Paul McMillan added the comment:
I agree that we should enable randomness by default, and provide an easy way
for users to disable it if necessary (unit test suites that explicitly depend
on order being an obvious candidate).
I'll link my proposed algorithm change here, for the record:
Paul McMillan added the comment:
A couple of things here:
First, my proposed change is not cryptographically secure. There simply aren't
any cryptographic hashing algorithms available that are in the performance
class we need. My proposal does make the collision attack quite difficu
Paul McMillan added the comment:
This is not something that can be fixed by limiting the size of POST/GET.
Parsing documents (even offline) can generate these problems. I can create
books that calibre (a Python-based ebook format shifting tool) can't convert,
but are otherwise perf
Paul McMillan added the comment:
> My proposition only adds two XOR to hash(str) (outside the loop on Unicode
> characters), so I expect a ridiculous overhead. I don't know yet how hard it
> is to guess the secret from hash(str) output.
It doesn't work much better than a
Paul McMillan added the comment:
> - for small strings we could use a different seed than for larger strings
Or just leave them unseeded with our existing algorithm. Shifting them
into a different part of the hash space doesn't really gain us much.
> - for larger strings we could
Paul McMillan added the comment:
Marc-Andre: Victor already pasted the relevant part of my code:
http://bugs.python.org/issue13703#msg150568
The link to the fuller version, with revision history and a copy of the code
before I modified it is here:
https://gist.github.com/0a91e52efa74f61858b5
Paul McMillan added the comment:
As Alex said, Java has refused to fix the issue.
I believe that Ruby 1.9 (at least the master branch code that I looked
at) is using murmurhash2 with a random seed.
In either case, yes, these functions are vulnerable to a number of
attacks. We're solvin
Paul McMillan added the comment:
> Those who use or advocate a simple randomized starting hash (Perl, Ruby,
> perhaps MS, and the CCC presenters) are presuming that the randomized hash
> values are kept private. Indeed, they should be (and the docs could note
> this) unless an
Paul McMillan added the comment:
> An attack can be based on trying to find many objects with the same
> hash value, or trying to find many objects that, as they get inserted
> into a dictionary, very often cause collisions due to the collision
> resolution algorithm not finding
New submission from Paul Smedley :
Python 2.7.2 fails during compilation on OS/2 with:
File "./setup.py", line 1154, in detect_modules
for arg in sysconfig.get_config_var("CONFIG_ARGS").split()]
AttributeError: 'NoneType' object has no attribute 'sp
Paul McMillan added the comment:
> Alex, I agree the issue has to do with the origin of the data, but the
> modules listed are the ones that deal with the data supplied by this
> particular attack.
They deal directly with the data. Do any of them pass the data
further, or does the
Paul Smedley added the comment:
I'm building OS/2 python here using configure, etc - without the changes
attached, python would not complete the build.
--
___
Python tracker
<http://bugs.python.org/is
Paul McMillan added the comment:
> Christian Heimes added the comment:
> Ouch, the startup impact is large! Have we reached a point where "one size
> fits all" doesn't work any longer? It's getting harder to have just one
> executable for 500ms scripts and serv
Paul Smedley added the comment:
When I get some spare time, I'll test the default code using Andy Mac's last
build of Python - which afaik was 2.4.x and see if it works correctly
--
___
Python tracker
<http://bugs.python.o
Paul Boddie added the comment:
I don't understand how this bug and its patches are still active. It's
difficult for me to remember what I was doing in early 2007 when I started
working on issue #1667546, but I can well imagine that it was in response to
this and a number of re
New submission from Paul Hildebrandt :
profile.py and pstats.py have an inappropriate copyright for some. These files
were contributed by a company that was acquired by Disney. I have a patch that
has passed Disney legal to resolve the problem.
The following is the cogent part of a
Paul Hildebrandt added the comment:
This is the patch. It was created with
hg diff >WDAS.patch
at the root of the hg repository.
This patch is just a comment change and should apply to versions of Python
currently being update.
--
keywords: +patch
resolution: -> fixed
ve
Paul Hildebrandt added the comment:
Good catch, thanks Eric! You are a wonderful human being.
--
___
Python tracker
<http://bugs.python.org/issue12417>
___
___
New submission from Paul Weiss :
I am trying to install python 2.7 on my Redhat machine. It installs most of the
files, but it doesn't install the lib-dynload directory. I have set every path,
done every install and clean I could think of but I can't get it to work. I
have tried
Paul Weiss added the comment:
Correct, I am using the source from
http://www.python.org/ftp/python/2.7.2/Python-2.7.2.tgz
make clean
./configure --prefix=/opt/Python-2.7
make
sudo make install
I get this:
/usr/bin/install -c -m 644 ./LICENSE /opt/Python-2.7/lib/python2.7/LICENSE.txt
Paul Weiss added the comment:
No, Redhat's 2.6.9. Could that be the issue?
--
___
Python tracker
<http://bugs.python.org/issue12582>
___
___
Python-bugs-l
Paul Weiss added the comment:
So I have solved my own issue, but the solution raises another question. Let me
explain...
On a whim I copied the build/lib.linux-i686-2.7 directory into the
/opt/Python-2.7/lib/python2.7 directory as lib-dynload. This worked and python
installed correctly. In
Paul Weiss added the comment:
As it turns out I am using an older version of make on the machine that I was
having trouble with. It seems we have made some bad assumptions about the
configuration of our machines. It makes sense with other problems we have had
on the other machines too. I am
New submission from Paul Price :
I am running Python 2.7.1 under Valgrind 3.6.1 on a x86_64 GNU/Linux box.
Valgrind is flagging errors that are not covered by the standard suppressions
file (Misc/valgrind-python.supp; after uncommenting the part I'm supposed to),
e.g.:
==5804== U
Changes by Paul Moore :
--
nosy: +pmoore
___
Python tracker
<http://bugs.python.org/issue12678>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Paul Upchurch :
Calling http.server.BaseHTTPRequestHandler.send_error(code,message) with a
message that contains a trailing newline does not display properly in Firefox,
Chrome.
Listing 1
#!/usr/bin/env python3.2
import http.server
import traceback
class httphandler
New submission from paul j3 :
The Windows programming guidelines for the multiprocessing module documentation
should include a warning that any logging initialization should be protected by
the 'if __name__' block. Otherwise you will get duplicate logging entries for
the child
Paul Moore added the comment:
Certainly the 2.7 branch on my buildbot is now OK (3.x is failing for
other reasons :-()
--
status: pending -> open
___
Python tracker
<http://bugs.python.org/iss
New submission from paul clinch :
Some attributes, e.g. STARTF_USESHOWWINDOW have moved to
_subrocess.STARTF_USESHOWWINDOW. This breaks old code.
--
components: Library (Lib)
messages: 116450
nosy: pclinch
priority: normal
severity: normal
status: open
title: subprocess module changed
New submission from Paul Menzel :
Compiling Python in parallel sometimes fails as reported in [1] and [2].
./libpython2.6.so: undefined reference to `_PyParser_Grammar´
Fedora applies a patch by dmalcolm which fixes
this issue [3].
diff -up Python-2.7/Makefile.pre.in.fix-parallel
Paul Bolle added the comment:
0) I ran into some (small) problems with the documentation added by revision
62195. It seems more efficient to reuse this issue to report these. Feel free
to ask me to open another issue if that's not appreciated.
1) A small patch that addresses two pro
New submission from Paul Bolle :
0) I ran into some (small) problems with the documentation added by revision
62195 (see issue 815646 for background).
1) A small patch that addresses two problems with the Python 2.7 documentation
should be attached:
- link three occurrences of "GIL&qu
Paul Bolle added the comment:
> please open a new issue and attach your patch(s) there
Issue 10111 now tracks the documentation problems.
--
___
Python tracker
<http://bugs.python.org/issue
Changes by Paul Bolle :
--
nosy: +pebolle
___
Python tracker
<http://bugs.python.org/issue8340>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Paul Bolle :
0) There's an obvious typo in the cporting HOWTO:
[...] It’s also important to remember that PyBytes and PyUnicode in 3.0 are not
interchangeable like PyString and PyString are in 2.x. [...]
That PyString and PyString are interchangeable is obviously not
New submission from Paul Sokolovsky :
sqlite.Row class doesn't implement sequence protocol, which is rather
unfortunate, because it is described and expected to work like a tuple, with
extra mapping-like functionality.
Specific issue I hit:
Adding rows to PyGTK ListStore,
Changes by Paul Sokolovsky :
--
versions: +Python 2.7
___
Python tracker
<http://bugs.python.org/issue10203>
___
___
Python-bugs-list mailing list
Unsubscribe:
Paul Moore added the comment:
Seems to be correctly skipping the test now - failures are because of
other issues (a load more hg builds means that the buildslave is
getting a bit tight on space...)
This change looks fine. Thanks!
--
status: pending -> o
New submission from Paul Wouters :
ssl.get_server_certificate() does not work for IPv6 addresses:
>>> ssl.get_server_certificate( ("2001:888:2003:1004:c2ff:eeff:fe00:133",443))
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib
New submission from Paul Griffith :
In compiling Python 2.7.1 on RHEL I run into the following error message when
running make.
gcc: unrecognized option '-n32'
gcc -pthread -n32 -Xlinker -export-dynamic -o python \
Modules/python.o \
Paul Griffith added the comment:
I have included the config.log file and a script of configure and make process.
CFAGS and friends are not set.
--
Added file: http://bugs.python.org/file21782/typescript.python-2.7.1
___
Python tracker
<h
Paul Griffith added the comment:
Here is the config.log file!
--
Added file: http://bugs.python.org/file21783/config.log
___
Python tracker
<http://bugs.python.org/issue11
Paul Griffith added the comment:
I found the problem, it is with my system. In the past we used to support SGI
hosts and I had the SGI_ABI environmental variable set to -n32.
Please consider this issue closed.
--
status: open -> closed
___
Pyt
Paul Moore added the comment:
This bug appears to be Unix-only. On Windows:
>>> from subprocess import *
>>> p1 = Popen(['cat'], stdin=PIPE, stdout=PIPE)
>>> p2 = Popen(['grep', 'a'], stdin=p1.stdout, stdout=PIPE)
>>> p1.stdin.w
Paul Moore added the comment:
Patch looks good to me. Can this be applied? As a temporary workaround I have
set my buildbot to run interactively. Once the fix is applied, I will switch
back to running as a service.
--
keywords: +buildbot
Changes by Paul Moore :
--
nosy: +gpolo
___
Python tracker
<http://bugs.python.org/issue9931>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
Paul Moore added the comment:
> Perhaps somewhat orthogonal to the patch, but in terms of the original hang
> issue, does your service definition have the "interact with desktop" option
> checked? That ought to permit any normal UI processing to take place as if
&g
New submission from paul clinch :
The example ``16.4.3.1. ProcessPoolExecutor Example`` hangs in IDLE silently,
and hangs the interactive python shell with ``AttributeError: 'module' object
has no attribute 'is_prime'``.
is_prime(9) was tested before running.
Platform
New submission from paul rubin <[EMAIL PROTECTED]>:
For object serialization and some other purposes, Java encodes unicode
strings with a modified version of utf-8:
http://en.wikipedia.org/wiki/UTF-8#Java
http://java.sun.com/javase/6/docs/api/java/io/DataInput.html#modified-utf-8
It is u
paul rubin <[EMAIL PROTECTED]> added the comment:
Some java applications use it externally. The purpose seems to be to
prevent NUL bytes from appearing inside encoded strings which can
confuse C libraries that expect NUL's to terminate strings. My
immediate application is par
paul rubin <[EMAIL PROTECTED]> added the comment:
Also, according to wikipedia, tcl also uses that encoding.
__
Tracker <[EMAIL PROTECTED]>
<http://bugs.pytho
paul rubin <[EMAIL PROTECTED]> added the comment:
I'm not sure what you mean by "ditto for Lucene indexes". I wasn't
planning to use C code. I was hoping to write Python code to parse
those indexes, then found they use this weird encoding, and Python's
codec set
Paul Melis <[EMAIL PROTECTED]> added the comment:
I think I'm having a similar lockup on fedora core 4 (smp machine). This
is with the py3k branch, freshly svn updated. When running "make test
TESTOPTS=test_multiprocessing" the first of the two test runs always
succeeds in
Paul Melis <[EMAIL PROTECTED]> added the comment:
After a few more runs with -v and redirecting output to a file it seems
the lockup I get is in
test_notify_all (test.test_multiprocessing.WithManagerTestCondition)
___
Python tracker <[EMAIL PROTECTE
Paul Melis <[EMAIL PROTECTED]> added the comment:
I made a copy of test_multiprocessing.py (to test_mp.py) and basically
removed all test classes, except _TestCondition. In it, I commented all
test methods except test_notify_all. When run with make test
TESTOPTS="-v test_mp" the
Paul Melis <[EMAIL PROTECTED]> added the comment:
What do you mean with ">16MB"? Is that the total size of all data held
by the dictionary (and if so, how did you measure this)? How many keys
are in the dictionary? And what indication do you have that elements are
being droppe
Paul Melis <[EMAIL PROTECTED]> added the comment:
The script is still not a test case, as it doesn't *demonstrate* the
problem when run. You need to provide more information for this to be
reproducable by others.
- what exact input did you use? (e.g. include the IRC log file on whic
Paul Melis <[EMAIL PROTECTED]> added the comment:
On a Linux system (FC4) with r64686 of the Py3k branch I also still get
occassional hangs (with ./python -E -bb ./Lib/test/regrtest.py -v
test_multiprocessing). Mostly this seems to occur with the very first
test executed, i.e. before any
New submission from Paul Moore <[EMAIL PROTECTED]>:
The latest version of Mingw binutils, 2.18.50.20080109, uses a 4-part
version number which distutils does not like (StrictVersion only allows
for 3 parts).
The attached patch fixes this, simply by using LooseVersion (the version
numb
New submission from paul stoop <[EMAIL PROTECTED]>:
On page http://docs.python.org/ref/notation.html the following text:
name::= lc_letter
lc_letter ::= "a"..."z"
The first line says that a name is an lc_letter followed by a sequence
of z
New submission from paul stoop <[EMAIL PROTECTED]>:
hi,
On http://docs.python.org/ref/strings.html we find
longstring ::= "'''" longstringitem* "'''" | '"""' longstringitem* '"""'
(cor
Paul Pogonyshev <[EMAIL PROTECTED]> added the comment:
Just to note, I proposed similar macro on the mailing list under the
name Py_ASSIGN.
--
nosy: +_doublep
___
Python tracker <[EMAIL PROTECTED]>
<http://bugs.pytho
New submission from Paul Chew <[EMAIL PROTECTED]>:
When the latest Mac installer (Python 2.5.2 for Macintosh OS X) is used on
a new Mac (10.5.4) the resulting IDLE does not have a Preferences... entry
in its File menu. The only fix that I've found is to use the previous Mac
instal
Paul Molodowitch <[EMAIL PROTECTED]> added the comment:
To do a private, SxS install, see:
http://msdn.microsoft.com/en-us/library/ms997620.aspx
I once made a private SxS installation of a MSVC-reliant app (that you
could install with non-admin privileges), and if recall correctly, it
re
New submission from Paul Pogonyshev <[EMAIL PROTECTED]>:
PEP 3121 states that: "The module state will be null-initialized". This
is not the case as it seems.
--
components: Interpreter Core
messages: 72197
nosy: _doublep
severity: normal
status: open
title: PEP 3121 ---
Paul Pogonyshev <[EMAIL PROTECTED]> added the comment:
I'm also absolutely against having len() lying to me. This would be a
welcome to bump into some other hideous error later, e.g. discarding
part of data as I'd think it wasn't there. Better raise an exception
New submission from Paul Pogonyshev <[EMAIL PROTECTED]>:
PEP 3121 at python.org mentions PyType_Copy(). However, it doesn't seem
to be present in SVN version and there is no apparent replacement.
Please clarify how types should be created for different module
instances --- if just
Paul Pogonyshev <[EMAIL PROTECTED]> added the comment:
Ping.
___
Python tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue3740>
___
___
Python-bugs
New submission from Paul Boddie :
As noted here:
http://www.selenic.com/pipermail/mercurial/2010-February/030068.html
This is probably documented somewhere, and there may even be a good reason for
the difference, but old-style classes raise TypeError when __len__ returns a
non-int, whereas
Paul Boddie added the comment:
I would have expected a more accurate error message for the new-style class. In
the original message which brought this to my attention, the cause was not
particularly obvious:
http://www.selenic.com/pipermail/mercurial/2010-February/030066.html
I concede that
Paul Boddie added the comment:
I don't disagree that OverflowError describes what's happening, but the need to
convert to an int in the first place is a detail of the machine - you'd have to
know that this is a limitation of whatever internal "protocol" CPython
imple
Paul Boddie added the comment:
Actually, in the issue reported, the initial problem occurs in the evaluation
of an object in a boolean context (and the subsequent problem occurs with an
explicit len invocation):
http://www.selenic.com/pipermail/mercurial/2010-February/030066.html
Presumably
New submission from paul stadfeld :
So I started 3.1.2...
Python 3.1.2rc1 (r312rc1:78742, Mar 7 2010, 07:49:40) [MSC v.1500 32 bit
(Intel)] on win32
Type "copyright", "credits" or "license()" for more information.
>>>
And monitored Windows Task
Changes by Paul Smith :
--
nosy: +paulsmith
___
Python tracker
<http://bugs.python.org/issue8154>
___
___
Python-bugs-list mailing list
Unsubscribe:
Paul Boddie added the comment:
Well, this still doesn't work for me. I'm running Kubuntu 8.04 (libc6 package
version 2.7-10ubuntu5) and reside in the CEST time zone, yet attempting to
display the time zone always seems to give "+". Here are the
Paul Jimenez added the comment:
Since no one else has commented on this in over a year, and the new (2.6+) code
works fine, I'll just close this to help clean things up.
--
status: open -> closed
___
Python tracker
<http://bugs
New submission from Paul Moore :
test_support.find_unused_port attempts to find an unused port to use. The
approach is fragile (as noted in the docstring) in certain cases. In
particular, it appears that Windows takes a short time to free the socket after
it is closed, meaning that when the
Changes by Paul Moore :
--
nosy: +pitrou
___
Python tracker
<http://bugs.python.org/issue8576>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.pyth
Paul Moore added the comment:
OK. I've attached a patch which removes the use of get_unused_port for
test_smtplib and test_multiprocessing. It doesn't use bind_port as both cases
test classes that create their own port internally, rather I've used port 0 and
then introspected
Paul Jimenez added the comment:
That sounds great - at least something useful will come out of this, even if
it's just more tests for urlparse :)
--
___
Python tracker
<http://bugs.python.org/issu
Paul Moore added the comment:
Here's a patch for test_logging. It needed a minor tweak to logging.config -
but I can't see anywhere that this affects the documentation, so I didn't do a
doc patch. I hope that's OK.
I'll have a look at test_socket but that looks a
Paul Moore added the comment:
Might work - but the only ones that were actually failing for me were
test_multiprocessing and test_smtplib. So I'm not quite sure where/when the
error would be raised on the remaining 2 (socket & httplib). But I'll keep it
in mind.
To be honest,
Paul Moore added the comment:
One of the tests in test_socket is checking that an attempt to connect to a
port with no server running gives socket.error. For that, we need a port that's
guaranteed to have no server present.
I think that one of the tests in test_httplib check
Paul Moore added the comment:
Thanks for the suggestions, I'll see if I can implement something based on them.
--
___
Python tracker
<http://bugs.python.org/i
Paul Moore added the comment:
I believe that mailbox.py is expected to work with files opened in
binary mode. A long time ago I opened a bug on th email package
(http://bugs.python.org/issue586899) which turned out to be because
mailbox.py required binary mode files. The conclusion was that it
Paul Smedley added the comment:
I see similar problems here on OS/2 with Python 2.5.1 and Ncurses 5.6.
Problem is causes as win->win is uninitialised when passed to new_panel.
Initialising win->win to a value makes the new_panel call work. Not
sure why this works on other platforms but
Paul Felix added the comment:
Maybe not. With the addition of thread.stack_size([size]), it's fairly
easy to get around the problem by bumping up the stack size. It would be
nice if PyMarshal_ReadLastObjectFromFile didn't allocate a small file
buffer on the stack (think of the i
Paul Pogonyshev added the comment:
I'd like to ping this issue as I think it is important enough (core is
affected).
__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python
New submission from Paul Pogonyshev:
I have a regression from Python 2.5 to Python SVN (would-be-2.6). I
believe this because of class attribute caching. The problem shown
below happens because AbstractGCProtector is an extension class. So,
Python interpreter doesn't have a chance to n
Paul Pogonyshev added the comment:
Eh, disregard that, I missed one line with set_default() call. Still,
the unit test fails...
__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/
Paul Pogonyshev added the comment:
OK, here it is:
>>> from notify.all import *
>>> original_protector = AbstractGCProtector.default
>>> new_protector = FastGCProtector ()
>>> AbstractGCProtector.set_default (new_protector)
>>> Abstr
Paul Pogonyshev added the comment:
set_default() is a static method to set 'default'. Because of this:
>>> AbstractGCProtector.default = 42
Traceback (most recent call last):
File "", line 1, in
TypeError: can't set attributes of built-in/extension t
Paul Pogonyshev added the comment:
Weird. Does it even run with a stable Python (not trunk)?
__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue1878>
__
___
Pyth
Paul Pogonyshev added the comment:
Can you run the pasted script (from the third comment) manually then?
The crash might be related to the bug in question.
__
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/
Paul Pogonyshev added the comment:
Even if there is an easy workaround for the extension (or even a fix, if
modifying 'tp_dict' is not legal), I don't think it would be acceptable
to make a backward-incompatible change in 2.6. I mean, sure Py-notify
is by no means a widely-used l
Paul Pogonyshev added the comment:
It doesn't help:
ERROR: test_default_property (test._gc.AbstractGCProtectorTestCase)
--
Traceback (most recent call last):
File "/home/paul/notify/test/_gc.py&quo
Paul Pogonyshev added the comment:
I personally think that this bug is a showstopper for the caching patch
in 2.6. Well, the problem can be deemed insignificant, but it is sure a
break of backward compatibility and, worse yet, it results in _very_
obscure fails. Even if type dictionary changes
Paul Boddie added the comment:
(Andrew, thanks for making a bug, and apologies for not reporting this
in a timely fashion.)
Although an in-memory caching solution might seem to be sufficient, if
one considers things like CGI programs, it's clear that such programs
aren't going to be
New submission from paul rubin:
I don't see any way in the docs to get the status of an http request, in
particular I want to know whether it's a 404. It does show up in the
guts of the library so maybe I can extract it somehow, but there should
be a simple documented way.
Also, the
paul rubin added the comment:
I like the idea of having some integer math functions like this in the
stdlib; whether in the math module or elsewhere doesn't matter much. In
particular I remember having to implement xgcd on several separate
occasions for unrelated applications, each
201 - 300 of 3008 matches
Mail list logo
