[issue8052] subprocess close_fds behavior should only close open fds

Gregory P. Smith added the comment: attaching a patch that implements this safely. -- keywords: +patch Added file: http://bugs.python.org/file24255/subprocess-close-open-fds-gps01.diff ___ Python tracker <http://bugs.python.org/issue8

[issue8052] subprocess close_fds behavior should only close open fds

Gregory P. Smith added the comment: attaching a better formatted one for review. -- Added file: http://bugs.python.org/file24256/subprocess-close-open-fds-gps02.diff ___ Python tracker <http://bugs.python.org/issue8

[issue6559] add pass_fds paramter to subprocess.Popen()

Gregory P. Smith added the comment: Wasn't thought about. I have seen something similar to that done in another c++ subprocess implementation since. If you have suggestions for a more useful API, feel free to propose them in a new

[issue13781] gzip module does the wrong thing with an os.fdopen()'ed fileobj

Gregory P. Smith added the comment: thanks that looks good. As far as fixing this for 2.7 goes, i don't like the _sound_ of it because it is gross... But i'm actually okay with having special case code in the gzip module that rejects '' as an actual filename and uses 

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: I like what you've done in #13704 better than what I see in random-8.patch so far. see the code review comments i've left on both issues. -- nosy: +gregory.p.smith ___ Python tracker <http://bu

[issue13781] gzip module does the wrong thing with an os.fdopen()'ed fileobj

Gregory P. Smith added the comment: Looks like you've got commit privs (yay) so i'm assigning this to you to take care of that way for 2.7 as well. I'd add a comment to the fdopen C code where the "" constant lives as well as to the gzip.py module around the special

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: On Wed, Jan 18, 2012 at 1:10 PM, Guido van Rossum wrote: > On Wed, Jan 18, 2012 at 1:05 PM, Antoine Pitrou wrote: > > > > I would hope 3.3 only gets randomized hashing. Collision counting is a > > hack to make bugfix releases 99.999%-

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: > A dict can contain non-orderable keys, I don't know how an AVL tree can > fit into that. good point! -- ___ Python tracker <http://bugs.python.

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: On Sat, Jan 21, 2012 at 2:45 PM, Antoine Pitrou wrote: > > Antoine Pitrou added the comment: > >> You said above that it should be hardcoded; if so, how can it be changed >> at run-time from an environment variable?  Or am I misunde

[issue8052] subprocess close_fds behavior should only close open fds

Gregory P. Smith added the comment: For FreeBSD, Python 3.2 and 3.3 now check to see if /dev/fd is valid. Be sure and "mount -t fdescfs none /dev/fd" on FreeBSD if you want faster subprocess launching. Run a FreeBSD buildbot? Please do it! For Python 3.1 the fix for #13788 woul

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: On Mon, Jan 23, 2012 at 1:32 PM, Dave Malcolm wrote: > > Dave Malcolm added the comment: > > I'm attaching an attempt at backporting haypo's random-8.patch to 2.7 > > Changes relative to random-8.patch: > >   * The randomi

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: >> But using non-__builtin__.str objects (such as UserString) would expose the >> user to an attack? > > Not necessarily: only if they use these strings as dictionary keys, and only > if they do so in contexts where arbitrary user input

[issue13903] New shared-keys dictionary implementation

Changes by Gregory P. Smith : -- nosy: +gregory.p.smith ___ Python tracker <http://bugs.python.org/issue13903> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: > What about PYTHONHASHSEED= -> off, PYTHONHASHSEED=0 -> random, > PYTHONHASHSEED=n -> n ? I agree with Jim that it's better to have one > env. variable than two. Rather than the "" empty string for off I suggest an explici

[issue13903] New shared-keys dictionary implementation

Gregory P. Smith added the comment: FYI - I strongly support this type of work to reduce memory use of the Python interpreter! :) Also, yes, constant changing should be separate from this change but are worth occasionally re-measuring and justifying as common computer architectures have

[issue13930] lib2to3 ability to output files into a different directory and alter their names

New submission from Gregory P. Smith : In order for lib2to3 to be integrated into parts of our workflow at work we need it to be able to write converted code out to new directory and modify the filename in the process. While doing that, it is very convenient if it can also write all files

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Gregory P. Smith added the comment: while the initial patch below was against 3.1 I'm only intending to commit this to 3.2, 3.3 and 2.7. Feature backports on lib2to3 are allowed per http://mail.python.org/pipermail/python-dev/2011-December/115089.html. -- nosy: +benjamin.pet

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Changes by Gregory P. Smith : Added file: http://bugs.python.org/file24411/a6cd0518495e.diff ___ Python tracker <http://bugs.python.org/issue13930> ___ ___ Python-bug

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: > > > The release managers have pronounced: > > http://mail.python.org/pipermail/python-dev/2012-January/115892.html > > Quoting that email: > >> 1. Simple hash randomization is the way to go. We think this has the > >

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: Thanks for reviewing Benjamin. I'm also reviewing this today. Sorry for the delay! BTW, like Schadenfreude? A hash collision DOS issue "fix" patch for PHP5 was done poorly and introduced a new security vulnerability that was just use

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: Should -R be required to take a parameter specifying "on" or "off" so that code using a #! line continues to work as specified across the a change in default behavior when upgrading from 3.2 to 3.3? #!/usr/bin/python3 -R on #!/usr/bin/py

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: Comments to be addressed added on the code review. -- ___ Python tracker <http://bugs.python.org/issue13703> ___ ___ Pytho

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Changes by Gregory P. Smith : -- hgrepos: -111 ___ Python tracker <http://bugs.python.org/issue13930> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Changes by Gregory P. Smith : -- resolution: -> fixed status: open -> closed ___ Python tracker <http://bugs.python.org/issue13930> ___ ___ Python-bugs-

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Gregory P. Smith added the comment: oh did I miss a / vs os.sep somewhere? Looking. I'll fix this. -- ___ Python tracker <http://bugs.python.org/is

[issue13930] lib2to3 ability to output files into a different directory and alter their names

Changes by Gregory P. Smith : -- status: open -> closed ___ Python tracker <http://bugs.python.org/issue13930> ___ ___ Python-bugs-list mailing list Unsubscri

[issue9127] subprocess.Popen.communicate() and SIGCHLD handlers

Gregory P. Smith added the comment: fixed via http://hg.python.org/cpython/rev/767420808a62 -- dependencies: +race condition in subprocess module nosy: +gregory.p.smith ___ Python tracker <http://bugs.python.org/issue9

[issue14028] random.choice hits ValueError: cannot convert float NaN to integer

New submission from Gregory P. Smith : Using a 32-bit Python 2.6.5 on a Linux system at work we observed the following: File "/.../lib/python2.6/tempfile.py", line 349, in mktemp name = names.next() File "/.../lib/python2.6/tempfile.py", line 134, in next lett

[issue14028] random.choice hits ValueError: cannot convert float NaN to integer

Changes by Gregory P. Smith : -- nosy: +rhettinger ___ Python tracker <http://bugs.python.org/issue14028> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue13986] ValueError: cannot convert float NaN to integer

Gregory P. Smith added the comment: FYI - A "similar" NaN appearing in an unexpected place (the random module in this case) bug that I just filed - http://bugs.python.org/issue14028. I don't actually know if these will be related or not. -- nosy: +

[issue2489] Patch for bugs in pty.py

Gregory P. Smith added the comment: I'm keeping this open to address the added behavior for spawn in 3.3. -- assignee: -> gregory.p.smith nosy: +gregory.p.smith stage: test needed -> versions: +Python 3.3 -Python 2.7, Python 3.1,

[issue14028] random.choice hits ValueError: cannot convert float NaN to integer

Gregory P. Smith added the comment: I think my claim the hardware appears healthy was premature. I misunderstood our initial error report internally on where the code ran and was looking at the wrong host. doh. my bad. Several more of these have been found in the last week and they all

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: Roundup Robot didn't seem to notice it, but this has also been committed in 2.7: http://hg.python.org/cpython/rev/a0f43f4481e0 -- ___ Python tracker <http://bugs.python.org/is

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: The bug report is the easiest thing to search for and follow when checking when something is resolved so it is nice to have a link to the relevant patch(es) for each branch. I just wanted to note the major commit here so that all planned branches had a

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: Question: Should sys.flags.hash_randomization be True (1) when PYTHONHASHSEED=0? It is now. Saying yes "working as intended" is fine by me. sys.flags.hash_randomization seems to simply indicate that doing something with the hash seed was

[issue14071] allow more than one hash seed per process (move _Py_HashSecret into PyInterpreterState)

New submission from Gregory P. Smith : The newly added hash randomization seed (issue 13703) is a global defined in object/object.c that is initialized only once within a process by a call from Py_InitializeEx(). For applications embedding Python interpreters it may be useful for them to NOT

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: +1 to what barry and __ap__ discussed and settled on. -- ___ Python tracker <http://bugs.python.org/issue13703> ___ ___ Pytho

[issue8706] accept keyword arguments on all base type methods and builtins

Gregory P. Smith added the comment: At a quick glance, I think you've got the right idea. Fixing this involves a lot of PyArg_ParseTuple -> PyArg_ParseTupleAndKeywords upgrades all over the place. Obviously there are are a wide range of things that can use updating for this so in

[issue8706] accept keyword arguments on all base type methods and builtins

Gregory P. Smith added the comment: Several patches for sure! and give the patch files useful names indicating which things they touch. -- ___ Python tracker <http://bugs.python.org/issue8

[issue8706] accept keyword arguments on most base type methods and builtins

Gregory P. Smith added the comment: restricting the scope of this makes sense. also: just because an argument is listed in the docs with a name does not mean that that name is the most appropriate; part of adding keyword support should be choosing a sensible name. Keyword arguments, when

[issue8706] accept keyword arguments on most base type methods and builtins

Gregory P. Smith added the comment: I kicked off a discussion on python-ideas. Lets take this there for the time being. -- ___ Python tracker <http://bugs.python.org/issue8

[issue14242] Make subprocess.Popen aware of $SHELL

Gregory P. Smith added the comment: Users who want to use the SHELL environment variable can do so on their own by using it as their executable and constructing an appropriate command line. Allowing an environment variable to change the behavior of a program that assumes shell=True is going

[issue14252] subprocess.Popen.terminate() inconsistent behavior on Windows

Gregory P. Smith added the comment: Raising an exception on terminate is a bug. I'd backport this to 2.7 and 3.2. I don't actually have Windows to test on so i'll leave committing that to people who do. -- ___ Python

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: reviewing now. -- nosy: +gregory.p.smith ___ Python tracker <http://bugs.python.org/issue14234> ___ ___ Python-bugs-list m

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: Oddly, test_sax fails once this patch is applied (using 3.1). debugging now. test_sax test test_sax failed -- Traceback (most recent call last): File "/home/greg/sandbox/python/cpython/3.1/Lib/xml/sax/expatreader.py", line 207, in fee

[issue13703] Hash collision security issue

Gregory P. Smith added the comment: I believe so. This is in all of the release candidates. The expat/xmlparse.c hash collision DoS issue is being handled on its own via http://bugs.python.org/issue14234. -- resolution: -> fixed status: open ->

[issue9216] FIPS support for hashlib

Gregory P. Smith added the comment: quick summary of comments from pycon sprints discussion: this looks pretty good. i like the 0001 refactoring cleanup. a couple things to fix in error handling (better messages and some bogus handling in the test). dmalcolm has the notes on what to do

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: sweet, thanks for the reference. that really looks like the problem. -- ___ Python tracker <http://bugs.python.org/issue14

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: uploaded an updated patch (against 3.1) with the changes from r1.168 to r1.170 xmlparse.c from the expat project. it fixes the test_sax issue. there is one other thing that needs fixing (next patch update). The test for the hash seed being == 0 that falls

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Changes by Gregory P. Smith : -- assignee: -> gregory.p.smith ___ Python tracker <http://bugs.python.org/issue14234> ___ ___ Python-bugs-list mailing list Un

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: A test case for this is also needed. one that sets the hash seed via the environment variable to a different value for two subprocesses that parse and re-emit an xml document to confirm that all of the xml attributes are present but emitted in a different

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: The existing pyexpat API doesn't give me a way to test if hash randomization is actually working so I'm going ahead without a specific test case for this. Attributes are either reported to xmlparser.SameElementHandler in a dictionary (unorder

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: and given that you cannot expose if this is enabled or not by the order in which things come out of the library... no need to make this change its behavior based on the overall python hash randomization setting. nobody's tests will break. there is n

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: Replacing the generate_hash_secret_salt function with one containing assert(0) shows that it still gets called so there are apparently still ways that initialize parsers that do not call XML_SetHashSalt using the Python hash prefix. ./python Lib/test

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: false alarm, thats just what happens when PYTHONHASHSEED=0 (I won't be committing the assert, I was just testing behavior). For what its worth, the xmlparse.c generate_hash_seed() function is pretty poor as far as picking a random number goes as it is

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: the fix is in the 3.1, 3.2, 3.3 and 2.7 trees. It still need applying to the 2.6 branch (it applies cleanly other than Misc/NEWS); I'll let Barry do that one. New rc2 release candidates should be made. Otherwise I think we're ready for the rele

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: One issue has been identified when compiling with --system-expat. if the system expat library does not have the hash salt support, compilation breaks. fixing now. -- ___ Python tracker <http://bugs.python.

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: configure --with-system-expat was introduced in 2.7 and 3.2 so 2.6 and 3.1 are good to go for release candidates. patch tests are running now. -- ___ Python tracker <http://bugs.python.org/issue14

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: okay. it is time to cut the rc2 release candidates with these changes. -- assignee: barry -> gregory.p.smith resolution: -> fixed status: open -> closed ___ Python tracker <http://bugs.python.or

[issue9216] FIPS support for hashlib

Gregory P. Smith added the comment: My summary of our discussion was pretty terse. :) dmalcolm has more detailed TODO list notes that include things like the error cases and .rst documentation. As for how to commit it, i'd make 0001 its own commit as it is a useful refactoring othe

[issue14127] add st_*time_ns fileds to os.stat(), add ns keyword to os.*utime*(), os.*utimens*() expects a number of nanoseconds

Changes by Gregory P. Smith : -- nosy: +gregory.p.smith ___ Python tracker <http://bugs.python.org/issue14127> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue11105] Compiling evil ast crashes interpreter

Gregory P. Smith added the comment: i haven't confirmed if it is this exact bug but I believe a coworker just ran into something similar. he wrote code to use the ast to remove docstrings from code before passing it to compile() (as that saves a noticable amount of memory). in the cas

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

New submission from Gregory P. Smith : Python/import.c in 2.7 and 3.2 consume a lot of stack space when importing modules. In stack constrained environments (think: 64k stack) this can cause a crash when you have a large chain of imports. The bulk of this likely comes from places where a

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: Here's a patch for python 2.7. test cases pass but it could use review to see if I missed any free()s. -- keywords: +patch Added file: http://bugs.python.org/file24882/malloc-import-pathbufs-py27.001

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: It looks like MAXPATHLEN is 4096 on our systems. The offending code that caused a stack overflow segfault shows over 100 Python/import.c function calls in its backtrace. -- ___ Python tracker <h

[issue14234] CVE-2012-0876 (hash table collisions CPU usage DoS) for embedded copy of expat

Gregory P. Smith added the comment: I'm opening another issue to track updating the embedded copy of expat within Python. FWIW, Python 2.7 & 3.2 and later support a --with-system-expat option which is what I'd *hope* that any OS distro is building their Python with rather t

[issue14340] Update embedded copy of expat - fix security & crash issues

New submission from Gregory P. Smith : As pointed out in #14234, our embedded copy of expat used by pyexpat for xml parsing in Modules/expat/ is out of date. There have been many fixes to expat that we have not applied including a few potential crash and security fixes. We should upgrade it

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: Updated per review (style changes). -- Added file: http://bugs.python.org/file24892/malloc-import-pathbufs-py27.002.diff ___ Python tracker <http://bugs.python.org/issue14

[issue14340] Update embedded copy of expat - fix security & crash issues

Gregory P. Smith added the comment: Indeed! How do we do that on windows and osx where these may not exist outside of Python? We already require a set of external dependency libraries on windows, could we just add expat to the list

[issue14340] Update embedded copy of expat - fix security & crash issues

Gregory P. Smith added the comment: It is much less effort for us to simply take a new version of an external library and recompile rather than consider it part of our code that shouldn't change within a release and manually deal with patching it and cherry picking patches on

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: Updated to use PyErr_NoMemory(). Thanks Antoine! I'm now working on this for 3.2 as well before I commit. -- Added file: http://bugs.python.org/file24893/malloc-import-pathbufs-py27.003.diff ___ Python tr

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: attaching the equivalent patch against python 3.2. that could also use a pair of eyeballs for review. it should show up as 'patch 4' in the rietveld reviews. -- Added file: http://bugs.python.org/file24894/malloc-import-pathbufs-py3

[issue14359] _posixsubprocess.o compilation error on CentOS 5.8

Gregory P. Smith added the comment: please apply this to 3.2 as well. -- assignee: -> rosslagerwall nosy: +gregory.p.smith, rosslagerwall versions: +Python 3.2 ___ Python tracker <http://bugs.python.org/issu

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: side by side code review of the 3.2 version revealed some missing PyMem_FREE calls. patch updated. -- Added file: http://bugs.python.org/file24929/malloc-import-pathbufs-py32.004.diff ___ Python tracker <h

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: minor corresponding updated to the 2.7 patch as well - Patch 6 in reitveld/review. The 3.2 patch from the previous comment is Patch 5 in reitveld/review. -- ___ Python tracker <http://bugs.python.org/issue14

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Changes by Gregory P. Smith : Added file: http://bugs.python.org/file24930/malloc-import-pathbufs-py27.004.diff ___ Python tracker <http://bugs.python.org/issue14

[issue14331] Python/import.c uses a lot of stack space due to MAXPATHLEN

Gregory P. Smith added the comment: 2.7 and 3.2 have been fixed. I'm keeping this open as a reminder to investigate how 3.3 behaves. I'll fix it or close it after verifying that. -- versions: +Python 3.3 -Python 2.7, Python 3.2 ___ Pyth

[issue14396] Popen wait() doesn't handle spurious wakeups

Gregory P. Smith added the comment: Thanks. I'll see that this fix gets into 2.7, 3.2 and 3.3. Out of curiosity, what Linux kernel version and glibc version were you using? I'm somewhat surprised that I haven't run into this before. :) -- assignee: -> gr

[issue14417] dict RuntimeError workaround

Changes by Gregory P. Smith : -- nosy: +gregory.p.smith ___ Python tracker <http://bugs.python.org/issue14417> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue14452] SysLogHandler sends invalid messages when using unicode

Gregory P. Smith added the comment: Your three step approach makes sense... But it _is_ still technically a new API though in that the UTF8BOM placeholder for LogRecord's is being introduced. What would the behavior be when run on an older version without support for that placehold

[issue6380] Deadlock during the "import" in the fork()'ed child process if fork() happened while import_lock was held

Gregory P. Smith added the comment: What is the status of this in 2.7? Brett - what about in 3.3 after you get importlib in? -- versions: +Python 3.3 -Python 3.1 ___ Python tracker <http://bugs.python.org/issue6

[issue6380] Deadlock during the "import" in the fork()'ed child process if fork() happened while import_lock was held

Gregory P. Smith added the comment: btw, a potentially related (or duplicate?) issue was already fixed - http://bugs.python.org/issue1590864 -- ___ Python tracker <http://bugs.python.org/issue6

[issue36954] test_recursive_repr breaks tracing in test_xml_etree

New submission from Gordon P. Hemsley : When running test_xml_etree with tracing, e.g. when running test coverage, tracing breaks after the execution of test_recursive_repr. -- components: Tests messages: 342783 nosy: blueyed, gphemsley, serhiy.storchaka priority: normal pull_requests

[issue10933] Tracing disabled when a recursion error is triggered (even if properly handled)

Change by Gordon P. Hemsley : -- nosy: +gphemsley ___ Python tracker <https://bugs.python.org/issue10933> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue23012] RuntimeError: settrace/setprofile function gets lost

Change by Gordon P. Hemsley : -- nosy: +gphemsley ___ Python tracker <https://bugs.python.org/issue23012> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36474] RecursionError resets trace function set via sys.settrace

Change by Gordon P. Hemsley : -- nosy: +gphemsley ___ Python tracker <https://bugs.python.org/issue36474> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue2180] tokenize: mishandles line joining

Change by Gregory P. Smith : -- assignee: -> gregory.p.smith nosy: +gregory.p.smith ___ Python tracker <https://bugs.python.org/issue2180> ___ ___ Python-

[issue36959] ISO date errors in _strptime are jumbled

New submission from Gordon P. Hemsley : This has not been apparent because the tests for this code are not testing what they think they're testing. -- components: Library (Lib), Tests messages: 342810 nosy: gphemsley priority: normal severity: normal status: open title: ISO

[issue36959] ISO date errors in _strptime are jumbled

Change by Gordon P. Hemsley : -- keywords: +patch pull_requests: +13319 stage: -> patch review ___ Python tracker <https://bugs.python.org/issue36959> ___ _

[issue36959] ISO date errors in _strptime are jumbled

Gordon P. Hemsley added the comment: I've created a PR that fixes the issue, which I discovered while evaluating the test coverage for _strptime. Certain scenarios of error messages were never being hit because the cascade was out of order, and the tests were not showing that because

[issue2180] tokenize: mishandles line joining

Gregory P. Smith added the comment: Thanks for figuring this one out Anthony! :) -- resolution: -> fixed stage: patch review -> commit review status: open -> closed ___ Python tracker <https://bugs.python.o

[issue36959] ISO date errors in _strptime are jumbled

Gordon P. Hemsley added the comment: Ah yes, to be clear, I wasn't trying to suggest that the error messages themselves were wrong—just that they weren't triggering when the tests were expecting them to. Some of the existing tests currently trigger the "unconverted data remai

[issue36967] Eliminate unnecessary check in _strptime when determining AM/PM

New submission from Gordon P. Hemsley : Since __calc_am_pm() explicitly limits self.am_pm to 2 values, there are only ever 3 possible values of %p: AM, PM, or blank. Since blank is treated the same as AM, there is only the need to check whether %p is PM. This eliminates an unnecessary

[issue36967] Eliminate unnecessary check in _strptime when determining AM/PM

Change by Gordon P. Hemsley : -- keywords: +patch pull_requests: +13338 stage: -> patch review ___ Python tracker <https://bugs.python.org/issue36967> ___ _

[issue36967] Eliminate unnecessary check in _strptime when determining AM/PM

Change by Gordon P. Hemsley : -- components: +Library (Lib) ___ Python tracker <https://bugs.python.org/issue36967> ___ ___ Python-bugs-list mailing list Unsub

[issue22385] Define a binary output formatting mini-language for *.hex()

Gregory P. Smith added the comment: FYI - micropython added an optional 'sep' second argument to binascii.hexlify() that is a single character separator to insert between every two hex digits. given the #9951 .hex() methods we have everywhere (and corresponding .fromhex), binasc

[issue36906] Compile time textwrap.dedent() equivalent for str or bytes literals

Gregory P. Smith added the comment: Agreed, I'm in favor of going forward with this .dedent() optimization approach today. If we were to attempt a default indented multi-line str and bytes literal behavior change in the future (a much harder decision to make as it is a breaking c

[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

Change by Gregory P. Smith : -- versions: -Python 2.7 ___ Python tracker <https://bugs.python.org/issue30458> ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

Change by Gregory P. Smith : -- versions: -Python 3.6, Python 3.7 ___ Python tracker <https://bugs.python.org/issue30458> ___ ___ Python-bugs-list mailin

[issue30458] [security][CVE-2019-9740][CVE-2019-9947] HTTP Header Injection (follow-up of CVE-2016-5699)

Gregory P. Smith added the comment: Assigning to Larry to decide if he wants to merge that PR into 3.5 or not. -- assignee: -> larry nosy: +larry ___ Python tracker <https://bugs.python.org/issu

<    13   14   15   16   17   18   19   20   21   22   >