Senthil Kumaran added the comment:
The suggested patch(s) looks good to me.
--
nosy: +orsenthil
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20939
___
Petri Lehtinen added the comment:
The patch doesn't apply cleanly on 3.4 or default.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17188
___
Marc-Andre Lemburg added the comment:
Just to clarify a few things:
On 20.03.2014 00:50, Graham Wideman wrote:
I think part of the ambiguity problem here is that there are two subtly but
importantly different ideas here:
1. Python string (capable of representing any unicode text) --
Dima Tisnek added the comment:
+dstufft is absolutely right.
SNI needs to be enabled on lower level than user python code. if it is,
requests and most other http client libs get it for free without dependencies.
--
___
Python tracker
Roundup Robot added the comment:
New changeset 6718d00b872b by Victor Stinner in branch '3.4':
Issue #20978: Remove last part of OS/2 support in distutils
http://hg.python.org/cpython/rev/6718d00b872b
New changeset 8de5d0809dd8 by Victor Stinner in branch '3.4':
Issue #20978: pyflakes: fix
New submission from STINNER Victor:
Two warnings from pyflakes:
diff -r 72889bf8531d Lib/multiprocessing/spawn.py
--- a/Lib/multiprocessing/spawn.py Tue Mar 18 13:21:29 2014 +0100
+++ b/Lib/multiprocessing/spawn.py Wed Mar 19 11:49:24 2014 +0100
@@ -64,6 +64,7 @@ def freeze_support():
STINNER Victor added the comment:
Serhiy suggested (msg214136):
Lib/multiprocessing/synchronize.py:
Add at the start of the file:
from . import get_context
It looks like multiprocessing.get_context() exists, but I don't see how it is
defined.
For main(), it should maybe be replaced with
STINNER Victor added the comment:
I created #20990 for the undefined names in multiprocessing.
--
nosy: -python-dev
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20978
___
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: pyflakes: undefined ctype in 2 except blocks - pyflakes: undefined
ctype in 2 except blocks in the email module
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20977
New submission from Vatel:
I just wrote a sample like this:
testPy/
__init__.py
client.py
SoamFactory.c
SoamFactory.so
soamapi.py
sample/testP.py
export PYTHONPATH=$(TEST_LOCATION):$(TEST_LOCATION)/testPy
Here's the source codes:
__init__.py:
Roundup Robot added the comment:
New changeset bdad874195d6 by Victor Stinner in branch '3.4':
Isuse #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed by
http://hg.python.org/cpython/rev/bdad874195d6
New changeset 2e4692a762d5 by Victor Stinner in branch 'default':
(Merge 3.4) Issue
Roundup Robot added the comment:
New changeset f6f691ff27b9 by Victor Stinner in branch '3.4':
Issue #20976: pyflakes: Remove unused imports
http://hg.python.org/cpython/rev/f6f691ff27b9
New changeset 714002a5c1b7 by Victor Stinner in branch 'default':
(Merge 3.4) Issue #20976: pyflakes: Remove
Roundup Robot added the comment:
New changeset bdad874195d6 by Victor Stinner in branch '3.4':
Isuse #12328, #20978: Add _winapi.WAIT_ABANDONED_0 symbol, needed by
http://hg.python.org/cpython/rev/bdad874195d6
New changeset 2e4692a762d5 by Victor Stinner in branch 'default':
(Merge 3.4) Issue
STINNER Victor added the comment:
I would prefer that _qdecode be left alone.
Ok, I leaved these symbols unchanged in Lib/email/utils.py even if they are not
used:
--
from quopri import decodestring as _qdecode
from email.encoders import _bencode, _qencode
--
--
Changes by STINNER Victor victor.stin...@gmail.com:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20976
___
Changes by STINNER Victor victor.stin...@gmail.com:
--
resolution: - fixed
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20978
___
Serhiy Storchaka added the comment:
It looks like multiprocessing.get_context() exists, but I don't see how it
is defined.
It is defined by:
globals().update((name, getattr(context._default_context, name))
for name in context._default_context.__all__)
For main(), it should
Serhiy Storchaka added the comment:
What about 2.7?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20978
___
___
Python-bugs-list mailing list
STINNER Victor added the comment:
What about 2.7?
Python 2.7 is not affected.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20978
___
___
STINNER Victor added the comment:
It looks like FreeBSD 6.4 includes OpenSSL 0.9.7, whereas X509_check_ca()
requires OpenSSL 0.9.8 or newer.
--
title: ssl doesn't build anymore with old OpenSSL versions - ssl doesn't build
anymore with OpenSSL 0.9.7 or older
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: ssl doesn't build anymore with OpenSSL 0.9.7 or older - ssl doesn't
build anymore with OpenSSL 0.9.7 or older: X509_check_ca
___
Python tracker rep...@bugs.python.org
Changes by Serhiy Storchaka storch...@gmail.com:
--
assignee: - serhiy.storchaka
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19255
Serhiy Storchaka added the comment:
Here is updated patch.
--
versions: +Python 3.5 -Python 3.4
Added file: http://bugs.python.org/file34529/sre_clinic_2.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20148
New submission from Tommy Carstensen:
This is my first post on bugs.python.org. I hope I abide to the rules. It was
suggested to me on stackoverflow.com, that I request an enhancement to the
module fileinput here:
Peter Santoro added the comment:
It seems clear to me that the logic in shutil._unpack_zipfile that silently
skips paths that start with '/' (indicates absolute path) or that contain
references to the parent directory ('..') was added to prevent malicious zip
files from making potential
Changes by Vinay Sajip vinay_sa...@yahoo.co.uk:
--
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20985
___
___
Graham Wideman added the comment:
Marc-Andre:
Thanks for commenting:
2. 1. Python string -- some other code system, such as
ASCII, cp1250, etc. The destination code system doesn't
necessarily have anything to do with unicode, and whole
ranges of unicode's characters either result in
Vinay Sajip added the comment:
Though not deprecated, fileConfig() will not be receiving any enhancements
(just bug-fixes). It is recommended that users who need more functionality
migrate to using dictConfig(), which offers more configuration functionality
than fileConfig() - e.g.
Antoine Pitrou added the comment:
Nick: rather than direct users to use requests, we should direct them to use
Python 3, which has had SNI support for 3+ years now.
If client programs choose to remain on Python 2, it's *their* fault, not
Python's.
--
Antoine Pitrou added the comment:
Duplicate of issue 20913.
--
resolution: - duplicate
status: open - closed
superseder: - Standard Library documentation needs SSL security best
practices doc.
___
Python tracker rep...@bugs.python.org
Dima Tisnek added the comment:
Antoine, was Python 2.x a mistake?
I don't think so.
SNI is not a language feature, it's not even a python extension feature.
It's a feature of and existing protocol and the underlying library.
--
___
Python tracker
Antoine Pitrou added the comment:
Antoine, was Python 2.x a mistake?
Really, can you stop arguing about this?
If you want to know what Python considers features and bug fixes, then
get acquainted with the development process instead of bickering.
--
New submission from Auke Willem Oosterhoff:
Quicklink[1] to PEPs points to the old page which doesn't exists anymore.
Patch provided with correct link.
[1]:http://docs.python.org/devguide/#quick-links
--
components: Devguide
files: index.patch
keywords: patch
messages: 214202
nosy:
Martin v. Löwis added the comment:
Pander: In what way would this extend or improve the current patch?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue6331
___
Marc-Andre Lemburg added the comment:
On 20.03.2014 11:49, Graham Wideman wrote:
An encoding is a mapping of characters to ordinals, nothing more or less.
In unicode, the mapping from characters to ordinals (code points) is not the
encoding. It's the mapping from code points to bytes
Raymond Hettinger added the comment:
Thanks for the patch update. I will look at it shortly.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8743
___
Giampaolo Rodola' added the comment:
hg import http://bugs.python.org/file34522/devpoll3.patch; applies cleanly for
me. Not sure what else to do.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue18931
Serhiy Storchaka added the comment:
Could you please make a review Raymond?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14373
___
___
Raymond Hettinger added the comment:
Could you please make a review Raymond?
Yes, I will take a look. I looking a making other changes to the lru_cache
and don't want the C implementation to go it first. There are still some open
questions about re-entrancy that still need to be addressed
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
nosy: +tim.peters
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue12384
___
___
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
assignee: - rhettinger
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19640
___
___
Vinay Sajip added the comment:
It looks like the venv checking machinery in site.py was changed in 3.4 to
import re conditionally if in a venv (in 3.3, it was an unconditional import).
This doesn't seem wrong, so ISTM the test needs changing (it already contains
exceptions for particular
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
versions: -Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19640
___
___
Nick Coghlan added the comment:
I'm currently discussing some options with Donald and Christian. While it's
annoying that a developer from a certain large corporate user of Python (a
director of the PSF, no less) is whining at volunteers on the internet
instead of actually helping by encouraging
Raymond Hettinger added the comment:
FWIW, the verbose option is mentioned as outdated because the _source
attribute was added.
Also, there are real use cases, people are using the _source as writing it to a
.py file so that the dynamic namedtuple generation step can be skipped on
subsequent
Changes by Raymond Hettinger raymond.hettin...@gmail.com:
--
priority: normal - low
title: Drop _source attribute of namedtuple (waste memory) - Dynamically
generate the _source attribute of namedtuple to save memory)
___
Python tracker
Roundup Robot added the comment:
New changeset df427bf067d7 by Vinay Sajip in branch '3.4':
Issue #10141: updated new usages of AF_CAN to be in #ifdef AF_CAN rather than
#ifdef HAVE_LINUX_CAN_H to allow compilation on older Linuxes.
http://hg.python.org/cpython/rev/df427bf067d7
--
R. David Murray added the comment:
Note that unix unzip does exactly the same thing as zipfile extractall (except
that it does issue warnings), and I believe this is considered best practice
these days for extraction tools: strip out absolute/relative path components
and extract to the
Antoine Pitrou added the comment:
I'm missing some context to appreciate your message, Nick, but please note that
SNI is not in itself a security feature. It just enables interoperability with
TLS virtual hosts (aka. hosting several TLS-enabled domains behind a single IP
and port).
R. David Murray added the comment:
Your example doesn't seem to have anything to do with XML, nor is it sufficient
to reproduce the problem. Can you provide a simple program including sample
data that reproduces the behavior you are concerned with? We'll also need to
know what platform you
Donald Stufft added the comment:
It's somewhat of a grey area of security feature. It's not directly a security
feature but if you don't have SNI and you hit a site that requires it then your
error message is going to be something like what people run into with PyPI[1]
which is Cannot verify
Daniel U. Thibault added the comment:
The default encoding is normally set to ASCII [...]. When a Unicode string is
printed, written to a file, or converted with str(), conversion takes place
using this default encoding.
uäöü
u'\xe4\xf6\xfc'
Printing a Unicode string uses ASCII encoding:
Changes by lilydjwg lilyd...@gmail.com:
--
nosy: +lilydjwg
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue13936
___
___
Python-bugs-list mailing
Raymond Hettinger added the comment:
The size of the _source attribute is about 2k per namedtuple class:
from collections import namedtuple
Response = namedtuple('Response', ['code', 'msg', 'compressed', 'written'])
len(Response._source)
2174
--
Roundup Robot added the comment:
New changeset 9c27c9844be2 by Vinay Sajip in branch 'default':
Closes #20558: Improved implementation of error handling.
http://hg.python.org/cpython/rev/9c27c9844be2
--
resolution: - fixed
stage: - committed/rejected
status: open - closed
Roundup Robot added the comment:
New changeset 46fe23e000a1 by Vinay Sajip in branch '3.4':
Issue #20558: Improved implementation of error handling.
http://hg.python.org/cpython/rev/46fe23e000a1
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Understood, but that's no different from trying to connect with an old Windows
or MSIE version (which I'm sure will also fail on some websites).
Client-side SNI support has been added in Python 3.2, and 3.4 is now out.
People who migrated their code to Python
R. David Murray added the comment:
re: file. You forgot the 'u' in front of the string:
f.write(u'This is a «test»\n')
Traceback (most recent call last):
File stdin, line 1, in module
UnicodeEncodeError: 'ascii' codec can't encode character u'\xab' in position
10: ordinal not in range(128)
STINNER Victor added the comment:
Please discuss the Python 2 documentation in a new issue, this one is now
closed and so hidden from the list of bugs.
--
nosy: +haypo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue5639
Roundup Robot added the comment:
New changeset f27f594a96c3 by Vinay Sajip in branch '3.4':
Issue #20444: Reduced code duplication.
http://hg.python.org/cpython/rev/f27f594a96c3
New changeset 135aa1c4349d by Vinay Sajip in branch 'default':
Closes #20444: Merged fix from 3.4.
Brett Cannon added the comment:
This isn't a bug so closing as invalid. As suggested on python-dev, ask on
python-list or python-help for assistance.
--
nosy: +brett.cannon
resolution: - invalid
status: open - closed
___
Python tracker
Barry A. Warsaw added the comment:
On Mar 20, 2014, at 08:29 AM, STINNER Victor wrote:
from quopri import decodestring as _qdecode
from email.encoders import _bencode, _qencode
AFAICT, _qdecode is only used in email/messages.py, so perhaps it's better to
import it there and remove it from
Ram Rachum added the comment:
I understand Antoine.
At this point, while I could easily implement the changes you ask for in your
review, I'm concerned that we are spending our time adding a feature to Python
that nobody really loves.
What I'd really love is a pair of methods `read` and
Roundup Robot added the comment:
New changeset 0d9f428f28ce by Zachary Ware in branch 'default':
Issue #20993: Fix link to PEPs
http://hg.python.org/devguide/rev/0d9f428f28ce
--
nosy: +python-dev
___
Python tracker rep...@bugs.python.org
R. David Murray added the comment:
Well, one reason is I was afraid mailman might be using them. So if you are
cool with it, that removes that objection.
The other reason was that it seemed they were being used from utils on
purpose, as a design thing. I did not take the time to do a full
Zachary Ware added the comment:
It turns out that adding a slash to the end of the existing address was enough
to get the right redirect, so I went with that instead of your patch.
Either way, thanks for the report!
--
assignee: - zach.ware
nosy: +zach.ware
resolution: - fixed
STINNER Victor added the comment:
Barry, David: It's up to you. I'm done with this issue, but you can drop more
unused import if you want. Since I don't know well the email module, I don't
want to be responsible of breaking it :-)
--
___
Python
Barry A. Warsaw added the comment:
On Mar 20, 2014, at 01:32 PM, R. David Murray wrote:
Well, one reason is I was afraid mailman might be using them. So if you are
cool with it, that removes that objection.
Nope, neither the 2.1 or 3.0 code uses those methods AFAICT.
The other reason was
New submission from Donald Stufft:
Since Python 3.3 the ssl module has supported the ability to opt in to
disabling TLS Compression [1]. However TLS Compression has the problem that it
typically leaks data through an attack known as CRIME. CRIME is specific to
HTTP but the type of attack it
Changes by Brett Cannon br...@python.org:
--
nosy: +brett.cannon
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20986
___
___
Python-bugs-list
Antoine Pitrou added the comment:
It would probably be sufficient to add OP_NO_COMPRESSION to OP_ALL.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20994
___
R. David Murray added the comment:
Sure.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20976
___
___
Python-bugs-list mailing list
Unsubscribe:
Donald Stufft added the comment:
Ah, I hadn't noticed the OP_ALL thing, in 3.3+ adding OP_NO_COMPRESSION to
OP_ALL would be reasonable. That would disable TLS Compression by default,
still provide people the ability to disable TLS Compression if they don't use
OP_ALL, and provide a way to
Antoine Pitrou added the comment:
Do you think it'd be OK to just disable TLS Compression in 2.7 and 3.2
without the option to turn it back on? I think that would be fine
personally.
I'm not enough of a TLS expert, but it sounds ok.
--
___
Python
Changes by Alex Gaynor alex.gay...@gmail.com:
--
nosy: +alex
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20994
___
___
Python-bugs-list mailing
New submission from Donald Stufft:
As of right now the default cipher list for the ssl module is
DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2, additionally on Python 3.4 when you
use create_default_context() then you also additionally get
HIGH:!aNULL:!RC4:!DSS.
I think we should change this to
Changes by Alex Gaynor alex.gay...@gmail.com:
--
nosy: +alex
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
___
Python-bugs-list mailing
Antoine Pitrou added the comment:
I really don't think hardcoding specific ciphers is a good idea.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
New submission from Donald Stufft:
Python 3.4 has constants and code to enable forcing the ssl_version to TLS 1.1
or 1.2. As it stands now Python 2.7, 3.2, and 3.3 can successfully connect and
will use a TLS 1.1 or 1.2 connection if it's available (new enough OpenSSL) but
cannot _force_ a
Antoine Pitrou added the comment:
Two questions:
- does it fix a bug in Python?
- does it fix a security issue in Python?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20996
___
Marc-Andre Lemburg added the comment:
On 20.03.2014 15:11, Donald Stufft wrote:
The compatibility of this is pretty good. The only time this should cause a
connection to *fail* is if a server is using an insecure cipher and in that
case you can re-enable it by simply passing the original
R. David Murray added the comment:
create_default_context is about best practices, though, so it seems to me it
wouldn't be crazy to do it there.
--
nosy: +r.david.murray
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
New submission from Baptiste Mispelon:
When doing a search for PYTHONDONTWRITEBYTECODE on the 2.7 docs
(http://docs.python.org/2/search.html?q=PYTHONDONTWRITEBYTECODE), the first
(and only) search result is the following link:
Alex Stapleton added the comment:
CRIME is not universally applicable to all TLS connections and it requires some
cooperation from the application to work. In fact for a Python TLS client it
seems quite unlikely for an application to be vulnerable. The attack in the
paper leverages an
Steven Myint added the comment:
This bug was introduced in #13831.
--
versions: +Python 3.5
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20980
___
Donald Stufft added the comment:
To be specific it doesn't require any remote code execution to work, it just
requires you to be able to influence the content of the responses that the
client is receiving.
--
___
Python tracker
Antoine Pitrou added the comment:
create_default_context is about best practices, though, so it seems to
me it wouldn't be crazy to do it there.
Agreed, but the real problem here is maintenance. Hardcoding a list of
specific ciphers means someone must follow closely the introduction of
new
Serhiy Storchaka added the comment:
Are there any questions or objections?
--
assignee: - serhiy.storchaka
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20636
___
Alex Gaynor added the comment:
That's because of the set of ciphersuites offered by the server (see
https://www.ssllabs.com/ssltest/analyze.html?d=linuxfr.org), it's not an
inevitable property of TLS. For example jenkins.cryptography.io (see
mattip added the comment:
As far as I know, cpython3 dropped the assumption that garbage collection
closes files, so python3's version of this test should already handle the
issue, no?
--
___
Python tracker rep...@bugs.python.org
Donald Stufft added the comment:
Yea I noticed that, so I was doing some more testing, here's what I think we
should be using (It Adds back in RC4):
Donald Stufft added the comment:
This is a simple patch, it simple disables TLS Compression by default. If a
user wants to add it back they can create their own SSLContext and do
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.options = ~ssl.OP_NO_COMPRESSION
This should be able to apply
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20994
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20995
___
Arfrever Frehtes Taifersar Arahesis added the comment:
Garbage collection still closes files, but Python =3.2 might print
ResourceWarnings.
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20887
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20996
___
Zachary Ware added the comment:
Thanks for the #3158 addition, David :)
We've been a week with no more major changes; is this issue done?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue19861
New submission from Nathan West:
I have the following regular expression:
In [2]: regex = re.compile(ME IS \w+, re.I)
For some reason, when using `fullmatch`, it doesn't match substrings longer
than 1 for the '\w+':
In [3]: regex.fullmatch(ME IS L)
Out[3]: _sre.SRE_Match object; span=(0, 7),
Donald Stufft added the comment:
Here's the same patch for Python 2.7, it's basically the same thing just at a
different location.
--
Added file: http://bugs.python.org/file34532/disable-ssl-compression-2.7.diff
___
Python tracker
Changes by Nathan West lucret...@gmail.com:
--
type: - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue20998
___
___
Python-bugs-list
1 - 100 of 184 matches
Mail list logo