Steve Dower added the comment:
Thanks. Your PR will start to work once I've done the updated build, so don't
worry about the failure right now.
OpenSSL updates require build manager involvement, so it's blocked on me :)
--
___
Steve Dower added the comment:
... equally happy without an explicit test in anything that's only prerelease
right now.
--
___
Python tracker
<https://bugs.python.org/is
Steve Dower added the comment:
You could test this by getting the event and CloseHandle-ing it. A function to
do this could be added to _testcapimodule. It'd have to run in its own process,
but we have (a few) helpers around for this.
Given the concerns, I don't think we should c
Steve Dower added the comment:
Okay, new sources and build are up, so I retriggered the PR. If it's all good,
I'll merge and backport.
--
___
Python tracker
<https://bugs.python.o
Steve Dower added the comment:
New changeset 80d827c3cb041ae72b9b0572981c50bdd1fe2cab by Srinivas Reddy
Thatiparthy (శ్రీనివాస్ రెడ్డి తాటిపర్తి) in branch 'master':
bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834)
https://github.com/python/cpyt
Change by Steve Dower :
--
pull_requests: +20034
pull_request: https://github.com/python/cpython/pull/20841
___
Python tracker
<https://bugs.python.org/issue40
Change by Steve Dower :
--
pull_requests: +20033
pull_request: https://github.com/python/cpython/pull/20840
___
Python tracker
<https://bugs.python.org/issue40
Steve Dower added the comment:
> If WaitForSingleObjectEx fails, do you think the system error code should be
> raised as an OSError?
It's invalid (and unfixable) internal state, so perhaps SystemError makes the
most sense? There's no point catching it in most cases.
Or sin
Steve Dower added the comment:
New changeset 7e57c367d65f3d0219978b465dc00da15ae3724c by Steve Dower in branch
'3.8':
bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834)
https://github.com/python/cpython/commit/7e57c367d65f3d0219978b465dc00d
Steve Dower added the comment:
New changeset 617af99312ca36ad5a08db764858caf11c92a2c0 by Steve Dower in branch
'3.7':
bpo-40164: Update Windows OpenSSL to 1.1.1g (GH-20834)
https://github.com/python/cpython/commit/617af99312ca36ad5a08db764858ca
Change by Steve Dower :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Łukasz can add a note to the release page, I believe.
--
nosy: +lukasz.langa
___
Python tracker
<https://bugs.python.org/issue40
Steve Dower added the comment:
Is there any reason for TkDND to be optional apart from the rest of Tkinter? If
not, your installer changes are probably fine, but why not combine the two and
just treat it as part of the Tcl/Tk build? (Primarily for Windows, I'd guess.
Not sure how t
Steve Dower added the comment:
Hi Miika
Please create a new issue.
It would also be helpful if you gave us some idea of what your username looks
like, even if you change it a bit to hide it from the internet. The most common
cause of this error is spaces or non-ASCII characters in your
New submission from Steve Stagg :
Hi
Fuzzing found the following:
$ ./python/bin/python3
Python 3.10.0a0 (heads/master:eb0d5c38de, Jun 20 2020, 21:35:36)
[Clang 10.0.0 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>
Steve Stagg added the comment:
Appears to have been introduced by:
bpo-40334: Produce better error messages on invalid targets (GH-20106)
01ece63d42b830df106948db0aefa6c1ba24416a
--
___
Python tracker
<https://bugs.python.org/issue41
Steve Stagg added the comment:
This appears to have been introduced in 13915a3100 bpo-36356: Fix memory leak
in _asynciomodule.c (GH-16598).
Cannot reproduce on master
--
___
Python tracker
<https://bugs.python.org/issue40
Steve Stagg added the comment:
I was able to reproduce, follows is the raw LLDB output, I don't think this
fails on master, will try some bisecting:
* thread #1, name = 'runtest', stop reason = signal SIGSEGV: invalid address
(fault address: 0x0)
frame #0: 0x0
Steve Stagg added the comment:
Fix was here:
a75e730075 bpo-40294: Fix _asyncio when module is loaded/unloaded multiple
times (GH-19542)
Backport commit was:
6b0ca0aeab04d7b7b54086248ca9d5e70f770f2f
>From my end, the issue seems to be resovled on tag v.3.
Steve Dower added the comment:
Thanks for the change. It looks good, though I would like to have a NEWS entry
for this so that people can find that we made a deliberate change to this DLL.
I'd also like to do some manual testing to make sure that we aren't going to
break any ob
Steve Dower added the comment:
Looks good. Let's rename PYTHON_DLL_NAME to ORIGINAL_FILENAME, since it took me
10 minutes to figure out that that's how it's used...
We'll backport this one to 3.9 before RC. No NEWS file required.
--
v
Steve Dower added the comment:
Looks good, but I'll want to manually test this, as it's not covered by
automated tests. (If you happen to know how to test drag-drop of multiple files
and non-MBCS filenames in Explorer, would love to have some tests, but given
the low churn on t
Steve Dower added the comment:
New changeset 6eab52ffadb2836adb59d0578c84d247f05e19b1 by Ammar Askar in branch
'3.8':
bpo-39699: Remove accidentally committed test change (GH-21089)
https://github.com/python/cpython/commit/6eab52ffadb2836adb59d0578c84d2
Steve Dower added the comment:
It depends on your application. Almost all of these are exposed directly, so
you will be vulnerable if your application uses them in the way described by
the CVE.
I'm not familiar enough with the vulnerabilities in question to tell you for
sure, and I
Steve Dower added the comment:
New changeset fe2a48c605d98ac02ab2b9593cb87ce364aeae2d by Nikita Nemkin in
branch 'master':
bpo-41089: Filters and other issues in Visual Studio projects (GH-21070)
https://github.com/python/cpython/commit/fe2a48c605d98ac02ab2b9593cb87c
Change by Steve Dower :
--
pull_requests: +20256
pull_request: https://github.com/python/cpython/pull/21090
___
Python tracker
<https://bugs.python.org/issue41
Change by Steve Dower :
--
assignee: -> steve.dower
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.9
___
Python tracker
<https://bugs.python
Steve Dower added the comment:
Thanks!
--
___
Python tracker
<https://bugs.python.org/issue41089>
___
___
Python-bugs-list mailing list
Unsubscribe:
Steve Dower added the comment:
New changeset 4efc3360c9a83d5891f27ed67b4f0ab7275d2ab4 by Nikita Nemkin in
branch 'master':
bpo-41054: Simplify resource compilation on Windows (GH-21004)
https://github.com/python/cpython/commit/4efc3360c9a83d5891f27ed67b4f0a
Steve Dower added the comment:
New changeset 47cd931a61146793faa44e01516bf07b0c23380c by Steve Dower in branch
'3.9':
bpo-41089: Filters and other issues in Visual Studio projects (GH-21070)
https://github.com/python/cpython/commit/47cd931a61146793faa44e01516bf0
Steve Dower added the comment:
New changeset 2c6e4e91c5a4d3f25908108f4ed32aba936df70c by Nikita Nemkin in
branch 'master':
bpo-41039: Simplify python3.dll build (GH-20989)
https://github.com/python/cpython/commit/2c6e4e91c5a4d3f25908108f4ed32a
Steve Dower added the comment:
Thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
SGTM. Thanks for the PR!
--
___
Python tracker
<https://bugs.python.org/issue41094>
___
___
Python-bugs-list mailing list
Unsub
Steve Dower added the comment:
New changeset bbf36e8903f8e86dcad8131c818e122537c30f9e by Nikita Nemkin in
branch 'master':
bpo-41070: Simplify pyshellext.dll build (GH-21037)
https://github.com/python/cpython/commit/bbf36e8903f8e86dcad8131c818e12
Steve Dower added the comment:
Thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
New changeset 33b79b11b891adea5a916df8e3779505b37aabe7 by Nikita Nemkin in
branch 'master':
bpo-41038: Fix non-ASCII string corruption in Win32 resource files (GH-20985)
https://github.com/python/cpython/commit/33b79b11b891adea5a916df8e37795
Change by Steve Dower :
--
assignee: -> steve.dower
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python
Steve Dower added the comment:
I'm going to have to spend more time to analyse this (later), but it seems like
Windows deciding not to update the directory's data structures (containing the
st_mtime retrieved by scandir) as long as the file is still open.
I suspect the answe
Steve Dower added the comment:
Does it make the most sense for us to make .flush() also do an implicit
.fsync() (when it's actually a file object)?
--
___
Python tracker
<https://bugs.python.org/is
Steve Dower added the comment:
Okay, so it sounds like there's a class of files where we can't rely on the
FindFileData having the right values. But we get enough information to be able
just suppress the caching behaviour for those, right?
Basically, my criteria for fixing t
Steve Dower added the comment:
> We're faced with the choice between either always calling the real lstat, or
> just documenting that files with hard links will have stale information if
> the file was updated using another link.
That's an easy choice: we document it.
Steve Dower added the comment:
Those are all good ideas, but using os.stat(d) instead of d.stat() is shorter,
more reliable, more compatible, and already works.
There's no middle ground where DirEntry can be faster, because it's already
using that middle ground. All the discussi
Steve Dower added the comment:
> I understand that LoadLibraryExW() must not be attempted if _Py_dll_path is
> empty, or if Py_GetPrefix() is empty. Am I right?
More likely those should never be empty. Perhaps sys.prefix is optional, but
the DLL path is the current executing modul
Steve Dower added the comment:
Sorry, I take that back. Earlier versions would indeed skip initialization in
some cases.
I propose we deprecate the dll_path field in PathConfig and just get the path
directly in the three places it's necessary. The path calculations have
security exp
New submission from Steve Dower :
Because of when _Py_ClearAuditHooks is called during finalization, it is
possible that __del__ destructors will be called after hooks have been cleared.
Audit events that would be raised here are dropped.
We should ensure these events are received by any
New submission from Steve Dower :
These tests rely on MSVC to do some building, but Windows ARM devices do not
currently have a compiler toolset (you need to cross-compile).
We should skip these tests.
Sample build: https://buildbot.python.org/all/#/builders/182/builds/773
Sample traceback
New submission from Steve Dower :
Sample build: https://buildbot.python.org/all/#/builders/182/builds/773
The second last step is failing for some reason, probably because it doesn't
have the file it needs.
--
components: Build, Windows
messages: 372700
nosy: paul.moore, steve.
Steve Dower added the comment:
I like using the existing event for unmarshalling code objects, assuming we
have all the arguments available.
I'm not sure whether it's worth auditing all marshal.load() calls (just as we
don't audit all pickle.load() calls). But depending on th
Steve Bowman added the comment:
When will this issue be fixed? Thanks!
--
nosy: +sdbowman
___
Python tracker
<https://bugs.python.org/issue32958>
___
___
Pytho
Steve Dower added the comment:
Actually, a quick search of codeobject.c and a look at tkmk's PR makes it seem
like the audit event should be being raised from inside
PyCode_NewWithPosOnlyArgs anyway (which IIRC didn't exist when I first added
the event, though it was probably th
Steve Dower added the comment:
This is by (Windows's) design - separate apps are treated as separate by the
Windows app model. In the latest and N-1 updates to Windows, the AppData
redirection only applies to newly created files, not those that already exist.
[1] Before then, it used
Steve Dower added the comment:
As an aside, virtual environments will have the same redirection as the base
interpreter, so this is really only an issue between a 3.7 install and a 3.8
install, or a Store install and a traditional install
Steve Dower added the comment:
PR 21222 (with test updates) is a good fix, though we know there can still be
arbitrary code executed afterwards. But it's not in a place where we can
reliably hook.
Probably the best thing to do is to make sure that events are raised for
anything that
Steve Dower added the comment:
> A crude workaround is to script PowerShell or CMD in a child process.
I mean, that's not a *terrible* workaround:
>>> import os
>>> p1 = os.path.expandvars("%APPDATA%\\test.txt")
>>> p1
'C:\\Users\\steve\\A
Change by Steve Dower :
--
assignee: -> steve.dower
___
Python tracker
<https://bugs.python.org/issue29778>
___
___
Python-bugs-list mailing list
Unsubscrib
Change by Steve Dower :
--
keywords: +patch
pull_requests: +20446
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/21297
___
Python tracker
<https://bugs.python.org/issu
Change by Steve Dower :
--
pull_requests: +20447
pull_request: https://github.com/python/cpython/pull/21298
___
Python tracker
<https://bugs.python.org/issue29
Steve Dower added the comment:
Ah, you're right. Thanks for double checking me :)
I'll merge the PR and do the backports. Thanks!
--
___
Python tracker
<https://bugs.python.o
Steve Dower added the comment:
New changeset d160e0f8e283d0a8737644588b38e8c6a07c134f by tkmikan in branch
'master':
bpo-41180: Audit code.__new__ when unmarshalling (GH-21271)
https://github.com/python/cpython/commit/d160e0f8e283d0a8737644588b38e8
Steve Dower added the comment:
New changeset daa0fe03a517d335d48e65ace8e5da636e265a8f by Konge in branch
'master':
bpo-41162: Clear audit hooks later during finalization (GH-21222)
https://github.com/python/cpython/commit/daa0fe03a517d335d48e65ace8e5da
Change by Steve Dower :
--
pull_requests: +20451
pull_request: https://github.com/python/cpython/pull/21302
___
Python tracker
<https://bugs.python.org/issue41
Steve Dower added the comment:
Bumping to release blocker and adding RMs. Should definitely get this fix
merged within the next week, and I don't want the next round of releases to go
out without it.
--
nosy: +lukasz.langa, ned.deily
priority: normal -> release blocker
Steve Dower added the comment:
New changeset e1d4fdc53347617bea1aff0d7112471453f65003 by Steve Dower in branch
'3.9':
bpo-41162: Clear audit hooks later during finalization (GH-21222)
https://github.com/python/cpython/commit/e1d4fdc53347617bea1aff0d711247
Steve Dower added the comment:
Maybe we need to add a page for "undocumented" events? I really don't want to
document the _ctypes or _winapi modules - those should remain internal-only.
Maybe we can add a section to the end of the audit_events.rst file for "other
events
Change by Steve Dower :
--
pull_requests: +20452
pull_request: https://github.com/python/cpython/pull/21303
___
Python tracker
<https://bugs.python.org/issue41
Change by Steve Dower :
--
nosy: +steve.dower
nosy_count: 3.0 -> 4.0
pull_requests: +20453
pull_request: https://github.com/python/cpython/pull/21304
___
Python tracker
<https://bugs.python.org/issu
Change by Steve Dower :
--
pull_requests: -20453
___
Python tracker
<https://bugs.python.org/issue21222>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Steve Dower :
--
nosy: -steve.dower
___
Python tracker
<https://bugs.python.org/issue21222>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Steve Dower :
--
pull_requests: +20454
pull_request: https://github.com/python/cpython/pull/21304
___
Python tracker
<https://bugs.python.org/issue29
Change by Steve Dower :
--
pull_requests: +20456
pull_request: https://github.com/python/cpython/pull/21304
___
Python tracker
<https://bugs.python.org/issue41
Change by Steve Dower :
--
nosy: +steve.dower
nosy_count: 3.0 -> 4.0
pull_requests: +20455
pull_request: https://github.com/python/cpython/pull/21304
___
Python tracker
<https://bugs.python.org/issu
Change by Steve Dower :
--
pull_requests: -20454
___
Python tracker
<https://bugs.python.org/issue29778>
___
___
Python-bugs-list mailing list
Unsubscribe:
Steve Dower added the comment:
New changeset 941117aaa32bf8b02c739ad848ac727292f75b05 by Steve Dower in branch
'3.9':
bpo-21222: Fix improperly merged change so that final hooks are called before
types are cleared (GH-21304)
https://github.com/python/cpyt
Change by Steve Dower :
--
keywords: +patch
pull_requests: +20457
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/21305
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
New changeset b9e288cc1bfd583e887f784e38d9c511b43c0c3a by Steve Dower in branch
'3.8':
bpo-41162: Clear audit hooks later during finalization (GH-21222)
https://github.com/python/cpython/commit/b9e288cc1bfd583e887f784e38d9c5
Steve Dower added the comment:
New changeset dcbaa1b49cd9062fb9ba2b9d49555ac6cd8c60b5 by Steve Dower in branch
'master':
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is
embedded (GH-21297)
https://github.com/python/cpyt
Change by Steve Dower :
--
pull_requests: +20500
pull_request: https://github.com/python/cpython/pull/21354
___
Python tracker
<https://bugs.python.org/issue29
Steve Dower added the comment:
Fixes are in. Also adding the CVE number to the bug title.
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
title: _Py_CheckPython3 uses uninitialized dllpath when embedder sets module
path with Py_SetPath -&g
Steve Dower added the comment:
Merged the initial fix, but we now need to find any exploitable paths that
remain.
Considering how late in finalization they now run, they're very unlikely to
succeed at doing anything interesting. However, they'd also qualify as bugs
(potential
Steve Dower added the comment:
Announcement post:
https://mail.python.org/archives/list/security-annou...@python.org/thread/C5RIXC2ZIML3NOEIOGFPA6ISGU5L2QXL/
CVE-2020-15523 is an invalid search path in Python 3.6 and later on
Windows. It occurs during Py_Initialize() when the runtime
Change by Steve Dower :
--
components: -Windows
nosy: -steve.dower
___
Python tracker
<https://bugs.python.org/issue35786>
___
___
Python-bugs-list mailin
Steve Dower added the comment:
> Python 3.5 is also vulnerable, no? This branch still gets security fixes, do
> you plan to backport the fix?
You're right. I thought because the backport tag was gone on GitHub that it was
EOL already.
I can do the backport.
--
n
Change by Steve Dower :
--
pull_requests: +20520
pull_request: https://github.com/python/cpython/pull/21377
___
Python tracker
<https://bugs.python.org/issue29
Steve Dower added the comment:
New changeset 10772ec1505a4583d662c051e577eb2d4fb6e755 by Steve Dower in branch
'master':
bpo-41173: Copy test results file from ARM worker before uploading (GH-21305)
https://github.com/python/cpython/commit/10772ec1505a4583d662c051e577eb
Change by Steve Dower :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Steve Dower :
--
keywords: +patch
pull_requests: +20549
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/21400
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
New changeset af56c4fc76ac39ce76d649d7bebf7f78c1add4fa by Steve Dower in branch
'master':
bpo-41172: Fix check for compiler in test suite (GH-21400)
https://github.com/python/cpython/commit/af56c4fc76ac39ce76d649d7bebf7f
Change by Steve Dower :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Steve Dower added the comment:
Deprecating in 3.10 is fine - everyone who needs to know about it releases
whenever they like anyway, so we just need to make _some_ announcement.
I'd propose either moving it to Tools/distutils, or renaming it to _distutils.
The point is that we'
Steve Dower added the comment:
Correction: the original discovery credit goes to Eran Shimony
and Ido Hoorvitch
from CyberArk.
--
___
Python tracker
<https://bugs.python.org/issue29
Steve Dower added the comment:
The Windows build doesn't depend on distutils at all. We've had dedicated build
scripts for each module since before I started contributing.
--
___
Python tracker
<https://bugs.python.o
Steve Dower added the comment:
Thanks, this is a regression.
https://github.com/python/cpython/blob/master/PC/getpathp.c#L672 should be
inverted, as a zero return value indicates success.
--
keywords: +3.8regression
versions: +Python 3.10, Python 3.7, Python 3.9
Change by Steve Dower :
--
stage: -> test needed
type: -> security
___
Python tracker
<https://bugs.python.org/issue41304>
___
___
Python-bugs-list
Steve Dower added the comment:
At a guess, it's probably the signal emulation (a.k.a. Ctrl+C support). We
could save some time by checking the requested handle first without blocking,
and only beginning the blocking call if it's not
Change by Steve Dower :
--
keywords: +patch
pull_requests: +20637
stage: test needed -> patch review
pull_request: https://github.com/python/cpython/pull/21495
___
Python tracker
<https://bugs.python.org/issu
New submission from Steve Dower :
When connecting to localhost, socket.connect() takes two seconds on Windows
(the default) to time out, but on Linux (including WSL) it times out
immediately.
Test code (assuming port has no listener):
>>> import socket
>>> socke
New submission from Steve Dower :
Spotted at
https://dev.azure.com/Python/cpython/_build/results?buildId=66387&view=logs&j=d554cd63-f8f4-5b2d-871b-33e4ea76e915&t=5a14d0eb-dbd4-5b80-f5d0-7909f950a1cc&l=1859
test_empty_input (test.test_asyncio.test_subprocess.SubprocessProact
Change by Steve Dower :
--
keywords: +patch
pull_requests: +20638
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/21495
___
Python tracker
<https://bugs.python.org/issu
Steve Dower added the comment:
New changeset 936a66094591dc0e67d4a60c170148bb700ec016 by Steve Dower in branch
'master':
bpo-41304: Ensure python3x._pth is loaded on Windows (GH-21495)
https://github.com/python/cpython/commit/936a66094591dc0e67d4a60c170148
2201 - 2300 of 6138 matches
Mail list logo
