.3. I'm well
aware that this beats the no new feature clause but in my opinion
security
Christian Heimes added the comment:
Python 2.6 to 3.1 don't do HTTPS server cert validation. This leaves the upload
process open to MITM attacks ...
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
Roundup Robot added the comment:
New changeset a4c85f9b8f58 by Serhiy Storchaka in branch '2.7':
Issue #6083: Fix multiple segmentation faults occured when PyArg_ParseTuple
http://hg.python.org/cpython/rev/a4c85f9b8f58
New changeset 4bac47eb444c by Serhiy Storchaka in branch '3.2':
Issue #6083:
Hynek Schlawack added the comment:
I would strongly prefer to back port certificate validation instead. Is there
anything *practical* that makes it hard/impossible?
If we want to keep features stable, we can add it privately so it’s only usable
by distutils. The susceptibility to (easy!) MITM
Swarnkar Rajesh added the comment:
Sure, Here it is:
[Rajesh_Python_Settings]
definition-foreground = #86deff
error-foreground = #ff1c1c
normal-foreground = #ff
keyword-foreground = #fff900
hilite-foreground = #00
comment-background = #511633
hit-foreground = #ff
builtin-background
New submission from Serhiy Storchaka:
Since changeset fcfaca024160 (issue12428) subclassing of partial actually is
not tested (subclassed partial overwritten in setUp() method). The proposed
patch fixes this and some other minor issues and cleanup the code.
--
assignee:
Serhiy Storchaka added the comment:
Run IDLE from command line and you will see:
configparser.DuplicateOptionError: While reading from
.../.idlerc/config-highlight.cfg [line 29]: option 'cursor-foreground' in
section 'Rajesh_Python_Settings' already exists
Your configuration is wrong. Just
Swarnkar Rajesh added the comment:
Thank you Serhiy Storchaka.
It worked well. I did not noticed that.
Thanks again.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17114
___
Serhiy Storchaka added the comment:
ConfigParser is more strong by default since 3.2. Here is a simple patch which
made IDLE more tolerant for such kind of user errors.
--
assignee: - serhiy.storchaka
keywords: +patch
stage: needs patch - patch review
Added file:
Donald Stufft added the comment:
+1 for back porting SSL validation even if it's a private to distutils backport.
pypissh requires a SSH Binary which isn't all that great on Windows where SSH
is not typically installed by default.
--
nosy: +dstufft
Christian Heimes added the comment:
Infrastructure needs to get a proper SSL cert first and we have to ship the
CA's public key so we can verify the cert everywhere.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
Swarnkar Rajesh added the comment:
How can i install this patch?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17114
___
___
Python-bugs-list
Donald Stufft added the comment:
Well Infrastructure *should* get a proper cert anyways else MITM is trivial via
the web interface anyways.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
Serhiy Storchaka added the comment:
I do not have possibility and desires blind-repair a test on alien platform, so
just temporarily disable a new test in Lib/ctypes/test/test_returnfuncptrs.py
on Windows. If someone has a desire to fix it fell free to do this.
I do not close this issue
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: serhiy.storchaka -
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6083
___
___
Changes by Ramchandra Apte maniandra...@gmail.com:
--
title: ampersand in path prevents from compiling pthon - ampersand in
path prevents compilation of Python
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17103
Éric Araujo added the comment:
Benjamin, does this have to wait for 2.7.5?
--
nosy: +benjamin.peterson
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16555
___
Benjamin Peterson added the comment:
Is there some sort of reference for these aliases? Where do they come from?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16555
___
Roundup Robot added the comment:
New changeset 4206f91c974c by Serhiy Storchaka in branch '3.2':
Issue #16903: Popen.communicate() on Unix now accepts strings when
http://hg.python.org/cpython/rev/4206f91c974c
--
nosy: +python-dev
___
Python tracker
Changes by Serhiy Storchaka storch...@gmail.com:
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16903
Éric Araujo added the comment:
The general idea is absolutely right: using proper keyrings (or ssh) is an
excellent thing for security and ease of use. A big obstacle however is the
rules for stdlib inclusion: a module such as keyring which is tied to specific
applications/libs/file formats
Roundup Robot added the comment:
New changeset 0cc51c04aa20 by R David Murray in branch '3.2':
#17091: update docstring for _thread.Lock.acquire.
http://hg.python.org/cpython/rev/0cc51c04aa20
New changeset b414b2dfd3d3 by R David Murray in branch '3.3':
merge #17091: update docstring for
Éric Araujo added the comment:
I have no objection to the patch. I can’t test it on cygwin (unless snakebite
provides it, I’ll ask) but I can check that a linux build still works.
--
keywords: +needs review
stage: - patch review
versions: +Python 3.3, Python 3.4
R. David Murray added the comment:
Thanks, Ian.
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
versions: +Python 3.2
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17091
Changes by Éric Araujo mer...@netwok.org:
--
nosy: +doko, eric.araujo
versions: +Python 3.4 -Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15485
___
Éric Araujo added the comment:
Can this be closed?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15298
___
___
Python-bugs-list mailing list
Antoine Pitrou added the comment:
PyPI *has* a proper cert, it's just not in the default trusted certs of most
distributions and browsers (i.e., it uses CACert). It would be easy to bundle
CACert's root cert with distutils, if we wanted to.
--
___
Éric Araujo added the comment:
Are these the addinfourl getters that Ezio wants to deprecate?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17069
___
Serhiy Storchaka added the comment:
Committed changeset 4be538a058a8. Thank you for the patch.
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
Changes by Ian Cordasco graffatcolmin...@gmail.com:
--
nosy: +icordasc, larry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12779
___
___
Benjamin Ash added the comment:
Hi Charles-François,
I am using a recent version of Python-2.7 that does in fact contains this patch
http://hg.python.org/cpython/rev/16bc59d37866:
python-2.7.3-4.fc16.x86_64 (Fedora 16)
The CPU usage spikes after I make the initial client connection to the
Changes by Ian Cordasco graffatcolmin...@gmail.com:
--
nosy: +icordasc
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6761
___
___
Python-bugs-list
New submission from Christian Heimes:
Python's ssl module doesn't support OCSP [1]. The example code at [2] doesn't
look too complicated. We should consider OCSP at least for 3.4 and may want to
backport it to older versions to prevent MITM attacks on PyPI downloads.
Éric Araujo added the comment:
pysetup is no more.
--
resolution: - wont fix
stage: needs patch - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14940
Donald Stufft added the comment:
CACert is not *proper* irregardless of what that projects goals are. It is not
trusted by default therefore it does not provide the same level of security in
the browser (Very few people will bother to look at the difference between a
CACert and a self signed
Éric Araujo added the comment:
Packaging is removed from the stdlib and distutils2 is evolving into decoupled
libs/tools. Closing this effort :(
--
resolution: - wont fix
stage: - committed/rejected
status: open - closed
___
Python tracker
Christian Heimes added the comment:
And there is OCSP. I'm getting sec_error_ocsp_invalid_signing_cert for
https://pypi.python.org/pypi. I haven't been able to do a successful HTTPS
request from Firefox to PyPI all day.
--
___
Python tracker
Roundup Robot added the comment:
New changeset 3cc2a2de36e3 by Serhiy Storchaka in branch '3.2':
Issue #17089: Expat parser now correctly works with string input not only when
http://hg.python.org/cpython/rev/3cc2a2de36e3
New changeset 6c27b0e09c43 by Serhiy Storchaka in branch '3.3':
Issue
Benjamin Ash added the comment:
After doing a bit more testing, I was able to prevent the problem from
occurring in asyncore_test.py with the following patch:
--- /proc/self/fd/112013-02-04 11:24:41.298347199 -0500
+++ asyncore_test.py2013-02-04 11:24:40.393318513 -0500
@@ -19,10
New submission from Dave Jones:
import subprocess hangs for ~25 seconds, 700+ files in dir - py 2.7.3, 2.6.6
I'm running this test from a LiveCD to make sure the environment is relatively
clean.
--
localhost Desktop # python --version
Python 2.7.3
--- works
New submission from Tyler Crompton:
Line 402 in lib/python3.3/tokenize.py, contains the following line:
if first.startswith(BOM_UTF8):
BOM_UTF8 is a bytes object. str.startswith does not accept bytes objects. I was
able to use tokenize.tokenize only after making the following changes:
Dave Jones added the comment:
That line (1) seems to pop up every time the subprocess call hangs
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17124
___
Dave Jones added the comment:
Distros tested with include Funduntu 2012-4, Fuduntu 2013-1, Fedora 17,
Scientific Linux 6.3 OpenSUSE 12.2 (all 32-bit) on the same hardware.
--
___
Python tracker rep...@bugs.python.org
R. David Murray added the comment:
The docs could certainly be more explicit...currently they state that tokenize
is *detecting* the encoding of the file, which *implies* but does not make
explicit that the input must be binary, not text.
The doc problem will get fixed as part of the fix to
Antoine Pitrou added the comment:
Can you explain how OCSP helps prevent MITM attacks?
- Mail original -
De: Christian Heimes rep...@bugs.python.org
À: pit...@free.fr
Envoyé: Lundi 4 Février 2013 17:14:32
Objet: [issue17123] Add OCSP support to ssl module
New submission from
Changes by Jesús Cea Avión j...@jcea.es:
--
nosy: +jcea
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13156
___
___
Python-bugs-list mailing list
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +barry, benjamin.peterson, georg.brandl, larry
priority: high - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17123
___
Christian Heimes added the comment:
OCSP can prevent MITM attacks when the private server cert or CA cert got
compromised or stolen somehow.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17123
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16038
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: normal - release blocker
versions: +Python 3.4 -Python 3.1
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12226
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16039
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +barry, benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16041
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16040
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16042
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16037
___
Changes by Christian Heimes li...@cheimes.de:
--
nosy: +benjamin.peterson, georg.brandl, larry
priority: critical - release blocker
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue16043
___
Ned Deily added the comment:
On OS X, Trent's fixes solved the bootstrap issue and _sysconfigdata.py is now
created in buildir. Closing.
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
___
Python tracker
Eric Snow added the comment:
My vote is for making this a ValueError in both cases (and amending the doc
appropriately as well). The error amounts to the same thing: the module did
not have loader (implicitly or explicitly). If someone wants to distinguish
between the two they can
Eric Snow added the comment:
+1
--
nosy: +eric.snow
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17117
___
___
Python-bugs-list mailing list
Eric Snow added the comment:
In all honesty I would like to tweak imp.new_module()/PyModule_Create()...
+1
--
nosy: +eric.snow
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17115
___
Eric Snow added the comment:
[document that] the language reference and importlib docs now supersede the
PEP
Agreed. PEP 302 is even crustier now than it was a year ago and Barry's new
import page in the language reference obviates the need for 302 as the de facto
spec.
--
ddve...@ucar.edu added the comment:
Ok, I'm closing this ticket, since it does not seem there is interested in
fixing it. I still believe it would be a nice feature, but life is short, let's
concentrate efforts on more useful things.
Moreover (see Issue17085 for details) TIPC was not the root
ddve...@ucar.edu added the comment:
So I rebuild python withou tipc (basically deleting it from configure, since it
cannot be cleanly avoided, see Issue17092).
The 'sudo modprobe tipc' message of course disappears, but the uncaught alarm
is still there, see below:
./python
ddve...@ucar.edu added the comment:
Just to see this test running to completion, I applied the following (ugly)
patch:
--- Lib/test/test_socket.py.orig2012-04-09 17:07:32.0 -0600
+++ Lib/test/test_socket.py 2013-02-03 06:56:11.778118985 -0700
@@ -14,7 +14,7 @@
import array
Changes by Jesús Cea Avión j...@jcea.es:
--
nosy: +jcea
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17123
___
___
Python-bugs-list mailing list
Charles-François Natali added the comment:
Using handle_accept() in my code and remembering to call listen() in my
asyncore.dispatcher server's constructor did the trick.
I am not sure if we still have a bug here though, since if the subclass
doesn't define a proper handle_accept() we get
New submission from Noah Yetter:
Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on
win32
Type help, copyright, credits or license for more information.
The docs claim that multiprocessing.dummy replicates the API of
multiprocessing but is no more than a wrapper
New submission from Ned Deily:
Apple has deprecated use of openssl in OS X due to its unstable API between
versions:
If your app depends on OpenSSL, you should compile OpenSSL yourself and
statically link a known version of OpenSSL into your app
Marc-Andre Lemburg added the comment:
Thanks for getting this in, Eric !
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13994
___
___
ddve...@ucar.edu added the comment:
Paul,
I agree with you, this default behavior is painful. And in fact even the author
of the test_socket case for the python regression suite agree with us (maybe
even implicitly and by mistake, but regardless...) See Issue17085 for details
--
nosy:
R. David Murray added the comment:
The autoloading error will be fixed in 2.7.4 (due out Real Soon Now, but not
immediately).
I've nosied the author, Dave Malcolm, to address the other issues.
--
nosy: +dmalcolm, r.david.murray
___
Python tracker
Dave Jones added the comment:
I think I found something but I do not know what it means.
Everytime the import hangs, it seems to leave behind a time.pyc
There are only 29 files in this directory.
[jonesda0@linux-2py2 pycode]$ ls -1tr
py5.py*
py4.py*
py3.py*
py2.py*
py1.py*
print_func.py
test.py
Antoine Pitrou added the comment:
Christian, I really don't agree this should be a release blocker, and
especially not for bugfix branches.
--
priority: release blocker - normal
___
Python tracker rep...@bugs.python.org
Ian Cordasco added the comment:
As a further note, on python 2.6, I just touched a file called time.py, and in
the interpreter imported subprocess. It didn't hang because the file was empty
but it did generate a pyc file. This is almost certainly the root of your
problem. I doubt this is a
Ian Cordasco added the comment:
Could you give us the contents of your time.py file? I wonder if there's
something in that file that is causing the import to hang. It's the only reason
I can think of as to why the time.pyc file shows up.
Also, if you want to check before-hand, make a new
Antoine Pitrou added the comment:
Wow. Can we calm down? Setting many feature requests as release blockers
certainly won't magically solve issues.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
Antoine Pitrou added the comment:
Thanks for the patch :)
Since the test doesn't access a remote host (the version before it was skipped
used to), I think it could be moved to test_urllib2_localnet. Also, the
transient_internet() shouldn't be necessary.
--
Senthil Kumaran added the comment:
Éric, thanks for the comment. URLopener and FancyURLopener is deprecated, so
that reference to that can be removed from 3.4 (after removing the URLopener
and FancyURLopener class). Rest of the patch can stay the same.
--
Changes by Jesús Cea Avión j...@jcea.es:
--
nosy: +jcea
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue10517
___
___
Python-bugs-list mailing list
Christian Heimes added the comment:
Benjamin requested that I should set the priority of all tickets to 'release
blocker' that needs be be addressed, discussed and possibly fixed for the
upcoming releases.
--
___
Python tracker
Antoine Pitrou added the comment:
Yes, and why do you think this should be addressed in the next bugfix release?
If HTTPS is so broken that you can't upload important data with it, then
perhaps patching Python is not the most important thing to do?
In other words: don't you think you're
New submission from Christian Heimes:
For effective SSL server cert validation a bundle of trustworthy CA certs is
required. Most system ship such a bundle but it's not always possible to access
the bundle from Python / OpenSSL. Windows and Mac OS X come into my mind. wget
and curl ship a
Benjamin Ash added the comment:
Ok, thanks for quick followup. I didn't realize that the patch for Python-3,
sorry about that.
The issue I had was due to never calling self.listen() in the constructor of
my server (asyncore.dispatcher). If this is not done the CPU spikes to 100%.
Thanks
Changes by Christian Heimes li...@cheimes.de:
--
dependencies: +Include CA bundle and provide access to system's CA
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12226
___
Christian Heimes added the comment:
Perhaps a tiny bit. ;) My brain is in paranoid mode ...
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
___
Antoine Pitrou added the comment:
Shouldn't it be a duplicate of issue13655?
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17129
___
Serhiy Storchaka added the comment:
Here is a patch, which made xml.sax.xmlreader and related utilities to support
character stream. A lot of new tests added (including Yitz Gale's tests from
issue1483). Some old tests fixed (they were used text stream as byte stream,
this doesn't work in
Benjamin Peterson added the comment:
Too much of a new feature IMO.
--
priority: release blocker - normal
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
___
Roundup Robot added the comment:
New changeset e64b74227198 by R David Murray in branch '3.3':
#16811: Fix folding of headers with no value in provisional policies.
http://hg.python.org/cpython/rev/e64b74227198
New changeset fe7f3e2e49ce by R David Murray in branch 'default':
Merge #16811: Fix
R. David Murray added the comment:
Fixed, thanks. There are some other issues with folding values consisting of
only blanks, but I'll deal with that in the context of other issues. With this
fix the new folding algorithm works at least as well as the old folding
algorithm on blank values.
Dave Jones added the comment:
Tried to edit subject to make it easier to search
--
title: import subprocess hangs for ~25 seconds, 700+ files in dir - py 2.7.3,
2.6.6 - import subprocess hangs for ~25 seconds, time.py file in dir - py
2.7.3, 2.6.6
Dave Jones added the comment:
Hello Ian.
Thank you for the reply.
As I imagine you understand, I delete the time.pyc file every time it comes
back.
That being said, there *is* a time.py script in there from some testing I was
doing:
[jonesda0@toshiba pycode]$ ls -1tr *.py* | egrep sp|time
Changes by Ed Campbell drescampb...@gmail.com:
--
nosy: +esc24
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17128
___
___
Python-bugs-list
Benjamin Peterson added the comment:
As you are the MacOSX expert, I'm going to defer your judgement (and/or
Ronald's). I don't think the release will be for several days at least, so you
should have time to test.
--
___
Python tracker
Changes by Gregory P. Smith g...@krypto.org:
--
nosy: -gregory.p.smith
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17121
___
___
Charles-François Natali added the comment:
You happen to have a script named time.py, so when the subprocess module is
imported, it imports this script instead of the correct time module.
Nothing is wrong, closing.
--
nosy: +neologix
resolution: - invalid
stage: - committed/rejected
1 - 100 of 139 matches
Mail list logo