Marc-Andre Lemburg added the comment:
On the topic average vs. minimum, it's interesting to see this pop up
every now and then. When I originally wrote pybench late in 1997, I used
average, since it gave good results on my PC at the time.
Later on, before pybench was added to Tools/ in P
Marc-Andre Lemburg added the comment:
On 22.09.2021 20:47, Brett Cannon wrote:
> What about if there isn't a pre-computed location for __file__? I could
> imagine a self-contained CPython build where there is no concept of a file
> location on disk for anything using this.
Marc-Andre Lemburg added the comment:
On 22.09.2021 21:02, Raymond Hettinger wrote:
>> The language specification says that the dicts maintain insertion
>> order, but the wording implies that this only to explicit
>> dictionaries, not instance attribute or other namespace d
Marc-Andre Lemburg added the comment:
Eric, I noticed that you are freezing os.py. Please be aware that
this module is often being used as indicator for where the stdlib
was installed (the stdlib itself does this in site.py to read the
LICENSE and the test suite also uses os.__file__ in a
Marc-Andre Lemburg added the comment:
On 25.09.2021 18:20, STINNER Victor wrote:
>
> STINNER Victor added the comment:
>
> Marc-Andre: I suppose that you're talking about LANDMARK in Modules/getpath.c
> and PC/getpathp.c.
Now that you mention it: yes, that as well :-)
Marc-Andre Lemburg added the comment:
Looking at the specs in PEP 293 (https://www.python.org/dev/peps/pep-0293/), it
is certainly possible for the error handler to return a newpos outside the
range start - end, meaning in most cases: a value >= end.
There's a good reason for t
Change by Marc-Andre Lemburg :
--
components: +Unicode
nosy: +ezio.melotti
___
Python tracker
<https://bugs.python.org/issue36819>
___
___
Python-bugs-list mailin
Change by Marc-Andre Lemburg :
--
nosy: +doerwalter
___
Python tracker
<https://bugs.python.org/issue36819>
___
___
Python-bugs-list mailing list
Unsubscribe:
Marc-Andre Lemburg added the comment:
On 29.09.2021 10:41, Serhiy Storchaka wrote:
>
> Restricting the returned position to be strictly larger than start would
> solve the problem with infinite loop and OOM. But this is a different issue.
Yes, this would make sense, since having
Marc-Andre Lemburg added the comment:
Are you sure that all updates on the failing machine have been correctly
installed ? It's possible that the list of CA root certs is not up to date
on the machine.
You can use certmgr.msc to check the list of installed CA root certs.
--
Marc-Andre Lemburg added the comment:
On 05.10.2021 12:48, Aivar Annamaa wrote:
>
> I can list the root certs with certmgr, but I'm not sure which piece to
> investigate further.
Check the certs in the LE chain as listed on the page you quoted
and compare them to the workin
Marc-Andre Lemburg added the comment:
win32_ver() should be using the internal Windows APIs to figure out the
version. I do wonder why those don't return the same version as the "ver"
command line tool.
Adding our Windows experts to the noisy list.
--
nosy: +lemb
Marc-Andre Lemburg added the comment:
On 05.10.2021 22:30, Steve Dower wrote:
> The version number for "Windows 11" still starts with 10.0. Just like how
> Windows 5.x and 6.x were around for a very long time each ;)
>
> There are tables in platform module that map t
Marc-Andre Lemburg added the comment:
I'm not sure I follow, but in any case, please make sure that
the freeze tool in Tools/ continues to work with the new mechanism.
The freeze tool would also need to know which modules are already
frozen via the new script, so that modules don&
Marc-Andre Lemburg added the comment:
FWIW: I'm -1 on removing the possibility to register conversion or adapter
hooks in sqlite3. Such mechanisms have become a standard with Python database
modules and are widely used to adapt them to applications or middleware using
the modules.
Marc-Andre Lemburg added the comment:
It's probably time to extend the marketing version detection mechanism to use
the build number as reference instead of the major.minor system version numbers.
Here's a good reference for this:
https://en.wikipedi
Marc-Andre Lemburg added the comment:
Since the days this was discussed, a lot of new and faster hash algorithms have
been developed. It may be worthwhile looking at those instead.
E.g. xxHash is a lot more performant than siphash:
https://github.com/Cyan4973/xxHash (the link also has a
Marc-Andre Lemburg added the comment:
On 07.10.2021 11:49, Inada Naoki wrote:
> Hash DoS is not only for HTTP headers. Everywhere creating dict from
> untrusted source can be attack vector.
> For example, many API servers receive JSON as HTTP request body. Limiting
> HTTP
Marc-Andre Lemburg added the comment:
On 07.10.2021 12:16, Christian Heimes wrote:
>
>> That's certainly true, but at the same time, just focusing on string
> hashes only doesn't really help either, e.g. it is very easy to
> create a DoS with numeric keys or other
Marc-Andre Lemburg added the comment:
BTW: We already use (a slight variant of) xxHash for tuples:
https://bugs.python.org/issue34751
The issues is an interesting read, in particular on how xxHash was eventually
chosen, with a whole set of other hash algorithms in between
Marc-Andre Lemburg added the comment:
On 07.10.2021 12:48, Christian Heimes wrote:
>
>> I don't quite follow. Why is it fine that you discuss DoS, but it's not
> fine when others discuss DoS ?
>
> But this BPO is not about discussing mitigations against DoS attac
Marc-Andre Lemburg added the comment:
On 07.10.2021 15:29, Christian Heimes wrote:
>
> Christian Heimes added the comment:
>
> JP got back to me
>
> On 07/10/2021 14.34, Jean-Philippe Aumasson wrote:
>> xxHash is much faster indeed, but collisions seem trivial
Marc-Andre Lemburg added the comment:
On 07.10.2021 16:40, Eric Snow wrote:
>
> On Thu, Oct 7, 2021 at 1:17 AM Marc-Andre Lemburg
> wrote:
>> I'm not sure I follow, but in any case, please make sure that
>> the freeze tool in Tools/ continues to work with the new m
Marc-Andre Lemburg added the comment:
On 08.10.2021 02:15, Eryk Sun wrote:
>
>> use the build number as reference instead of the major.minor
>
> It could check the (major, minor, build) tuple, which allows reporting 10.1+
> as "post11" and minimizes hard coding o
Marc-Andre Lemburg added the comment:
I am with Raymond on this one.
If "protecting against wrong use" is the only reason to go down the slippery
path of starting to rely on compiler optimizations for performance critical
operations, the argument is not good enough.
If people do
Marc-Andre Lemburg added the comment:
On 15.10.2021 11:43, STINNER Victor wrote:
> Again, I'm not aware of any performance issue caused by short static inline
> functions like Py_TYPE() or the proposed PyFloat_AS_DOUBLE(). If there is a
> problem, it should be addressed, sin
Marc-Andre Lemburg added the comment:
On 14.10.2021 22:56, Eric Snow wrote:
>
> @MAL, what's the best way to make sure Tools/freeze is still working? I
> don't see any tests for it in the test suite. I tried running the test in
> Tools/freeze/test, but I can't g
Marc-Andre Lemburg added the comment:
Meta comment :-) ... wouldn't it be better to enable the Github wiki feature for
such collections ?
--
nosy: +lemburg
___
Python tracker
<https://bugs.python.org/is
Marc-Andre Lemburg added the comment:
On 16.10.2021 01:31, Eric Snow wrote:
>
> @MAL, who's maintaining Tools/freeze? I'm not aware of who's using it (other
> than you, of course). It looks like PyRun isn't compatible with anything
> newer than 3.5, so it
Marc-Andre Lemburg added the comment:
On 19.10.2021 10:44, Serhiy Storchaka wrote:
>
> Possible solutions (they can be combined):
>
> 1. Add support for the GEORGIAN-PS charset and all other encodings used in
> libc (issue22679). The problem is that it is difficult to g
Marc-Andre Lemburg added the comment:
On 16.10.2021 21:20, Eric Snow wrote:
>
> On Sat, Oct 16, 2021 at 5:01 AM Marc-Andre Lemburg
> wrote:
>> I can try to port PyRun to 3.9 and 3.10 to see whether I run into any issues.
>> Would that help ?
>
> Yeah, that wo
Marc-Andre Lemburg added the comment:
On 19.10.2021 18:47, Marc-Andre Lemburg wrote:
>
>> On Sat, Oct 16, 2021 at 5:01 AM Marc-Andre Lemburg
>> wrote:
>>> I can try to port PyRun to 3.9 and 3.10 to see whether I run into any
>>> issues.
>>> Would
Marc-Andre Lemburg added the comment:
On 20.10.2021 16:25, Eric Snow wrote:
>
> Eric Snow added the comment:
>
> On Wed, Oct 20, 2021 at 6:01 AM Marc-Andre Lemburg
> wrote:
>> I have PyRun mostly working with Python 3.9.
>> ...
>> No changes were neces
New submission from Marc-Andre Lemburg :
python3.9 -d:
Python 3.9.7 (default, Oct 21 2021, 20:51:19)
[GCC 7.5.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
Loaded pyinteractive.py.
>>>
python3.10 -d:
Py
New submission from Marc-Andre Lemburg :
In Python 3.10, it seems that top-level frames generated by running exec() have
their f_lineno attribute set to None.
inspect.getframeinfo() tries to build context lines and fails on this line in
such a case:
start = lineno - 1 - context//2
Marc-Andre Lemburg added the comment:
What's even worse is that those debug lines get written to stdout, not stderr.
--
___
Python tracker
<https://bugs.python.org/is
Change by Marc-Andre Lemburg :
--
components: +Parser
nosy: +lys.nikolaou, pablogsal
___
Python tracker
<https://bugs.python.org/issue45562>
___
___
Python-bug
Change by Marc-Andre Lemburg :
--
components: +Interpreter Core, Library (Lib), Parser
nosy: +lys.nikolaou, pablogsal
___
Python tracker
<https://bugs.python.org/issue45
Marc-Andre Lemburg added the comment:
I have an initial version of PyRun for Python 3.10 running as well.
This created a few more headaches in order to make it work with
setuptools and some glitches which appear to be bugs in 3.10
(https://bugs.python.org/issue45563 and https://bugs.python.org
Marc-Andre Lemburg added the comment:
Yes, I know that (at the moment) it's only documented to work in the parser,
but since Py_DebugFlag is a general purpose flag, this use could easily be
extended to other parts of the interpreter as well, e.g. for parsing the
command li
Marc-Andre Lemburg added the comment:
To add some more context:
This came up while porting eGenix PyRun to Python 3.10. While installing
setuptools 58.2.0 via "pyrun setup.py install", an exception was raised in
getframeinfo().
PyRun uses exec() to run Python code
Marc-Andre Lemburg added the comment:
I had left a comment on Github about using stderr instead of stdout, to make
the output more consistent (other parser error messages go to stderr).
Note sure whether that's something you still want to change before closing the
issue.
--
Marc-Andre Lemburg added the comment:
In the case of setuptools, this would be the file setup.py, but I think the
specific file is not relevant. I can try to come up with a shorter example.
--
___
Python tracker
<https://bugs.python.
Marc-Andre Lemburg added the comment:
Update: I've been trying hard to find a short version which triggers the issue,
but so far it seems to only trigger when using exec() from a frozen Python
module.
There don't appear to be many ways frame->f_lineno can end up being -1 (whi
Marc-Andre Lemburg added the comment:
I see this in modules frozen by the Tools/freeze/ tool.
The line numbers shown for such frozen modules in the frameinfo stack are a bit
off as well, compared normal Python. Could this be an indication that there's
something not working quite
Marc-Andre Lemburg added the comment:
I've looked at how the importlib freeze logic works, compared to
Tools/freeze/freeze.py.
The only difference I can spot is that importlib uses C to build the C array
and does a compile followed by a marshal.dumps, whereas freeze.py loads all
mo
Marc-Andre Lemburg added the comment:
Turns out this was a bug in the freeze.py script I was using. I had added a bug
work-around for the modulefinder module and even though it should work as
advertised, it seems to be missing some code object attributes when recreating
the objects which
Change by Marc-Andre Lemburg :
--
resolution: -> not a bug
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Marc-Andre Lemburg added the comment:
Hmm, perhaps I should reopen the ticket, even though I now found the cause.
After all, it is possible that lineno is None and inspect.getframeinfo() cannot
handle it :-)
And it may be worthwhile investigating why recreation of a code object using
Marc-Andre Lemburg added the comment:
FYI: I've been working with a fixed Setup file in PyRun for a long while. There
are indeed a number of modules missing from Setup, since the whole logic was
left behind a bit after things moved to setup.py.
The issue with _math.o is actually in the
Marc-Andre Lemburg added the comment:
I'm using a very simple conditional logic in Setup, which is based
on sed, mostly to add platform specific variables:
In Setup:
# @if macosx: TIME_DEFS=
# @if not macosx: TIME_DEFS=-lrt
time -DPy_BUILD_CORE_BUILTIN -I$(srcdir)/Include/int
Marc-Andre Lemburg added the comment:
On 23.10.2021 20:04, Christian Heimes wrote:
>
> PR GH-29179 or GH-29181 address the issue with _math.o
I think those patches are both taking things a bit too far.
This is a build problem, not a code problem. It's perfectly
good style to li
Marc-Andre Lemburg added the comment:
On 23.10.2021 21:30, Christian Heimes wrote:
>
> The trick would move the math function back into the core. Mark moved the
> math functions out of the core on purpose, see bpo-7518.
I don't follow you. With the _math.o target in Makefile.p
Marc-Andre Lemburg added the comment:
+1 on setting the attributes dynamically. Other DB-API modules use a
similar approach.
--
___
Python tracker
<https://bugs.python.org/issue45
Marc-Andre Lemburg added the comment:
On 26.10.2021 16:02, Eric Snow wrote:
>
> FYI, I figured out the problem on my end. I wasn't using an installed
> python. Once I did it worked fine.
Oh, you mean you tried using it directly from the source tree ?
I don't think I eve
Marc-Andre Lemburg added the comment:
On 26.10.2021 16:17, Christian Heimes wrote:
>
> Christian Heimes added the comment:
>
> Brett, we can use AM_CONDITIONAL() to conditionally enable/disable a feature
> and AC_CONFIG_FILES() to create a Modules/Setup from a templat
Marc-Andre Lemburg added the comment:
On 26.10.2021 19:42, Christian Heimes wrote:
>
> Brett removed a lot of stuff in 01cf4fb9c1aa567484c2ffb1b11f9b3fe9949b05 to
> make the file more readable. I removed unnecessary -D, -I, and -L to make the
> file even more readable. You can
Marc-Andre Lemburg added the comment:
On 26.10.2021 20:47, Marc-Andre Lemburg wrote:
>> Brett removed a lot of stuff in 01cf4fb9c1aa567484c2ffb1b11f9b3fe9949b05 to
>> make the file more readable. I removed unnecessary -D, -I, and -L to make
>> the file even more readable. Y
Marc-Andre Lemburg added the comment:
Gregory P. Smith wrote:
> A higher level "best practices for launching child processes module" with
> APIs reflecting explicit intents (performance vs security vs simplicity)
> rather than requiring users to understand subproces
Marc-Andre Lemburg added the comment:
Hi Pablo,
I think you missed one instance:
print_escape(stdout, tok->cur, tok->inp - tok->cur);
Cheers
--
___
Python tracker
<https://bugs.python.or
Marc-Andre Lemburg added the comment:
Thanks, Pablo :-)
--
___
Python tracker
<https://bugs.python.org/issue45562>
___
___
Python-bugs-list mailing list
Unsub
Marc-Andre Lemburg added the comment:
encodings is a package. I think you first have to check whether mixing
frozen and non-frozen submodules are even supported. I've never tried
having only part of a package frozen.
Freezing the whole package certainly works.
--
nosy: +le
Marc-Andre Lemburg added the comment:
On 27.10.2021 22:58, Brett Cannon wrote:
>
> Brett Cannon added the comment:
>
>> Could Brett or you please add those notes back ? There's no other place
> where such details are documented.
>
> It really depends on what
Marc-Andre Lemburg added the comment:
On 30.10.2021 17:54, Filipe Laíns wrote:
>
> I just tested partially freezing the package, and it seems to working fine :)
FWIW: I think it's best not bother and simply freeze the whole thing.
It's mostly char mappings which compress we
Marc-Andre Lemburg added the comment:
Could you please provide more details regarding the OS, whether you compiled
Python yourself and the env settings you used ?
Thanks,
--
Marc-Andre Lemburg
eGenix.com
--
nosy: +lemburg
___
Python tracker
Marc-Andre Lemburg added the comment:
On 15.11.2021 08:54, Oleg Iarygin wrote:
>
> Oleg Iarygin added the comment:
>
> Marc-Andre:
>> Inlining is something that is completely under the control of the
> used compilers. Compilers are free to not inline function
Marc-Andre Lemburg added the comment:
On 15.11.2021 10:54, STINNER Victor wrote:
>
> I don't understand what you are trying to prove about compilers not inlining
> when you explicitly ask them... not to inline.
I'm not trying to prove anything, Victor.
I'm only
Marc-Andre Lemburg added the comment:
Even though these are IANA recognized encodings, we need to apply he same logic
as we do for all new encodings, which essentially boils down to: Are these
encoding in wider spread use today ?
Reading through the RFC 1556, it seems that the added -i or
Marc-Andre Lemburg added the comment:
On 26.11.2021 10:56, Ruben Vorderman wrote:
>
> $ python -m timeit -c "from bytes_sort import bytes_sort" "bytes_sort(b'')"
> 50 loops, best of 5: 495 nsec per loop
Shouldn't this read:
$ python -m
New submission from Marc-Andre Lemburg :
>From the code:
opts, args = getopt.getopt(args, "n:u:s:r:tcpvh",
["number=", "setup=", "repeat=",
"time", "clock
Marc-Andre Lemburg added the comment:
Interesting that the tool still exists. It uses mxTextTools, but in a
non-packaged version, so it's been broken for two decades now :-)
I think it's safe to remove it from Tools\scripts.
--
___
Pyth
Marc-Andre Lemburg added the comment:
Just to clarify: the change in the C implementation was the breaking change.
The patch just restores the previous behavior:
https://github.com/python/cpython/blob/master/Lib/encodings/__init__.py#L43
Please note that external codec packages should not
Marc-Andre Lemburg added the comment:
It looks like Brian is expecting some kind of normalization of the strings
before they enter the function, e.g. convert to lowercase, remove extra
whitespace, convert diacritics to regular letters, combinations of such
normalizations, etc.
Since both
Marc-Andre Lemburg added the comment:
I have marked the messages as spam. Can't seem to remove them, though.
--
___
Python tracker
<https://bugs.python.org/is
Change by Marc-Andre Lemburg :
--
Removed message: https://bugs.python.org/msg320603
___
Python tracker
<https://bugs.python.org/issue21081>
___
___
Python-bug
Change by Marc-Andre Lemburg :
--
Removed message: https://bugs.python.org/msg367515
___
Python tracker
<https://bugs.python.org/issue21081>
___
___
Python-bug
Change by Marc-Andre Lemburg :
--
Removed message: https://bugs.python.org/msg367514
___
Python tracker
<https://bugs.python.org/issue21081>
___
___
Python-bug
Marc-Andre Lemburg added the comment:
Found an "Unlink" bottom at the bottom of the message view. This appears to
remove the messages from the issue.
--
___
Python tracker
<https://bugs.python.o
New submission from Marc-Andre Lemburg :
On platforms which configure identifies as bi-arch platform, libdir is set to
$[exec_prefix}/lib64, which results in the C extensions to get installed in
e.g. /usr/local/lib64/python3.8/lib-dynload/.
However, the getpath.c routines use a fixed &quo
Marc-Andre Lemburg added the comment:
Just to clarify: the CONFIG_SITE script on OpenSUSE causes configure to use
lib64, not the Python configure script itself.
--
___
Python tracker
<https://bugs.python.org/issue40
Marc-Andre Lemburg added the comment:
No, I have not opened a bug report on OpenSUSE. Since the OS uses bi-arch
throughout, using lib64 is the natural thing to use for libdir on the OS.
I think the issue lies with getpath.c only, since it makes an assumption about
the libdir config value
Marc-Andre Lemburg added the comment:
Hi Jason,
to achieve better backwards compatibility, it's probably better to use
the approach taken for CodeInfo in the codecs.py module:
class CodecInfo(tuple):
"""Codec details when looking up the codec registry""
Marc-Andre Lemburg added the comment:
Ok, let me add some more context: When I wrote the uname interface
I was aware that calling the API will take some resources. That's
why I added the cache. IMO, that was enough as optimization.
Now, you added a late binding optimization for the
Marc-Andre Lemburg added the comment:
Hi Jason,
I think I have to review the whole set of changes again to understand what your
motivation is/was.
For https://bugs.python.org/issue35967 I had already stated that your use case
is not special enough to make the platform.py logic more
Marc-Andre Lemburg added the comment:
Reopening the ticket, since the implementation makes backwards incompatible
changes to platform.uname(): see https://bugs.python.org/issue40570 for a
discussion on a better approach to lazy evaluation of getting the processor
information.
Before we
Marc-Andre Lemburg added the comment:
I am closing this issue, since deprecations should really only be used when no
other means are possible.
The namedtuples returned by platform.uname() do support index access and so any
implementation change altering this is surprising and backwards
Marc-Andre Lemburg added the comment:
Thanks, Jason. I'll have a closer look at the issue and report back later this
week.
--
___
Python tracker
<https://bugs.python.org/is
Marc-Andre Lemburg added the comment:
Reviewed. Please check on the PR for comments.
--
___
Python tracker
<https://bugs.python.org/issue42257>
___
___
Pytho
Marc-Andre Lemburg added the comment:
Thanks for the patch.
Merging is currently prevented by an unrelated test for nntplib failing. See
e.g.
https://github.com/python/cpython/pull/23140/checks?check_run_id=1630509357.
This is being tracked in https://bugs.python.org/issue42794
Marc-Andre Lemburg added the comment:
FWIW, I'm getting the same errors in PR
https://github.com/python/cpython/pull/23140
Checking on the server that's being used, the newsgroup description is empty
indeed:
https://news.aioe.org/index.php?id=statistics-about-groups&group=co
Marc-Andre Lemburg added the comment:
On 01.01.2021 13:57, Christian Heimes wrote:
>
> Does this issue mean that I should include nntplib in PEP 594 again?
The test fails because it was relying on an external news server's
configuratoin. This doesn't mean the code itself is
Marc-Andre Lemburg added the comment:
Thanks for the patch, Dong-hee Na.
Christian: Tests relying on external resources will always have such issues.
This doesn't mean that the code which is being tested is outdated or broken.
It's just an issue with the tests. Perhaps we ought
Marc-Andre Lemburg added the comment:
https://github.com/python/cpython/pull/23140 merged. Thanks for the patch,
Kurochan.
--
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.org/i
Marc-Andre Lemburg added the comment:
Note: I did not request a backport, since this really is a new feature.
--
___
Python tracker
<https://bugs.python.org/issue42
Marc-Andre Lemburg added the comment:
I think there's a bit of a misunderstanding here. When relying on
a DB-API driver's transaction API, you are not allowed to issue
separate transaction commands to the DB backend via the .execute()
methods. You have to use conn.commit() and con
Marc-Andre Lemburg added the comment:
On 05.01.2021 19:04, Géry wrote:
>
> @lemburg
>
>> I guess the SQLite driver does not start a new transaction for SELECTs,
>> since these are usually read-only
>
> Nor for DDL statements (CREATE, DROP).
Those are definitel
Change by Marc-Andre Lemburg :
--
title: Web cache poisoning - `;` as a query args separator -> [security] Web
cache poisoning - `;` as a query args separator
___
Python tracker
<https://bugs.python.org/issu
Marc-Andre Lemburg added the comment:
Sorry for the title mess: It seems that when replying to a ticket, RoundUp uses
the subject line as the new header regardless of what it was set to before.
--
___
Python tracker
<https://bugs.python.
Marc-Andre Lemburg added the comment:
Looking at the _url_handler() code in pydoc.py, this was clearly not written
with web server standards in mind. None of the handlers apply security checks
on the user input and there are most likely several other vulnerabilities in
there to be found
Marc-Andre Lemburg added the comment:
On 22.01.2021 01:28, STINNER Victor wrote:
>
> STINNER Victor added the comment:
>
>> I'd suggest to print a big warning on the console, explaining that the web
>> server will potentially make all content accessible by the
801 - 900 of 1946 matches
Mail list logo
