Steve Dower added the comment:
New changeset 13c1c3556f2c12d0be2af890fabfbf44280b845c by Steve Dower (Zackery
Spytz) in branch 'master':
bpo-39393: Misleading error message on dependent DLL resolution failure
(GH-18093)
https://github.com/python/cpyt
Steve Dower added the comment:
Zackery - I left you a comment on the PR.
--
___
Python tracker
<https://bugs.python.org/issue38704>
___
___
Python-bugs-list m
Change by Steve Dower :
--
assignee: -> steve.dower
___
Python tracker
<https://bugs.python.org/issue39401>
___
___
Python-bugs-list mailing list
Unsubscrib
Change by Steve Dower :
--
keywords: +patch
pull_requests: +17611
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/18231
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
Thanks, Zackery!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Thanks, Christoph!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Steve Dower :
--
pull_requests: +17612
pull_request: https://github.com/python/cpython/pull/18232
___
Python tracker
<https://bugs.python.org/issue39
Change by Steve Dower :
--
pull_requests: +17613
pull_request: https://github.com/python/cpython/pull/18233
___
Python tracker
<https://bugs.python.org/issue39
Change by Steve Dower :
--
pull_requests: +17614
pull_request: https://github.com/python/cpython/pull/18234
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
For clarity, I'm removing 3.9 from the affected versions. This version does not
support Windows 7, and only Windows 7 is vulnerable to this DLL hijack.
Also submitting the CVE request.
--
versions: -Pytho
Steve Dower added the comment:
New changeset 6990d1b6131873c7f0913908162e4c723d00ea19 by Steve Dower (Adam
Meily) in branch '3.7':
bpo-38092: Reduce overhead when using multiprocessing in a Windows virtual
environment (GH-16098)
https://github.com/python/cpyt
Steve Dower added the comment:
Fixed via issue39439
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
New changeset 0be3246d4f9c8eddcd55491901d95b09fe163f15 by Steve Dower (Adam
Meily) in branch 'master':
bpo-39439: Fix multiprocessing spawn path in a venv on Windows (GH-18158)
https://github.com/python/cpython/commit/0be3246d4f9c8eddcd55491901d95b
Change by Steve Dower :
--
resolution: duplicate -> fixed
versions: +Python 3.9
___
Python tracker
<https://bugs.python.org/issue39439>
___
___
Python-bugs-lis
Steve Dower added the comment:
This is now assigned CVE-2020-8315
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8315
https://nvd.nist.gov/vuln/detail/CVE-2020-8315)
Thanks Anthony for the report! I included your name as the reporter, though I
don't see it on any of the
Steve Dower added the comment:
New changeset 6a65eba44bfd82ccc8bed4b5c6dd6637549955d5 by Steve Dower in branch
'master':
bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231)
https://github.com/python/cpython/commit/6a65eba44bfd82ccc8bed4b5c6dd66
Steve Dower added the comment:
Both of those buildbots should be retired (or repurposed for versions of Python
that still support Windows 7) :)
--
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
> I added
> https://python-security.readthedocs.io/vuln/unsafe-dll-load-windows-7.html to
> track fixes in all branches.
Thanks, Victor!
Python 2.7 and 3.5 are not vulnerable. The issue was added in 3.6 when I added
support for installing Python in
Steve Dower added the comment:
This is intentional. When embedding the Python runtime, you should limit the
import directories to those you want to allow - we do not infer *any* from how
it is started, due to the security risks.
Modifying the ._pth file after you extract the distro and
Change by Steve Dower :
--
nosy: +steve.dower
___
Python tracker
<https://bugs.python.org/issue8901>
___
___
Python-bugs-list mailing list
Unsubscribe:
Steve Dower added the comment:
Without a source stating that version numbers will only ever contain ASCII
digits (or a real-world counterexample), I see no reason to make a change here.
Thanks for working on this, Ram!
--
nosy: +steve.dower
resolution: -> rejected
stage: pa
Change by Steve Dower :
--
nosy: +steve.dower
___
Python tracker
<https://bugs.python.org/issue39469>
___
___
Python-bugs-list mailing list
Unsubscribe:
Steve Dower added the comment:
New changeset 95f60010219e142a436fae18e1695cbc45407afe by Saiyang Gou in branch
'master':
bpo-39184: Add audit events to command execution functions in os and pty
modules (GH-17824)
https://github.com/python/cpyt
Steve Dower added the comment:
Thanks for the spawn patch, I've merged it.
On the second list, I'd say go for it. The only one I'd skip are the stat()
calls (and those that just do a stat call, such as exists/isfile, etc.), and
getcwd() (which has many other ways to imp
Steve Dower added the comment:
The install page (https://docs.python.org/3/using/windows.html - linked from
the download page) covers non-interactive installs, as well as describing the
embeddable distro in detail
(https://docs.python.org/3/using/windows.html#windows-embeddable). It sounds
Steve Dower added the comment:
New changeset 89ae20b30e4543f379ee647c965eb46200556496 by Anthony Shaw in
branch 'master':
bpo-39185 Add the d[etailed] and q[uiet] verbosity levels for msbuild (GH-17791)
https://github.com/python/cpython/commit/89ae20b30e4543f379ee647c965eb4
Steve Dower added the comment:
Thanks! Nice change
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.7, Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Copying my comment from the PR:
Could someone with the SVG also create 44x44 and 150x150 sized versions? (Like
the pythonx44.png and pythonx150.png files in PC/icons.)
These are the sizes used for the tiles created by the Microsoft Store
installer, and
New submission from Steve Dower :
We no longer support SXS manifests, so rather than fixing issue37025 in master,
let's just delete the code covered by HAVE_SXS completely.
--
components: Windows
keywords: easy (C)
messages: 361393
nosy: ZackerySpytz, paul.moore, steve.
Steve Dower added the comment:
Fixed in 2.7 - using issue39553 for removing the code in master.
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Steve Dower :
--
resolution: -> rejected
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue33698>
___
___
Change by Steve Dower :
--
resolution: -> not a bug
stage: needs patch -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Sorry I missed seeing this - I rarely browse new issues unless they're
"Windows" tagged.
Reading what's in master, I don't *think* there's any regression in the main
case, since the values from pathconfig override config and AFAIC
Change by Steve Dower :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
New submission from Steve Dower :
>From https://buildbot.python.org/all/#/builders/129/builds/306
==
FAIL: test_unicode_module_names
(distutils.tests.test_build_ext.BuildExtTestC
Change by Steve Dower :
--
keywords: +patch
pull_requests: +17732
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/18357
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
issue39555 and PR 18357 have the fix for the buildbot.
--
___
Python tracker
<https://bugs.python.org/issue39432>
___
___
Pytho
Steve Dower added the comment:
New changeset ab0d892288f3058856a821e8c3e4ed8a562b by Steve Dower in branch
'master':
bpo-39555: Fix distutils test to handle _d suffix on Windows debug build
(GH-18357)
https://github.com/python/cpython/commit/ab0d892288f3058856a821e8c3
Change by Steve Dower :
--
assignee: -> steve.dower
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python
Steve Dower added the comment:
"static inline" functions are not opaque - as they get inlined into 3rd-party
compiled code, we can't change anything they reference, and so the structure
layout is still fixed and has to be visible to the user's compiler.
I'm not to
Steve Dower added the comment:
Just FYI, there is no PGO run on the official 32-bit builds. I only run it on
the 64-bit build.
It might be worth investigating differences between the 3.7 and 3.8
implementations of reversed().
--
___
Python
Change by Steve Dower :
--
nosy: +steve.dower
___
Python tracker
<https://bugs.python.org/issue37373>
___
___
Python-bugs-list mailing list
Unsubscribe:
Steve Dower added the comment:
> I run into this issue when embedding CPython in a Windows app, and want to
> use some pre-installed Python, which is not part of the install package...
You'll run into many more issues if you keep doing this...
The way to use a pre-installe
Steve Dower added the comment:
I think we can deprecate it but leave it there - the original idea (courtesy of
Guido) was to enable apps to transition to the change on their timeline, but it
certainly should not be considered a core CPython feature for the rest of time.
I don't h
Steve Dower added the comment:
> Will Python support a release for as long as it's supported by the enterprise
> version? For example, support for 1709 enterprise ends on 2020-04-14, so if
> we followed that, then Python 3.9 would require Windows 10 1803 or higher.
> That
Steve Dower added the comment:
Yes, they should be.
They can also be backported to 3.8 - it was deliberate in the original PEP that
adding new events is not a breaking change or a new feature.
--
___
Python tracker
<https://bugs.python.
Steve Dower added the comment:
New changeset 7514f4f6254f4a2d13ea8e5632a8e5f22b637e0b by Saiyang Gou in branch
'master':
bpo-39184: Add audit events to functions in `fcntl`, `msvcrt`, `os`,
`resource`, `shutil`, `signal`, `syslog` (GH-18407)
https://github.com/python/cpyt
Change by Steve Dower :
--
pull_requests: +17874
pull_request: https://github.com/python/cpython/pull/18500
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
New changeset a00b5be5f71b702ab80b0a7c046485046aaae160 by Steve Dower in branch
'3.8':
bpo-39184: Add audit events to functions in `fcntl`, `msvcrt`, `os`,
`resource`, `shutil`, `signal`, `syslog` (GH-18407)
https://github.com/python/cpyt
New submission from Steve Dower :
The installer for Windows creates file associations in
Tools/msi/launcher/launcher_reg.wxs that identify ".py[w]" files as text/plain.
This is inconsistent with the mimetypes module, which uses text/x-python, and
may cause some applications to a
Steve Dower added the comment:
The most likely negative potential impact of this would be for any users who
have added additional verbs based on the content type. I don't recall whether
we set PerceivedType or not, but that can probably stay.
I'm not aware of any application
Steve Dower added the comment:
> I am going to think maybe it was the "os.path.ismount" command that is
> causing the issue. Does the file exist?
If the file does not exist, it is definitely not a mount point. So the function
should return False instead of
Steve Dower added the comment:
46s seems okay to me, especially since the 23s for autoconf is separate.
Try introducing a warning/error into the source code and see if it breaks.
--
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
Looks like the get_externals.py script needs to be made a bit more robust -
downloading from GitHub hasn't been very reliable this week.
--
components: +Windows
nosy: +paul.moore, tim.golden, zach.ware
___
P
Change by Steve Dower :
--
pull_requests: +17950
pull_request: https://github.com/python/cpython/pull/18580
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
Probably just where I copied it from. PRs welcome!
--
___
Python tracker
<https://bugs.python.org/issue39699>
___
___
Python-bug
Steve Dower added the comment:
As per PEP 578 it only accepts absolute path str.
Requires a documentation update to clarify, as this is not the only report. And
issue39517 should add a str() call and ensure that the path is absolute.
--
assignee: -> docs@python
compone
Steve Dower added the comment:
open_code is correct according to PEP 578, so the fix here is for runpy to
ensure the path is absolute and pass it through os.fsdecode() before calling
io.open_code().
--
nosy: +steve.dower
versions: +Python 3.9
Steve Dower added the comment:
Dup of issue39691
As per PEP 578, open_code only accepts an absolute path as a str. The other
issue will be used to update the docstring.
--
resolution: -> duplicate
stage: patch review -> resolved
status: open -> closed
superseder: -> A
Steve Dower added the comment:
Okay, looking at _find_vcvarsall in distutils, I'm guessing that something
about how your machines are set up means that the vcredist search is failing.
First, could you specify which versions of Visual Studio you have installed,
and if possible which o
Steve Dower added the comment:
Well, you're running a debug build but building a release build (unless you
missed the "-d" from the command line -- "-e" is the default now, BTW), so your
build may be out of sync.
These assertion dialogs are supposed to be suppres
Steve Dower added the comment:
I thought we weren't going to take the fix for 3.8 anyway? (Or did we make a
smaller one and commit it directly, apparently without linking it to the issue
correctly?)
The status is the PR needs conflicts resolved, and people need to stop adding
Steve Dower added the comment:
You should be able to install "wheel" without setuptools to get the bdist_wheel
command.
Can you confirm that the build process is actually using that Visual Studio
install? If it's going through the regular distutils detection process then
Change by Steve Dower :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Steve Dower :
--
keywords: +patch
pull_requests: +18018
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/18657
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
Not sure if this is a big deal or not, and it seems likely that the preexisting
behaviour of .update() and ** unpacking have already decided it, but is it
intentional that you end up with the first-seen key and the last-seen value in
the case of collisions
Steve Dower added the comment:
New changeset d6448919702142123d937a54f20a81aeaf8d2acc by Steve Dower in branch
'master':
bpo-38403: Update nuspec file for deprecated field and git repository (GH-18657)
https://github.com/python/cpython/commit/d6448919702142123d937a54f20a81
Steve Dower added the comment:
That's a much simpler example. And of course:
>>> z[False] = False
>>> z
{0: False}
So the precedent is well established that the key doesn't get updated with the
value.
No f
Steve Dower added the comment:
Not enough value fixing 3.7 and 2.7 at this stage - nuget.org can't actively
*break* the old format without spoiling half the repository, so I'm sure it'll
be fine to leave them as they are for the last few uploads.
--
resolution:
Steve Dower added the comment:
New changeset 6aa1f1ecf7142a4117eedb8c570f30da1598616c by Ammar Askar in branch
'master':
bpo-39699: Don't silence make on Azure and Github CIs (GH-18583)
https://github.com/python/cpython/commit/6aa1f1ecf7142a4117eedb8c5
Change by Steve Dower :
--
pull_requests: +18026
pull_request: https://github.com/python/cpython/pull/18670
___
Python tracker
<https://bugs.python.org/issue39
Change by Steve Dower :
--
pull_requests: +18027
pull_request: https://github.com/python/cpython/pull/18671
___
Python tracker
<https://bugs.python.org/issue39
Steve Dower added the comment:
New changeset 343bc06d8047e4a2e675394528dbb5155be1b3b5 by Steve Dower in branch
'3.8':
bpo-39699: Don't silence make on Azure and Github CIs (GH-18583)
https://github.com/python/cpython/commit/343bc06d8047e4a2e67539452
Steve Dower added the comment:
New changeset 3bf9de2fb954bd1131f4f41517d7d5c316fb95f8 by Steve Dower in branch
'3.7':
bpo-39699: Don't silence make on Azure and Github CIs (GH-18583)
https://github.com/python/cpython/commit/3bf9de2fb954bd1131f4f4151
Steve Dower added the comment:
Had to disable the doctests in the 3.7 branch because I just couldn't get them
passing. Pablo did the work for 3.8 and later though, so they're on for those.
--
resolution: -> fixed
stage: patch review -> resolved
status
Steve Dower added the comment:
Thanks, it does seem like it's finding the correct MSVC, but is not finding the
redistributable DLL:
> cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MT ...
The "/MT" means to statically the CRT, and then we use link settings later to
dynamic
Steve Dower added the comment:
Hmm, just ran it on my own and it's finding the OneCore file first, which is
not a problem (yet) but could become one.
So we at least need to replace the "**" with a "*" in
Lib/distutils/_msvccompiler.py#L109. Not sure if that will he
Steve Dower added the comment:
This is not strictly a duplicate of issue28686, but it's close enough, so let's
keep the discussion of changing the original shebang behaviour over no that
issue.
--
resolution: -> duplicate
stage: -> resolved
status: open ->
Steve Dower added the comment:
This is not strictly a duplicate of issue28686, but it's close enough, so let's
keep the discussion of changing the original shebang behaviour over on that
issue.
--
resolution: -> duplicate
stage: -> resolved
status
Change by Steve Dower :
--
superseder: -> py.exe ignored PATH when using python3 shebang
___
Python tracker
<https://bugs.python.org/issue34274>
___
___
Py
Steve Dower added the comment:
So we're missing two things to move this forward:
1. A clear specification (and user-facing explanation) of the behaviour of
py.exe in the presence of all possible shebangs and PATH settings
2. Someone willing to update the code
Given the current behavio
Steve Dower added the comment:
We still need the tag added to the cpython-source-deps repo, and I still can't
complete a clone right now (something is strange with SSL to GitHub on my
(temporary) internet connection).
Zach - can you tag it? https://github.com/python/cpython-source-deps
New submission from Steve Dower :
Shouldn't have any impact at all, but I'm going to mention it here so it gets
in the NEWS file. Just in case someone hits an obscure edge case and is trying
to find out what changed.
--
assignee: steve.dower
components: Windows
messages: 3
Change by Steve Dower :
--
keywords: +patch
pull_requests: +18056
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/18695
___
Python tracker
<https://bugs.python.org/issu
New submission from Steve Dower :
Looking at https://docs.python.org/3/license.html there's a list of
"incorporated software" licenses, most of which say you need to distribute the
license.
Right now, the LICENSE.txt file we distribute on Windows (made from the
Steve Dower added the comment:
Isn't that what we ended up merging? (Goes to check). Ah, that was 3.30.1.
Sure, go for it. We'll have RCs of everything before the next final releases go
out, so provided someone double checks that it's all good before then I&
Steve Dower added the comment:
New changeset 03153dd1459fab94f294a118ed1525e34d58601a by Steve Dower in branch
'master':
bpo-39789: Update Windows release build machines to VS 2019 (GH-18695)
https://github.com/python/cpython/commit/03153dd1459fab94f294a118ed1525
Steve Dower added the comment:
The backport to 3.8 doesn't matter so much for the build definition (the build
always runs from master, even when targeting earlier versions), but the minor
Nuget fixes are necessary, so may as well keep it all in sync.
I expect the backport to automerg
Steve Dower added the comment:
> (BTW, is it kosher to force push to PRs like this?)
We always squash merge, so you don't need to do it to hide your history.
Personally, I do it occasionally when the history is very long and nobody has
started reviewing.
Force pushing will r
Steve Dower added the comment:
If you use subprocess to launch any process that is marked SUBSYSTEM_CONSOLE,
Windows will create a new console for it. For example, "python.exe" is such a
process.
Eryk's answer in the very first StackOverflow link shows how to create a
STARTU
Steve Dower added the comment:
Try running that script with pythonw.exe instead.
--
___
Python tracker
<https://bugs.python.org/issue30082>
___
___
Python-bug
Steve Dower added the comment:
In thinking about this, I think the best way forward is to just remove the
logic that might statically link the initialization code, and instead commit to
CPython releases always including vcruntime140.dll even if we switch to a newer
version one day
Change by Steve Dower :
--
keywords: +patch
pull_requests: +18080
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/18724
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
Yep, that seems like the reason. All of that redirection is handled by the OS
and I don't think we'd want to override it.
However, I suspect we're close to having another discussion about making the 64
bit download the default. There are fewer a
Steve Dower added the comment:
It'll have to be a program that cannot inherit the active console. Ffmpeg
normally can, but running the first script with pythonw will make sure there is
no console to inherit, and a new one will pop up for a regular Python pr
Steve Dower added the comment:
No, that one is fine.
I just need someone else to jump in and tag the commit in cpython-source-deps
for me (because I can't clone it successfully on my current internet
connection).
--
___
Python tracker
&
Steve Dower added the comment:
> don't know if you still need it but here is what you requested.
Thanks. That basically confirms that something is interfering with distutils.
Skipping the check entirely should avoid it.
--
versions: +Python 3.8, Py
Steve Dower added the comment:
Nope, same PR and bug is totally fine.
Putting the NEWS items in their platform-specific sections is how we normally
do it (though to be fair, I had to go look it up).
--
___
Python tracker
<https://bugs.python.
Steve Dower added the comment:
I marked the PR to backport to 3.7 and 3.8.
Up to Benjamin whether 2.7 gets it, but unless there's a specific and impactful
CVE that's been fixed, I doubt it (the one linked at the start of this issue
seems to require direct modification of the SQL
Steve Dower added the comment:
Leaving open until someone (*cough* Benjamin) confirms whether this has to go
into 2.7 or not.
--
nosy: +benjamin.peterson
stage: patch review -> backport needed
___
Python tracker
<https://bugs.pyth
1501 - 1600 of 6138 matches
Mail list logo