[issue35746] TALOS-2018-0758 Denial of Service

Change by Cisco Talos : Removed file: https://bugs.python.org/file48052/TALOS-2019-0758.txt ___ Python tracker ___ ___ Python-bugs-list mail

[issue35746] TALOS-2018-0758 Denial of Service

Change by Cisco Talos : Removed file: https://bugs.python.org/file48053/TALOS-2019-0758 - POC.pem ___ Python tracker ___ ___ Python-bugs-lis

[issue35746] TALOS-2018-0758 Denial of Service

Cisco Talos added the comment: The files are removed and will be reissued to PSIRT. Regina Wilson Analyst.Business Operations regiw...@cisco.com [cid:CFA14CB5-B7B2-4FF7-8313-22D495F607D5@vrt.sourcefire.com] On Jan 15, 2019, at 12:11 PM, Cisco Talos mailto:rep...@bu

[issue35746] TALOS-2018-0758 Denial of Service

STINNER Victor added the comment: I close the bug just to hide it from the home page and default search result, to have more time to fix it (make the issue less visible). -- nosy: +vstinner resolution: -> fixed stage: needs patch -> resolved status: open -> closed __

[issue35746] TALOS-2018-0758 Denial of Service

Christian Heimes added the comment: Please leave the bug open and don't remove files. It's too late. The bug report has been sent to mailing lists and RSS feeds already. Also you cannot remove any files from the bug tracker. Only admins are can do that. -- resolution: fixed -> stag

[issue35746] TALOS-2018-0758 Denial of Service

Change by Christian Heimes : -- keywords: +patch, patch pull_requests: +11233, 11234 ___ Python tracker ___ ___ Python-bugs-list mai

[issue35746] TALOS-2018-0758 Denial of Service

Change by Christian Heimes : -- keywords: +patch pull_requests: +11233 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsu

[issue35746] TALOS-2018-0758 Denial of Service

Change by Christian Heimes : -- keywords: +patch, patch, patch pull_requests: +11233, 11234, 11235 ___ Python tracker ___ ___ Python

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by STINNER Victor : -- title: TALOS-2018-0758 Denial of Service -> [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service ___ Python tracker ___ ___

[issue35736] Missing component in table after getElementsByTagName("nn")

Michael Krötlinger added the comment: http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns="http://soap.ebs.client.chipkarte.at"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wsp1_2=

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by Christian Heimes : Added file: https://bugs.python.org/file48052/TALOS-2019-0758.txt ___ Python tracker ___ ___ Python-bugs-list m

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by Christian Heimes : Added file: https://bugs.python.org/file48053/TALOS-2019-0758 - POC.pem ___ Python tracker ___ ___ Python-bugs-

[issue33944] Deprecate and remove pth files

Chris Billington added the comment: > Linux distros approach to handling this is terrible because they dump all > their system packages into a single global site-packages, leading to the > every growing sys.path problem that Barry is concerned about. > However, that's entirely the fault of d

[issue35701] [uuid] 3.8 breaks weak references for UUIDs

Change by David Heiberg : -- keywords: +patch pull_requests: +11236 stage: needs patch -> patch review ___ Python tracker ___ ___ Py

[issue35701] [uuid] 3.8 breaks weak references for UUIDs

Change by David Heiberg : -- keywords: +patch, patch pull_requests: +11236, 11237 stage: needs patch -> patch review ___ Python tracker ___

[issue35701] [uuid] 3.8 breaks weak references for UUIDs

Change by David Heiberg : -- keywords: +patch, patch, patch pull_requests: +11236, 11237, 11238 stage: needs patch -> patch review ___ Python tracker ___ __

[issue35661] Store the venv prompt in pyvenv.cfg

Brett Cannon added the comment: First, Cheryl, thanks for taking this on! I think one way to potentially simplify this whole situation about the whitespace for the prompt is to actually store the raw value that gets passed into EnvBuilder instead of the prompt as formatted for the activation

[issue34782] Pdb crashes when code is executed in a mapping that does not define `__contains__`

Change by BTaskaya : -- keywords: +patch, patch pull_requests: +11239, 11240 stage: -> patch review ___ Python tracker ___ ___ Pyth

[issue34782] Pdb crashes when code is executed in a mapping that does not define `__contains__`

Change by BTaskaya : -- keywords: +patch pull_requests: +11239 stage: -> patch review ___ Python tracker ___ ___ Python-bugs-list m

[issue35736] [xml.minidom] Missing component in table after getElementsByTagName("nn")

Change by Brett Cannon : -- title: Missing component in table after getElementsByTagName("nn") -> [xml.minidom] Missing component in table after getElementsByTagName("nn") ___ Python tracker

[issue35747] Python threading event wait influenced by date change

New submission from ido k : Happen on ubuntu Opening two threads - one thread alternate system date The seconds waits for 60 seconds. joining both threads. The execution should take at least 60 seconds. Takes less then 15 seconds. Any work around? -- components: Library (Lib) files:

[issue35747] Python threading event wait influenced by date change

STINNER Victor added the comment: Python 3 uses a monotonic clock to implement timeouts, such clock is not affected by system clock changes *on purpose*. See time.monotonic() and PEP 418: https://docs.python.org/dev/library/time.html#time.monotonic https://www.python.org/dev/peps/pep-0418/ Re

[issue35747] Python threading event wait influenced by date change

ido k added the comment: thanks for the comment please look at the code. i use wait on event for 60 seconds. the wait timed out in less than 60 seconds... why this is not a bug? -- ___ Python tracker

[issue35661] Store the venv prompt in pyvenv.cfg

Steve Dower added the comment: One other aspect of this may be the confusion that ensues when changing the setting doesn't change the prompt when you activate it. It would be possible (though not necessarily trivial) to update the activate scripts to read the prompt from the file, though I d

[issue35739] Enable verbose of tests during PGO build on amd64 platforms

Steve Dower added the comment: You can provide this new default as a command line option when invoking the script (--pgo-job, IIRC), which should satisfy the occasional need to do this. I would rather keep the default quieter so that the build does not take as long (though I guess there is t

[issue35688] "pip install --user numpy" fails on Python from the Windows Store

Steve Dower added the comment: I posted on the numpy thread: Most likely the DLL is failing to load, which the importer returns as "not found" (as it falls back on other search mechanisms and doesn't retain the error). I suggested loading it directly with ctypes to see if there's a better er

[issue35692] pathlib.Path.exists() on non-existent drive raises WinError instead of returning False

Steve Dower added the comment: In issue 22759 there was some logic applied for which errors to forward rather than hide. I'm inclined to agree that this one should be hidden, but it may have to be done by checking the winerror field rather than the exception type, since other PermissionErro

[issue35662] Windows #define _PY_EMULATED_WIN_CV 0 bug

Steve Dower added the comment: It's broken, but unused. And the entire section needs fixing before it can be used, which necessitates fixing this function. So issue 29871 covers this sufficiently (though I'll post a link back to this one for the added context on this particular issue).

[issue29871] Enable optimized locks on Windows

Steve Dower added the comment: On issue 35562 Jeff posted a deeper analysis of the issue in TIMEDWAIT. That will need fixing along with the other regressions before we can enable these. -- nosy: +je...@livedata.com ___ Python tracker

[issue29515] socket module missing IPPROTO_IPV6, IPPROTO_IPV4 on Windows

Steve Dower added the comment: No progress, but I like the extra defines idea best (directly in socketmodule.c, not in a public header file). That's the easiest way to close the gap between (apparently) real constants used on Windows and the preprocessor defines (apparently) used elsewhere.

[issue35306] OSError [WinError 123] when testing if pathlib.Path('*') (asterisks) exists

Steve Dower added the comment: Pathlib doesn't necessarily directly follow os on its error handling - adding Antoine for comment. Passing strict=False to resolve() should be able to handle an invalid name like that. If not, I propose that we change it so that it does. -- nosy: +pitr

[issue35692] pathlib.Path.exists() on non-existent drive raises WinError instead of returning False

Antoine Pitrou added the comment: I think exists() should simply return False here. There's no reason a non-existing drive should fail differently than a non-existing parent directory. -- stage: -> needs patch versions: +Python 3.8 ___ Python tra

[issue35306] OSError [WinError 123] when testing if pathlib.Path('*') (asterisks) exists

Antoine Pitrou added the comment: I'm fine with swallowing the error in both exists() and resolve(). We should be careful not to swallow errors too broadly, though. The code paths should be audited to check that EINVAL can't mean something else. -- versions: +Python 3.8 -Python 3.6

[issue29871] Enable optimized locks on Windows

Josh Rosenberg added the comment: I assume you meant #35662 (based on the superseder note in the history). -- ___ Python tracker ___ __

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by Ned Deily : Removed file: https://bugs.python.org/file48054/image001.png ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by Ned Deily : Removed file: https://bugs.python.org/file48055/image001.png ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue35688] "pip install --user numpy" fails on Python from the Windows Store

mattip added the comment: It seems changing os.environ['PATH'] is a security risk and is not allowed for Windows Store apps. The suggestion in the NumPy issue is to: - use AddDllDirectory, (which is as accessable as os.environ['PATH'] but is not considered a security risk so far), but this r

[issue35713] Fatal Python error: _PySys_BeginInit: can't initialize sys module

Tasy added the comment: Configuration Options: ../configure --prefix=$HOME --enable-shared --enable-optimizations --with-system-expat --with-system-ffi --with-ensurepip=yes Make throws the following warning: *** WARNING: renaming "_curses_panel" since importing it failed: No module na

[issue23078] unittest.mock patch autospec doesn't work on staticmethods

John Parejko added the comment: Were you able to make any progress on this? Do you need any help? -- nosy: +parejkoj-3 ___ Python tracker ___ _

[issue35688] "pip install --user numpy" fails on Python from the Windows Store

Steve Dower added the comment: > use AddDllDirectory, (which is as accessable as os.environ['PATH'] but is not > considered a security risk so far) The parenthical is incorrect. The user-specified DLL search directory is separate from PATH, and both appear in the default DLL search order whe

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Larry Hastings added the comment: I can confirm this crashes a freshly-built interpreter from the current 3.5 and 3.4 branches. -- nosy: +larry ___ Python tracker ___ ___

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

miss-islington added the comment: New changeset a37f52436f9aa4b9292878b72f3ff1480e2606c3 by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-35746: Fix segfault in ssl's cert parser (GH-11569) https://github.com/python/cpython/commit/a37f52436f9aa4b9292878b72f3ff1480e2606c3 -

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11241, 11242 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: ht

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11242, 11243, 11244 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11241 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11242, 11243, 11244, 11245, 11247 ___ Python tracker ___ ___ Python-bugs-list mailing

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11241, 11242, 11243 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11242, 11243, 11244, 11245 ___ Python tracker ___ ___ Python-bugs-list mailing list Un

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Change by miss-islington : -- pull_requests: +11242, 11243, 11244, 11245, 11246, 11247 ___ Python tracker ___ ___ Python-bugs-list m

[issue35537] use os.posix_spawn in subprocess

STINNER Victor added the comment: Serhiy Storchaka: > I mean that after writing tests they can be tested manually by disabling > conditions for posix_spawn one by one. I.e. some tests should fail if remove > "stdout is None" and some tests should fail if remove "not close_fds", etc. I made s

[issue35537] use os.posix_spawn in subprocess

Change by Antoine Pitrou : -- nosy: -pitrou ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.pyt

[issue35537] use os.posix_spawn in subprocess

STINNER Victor added the comment: Gregory P. Smith: """ Thanks for all your research and reference links on this! As a _posixsubprocess maintainer, I am not against either posix_spawn or vfork being used directly in the future when feasible. A challenge, especially with platform specific vf

[issue35537] use os.posix_spawn in subprocess

STINNER Victor added the comment: New changeset 9daecf37a571e98aaf43a387bcc9e41a7132f477 by Victor Stinner in branch 'master': bpo-35537: subprocess uses os.posix_spawn in some cases (GH-11452) https://github.com/python/cpython/commit/9daecf37a571e98aaf43a387bcc9e41a7132f477 -- ___

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

miss-islington added the comment: New changeset be5de958e9052e322b0087c6dba81cdad0c3e031 by Miss Islington (bot) in branch '3.7': bpo-35746: Fix segfault in ssl's cert parser (GH-11569) https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 -- ___

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

STINNER Victor added the comment: TALOS-2019-0758.txt: "Credit: Discovered by Colin Read and Nicolas Edet of Cisco." Can we credit them somewhere? Maybe edit the NEWS entry to mention their name? -- ___ Python tracker

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

miss-islington added the comment: New changeset 06b15424b0dcacb1c551b2a36e739fffa8d0c595 by Miss Islington (bot) in branch '2.7': bpo-35746: Fix segfault in ssl's cert parser (GH-11569) https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595 -- ___

[issue35537] use os.posix_spawn in subprocess

STINNER Victor added the comment: More benchmarks. I modified subprocess_bench.py to use: ARGS = ["/usr/bin/python3", "-S", "-E", "-c", "pass"] => Mean +- std dev: [fork_exec] 34.1 ms +- 0.4 ms -> [posix_spawn] 6.85 ms +- 0.08 ms: 4.97x faster (-80%) Benchmark using: ARGS = ["/usr/bin/python

[issue35537] use os.posix_spawn in subprocess

Change by STINNER Victor : -- pull_requests: +11248 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://m

[issue35537] use os.posix_spawn in subprocess

Change by STINNER Victor : -- pull_requests: +11248, 11249 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: ht

[issue35537] use os.posix_spawn in subprocess

Change by STINNER Victor : -- pull_requests: +11248, 11249, 11250 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue35537] use os.posix_spawn in subprocess

STINNER Victor added the comment: subprocess_bench_stdout.py: benchmark for PR 11575 using stdout=subprocess.PIPE, /usr/bin/pwd, and allocate 2 GiB of memory in the parent process. Result on my laptop: Mean +- std dev: [fork_exec] 28.2 ms +- 0.3 ms -> [posix_spawn] 561 us +- 209 us: 50.25x

[issue35306] OSError [WinError 123] when testing if pathlib.Path('*') (asterisks) exists

Eryk Sun added the comment: > (sidenote: what os.path operation does Path.resolve() match? > Path('nonexistent').resolve() returns a relative path on Python > 3.7.1, whereas Path().resolve() returns an absolute path.) pathlib should resolve 'nonexistent' in Windows. It works as expected in U

[issue35746] [ssl][CVE-2019-5010] TALOS-2018-0758 Denial of Service

Ned Deily added the comment: New changeset 216a4d83c3b72f4fdcd81b588dc3f42cc461739a by Ned Deily (Miss Islington (bot)) in branch '3.6': bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (GH-11573) https://github.com/python/cpython/commit/216a4d83c3b72f4fdcd81b588dc3f42cc461739a -

[issue35692] pathlib.Path.exists() on non-existent drive raises WinError instead of returning False

Eryk Sun added the comment: > There's no reason a non-existing drive should fail differently than > a non-existing parent directory. The drive exists (or should) if we're getting ERROR_NOT_READY (21). It's likely a removable media device, such as an optical disc or card reader, and there's

[issue35730] IDLE: Fix squeezer test_reload.

Change by Terry J. Reedy : -- pull_requests: -11183 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://

[issue35730] IDLE: Fix squeezer test_reload.

Change by Terry J. Reedy : -- pull_requests: -11182 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://

[issue34782] Pdb crashes when code is executed in a mapping that does not define `__contains__`

Change by Henry Chen : -- nosy: +scotchka ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue35537] use os.posix_spawn in subprocess

Kyle Evans added the comment: > * On FreeBSD, if setting posix_spawn() "attributes" or execute posix_spawn() > "file actions" fails, posix_spawn() succeed but the child process exits > immediately with exit code 127 without trying to call execv(). If execv() > fails, posix_spawn() succeed, b

[issue35748] urlparse library detecting wrong hostname leads to open redirect vulnerability

New submission from Neeraj Sonaniya : Summary: It have been identified that `urlparse` under `urllib.parse` module is detecting wrong hostname which could leads to a security issue known as Open redirect vulnerability. Steps to reproduce the issue: Following code will help you in reproducing

<    1   2