Change by Christian Heimes :
--
nosy: +christian.heimes
versions: +Python 3.10 -Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python
3.7, Python 3.8
___
Python tracker
<https://bugs.python.org/issue34
Change by Christian Heimes :
--
components: +Library (Lib)
versions: +Python 3.10 -Python 3.8
___
Python tracker
<https://bugs.python.org/issue43061>
___
___
Christian Heimes added the comment:
Please provide all information for your feature request in this ticket. We like
to keep and archive all steps of the decision process in the same place. We
also don't do stackoverflow-driven development.
--
nosy: +christian.h
Christian Heimes added the comment:
Do you see a crash or an exception? We use the term "crash" to refer to a
segfault or other fatal crashes of the interpreter.
--
nosy: +christian.heimes
versions: -Python 3.6, Python 3.7
___
Pyth
Christian Heimes added the comment:
It looks like you version number is confusing setuptools and distutils.
Setuptools even warns you about the invalid version number:
UserWarning: The version specified ('2.3.0-pre-alpha-1+c8273a4c-1-preview') is
an invalid version, this may n
Christian Heimes added the comment:
distutils is a legacy package. setuptools is the successor of distutils. Could
you please try again with setuptools?
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/issue43
Christian Heimes added the comment:
The high level and low level variants behave the same if you pass in the same
flags. You are using the append flag in "open()", but you don't pass the
os.O_APPEND flag to "os.open()".
>>> import os
>>> fd
Christian Heimes added the comment:
Your statement is not correct. A lot of people use "j" in fields of electrical
engineering and signal processing to express the imaginary part. The letter "i"
is commonly used for electric current in these fields.
--
nos
Christian Heimes added the comment:
I'm not familiar with Telerik Fiddler and don't have access to the tool. From
the description on its Wikipedia page, it sounds like the tool is an active
interceptor that uses a man-in-the-middle attack approach.
Python's ssl module wra
Christian Heimes added the comment:
Is there any scientific research or mathematical proof for 250,000 iteration?
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/issue42
Christian Heimes added the comment:
It really doesn't matter. The code is dead and will never trigger. Python 3.7
and newer all require OpenSSL 1.0.2, which always has defines
SSL_CTX_set_ecdh_auto. In more recent versions SSL_CTX_set_ecdh_auto() is a
no-op. I'll remove the cod
Christian Heimes added the comment:
Thanks!
The block is dead code. OpenSSL 1.0.2 and newer always defines
SSL_CTX_set_ecdh_auto. All supported LibreSSL versions define
SSL_CTX_set_ecdh_auto, too. I'll remove the block when PEP 644 is acc
Christian Heimes added the comment:
Is there any particular reason you are using bisect search with sorted list of
integers? Why don't you use a simple approach with a dict of digest bytes?
bisect search is O(log(n)), dict lookup is O(1) and therefore scales much
b
Christian Heimes added the comment:
Do you have any benchmarks that back up your claim that integers are faster
than using digest or hexdigests? Python's str and bytes types are highly
optimized.
Hash digests don't fit into native integers, because they are larger than
ui
Christian Heimes added the comment:
At the end of a Python process, the interpreter is shut down in multiple steps.
Object finalizers such as __del__ may be executed late in the interpreter shut
down process. In your case, most of the interpreter is already gone. There
isn't anything w
Christian Heimes added the comment:
I got bad news. OpenSSL 1.1.1i introduced a regression in cert validation. This
affects some cases that involve self-signed certificates. Cert validation fails
if a self-signed certificate is used as both a trust anchor (root CA) and EE
cert. This may
Christian Heimes added the comment:
"No" is the correct output for your code example. Your code does not raise an
exception, therefore the else block is executed.
Please don't use the bug tracker to get assistance with learning Python. There
are community resources like
Christian Heimes added the comment:
etree's find method supports a limited subset of XPath,
https://docs.python.org/3/library/xml.etree.elementtree.html#supported-xpath-syntax
. e.find("./*[2]") seems to trigger undefined behavior. The limited XPath
syntax for positions i
Change by Christian Heimes :
--
resolution: -> not a bug
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue42907>
___
___
Pyth
Christian Heimes added the comment:
This is the expected behavior for float. Python's floats are IEEE 754 double
precision floats, not arbitrary preciscion floats. See
https://docs.python.org/3/tutorial/floatingpoint.html
--
nosy: +christian.heimes
resolution: -> not a b
Change by Christian Heimes :
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/issue42902>
___
___
Python-bugs-list mailing list
Unsub
Change by Christian Heimes :
--
components: +Interpreter Core, Windows -C API
nosy: +paul.moore, steve.dower, tim.golden, vstinner, zach.ware
type: behavior -> security
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
The pickle module is not safe against malicious or faulty data. Invalid data
can cause code injects or even segfaults. It's a know and documented behavior,
https://docs.python.org/3/library/pickle.html
--
nosy: +christian.heimes
resol
Christian Heimes added the comment:
It might be a packaging or documentation issue. I'm assiging the ticket to
Matthias. He is the Debian and Ubuntu package maintainer.
--
assignee: -> doko
nosy: +doko
___
Python tracker
<https://bugs
Christian Heimes added the comment:
Paul, please take a look. You added the code in commit 62972d9d73e.
--
nosy: +christian.heimes, p-ganssle
___
Python tracker
<https://bugs.python.org/issue42
Christian Heimes added the comment:
Please provide more information. What Linux distribution and distro version are
you using? How did you install Python?
--
___
Python tracker
<https://bugs.python.org/issue42
Christian Heimes added the comment:
Rounding errors are to be expected. Python uses IEEE-754 double precision
floats. See https://docs.python.org/3/tutorial/floatingpoint.html
--
nosy: +christian.heimes
resolution: -> not a bug
stage: -> resolved
status: open -> cl
Christian Heimes added the comment:
I can reproduce the issue. The stack trace is several hundred thousand (!)
levels deep.
#0 _Py_DECREF (op=, lineno=514, filename=0x6570af
"./Include/object.h")
at ./Include/object.h:448
#1 _Py_XDECREF (op=) at ./Include/object.h:514
#2 me
Christian Heimes added the comment:
What's your platform and distribution?
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/is
Christian Heimes added the comment:
I'm involving TJ and Serhiy. They might have free resources and might be able
to assist.
I initially suggested to get assistance in user forums, because we have very
limited resources. To give you an impression, there are more than 7,500 open
bugs o
Christian Heimes added the comment:
Can your produce the issue with Python 3.8 or newer on any platform? 3.6 and
3.7 are in security fix-only mode. If it's truly a bug in Python, then we won't
fix the issue any way.
--
___
Python track
Christian Heimes added the comment:
That's a good idea, Ronald! socket.c:sock_send_impl() already clamps the input
length on Windows:
#ifdef MS_WINDOWS
if (ctx->len > INT_MAX)
ctx->len = INT_MAX;
ctx->result = send(s->sock_fd, ctx->buf, (int)ctx-&
Christian Heimes added the comment:
Hi,
bugs.python.org is an issue tracker for bugs and feature requests. Please use
platforms like Python user mailing list, stack overflow, or reddit for general
help with Python and libraries.
--
nosy: +christian.heimes
Christian Heimes added the comment:
They are impacted. However 3.7.9 and 3.6.8 were the last releases with binaries
for Windows and macOS. All subsequent releases are source-only releases. Since
we don't release binaries for 3.6 and 3.7 any more, we typically don't up
Christian Heimes added the comment:
The exceptions are ignored (Exception ignored in) on shutdown and therefore
don't cause the interpreter to fail with an error code. Unraisable exceptions
typically occur when the interpreter is mostly shut down and garbage
collection, import or a
Change by Christian Heimes :
--
nosy: +christian.heimes, dstufft, ncoghlan, pradyunsg
___
Python tracker
<https://bugs.python.org/issue42856>
___
___
Python-bug
Christian Heimes added the comment:
As of version 3.3.1, LibreSSL does not have SSL_write_ex() and SSL_read_ex().
The read and write functions are limited to int.
--
___
Python tracker
<https://bugs.python.org/issue42
New submission from Christian Heimes :
SSL_read() and SSL_write() are limited to int. The new SSL_write_ex() and
SSL_read_ex() APIs support size_t just like read(2) and recv(2). Also see
bpo-42853.
int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
int SSL_read_ex(SSL
Christian Heimes added the comment:
I cannot lift the overflow restriction until we drop support for OpenSSL 1.0.2.
The function SSL_write() and SSL_read() are limited to signed 32bit int.
OpenSSL 1.1.1 has new SSL_write_ex() and SSL_read_ex() functions that support
size_t. Even size_t
Change by Christian Heimes :
--
assignee: christian.heimes -> methane
components: +Library (Lib) -SSL
nosy: +methane
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
https://docs.python.org/3.10/library/index.html no longer links to
https://docs.python.org/3.10/library/misc.html but misc.html and formatter.html
are still there. It looks like a bug in the build and update process. I bet
it's not removing files
Christian Heimes added the comment:
What exactly happens when you try to instantiate an SSLContext() object? Does
it just print the string "Killed" or does the process stop and segfault
immediately?
If it's a segfault then it is likely caused by an incompatibility between
Christian Heimes added the comment:
> BTW, do we still want to keep the socket CAPI for external users?
Yes, at least for a while. socket.h is not part of the public include headers.
It's still possible that the CAPI is used by an external
Christian Heimes added the comment:
Apparently my defusedxml package is low-quality code...
Anyhow PEP 387 has clear rules how to handle incompatible changes. Every core
dev has to follow these rules. You cannot simply ignore the rule, because you
don't like it. If you want to chang
Christian Heimes added the comment:
The process is fine. A deprecation warning will give users time to update code
before it hits production.
--
___
Python tracker
<https://bugs.python.org/issue36
Christian Heimes added the comment:
PySocketModuleAPI.timeout_error now points to builtin TimeoutError exception.
I'm also in the process of removing PySocketModuleAPI from _ssl.c.
--
nosy: +christian.heimes
___
Python tracker
&
Christian Heimes added the comment:
> The test fails because it was relying on an external news server's
> configuratoin. This doesn't mean the code itself is broken, just the
> test, so clearly: no.
Broken and unstable tests are one of two reasons why I listed nntpli
Christian Heimes added the comment:
The code fails because TemporaryDirectory.__exit__() is unable to remove the
directory. Windows doesn't let you remove files and directories that are used
by a process. On POSIX-like operating systems like Linux support removing of
opened files
Christian Heimes added the comment:
Does this issue mean that I should include nntplib in PEP 594 again?
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/issue42
Christian Heimes added the comment:
New changeset 6d9ec8bbfa07161431dc6190dd0772a6fbaf7ebd by Christian Heimes in
branch 'master':
bpo-1635741: Port resource extension module to module state (GH-23462)
https://github.com/python/cpython/commit/6d9ec8bbfa07161431dc6190dd0772
Christian Heimes added the comment:
errno 6 is ENXIO. According to
https://www.man7.org/linux/man-pages/man3/getlogin.3.html the error code means
"The calling process has no controlling terminal.".
os.getlogin() returns the name of the user logged in on the controlling
termi
Christian Heimes added the comment:
I don't have access to macOS. Did the PR fix the issue?
--
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.
Christian Heimes added the comment:
Good point. The address info depends on the address family,
https://docs.python.org/3/library/socket.html#socket-families . I have updated
the doc string:
>>> import socket
>>> print(socket.socket.getsockname.__doc__)
getsockname() ->
Change by Christian Heimes :
--
keywords: +patch
nosy: +christian.heimes
nosy_count: 1.0 -> 2.0
pull_requests: +22600
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/23742
___
Python tracker
<https://bugs.p
Christian Heimes added the comment:
I have created a new PR that introduces preserve_security_context argument and
changes the default behavior of copy operations. All copy operations behave now
similar to "cp -p --preserve=xattr" by default. copy2(src, dst,
preserve_security_co
Change by Christian Heimes :
--
pull_requests: +22580
pull_request: https://github.com/python/cpython/pull/23720
___
Python tracker
<https://bugs.python.org/issue38
Christian Heimes added the comment:
You have to import the math module first and then reference the sqrt function
of the math module.
>>> import math
>>> math.sqrt(25)
5.0
--
nosy: +christian.heimes
resolution: -> not a bug
stage: -> resolve
Christian Heimes added the comment:
+1 for updating our documentation.
Please use bpo-17305. The ticket contains more information on the issue.
--
superseder: -> IDNA2008 encoding is missing
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
make_ssl_data.py is an internal tool that generates internal header files. It's
rarely used. The tool is not bound to any Python version, too. Feel free to
change the shebang or leave it as it is. I don
Change by Christian Heimes :
--
resolution: -> not a bug
status: open -> closed
type: security -> behavior
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
You may want to hold off until next week:
https://mta.openssl.org/pipermail/openssl-announce/2020-December/000186.html
OpenSSL 1.1.i is a security-fix release. The highest severity issue fixed in
this release is HIGH
Christian Heimes added the comment:
The platform module no longer uses popen(). Victor replaced the broken code
with subprocess in bpo-35346.
--
nosy: +christian.heimes
resolution: -> fixed
stage: -> resolved
status: pending -> closed
type: compile error -&
Christian Heimes added the comment:
Sorry, I missed the initial ping.
The changes look unproblematic to me. Our test suite is passing with 1.1.1h,
too. Python doesn't set VERIFY_X509_STRICT by default and does not support DTLS.
Please go
Christian Heimes added the comment:
I cannot reproduce the issue on Linux:
# echo "127.0.0.2 xn-9q8h" >> /etc/hosts
# python3.8
>>> import socket
>>> socket.gethostbyaddr("127.0.0.2")
('xn-9q8h', [], ['127.0.0.2'])
-
Christian Heimes added the comment:
> That's interesting. In Linux, for example, I would expect the access()
> and faccessat() system calls to also check mandatory permissions. I
> know from experience that at least the [i]mmutable file attribute is
> checked.
access(2) ta
Christian Heimes added the comment:
A word of warning: os.access() is not a good and sufficient permission check.
It only checks DAC (discrete access control) permissions and suffers from
TOCTOU issues. Operating systems have additional permission checks and security
policies, for example
Christian Heimes added the comment:
Your assumption is incorrect. The eval() does not promise that default builtins
cannot be access through other means. The behavior has been discussed several
times and at great length over the past decade
Christian Heimes added the comment:
Would you care to explain why this should not work and how this behavior is in
violation of the language specification?
It is perfectly valid expression. From a security perspective it may be an
undesired feature. However Python does neither claim nor
Christian Heimes added the comment:
The feature request reminds me of
https://github.com/python-trio/trio/issues/611. Nathaniel and Yury have been
discussing the idea of a MultiError handler for a while.
--
nosy: +christian.heimes
___
Python
Christian Heimes added the comment:
The code has changed a lot since this bug was opened. It's no longer an issue.
Thanks for checking!
--
resolution: out of date -> fixed
stage: -> resolved
status: pending -> closed
___
Python t
Christian Heimes added the comment:
We have reached an impasse. Therefore I have contacted the steering council and
requested mediation. Victor will abstain from the decision process.
--
___
Python tracker
<https://bugs.python.org/issue28
Christian Heimes added the comment:
I also noticed that you are passing an explicit content length.
{'Content-Length' : '0'} is wrong for a POST payload of "{}" with standard
transfer encoding. It should be len("{}") == 2.
A zero content length
Christian Heimes added the comment:
So far we don't even know for sure if there is a bug in Python's http module.
It would be helpful if you could provide a reproducer that does not use any 3rd
party code like requests.
--
nosy: +christ
Christian Heimes added the comment:
Pablo, I would like to get mediation from the release manager.
I want to add an interface to the os-release file. It's a decade-old standard
from freedesktop.org. The file is available in the minimal base installation of
virtually every
Christian Heimes added the comment:
PS: MAL, would it be possible to suppress your email footer? BPO is not an
advertisement channel.
--
___
Python tracker
<https://bugs.python.org/issue28
Christian Heimes added the comment:
> It's not pointless. The rate of change in the field is why this
> particular API did not work out in practice. It was working fine
> at the time I added it, but then quickly became unmaintainable.
Yes, it's pointless. You are arguing
Christian Heimes added the comment:
Changeset 96a5e50a5de3683b2afd6d680c7ecc4b525986f6 added a new struct member
but did not increase PyStructSequence_Desc.n_in_sequence of
statvfs_result_desc. I'm not sure if the size of the sequence was not increased
on purpose.
For reference the fe
Christian Heimes added the comment:
> It would be an interface to a file /etc/os-release
> that's common nowadays, just like /etc/lsb-release was some years
> ago. These things change too often to make the stdlib a good fit.
> I'm pretty sure distros will invent somethin
Change by Christian Heimes :
--
title: Add platform.freedesktop_osrelease() -> Add
platform.freedesktop_os_release()
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
It's not a replacement for platform.linux_distribution().
--
___
Python tracker
<https://bugs.python.org/issue28468>
___
___
Christian Heimes added the comment:
Good point and excellent explanation. I'm no longer concerned! :)
--
___
Python tracker
<https://bugs.python.org/is
Christian Heimes added the comment:
>From PR discussion on GH:
I made ID_LIKE a special case because it's likely a users will use the field in
a wrong way. The issue won't be detected in common CI because the field is
either not present or contains a single item for majo
Christian Heimes added the comment:
I'm slightly concerned about hashability of slice objects. Currently the slice
constructor does not ensure that any slice parameter is a number. You can do
horrible stuff like this:
>>> slice({})
slice(None, {}, None)
which of course
Christian Heimes added the comment:
Correction: It was ArchLinux, not Alpine. ArchLinux used to have
/usr/lib/os-release only. Recent ArchLinux releases has a symlink from
/etc/os-release to /usr/lib/os-release.
--
___
Python tracker
<ht
Christian Heimes added the comment:
> IMO it's interesting to see which Linux distributions provide os-release. The
> list of quite long!
As I said before I could not find any supported release of a Linux distribution
without a proper os-release file. It might be possible tha
Christian Heimes added the comment:
The os-release file is not tight to systemd. Only the reverse relationship is
true: systemd, d-bus and other software require os-release.
The file is present in the minimal base image of distributions like Alpine,
ArchLinux, CentOS, Debian, Fedora, RHEL
Christian Heimes added the comment:
What do you mean by "that"? Python never had any code to parse and handle
freekdesktop.org's os-release file. Are you referring to linux_distribution()
function? Petr removed platform.linux_distribution() in bpo-28167 because the
function
Christian Heimes added the comment:
Since we need distribution information in tests and code, I decided to reopen
the bug.
I named the new function freedesktop_osrelease because it's technically not
restricted to Linux. It's freedesktop.org standard that may be used by
non-Linux
Change by Christian Heimes :
--
pull_requests: +22381
pull_request: https://github.com/python/cpython/pull/23492
___
Python tracker
<https://bugs.python.org/issue28
Christian Heimes added the comment:
Besindes tests, PR also needs documentation and a better definition how and
when the hook is called.
* IMO it should be called after profiling and tracing hook, so non-trivial
hooks can be profiled and traced.
* It's important to define and doc
Christian Heimes added the comment:
The formatter has been deprecated for a long time. It's been issuing a
DeprecationWarning on import since 3.5. Let's remove it.
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.o
Christian Heimes added the comment:
Your problem could be related to --disable-pyc-build. It sounds like it
disables pyc compilation, which may explain the exception.
--disable-pyc-build is not supported by official releases of Python. Are you
building Python with additional distribution
Christian Heimes added the comment:
urllib is a high level API on top of http.client. It wraps and uses http.client
internally. urllib does not accept invalid protocol identifiers either:
>>> urllib.request.urlopen('http://localhost:8080')
Traceback (most recent call last)
Christian Heimes added the comment:
https://tools.ietf.org/html/rfc2616#section-3.1 defines HTTP version indicator
as
HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
so the check
version.startswith("HTTP/")
is corr
Christian Heimes added the comment:
PS: Don't use crypt or SSHA512 format for passowrd hashing. You should use
PBKDF2-HMAC, bcrypt, scrypt, or argon2 instead. SSHA512 is a dated algorithm
and considered insecure.
--
___
Python tracker
&
Christian Heimes added the comment:
I assume that you called openssl from a shell. You did not use single quotes
around in the first example:
$ echo "cash$money"
cash
$ echo 'cash$money'
cash$money
$ openssl passwd -6 -salt 'C0UG33RcHmBVAjQ/' 'cash$mone
Change by Christian Heimes :
--
pull_requests: +22354
pull_request: https://github.com/python/cpython/pull/23462
___
Python tracker
<https://bugs.python.org/issue1635
Christian Heimes added the comment:
Operator precedence and unary operator binding is explained in the language
reference documentation,
https://docs.python.org/3/reference/expressions.html#the-power-operator
--
nosy: +christian.heimes
resolution: -> not a bug
stage: -> re
Christian Heimes added the comment:
New changeset ea97ebab3578a6e0bb505da96819ac44d422a6cb by Christian Heimes in
branch 'master':
bpo-1635741: Port select module to multiphase init (GH-23409)
https://github.com/python/cpython/commit/ea97ebab3578a6e0bb505da96819ac
Christian Heimes added the comment:
New changeset 035deee265c7fb227ddc87222fa48761231d8bd7 by Christian Heimes in
branch 'master':
bpo-1635741: Port _posixsubprocess module to multiphase init (GH-23406)
https://github.com/python/cpython/commit/035deee265c7fb227ddc87222fa487
1301 - 1400 of 6594 matches
Mail list logo