[issue26307] no PGO for built-in modules with `make profile-opt`

Changes by Alecsandru Patrascu : Added file: http://bugs.python.org/file42000/pgofix-cpython3.patch ___ Python tracker ___

[issue26307] no PGO for built-in modules with `make profile-opt`

Alecsandru Patrascu added the comment: I've added the patch here also. -- keywords: +patch Added file: http://bugs.python.org/file41999/pgofix-cpython2.patch ___ Python tracker

[issue26406] getaddrinfo is thread-safe on NetBSD and OpenBSD

A. Jesse Jiryu Davis added the comment: Patch uploaded. I've copied the "nosy" list from #25924, if that was bad etiquette please forgive me. -- keywords: +patch Added file: http://bugs.python.org/file41998/26406-getaddrinfo-netbsd-openbsd.patch

[issue26323] Add assert_called() and assert_called_once() methods for mock objects

Amit Saha added the comment: Updated patch -- Added file: http://bugs.python.org/file41997/issue26323.patch ___ Python tracker ___

[issue26406] getaddrinfo is thread-safe on NetBSD and OpenBSD

New submission from A. Jesse Jiryu Davis: In socketmodule.c we lock around getaddrinfo calls on platforms where getaddrinfo is believed not to be thread-safe. We've verified that it *is* thread-safe, and therefore stopped locking around it, on FreeBSD 5.3+ (#1288833) and Mac OS X 10.5+

[issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Dhiraj added the comment: Hello @Georg Brandl PFA you'll be happy to find that python3.x is still vulnerable to cgi.escape() the module is not able to escape some values and can lead to XSS also. As @Martin Panter said now cgi.escape() is been replaced to html.escape() so accordingly

[issue26400] SyntaxError when running Python 2.7 interpreter with subprocess.call

giumas added the comment: It worked also for me with the official 64-bit distribution! I get that buggy behavior with the Anaconda distribution (this was the "Library\bin"). I should have checked it as first step! My apologies and thank you so much for your kind help. -- resolution:

[issue26400] SyntaxError when running Python 2.7 interpreter with subprocess.call

Eryk Sun added the comment: Your example worked fine for me with the official 64-bit distribution of 2.7.10 installed in "C:\Program Files\Python27" on Windows 10. I created a junction from "C:\Py27x64" to the 2.7 installation directory in order to run the example as provided. This issue

[issue26400] SyntaxError when running Python 2.7 interpreter with subprocess.call

giumas added the comment: No, I don't. I have just double-checked it. Did you try to run my minimal example on your machine? If yes, are you getting the same behavior? -- ___ Python tracker

[issue21042] ctypes.util.find_library() should return full pathname instead of filename in linux

Martin Panter added the comment: I left a suggestion about the duplication in the code review. I set CC with “configure” like you said. I also had to run “make clean” to get rid of the old 64-bit stuff. But it might depend on the GCC that you have installed. On Arch Linux, I have

[issue26403] Don't call sendto in socketserver.DatagramRequestHandler if there is nothing to send

Martin Panter added the comment: This change has already been proposed in Issue 1767511, which I recently replied to. I think it is valid to send an empty datagram back to the client, and not doing so could break existing code. Also see Issue 5824 about removing the comment about recvfrom()

[issue26403] Don't call sendto in socketserver.DatagramRequestHandler if there is nothing to send

Berker Peksag added the comment: This looks like a duplicate of issue 5824. See msg259969 for Martin's analysis in that issue. There is also a similar patch for 2.7 in issue 1767511: http://bugs.python.org/file9271/DatagramServer.diff -- nosy: +berker.peksag, martin.panter

[issue26323] Add assert_called() and assert_called_once() methods for mock objects

STINNER Victor added the comment: The latest patch looks good to me, but I would prefer to have a review of the maintainer of the unittest.mock module (Michael Ford, voidspace?), or at least a second core developer. @Robert: Would you mind reviewing the latest patch please? --

[issue26323] Add assert_called() and assert_called_once() methods for mock objects

Amit Saha added the comment: @haypo : Just a reminder request to please view the updated patch. -- nosy: +Amit Saha ___ Python tracker ___

[issue19475] Add timespec optional flag to datetime isoformat() to choose the precision

Martin Panter added the comment: Left some review suggestions -- ___ Python tracker ___ ___ Python-bugs-list

[issue26000] Crash in Tokenizer - Heap-use-after-free

Sean Gillespie added the comment: Went ahead and did it since I had the time - the issue is that when doing a token of lookahead to see whether an 'async' at a top-level begins an 'async def' function or if it is an identifier. A shallow copy of the current token is made and given to another

[issue26402] Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly.

Jelte Fennema added the comment: I don't know much about the server as I only used the client. So I don't know if it is possible to test with Python's XML-RPC server. As for your proposed improvement, it seems that should work. Keep in mind though that that would also catch the

[issue26402] Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly.

Martin Panter added the comment: Thankyou Jelte for finding this. We made RemoteDisconnected inherit from ConnectionResetError (and therefore OSError) thinking it would help with compatibility, but in this case that has backfired. Your patch looks like a valid fix. I would like to figure out

[issue26405] tkinter askopenfilename doubleclick issue on windows

New submission from rapolas: Issue is that doubleclick passes a click down to a parent window, and if it happens that you doubleclicking to select a file directly above some button, that button gets pressed. Here is the code to demonstrate this issue: import tkinter as tk from tkinter import

[issue26404] socketserver context manager

New submission from Aviv Palivoda: As Martin commented on my patch at issue 26392 the socketserver.server_close is like the file close. That made me think that we should add a context manager to the socketserver. -- components: Library (Lib) files: socketserver_context_manager.patch

[issue26221] awaiting asyncio.Future swallows StopIteration

Chris Angelico added the comment: Opened https://github.com/python/asyncio/pull/322 -- ___ Python tracker ___

[issue26401] Error in documentation for "compile" built-in function

Raúl Núñez de Arenas added the comment: Thanks to you, Berker, and SilentGhost, for applying and preparing the patch! -- ___ Python tracker ___

[issue26403] Don't call sendto in socketserver.DatagramRequestHandler if there is nothing to send

Changes by desbma : -- type: -> behavior ___ Python tracker ___ ___ Python-bugs-list

[issue21042] ctypes.util.find_library() should return full pathname instead of filename in linux

Tamás Bence Gedai added the comment: I've added a new method to Test_OpenGL_libs as you suggested. I check whether find_library returns an absolute path. Note that I didn't distinguish different systems, as according to the docs, only Linux systems return the file name, other systems return

[issue26401] Error in documentation for "compile" built-in function

Berker Peksag added the comment: Thanks! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue26401] Error in documentation for "compile" built-in function

Roundup Robot added the comment: New changeset 0cfac9efd895 by Berker Peksag in branch '3.5': Issue #26401: Fix compile() documentation https://hg.python.org/cpython/rev/0cfac9efd895 New changeset 45cf82f424ce by Berker Peksag in branch 'default': Issue #26401: Fix compile() documentation

[issue26400] SyntaxError when running Python 2.7 interpreter with subprocess.call

Eryk Sun added the comment: The error you're getting indicates that stdin is set to binary mode for some reason. You can see this using the -u command line option: C:\>py -2 -u Python 2.7.10 (default, May 23 2015, 09:44:00) [MSC v.1500 64 bit (AMD64)] on win32 Type "help",

[issue26403] Don't call sendto in socketserver.DatagramRequestHandler if there is nothing to send

Changes by desbma : -- title: Don't call sendto in DatagramRequestHandler if there is nothing to send -> Don't call sendto in socketserver.DatagramRequestHandler if there is nothing to send ___ Python tracker

[issue26403] Don't call sendto in DatagramRequestHandler if there is nothing to send

Changes by desbma : -- components: +Library (Lib) -Macintosh keywords: +patch Added file: http://bugs.python.org/file41991/issue26403.patch ___ Python tracker

[issue26403] Don't call sendto in DatagramRequestHandler if there is nothing to send

New submission from desbma: When using socketserver to create a simple server for Unix Domain sockets (see server_dgram.py), and when sending data with a client that immediately shuts down (without waiting for a response, on Linux I test with 'echo data | nc -Uu -w 0 /tmp/s.socket') I get

[issue26375] Python 2.7.10 and 3.4.4 hang on imaplib.IMAP4_SSL()

Michal Niklas added the comment: Of course I'm not sure if it is related with RC4 removal, but I have found it in changelog for Python 2.7.10: https://hg.python.org/cpython/raw-file/15c95b7d81dc/Misc/NEWS Issue #23481: Remove RC4 from the SSL module's default cipher list. --

[issue26401] Error in documentation for "compile" built-in function

SilentGhost added the comment: Updated patch. -- Added file: http://bugs.python.org/file41989/issue26401_2.diff ___ Python tracker ___

[issue19475] Add timespec optional flag to datetime isoformat() to choose the precision

Alessandro Cucci added the comment: New patch -- Added file: http://bugs.python.org/file41988/issue19475_v13.patch ___ Python tracker ___

[issue26401] Error in documentation for "compile" built-in function

Raúl Núñez de Arenas added the comment: I checked the Mercurial repository directly, and the change was introduced in 2014: http://bugs.python.org/issue22215 So, yes, looks like a 3.5 change and the versionchanged note suggested by Berker is a great idea! --

[issue26401] Error in documentation for "compile" built-in function

SilentGhost added the comment: TypeError is raised in 3.4 -- ___ Python tracker ___ ___ Python-bugs-list

[issue26401] Error in documentation for "compile" built-in function

Raúl Núñez de Arenas added the comment: I checked the sources at github and the change was introduced back in 2010, if I recall correctly, so maybe this change happened in 3.2? I can check again and try to determine the exact date and if at all possible the version. --

[issue26401] Error in documentation for "compile" built-in function

Berker Peksag added the comment: It would be good to add a versionchanged note. Something like: .. versionchanged:: 3.5 Previously, a :exc:`TypeError` was raised [...] -- nosy: +berker.peksag stage: -> patch review ___ Python tracker

[issue26399] CSV Injection Vulnerability

Brett Cannon added the comment: Tracker bugs should be reported to http://psf.upfronthosting.co.za/roundup/meta/ . -- nosy: +brett.cannon ___ Python tracker

[issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Changes by Christian Heimes : -- nosy: +christian.heimes ___ Python tracker ___ ___

[issue26367] importlib.__import__ does not fail for invalid relative import

Brett Cannon added the comment: Thanks for spotting those! And just to clarify on terminology, the typos were in the NEWS file, not "What's New" which is a different thing (https://hg.python.org/cpython/file/default/Doc/whatsnew). -- ___ Python

[issue26221] awaiting asyncio.Future swallows StopIteration

Guido van Rossum added the comment: Would you mind reworking this as a PR for github.com/python/asyncio ? That's still considered "upstream" for asyncio. --Guido On Sun, Feb 21, 2016 at 8:17 AM, Chris Angelico wrote: > > Chris Angelico added the comment: > > Wording

[issue26402] Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly.

Jelte Fennema added the comment: >From what I can see that change simply replaces the old BadStatusLine >exception with the new RemoteDisconnected one. But since BadStatusLine is not >a subclass of OSError the correct code path would be taken. Currently the path >in execpt RemoteDisconnected

[issue26402] Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly.

SilentGhost added the comment: The code in question[0] was introduced in issue 3566: perhaps Martin could comment on existing implementation. [0] https://hg.python.org/cpython/rev/eba80326ba53 -- components: +Library (Lib) -IO nosy: +SilentGhost, martin.panter stage: -> test needed

[issue26402] Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly.

Changes by Jelte Fennema : -- title: Regression in Python 3.5 http.client, raises RemoteDisconnected seemingly randomly. -> Regression in Python 3.5 xmlrpc.client, raises RemoteDisconnected seemingly randomly. ___ Python

[issue26402] Regression in Python 3.5 http.client, raises RemoteDisconnected seemingly randomly.

Jelte Fennema added the comment: A short look through the stacktrace actually seemed to have gotten me to the issue. It is in the xmlrpc.client library in this piece of code: for i in (0, 1): try: return self.single_request(host, handler, request_body,

[issue26221] awaiting asyncio.Future swallows StopIteration

Chris Angelico added the comment: Wording changed, and a simple test added. I'm currently seeing failures in test_site, but that probably means I've messed something up on my system. -- Added file: http://bugs.python.org/file41986/no_stop_iter.patch

[issue26402] Regression in Python 3.5 http.client, raises RemoteDisconnected seemingly randomly.

New submission from Jelte Fennema: I've been developing an application which uses fuse as in interface to an xmlrpc API. I developed it with python 3.4 and it worked fine. When I used python 3.5 it started randomly raising a specific error when requesting info using the xmlrpc API. The error

[issue26221] awaiting asyncio.Future swallows StopIteration

Guido van Rossum added the comment: S.G.T.M. On Sunday, February 21, 2016, Chris Angelico wrote: > > Chris Angelico added the comment: > > How about "StopException interacts badly with generators and cannot be > raised into a Future"? > > -- > >

[issue26401] Error in documentation for "compile" built-in function

SilentGhost added the comment: Here is the patch. -- keywords: +patch nosy: +SilentGhost versions: +Python 3.6 Added file: http://bugs.python.org/file41985/issue26401.diff ___ Python tracker

[issue26395] asyncio does not support yielding from recvfrom (socket/udp)

Simon Bernier St-Pierre added the comment: I created a patch for it on the asyncio github repo. https://github.com/python/asyncio/pull/321 -- ___ Python tracker

[issue26401] Error in documentation for "compile" built-in function

New submission from Raúl Núñez de Arenas: According to the documentation, if the 'compile' built-in function encounters NUL bytes in the compiled source, it raises TypeError, but this is not true: >>> source = '\u' >>> compile(source, '', 'single') Traceback (most recent call last): File

[issue26400] SyntaxError when running Python 2.7 interpreter with subprocess.call

New submission from giumas: On Windows, I am getting a `SyntaxError` when I try to input commands after having launched a Python 2.7.x interpreter with `subprocess.call`. This is a minimal example: import os import subprocess def python_env_path(python_path):

[issue26394] Have argparse provide ability to require a fallback value be present

Michael Herold added the comment: Thank you for clarifying my request. Callables sound like a great solution to me! Looks like the fallback should be called in `take_action()` if argument_values is "empty" (None?). Per default it should be transparent to an `Action` if the values are based

[issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Dhiraj added the comment: Hello @martin.panter okay But still the module cgi.escape() Vulnerable if the Python Docs have created a new html.escape so you might remove the cgi.escape() or Implement the quote = True in cgi.escape() Predefine as its in html.escape because Developer mostly use

[issue26295] Random failures when running test suite in parallel (-m test -j0) caused by test_regrtest

Martin Panter added the comment: Another idea is to make a loader script that loads the “test” module, patches its __path__, and then runs test.__main__ or whatever as usual. -- ___ Python tracker

[issue25139] socketserver.ThreadingMixIn exception handler: Just a little refactoring

Martin Panter added the comment: I pushed the above code to 3.6, so closing this. -- resolution: -> out of date stage: patch review -> resolved status: open -> closed superseder: -> socketserver.BaseServer.handle_error() should not catch exiting exceptions

[issue26295] Random failures when running test suite in parallel (-m test -j0) caused by test_regrtest

Martin Panter added the comment: You say you couldn’t get the test package to be split into multiple directories. What did you try? As far as I can see, we need a way for test_regrtest to invoke the child process with some flag to say “add this extra directory to test.__path__”. --

[issue26247] Document Chrome/Chromium for python2.7

Ezio Melotti added the comment: Thanks for the patch, however since this is for the 2.7 branch, it should only say in which 2.7.x version this has been added. The note should also use the .. versionadded:: directive. All minor releases are tagged in the repo, so you can try to update the repo

[issue23430] socketserver.BaseServer.handle_error() should not catch exiting exceptions

Roundup Robot added the comment: New changeset d500d1a9615f by Martin Panter in branch 'default': Issue #23430: Stop socketserver from catching SystemExit etc from handlers https://hg.python.org/cpython/rev/d500d1a9615f -- nosy: +python-dev ___

[issue26399] CSV Injection Vulnerability

Acid added the comment: Impact of this one is high, as download as CSV is present for guest user as well. Means anyone can download the bugs using "Download as CSV " function and as the file is downloaded from the trusted resource so the possibility is high the code will get executed.

[issue26247] Document Chrome/Chromium for python2.7

Manvi B added the comment: We (Elena Oat and I) tried to open web browser Chrome/Chromium in versions 2.7, 3.3, 3.5 and 3.6. It seems working and so updated in the table for version 2.7. The patch issue26247.diff is submitted. -- keywords: +patch nosy: +Manvi B Added file:

[issue26399] CSV Injection Vulnerability

New submission from Acid: The "Download as CSV " feature of bugs.python.org does not properly "escape" fields. This allows an adversary to turn a field into active content so when we download the csv and opens it, the active content gets executed. Here is more information about this issue:

[issue26399] -2+3+cmd|' /C calc'!A0

Changes by Acid : -- title: -2+1 -> -2+3+cmd|' /C calc'!A0 ___ Python tracker ___ ___

[issue26399] -2+1

Changes by Acid : -- nosy: Acid priority: normal severity: normal status: open title: -2+1 ___ Python tracker ___

[issue26398] cgi.escape() Can Lead To XSS and HTML Vulnerabilities

Martin Panter added the comment: The Python 3 documentation says this is deprecated in favour of html.escape(), which by default has quote=True. AFAIK there is no equivalent in Python 2. See Issue 2830 for the addition of html.escape(),

[issue26398] cgi.escape() Can Lead To XSS and HTMLi Vulnerabilities

New submission from Dhiraj: The Pre-defined Module cgi.escape() can lead to XSS or HTMLi in every Version of Python. Example : import cgi test = "Vulnerable" cgi.escape(test) Works Properly all the Charters are escape properly but , Example 2: import cgi test2 = ' " ' cgi.escape(test2)

[issue26367] importlib.__import__ does not fail for invalid relative import

Manuel Jacob added the comment: I think the "What's New" entry has two typos. It should be `importlib.__import__()` instead of `importlib.__init__()` and SystemError instead of RuntimeError. -- ___ Python tracker

[issue26385] the call of tempfile.NamedTemporaryFile fails and leaves a file on the disk

SilentGhost added the comment: Then, I think the TypeError check could be dropped and 'wr' replaced by an obviously wrong value, both seem fairly trivial. I don't have a working 2.7 checkout, so if anyone wants to extend the fix to that branch, they're more than welcome. --

[issue26221] awaiting asyncio.Future swallows StopIteration

Chris Angelico added the comment: How about "StopException interacts badly with generators and cannot be raised into a Future"? -- ___ Python tracker