Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xml package does not obey sys.flags.ignore_environment #78972

Closed
tiran opened this issue Sep 24, 2018 · 9 comments
Closed

xml package does not obey sys.flags.ignore_environment #78972

tiran opened this issue Sep 24, 2018 · 9 comments
Labels
3.7 (EOL) end of life 3.8 only security fixes topic-XML type-security A security issue

Comments

@tiran
Copy link
Member

tiran commented Sep 24, 2018

BPO 34791
Nosy @vstinner, @larryhastings, @tiran, @ned-deily, @miss-islington
PRs
  • bpo-34791: xml package obeys ignore env flags #9544
  • [3.7] bpo-34791: xml package obeys ignore env flags (GH-9544) #9545
  • [3.6] bpo-34791: xml package obeys ignore env flags (GH-9544) #9546
  • [2.7] bpo-34791: xml package obeys ignore env flags (GH-9544) #9547
  • [3.5] bpo-34791: xml package obeys ignore env flags (GH-9544) #11871
  • [3.4] bpo-34791: xml package obeys ignore env flags (GH-9544) #11872
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2019-05-27.23:52:13.468>
created_at = <Date 2018-09-24.16:47:30.511>
labels = ['type-security', 'expert-XML', '3.7', '3.8']
title = 'xml package does not obey sys.flags.ignore_environment'
updated_at = <Date 2019-05-27.23:52:13.468>
user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2019-05-27.23:52:13.468>
actor = 'vstinner'
assignee = 'none'
closed = True
closed_date = <Date 2019-05-27.23:52:13.468>
closer = 'vstinner'
components = ['XML']
creation = <Date 2018-09-24.16:47:30.511>
creator = 'christian.heimes'
dependencies = []
files = []
hgrepos = []
issue_num = 34791
keywords = ['patch']
message_count = 9.0
messages = ['326267', '326273', '328072', '328073', '328074', '328075', '336577', '336592', '343715']
nosy_count = 5.0
nosy_names = ['vstinner', 'larry', 'christian.heimes', 'ned.deily', 'miss-islington']
pr_nums = ['9544', '9545', '9546', '9547', '11871', '11872']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue34791'
versions = ['Python 2.7', 'Python 3.6', 'Python 3.7', 'Python 3.8']
    @tiran
    Copy link
    Member Author

    tiran commented Sep 24, 2018

    On two occasions, the xml package uses environment variables to override parser / DOM implementations: xml.sax package and xml.dom.domreg module. On both occasions, the code should not use env vars to override module names, when the interpreter is started with flags like -E or -I.

    @tiran tiran added 3.7 (EOL) end of life 3.8 only security fixes topic-XML type-security A security issue labels Sep 24, 2018
    @miss-islington
    Copy link
    Contributor

    New changeset 223e501 by Miss Islington (bot) (Christian Heimes) in branch 'master':
    bpo-34791: xml package obeys ignore env flags (GH-9544)
    223e501

    @vstinner
    Copy link
    Member

    New changeset c119d59 by Victor Stinner (Miss Islington (bot)) in branch '3.7':
    bpo-34791: xml package obeys ignore env flags (GH-9544) (GH-9545)
    c119d59

    @vstinner
    Copy link
    Member

    New changeset 5e808f9 by Victor Stinner (Miss Islington (bot)) in branch '3.6':
    bpo-34791: xml package obeys ignore env flags (GH-9544) (GH-9546)
    5e808f9

    @vstinner
    Copy link
    Member

    New changeset 2546ac8 by Victor Stinner (Miss Islington (bot)) in branch '2.7':
    bpo-34791: xml package obeys ignore env flags (GH-9544) (GH-9547)
    2546ac8

    @vstinner
    Copy link
    Member

    Christian: do you think that this issue is severe enough to justify to backport it to Python 3.4 and 3.5? I don't think so. Python 2.7, 3.6, 3.7 and master (future 3.8) already have been fixed, IMHO it's enough and this issue can be closed.

    @larryhastings
    Copy link
    Contributor

    New changeset 765d333 by larryhastings (Victor Stinner) in branch '3.4':
    bpo-34791: xml package obeys ignore env flags (GH-9544) (bpo-11872)
    765d333

    @larryhastings
    Copy link
    Contributor

    New changeset 7cd08cf by larryhastings (Victor Stinner) in branch '3.5':
    bpo-34791: xml package obeys ignore env flags (GH-9544) (bpo-11871)
    7cd08cf

    @vstinner
    Copy link
    Member

    It's now fixed in all branches, thanks!

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.7 (EOL) end of life 3.8 only security fixes topic-XML type-security A security issue
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    4 participants
    @vstinner @tiran @larryhastings @miss-islington