Dave Malcolm added the comment:
On Sat, 2012-01-21 at 22:20 +, Antoine Pitrou wrote:
> Sounds a bit overkill, and it shouldn't be a public API (which
> __methods__ are). Even a private API on dicts would quickly become
> visible, since dicts are so pervasive.
Fair enough.
&
Dave Malcolm added the comment:
5 more characters:
PYTHONHASHTABLEPROTECTION
or
PYHASHTABLEPROTECTION
maybe?
I'm in *both* camps: I like hash seed randomization fwiw. I'm nervous
about enabling either of the approaches by default, but I can see myself
backporting both approaches i
Dave Malcolm added the comment:
On Sat, 2012-01-21 at 23:47 +, Alex Gaynor wrote:
> Alex Gaynor added the comment:
>
> On Sat, Jan 21, 2012 at 5:42 PM, Gregory P. Smith
> wrote:
>
> >
> > Gregory P. Smith added the comment:
> >
> > On Sat,
Dave Malcolm added the comment:
I arbitrarily started with 50, and then decided a power of two would be
quicker when multiplying. There wasn't any rigorous analysis behind the
choice of factor.
Though, as noted in msg151796, I've gone off this idea, since I think
the "prot
Dave Malcolm added the comment:
I'm attaching an attempt at backporting haypo's random-8.patch to 2.7
Changes relative to random-8.patch:
* The randomization is off by default, and must be enabled by setting
a new environment variable PYTHONHASHRANDOMIZATION to a non-em
Dave Malcolm added the comment:
Hi Vikash - thanks for working on this.
It's normal when packaging code "downstream" for Fedora to file a package
review request at bugzilla.redhat.com, following the process here:
http://fedoraproject.org/wiki/Package_Review_Process
(sorry
Dave Malcolm added the comment:
I'm attaching a patch which implements a hybrid approach:
hybrid-approach-dmalcolm-2012-01-25-001.patch
This is a blend of various approaches from the discussion, taking aspects of
both hash randomization *and* collision-counting.
It incorporates code
Dave Malcolm added the comment:
I've found a bug in my patch; insertdict writes the old non-randomized
hash value into me_hash at:
ep->me_hash = hash;
rather than using the randomized hash, leading to issues when tested
against a real attack.
I'm looking i
Dave Malcolm added the comment:
On Wed, 2012-01-25 at 18:05 +, Antoine Pitrou wrote:
> Antoine Pitrou added the comment:
>
> > I'm attaching a revised version of the patch that should fix the above
> > issue:
> > hybrid-approach-dmalcolm-2012-01-25-002.
Dave Malcolm added the comment:
I think you're right: it will stop matching it during lookup within such
a dict, since the dict will be using the secondary hash for "abc", but
hash() for the C instance.
It will still match outside of the dict, and within other dicts.
So yes,
Dave Malcolm added the comment:
On Thu, 2012-01-26 at 21:04 +, Alex Gaynor wrote:
> Alex Gaynor added the comment:
>
> On Thu, Jan 26, 2012 at 4:00 PM, Martin v. Löwis
> wrote:
>
> >
> > Martin v. Löwis added the comment:
> >
> > I'd like to
Dave Malcolm added the comment:
On Fri, 2012-01-27 at 21:02 +, Martin v. Löwis wrote:
> Martin v. Löwis added the comment:
>
> > But then isn't it vulnerable to Frank's first attack as exposed in
> > http://mail.python.org/pipermail/python-dev/2012-January/11
Dave Malcolm added the comment:
On Sat, 2012-01-28 at 03:03 +, Benjamin Peterson wrote:
> Benjamin Peterson added the comment:
>
> For the record, Barry and I agreed on what we'll be doing for stable releases
> [1]. David says he should have a patch soon.
>
> [1]
Dave Malcolm added the comment:
This turns out to pass without PYTHONHASHRANDOMIZATION in the
environment, and fail intermittently with it.
Note that "make test" invokes the built python with "-E", so that it
ignores the setting of PYTHONHASHRANDOMIZATION in the environme
Dave Malcolm added the comment:
On Sat, 2012-01-28 at 20:05 +, Benjamin Peterson wrote:
> Benjamin Peterson added the comment:
>
> I think we don't need to mess with tests in 2.6/3.1, but everything should
> pass under 2.7 and 3.2.
New version of the patch for
Dave Malcolm added the comment:
On Sat, 2012-01-28 at 23:56 +, Terry J. Reedy wrote:
> Terry J. Reedy added the comment:
>
> > I think you should check with randomization enabled, if only to see the
> > nature of the failures and if they are expected.
>
> In
Dave Malcolm added the comment:
On Sun, 2012-01-29 at 00:06 +, Dave Malcolm wrote:
I went ahead and added the flag to sys.flags, so now
$ make test TESTPYTHONOPTS=-R
shows:
Testing with flags: sys.flags(debug=0, division_warning=0, inspect=0,
interactive=0, optimize=0
Dave Malcolm added the comment:
On Sat, 2012-01-28 at 23:56 +, Terry J. Reedy wrote:
> Terry J. Reedy added the comment:
>
> > I think you should check with randomization enabled, if only to see the
> > nature of the failures and if they are expected.
>
> In
Dave Malcolm added the comment:
It's useful for the selftests, so I've kept PYTHONHASHSEED. However,
I've removed it from the man page; the only other place it's mentioned
(in Doc/using/cmdline.rst) I now explicitly say that it exists just to
serve the interpreter&
Dave Malcolm added the comment:
I slightly messed up the test_hash.py changes.
Revised patch attached:
optin-hash-randomization-for-3.1-dmalcolm-2012-01-30-002.patch
--
Added file:
http://bugs.python.org/file24371/optin-hash-randomization-for-3.1-dmalcolm-2012-01-30-002.patch
Dave Malcolm added the comment:
Am attaching a backport of
optin-hash-randomization-for-3.1-dmalcolm-2012-01-30-002.patch to 2.6
Randomization covers the str, unicode and buffer types; equality of hashes is
preserved for these types.
--
Added file:
http://bugs.python.org/file24375
New submission from Dave E :
I might be missing something, but I am expecting the following code to print
out a list of lists with each internal list holding one number[0-4], but
instead the internal lists are a copy of the list "count".
#!/usr/bin/python
count = range(4)
twoDim
Dave Malcolm added the comment:
On Mon, 2012-02-06 at 10:20 +, Marc-Andre Lemburg wrote:
> Marc-Andre Lemburg added the comment:
>
> STINNER Victor wrote:
> >
> > STINNER Victor added the comment:
> >
> >> In a security fix release, we shouldn't
Dave Malcolm added the comment:
> Can't randomization just be applied to integers as well?
>
It could, but see http://bugs.python.org/issue13703#msg151847
Would my patches be more or less likely to get reviewed with vs without
an extension of randomization
Dave Malcolm added the comment:
On Mon, 2012-02-06 at 23:00 +, Marc-Andre Lemburg wrote:
> Marc-Andre Lemburg added the comment:
>
> Alex Gaynor wrote:
> > There's no need to cover any container types, because if their constituent
> > types are securely hashable
New submission from Dave Malcolm :
I've been waiting for patch review of my work on
http://bugs.python.org/issue13703 only to discover that people *have* been
reviewing it.
It turns out that next to some of the patches in the issue tracker there's a
"review" link, wh
Dave Malcolm added the comment:
I'm not quite sure how that would interact with the -R command-line
option for enabling randomization.
The changes to the docs in the latest patch clarifies the meaning of
what I've implemented (I hope).
My view is that we should simply e
Changes by Dave Malcolm :
--
nosy: +dmalcolm
___
Python tracker
<http://bugs.python.org/issue14001>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Dave Malcolm :
$ mkdir some_directory_ending_with_a.py
$ python -c "import imputil;
imputil.imp.find_module('some_directory_ending_with_a')"
*** glibc detected *** python: double free or corruption (!prev):
0x01589bf0 ***
Aborted
What
Dave Malcolm added the comment:
Duplicate of issue 7732
--
resolution: -> duplicate
status: open -> closed
superseder: -> imp.find_module crashes Python if there exists a directory
named "__init__.py"
___
Python tracker
<
Dave Malcolm added the comment:
jcea: BTW, will you be at PyCon US this year? if so, can we sprint on getting
the DTrace and SystemTap hooks into CPython in some form acceptable to the rest
of the CPython maintainers?
--
___
Python tracker
<h
Changes by Dave Malcolm :
--
components: +Library (Lib)
type: -> enhancement
___
Python tracker
<http://bugs.python.org/issue14103>
___
___
Python-bugs-lis
New submission from Dave Malcolm :
Expat 2.1.0 Beta was recently announced:
http://mail.libexpat.org/pipermail/expat-discuss/2012-March/002768.html
which contains (among other things) a fix for a hash-collision
denial-of-service attack (CVE-2012-0876)
I'm attaching a patch which mini
Changes by Dave Malcolm :
--
nosy: +barry
___
Python tracker
<http://bugs.python.org/issue14234>
___
___
Python-bugs-list mailing list
Unsubscribe:
Dave Burton added the comment:
This is a patch for the os.path.realpath() bug under Windows,
http://bugs.python.org/issue9949 "os.path.realpath on Windows does not follow
symbolic links"
ntpath.diff fixes the realpath() function to resolve symbolic links to their
targets (te
New submission from Dave Abrahams :
NamedTemporaryFile is too hard to use portably when you need to open the file
by name after writing it. To do that, you need to close the file first (on
Windows), which means you have to pass delete=False, which in turn means that
you get no help in
Dave Abrahams added the comment:
I disagree that it's unacceptable for close() and __del__() to behave
differently. The acceptable difference would be that __del__() closes (if
necessary) /and/ deletes the file on disk, while close() merely closes the file.
If you can in fact "
Dave Burton added the comment:
It seems that the nt module is implemented in the posixmodule.c source file,
and the Python 3 version contains the posix__getfinalpathname entry point, but
the Python 2 version does not.
I presume that PyWin32 could also be used to work around this. Too bad it
Dave Abrahams added the comment:
If file.close() "offers deterministic resource management," then you have to
consider the file's open/closed state to be a resource separate from its
existence. A NamedTemporaryFile whose close() deterministically managed the
open/closed st
Dave Burton added the comment:
Excellent!
The ntpath.py change is nearly identical in Python 2.7 to the change for Python
3.2. The only difference is that instead of:
+elif isinstance(path, bytes):
+path = os.getcwdb()
It is:
+elif isinstance(path, unicode
New submission from Dave Abrahams :
Try the following script on posix and Windows. On Posix:
launched
. . . exiting
killed
on Windows:
launched
. . . exiting
Traceback (most recent call last):
File "sp.py", line 16, in
p.terminate()
File "c:\Python26\lib\subprocess.py
Dave Abrahams added the comment:
By the way, the suggested fix would be for terminate() to return a value
indicating if the process were already terminated, and not throw an exception
in that case. For a user to handle the issue correctly on Windows is rather a
nasty project involving a
Dave Abrahams added the comment:
Nick, not to belabor this, but I guess you don't understand the use-case in
question very well, or you'd see that delete=False doesn't cover it.
The use case is this: I have to write a test for a function that takes a
filename as a paramete
Dave Malcolm added the comment:
Some notes from discussion with MvL at PyCon sprint:
The ideal is that:
- for any patch attached to an issue: the patch is uploaded to a Rietveld
instance colocated in the same db as Roundup (bugs.python.org)
- if it works, than a "review" link
Changes by Dave Malcolm :
--
nosy: +loewis
___
Python tracker
<http://bugs.python.org/issue13963>
___
___
Python-bugs-list mailing list
Unsubscribe:
Dave Malcolm added the comment:
It would appear that having:
[diff]
git = on
in ~/.hgrc breaks the rietveld integration, since "hg diff" then emits a diff
that doesn't identify the hg revision number, and hence the importer can't
de
New submission from Dave Burton :
I noticed that pydoc doesn't work for pygame under python 3.2.1 or 3.2.2 for
Win32; it just reports:
NotImplementedError: scrap module not available (ImportError: No module
named scrap)
I made a small patch to inspect.py to solve the problem (I just ad
Dave Burton added the comment:
"expect?" Did I type that?? Should be "try/except," of course.
--
___
Python tracker
<http://bugs.python.org/issue14367>
___
Dave Burton added the comment:
Well, the exception is NotImplementedError. It's raised explicitly in
pygame\__init__.py
I uncommented my commented-out print statement in inspect.py, and added a
traceback print, and ran pydoc like this:
c:\python32\python.exe c:\python32\Lib\pydoc.
Changes by Dave Malcolm :
--
nosy: +dmalcolm
___
Python tracker
<http://bugs.python.org/issue1>
___
___
Python-bugs-list mailing list
Unsubscribe:
Dave Malcolm added the comment:
The originally attached patch is no good for the the 2.* branch, as it appears
that _testcapimodule.c will not become "ssize_t" safe in Python 2.*; see e.g.:
http://hg.python.org/cpython/rev/3ecddf168f1f
Am attaching a revised patch that I&
New submission from Dave Reid :
A particular combination of seed and jumpahead calls seems to force the MT
generator into a state where it produces a random variate that is outside the
range 0-1. Problem looks like it might be in _randommodule.c:genrand_int32,
which produces a value
New submission from Dave Johansen :
Using LoggerAdapter is a convenient way to add extra info to all logs, but it
doesn't have the fatal() method like Logger, so it isn't a drop in replacement
like it should be.
--
components: Library (Lib)
messages: 343941
nosy: Dav
Dave Malcolm added the comment:
I think when I wrote this I was over-optimistically thinking that we could just
add more patterns, but if it's becoming a pain, then your approach looks good
to me.
--
nosy: +dmalcolm
___
Python tracker
&
New submission from Dave Johansen:
This worked in Python 3.6.0 and before:
```
from datetime import datetime
d = datetime(1, 1, 1, 0, 0, 0)
d.timestamp()
```
The error output is:
```
ValueError: year 0 is out of range
```
But it used to return `-62135658000.0`.
Appears to be related to https
Dave Johansen added the comment:
That's a valid `datetime` (i.e. within the min and max values) and `tzinfo` is
`None` so I think it's completely reasonable to assume that `timestamp()` will
return the correct value.
--
___
Python trac
Dave Johansen added the comment:
The use case was parsing user input of ISO 8601 date strings and converting
them to UNIX epochs. The input "0001-01-01T00:00:00" is valid, parses to a
valid `datetime` and it seems like a reasonable expectation that all of the
functions should work
Dave Johansen added the comment:
Ok, so I understand the issue now. `timestamp()` for naive datetime instances
applies the local timezone offset (
https://docs.python.org/3.6/library/datetime.html#datetime.datetime.timestamp
). This is surprising because naive datetime instances usually are
Dave Malcolm added the comment:
The problem is that there are so many variables:
* which version of which compiler
* optimization flags
* which version of gdb
* which CPU architecture
etc (and the compiler and/or gdb could be carrying patches from downstream
distributors...)
All of these can
Dave Shawley added the comment:
Hi everyone, I'm trying to reboot conversation on this issue since I would love
for this to land in Python 3.8. At the recommendation of Terry Jan Reedy, here
is my summary of where I think that the discussion is currently. If anything
is misrepres
Dave Shawley added the comment:
PR 10296 is my implementation of a unittest.TestCase subclass solution to this
issue. This comment explains the approach and rationale in detail. Let's
discuss this and see if the implementation meets expectations or should be
abandoned.
I refac
Dave Page added the comment:
I'm seeing what appears to my uneducated eyes to be the same failure on Mojave,
on a brand new machine which is entirely standalone:
12:16:00 0:00:07 load avg: 4.24 [133/416/1] test_posix failed
12:16:00 test test_posix failed -- Traceback (most recent call
Change by Dave Nguyen :
--
keywords: +patch
pull_requests: +12796
stage: needs patch -> patch review
___
Python tracker
<https://bugs.python.org/issu
Dave Page added the comment:
The submitted patch from websurfer5 resolves the issue for me.
--
___
Python tracker
<https://bugs.python.org/issue35070>
___
___
Dave Malcolm added the comment:
On Fri, 2018-02-23 at 00:16 +, Cheryl Sabella wrote:
> Cheryl Sabella added the comment:
>
> Did PEP553 make this issue obsolete?
I *think* they have slightly different scope: if I'm reading it right,
PEP553 is about injecting a breakpoint i
New submission from Dave Challis :
Tested in python 3.6.2:
>>> import datetime
>>> datetime.datetime.min.strftime('%Y')
'1'
Expected output:
'0001'
This means that strftime and strptime aren't necessarily
Dave Challis added the comment:
My mistake, it appears to be related to the OS it's running on rather than the
version (I just happened to test with different versions on different OSes).
On Mac OS X (with 3.6.2):
>>> import datetime
>>> datetime.datetime.min.s
New submission from Dave Opstad :
I'm running 3.6.4 on Mac OS X 10.13.2, bash shell. Doing:
$ pydoc modules
causes:
Please wait a moment while I gather a list of all available modules...
Fatal Python error: PyThreadState_Get: no current thread
Abort trap: 6
Reproduced this several
Dave Opstad added the comment:
I think this was my mistake; when I used pydoc3 instead of pydoc it ran to
completion. Please feel free to close this; sorry for the noise.
--
___
Python tracker
<https://bugs.python.org/issue32
New submission from Dave Opstad :
In 3.6 I get this:
>>> x = (100 * 20)
>>> x is 2000
False
>>> (100 * 20) is 2000
False
But in 3.7, I get this:
>>> x = (100 * 20)
>>> x is 2000
False
>>> (100 * 20) is 2000
True
This isn't neces
Dave Malcolm added the comment:
Thanks!
--
___
Python tracker
<https://bugs.python.org/issue9263>
___
___
Python-bugs-list mailing list
Unsubscribe:
Dave Shawley added the comment:
Hi all, I took a slightly different direction for adding async/await support to
the unittest library. I summarized the approach that I took in a message to
python-ideas
(https://mail.python.org/pipermail/python-ideas/2018-October/054331.html) and a
branch
Change by Dave Shawley :
--
keywords: +patch
pull_requests: +9605
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issue32971>
___
___
Py
Dave Shawley added the comment:
I added a different implementation for consideration
(https://github.com/python/cpython/pull/10296).
--
pull_requests: +9606
___
Python tracker
<https://bugs.python.org/issue32
New submission from Dave Challis:
When attempting to detect the presence of CSV headers, delimiters are passed to
a regex function without escaping, which causes an exception if a delimiter
which has meaning in a regex (e.g. '+', '*' etc.) is used.
Code to rep
New submission from Dave Challis:
This occurred when attempting to decode invalid UTF-8 bytes using
"errors='replace'", then attempting to lowercase the produced unicode string.
This was also tested in python 2.7, but it doesn't occur there.
Code to reproduce:
x =
b
Dave Malcolm added the comment:
pmuldoon: did you truncate the output of bt? (or did the superior gdb you're
using do this behind the scenes? I know you hack on gdb itself, and this looks
a superior gdb debugging an inferior gdb).
The reason for this error:
Python Exception (2
New submission from Dave Angel:
Python 3.3.0 (default, Mar 7 2013, 00:24:38)
[GCC 4.6.3] on linux
q = open('/dev/null')
help(q.close)
the entire output is:
---
Help on built-in function close:
close(...)
(END)
---
But close(
Dave Malcolm added the comment:
On Mon, 2013-07-29 at 14:01 +, Ronald Oussoren wrote:
> Ronald Oussoren added the comment:
>
> The attached patch for the benchmark README.txt should document the status
> quo.
>
> --
> Added file: http://bugs.python.org/file3
Dave Malcolm added the comment:
Antoine's patch looks reasonable to me, FWIW.
--
___
Python tracker
<http://bugs.python.org/issue18772>
___
___
Python-bugs-l
Changes by Dave Malcolm :
--
nosy: +dmalcolm
___
Python tracker
<http://bugs.python.org/issue14621>
___
___
Python-bugs-list mailing list
Unsubscribe:
Dave Malcolm added the comment:
Thanks for filing this bug report.
I'm not seeing the equal hashes you describe.
I'm using this recipe to hardcode a specific prefix and print the hashes using
it:
$ gdb --eval-command="break _PyRandom_Init" --eval-command="ru
Dave Malcolm added the comment:
$ gdb --eval-command="break _PyRandom_Init" --eval-command="run"
--eval-command="print _Py_HashSecret" --eval-command="set
_Py_HashSecret.prefix=0xcdcdcd00" --eval-command="print _Py_HashSecret"
--eval-command
Dave Abrahams added the comment:
These bugs are annoying. How does one convert a set of examples into a patch?
Do you mean you want these to become test cases?
--
nosy: +dabrahams
___
Python tracker
<http://bugs.python.org/issue9
Dave Abrahams added the comment:
@effbot, I think you may have misread the OP's example. The first two
arguments /are/ being passed positionally. In any case, there's a real bug
here. cElementTree seems to choke on uses of attrib. Change cElementTree to
ElementTree below an
Dave Abrahams added the comment:
On second thought, I see what effbot is trying to say... but it's still a bug.
Given the way the interface is declared and the behavior of regular python
functions:
Element(tag, attrib={}, **extra)
indicates that I can pass attrib (or tag, for that m
Dave Malcolm added the comment:
As a post-processing step, rpmbuild will attempt to byte-compile any .py files
it encounters, and the results must be listed in the %files manifest. [1]
This is done by the script brp-python-bytecompile, which uses the compileall
module. However, my guess is
Dave Malcolm added the comment:
__os_install_post is defined within /usr/lib/rpm/redhat/macros and contains
this fragment:
/usr/lib/rpm/brp-python-bytecompile %{__python}
%{?_python_bytecompile_errors_terminate_build} \
Hence it will use %{__python} as the default when byte-compiling
Dave Malcolm added the comment:
Like passwd and group information, the shadow password entries are pulled
through libc's Name Service Switch and modules for it, depending on
configuration.
See "man nsswitch.conf".
Hence this is likely to be a configuration difference betwee
Changes by Dave Malcolm :
--
nosy: +dmalcolm
___
Python tracker
<http://bugs.python.org/issue14757>
___
___
Python-bugs-list mailing list
Unsubscribe:
New submission from Dave Malcolm :
When building from source, if I create multiple configuration directories and
build from there e.g.:
mkdir configs
cd configs
mkdir config-A
cd config-A
../../configure
make
cd ..
mkdir config-B
cd config-B
../../configure --enable-shared
make
cd ../config-A
Dave Malcolm added the comment:
Note to self: workaround is to
rm ../../Lib/_sysconfigdata.py || make ../../Lib/_sysconfigdata.py
before running my tests in either configuration, to force the file to be
regenerated using what "make" thinks the se
New submission from Dave Malcolm :
I'm attaching a patch which adds static markers for SystemTap for two probeable
events within CPython's bytecode interpreter, along with test cases and
documentation.
I'm hoping to get this merged for 3.3; is this PEP-worthy, or can this b
Dave Malcolm added the comment:
I've refreshed my SystemTap patch, and opened a new issue, issue #14776 to
cover SystemTap.
Issue #4111 was originally opened on 2008-10-12 as "Add DTrace probes", and was
generalized on 2009-12-08 to "Add Systemtap/DTrace probes".
Dave Malcolm added the comment:
Thanks Eric, Antoine and Mark.
I'm attaching two new patches: a replacement patch for cpython, and a new patch
for the devguide
I've moved the docs to the dev guide, starting a new "Debugging and
Instrumentation" section there.
Changes
Changes by Dave Malcolm :
Added file:
http://bugs.python.org/file25540/devguide-systemtap-2012-05-11-001.patch
___
Python tracker
<http://bugs.python.org/issue14
Dave Malcolm added the comment:
Issue #13405 covers DTrace; I've taken the liberty of also opening issue #14776
to cover SystemTap. I hope that once one of these is in the tree it will be
easier to get the other one in.
--
___
Python tr
New submission from Dave Malcolm :
I'm attaching a patch which generalizes the at-exit PYTHONMALLOCSTATS memory
usage report, so that it's available in a regular build and can be triggered
from Python, by calling:
sys._debugmallocstats()
This can be useful when debugging me
Dave Malcolm added the comment:
Updated version of the patch, using test.script_helper.assert_python_ok() and
adding a NEWS entry
--
Added file: http://bugs.python.org/file25579/add-debug-malloc-stats-v2.patch
___
Python tracker
<h
Dave Malcolm added the comment:
Thanks. I'm attaching an updated version of the patch, wrapping all new C
entrypoints within a #ifndef Py_LIMITED_API
I also moved the existing _PyObject_DebugMallocStats() entrypoint to within a
#ifndef Py_LIMITED_API. As noted above, it is not docum
301 - 400 of 633 matches
Mail list logo
