Gregory P. Smith added the comment:
New changeset fed2fc4443235fa9669b73817827fd6da88e3417 by Ian Henriksen in
branch 'main':
bpo-43895: Remove an unnecessary cache of shared object handles (GH-25487)
https://github.com/python/cpython/commit/fed2fc4443235fa9669b73817827fd6da88e3417
Change by Gregory P. Smith :
--
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Gregory P. Smith :
--
assignee: -> gregory.p.smith
nosy: +gregory.p.smith, twouters
versions: +Python 3.11
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
New changeset a9a69bb3ea1e6cf54513717212aaeae0d61b24ee by Ma Lin in branch
'main':
bpo-41486: zlib uses an UINT32_MAX sliding window for the output buffer
(GH-26143)
https://github.com/python/cpython/commit/a9a69bb3ea1e6cf54513717212aaeae0d61b24ee
Gregory P. Smith added the comment:
Code needed in a modern patch:
1) Use the system call if compile time configure detected it may be available.
(if we just use syscall() rather than a libc wrapper, a configure check may not
be necessary, but various #ifdefs likely are)
2) If (1) produces
Change by Gregory P. Smith :
--
stage: patch review -> resolved
status: pending -> closed
___
Python tracker
<https://bugs.python.org/issue36991>
___
___
Gregory P. Smith added the comment:
Good catch. We don't have buildbots statically linking the modules in these
days, that'd be useful to prevent things like this from happening.
--
resolution: -> fixed
stage: patch review -> resolved
status: open -&g
Gregory P. Smith added the comment:
New changeset cf739332bd039cd2303b58663a804f784883820d by Miss Islington (bot)
in branch '3.10':
bpo-44458: Ensure BUFFER_BLOCK_SIZE symbol is statically allocated. (GH-26808)
(GH-26844)
https://github.com/python/cpython/commit
Gregory P. Smith added the comment:
New changeset 92c2e91580521ba5c85aa3205a0211df5b48689b by Russell Keith-Magee
in branch 'main':
bpo-44458: Ensure BUFFER_BLOCK_SIZE symbol is statically allocated. (GH-26808)
https://github.com/python/cpython/commit/92c2e91580521ba5c85aa3205a0211df5b48689b
Change by Gregory P. Smith :
--
assignee: -> gregory.p.smith
___
Python tracker
<https://bugs.python.org/issue44458>
___
___
Python-bugs-list mailing list
Un
Change by Gregory P. Smith :
--
resolution: later -> not a bug
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue44107>
___
___
Pyth
Change by Gregory P. Smith :
--
versions: +Python 3.11 -Python 3.9
___
Python tracker
<https://bugs.python.org/issue40120>
___
___
Python-bugs-list mailin
Change by Gregory P. Smith :
--
versions: +Python 3.10, Python 3.9
___
Python tracker
<https://bugs.python.org/issue44334>
___
___
Python-bugs-list mailin
Gregory P. Smith added the comment:
fwiw this sort of thing may be reasonable to backport to 3.9 as it is more than
just a performance enhancement but also a resource consumption bug and should
result in no behavior change.
"""
In case of form contain very large data ( in my
Change by Gregory P. Smith :
--
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
New changeset 5a8ddcc4524dca3880d7fc2818814ffae1cfb8a2 by Gregory P. Smith in
branch '3.9':
[3.9] bpo-43776: Remove list call from args in Popen repr (GH-25338) (GH-26510)
https://github.com/python/cpython/commit/5a8ddcc4524dca3880d7fc2818814ffae1cfb8a2
Change by Gregory P. Smith :
--
pull_requests: +25106
pull_request: https://github.com/python/cpython/pull/26510
___
Python tracker
<https://bugs.python.org/issue43
Gregory P. Smith added the comment:
New changeset e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc by Gregory P. Smith in
branch 'main':
bpo-44022: Improve the regression test. (GH-26503)
https://github.com/python/cpython/commit/e60ab843cbb016fb6ff8b4f418641ac05a9b2fcc
Gregory P. Smith added the comment:
Great catch! The new PR should address that.
--
___
Python tracker
<https://bugs.python.org/issue44022>
___
___
Python-bug
Change by Gregory P. Smith :
--
pull_requests: +25099
pull_request: https://github.com/python/cpython/pull/26503
___
Python tracker
<https://bugs.python.org/issue44
Change by Gregory P. Smith :
--
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
New changeset d8fd8c8568cbc2f53c1abeda3596a89a46f0e3d7 by Ken Jin in branch
'main':
bpo-42392: [docs] Add deprecated-removed loop labels for asyncio (GH-26357)
https://github.com/python/cpython/commit/d8fd8c8568cbc2f53c1abeda3596a89a46f0e3d7
Gregory P. Smith added the comment:
A presumed optimal version of this is already available in numpy.
https://numpy.org/doc/stable/reference/random/generated/numpy.random.Generator.binomial.html
https://github.com/numpy/numpy/blob/2232a473f8713f532c8164c8cf616f7bd05f54a7/numpy/random
Change by Gregory P. Smith :
--
title: remove the deprecated 'loop' parameter asyncio API -> [document removal
of] the deprecated 'loop' parameter asyncio API in 3.10
___
Python tracker
<https://bugs.python.org/issu
Change by Gregory P. Smith :
--
assignee: -> docs@python
components: +Documentation
nosy: +docs@python
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
There appear to be no versionchanged:: 3.10 in the asyncio docs on the APIs
that formerly accepted a loop= parameter linking people to information on when
that went away (3.10) and why. Specifically I'm talking about
https://docs.python.org/3.10/library
Gregory P. Smith added the comment:
Lets get equivalent whatsnew text into the 3.8 and 3.9 and 3.10 branches before
closing it.
--
___
Python tracker
<https://bugs.python.org/issue43
Gregory P. Smith added the comment:
> > * IMO it should be called after profiling and tracing hook, so non-trivial
> > hooks can be profiled and traced.
> Makes sense, Done.
I updated the PR do this. (if your "Done" indicated you had done this
somewhere, it appe
New submission from Gregory P. Smith :
https://docs.python.org/3/library/enum.html#private-names
"""
_Private__names
Private names will be normal attributes in Python 3.10 instead of either an
error or a member (depending on if the name ends with an underscore). Using
the
Gregory P. Smith added the comment:
There are still a lot of cleanliness and even logical issues lurking within
urllib.parse. But this bug is dated and other changes have happened since.
I'm closing it as out of date. Open new issues for specific action items.
--
nosy
Change by Gregory P. Smith :
--
keywords: +patch
pull_requests: +24842
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/26225
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
I'm making progress on https://bugs.python.org/issue37901 and related IPv6-only
issues, the changes of which tend to shake out improper uses of 127.0.0.1
hardcoded.
I'm closing this issue as there aren't specific needs that the rest won't cover
Change by Gregory P. Smith :
--
resolution: -> duplicate
stage: -> resolved
status: open -> closed
superseder: -> Test suite fails when Ipv6 is unavailable
___
Python tracker
<https://bugs.python
Gregory P. Smith added the comment:
thanks!
--
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
thanks for the patch!
--
resolution: remind -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
New changeset 7a588621c2854bcef6ce9eeb54349b84ac078c45 by Miss Islington (bot)
in branch '3.10':
bpo-43650: Fix MemoryError on zip.read in shutil._unpack_zipfile for large
files (GH-25058) (GH-26190)
https://github.com/python/cpython/commit
Gregory P. Smith added the comment:
Python is calling close() after the HTTP/1.0 request. This isn't a bug on the
CPython side.
--
nosy: +gregory.p.smith
resolution: remind -> not a bug
stage: -> resolved
status: open -> closed
_
Change by Gregory P. Smith :
--
assignee: -> gregory.p.smith
nosy: +gregory.p.smith
type: crash -> resource usage
versions: +Python 3.10, Python 3.11 -Python 3.6, Python 3.7, Python 3.8
___
Python tracker
<https://bugs.python.org/i
Gregory P. Smith added the comment:
Questionable as to if this counts as a bug or not, but I agree it is
counter-intuitive given the purpose of actually checking the .is_private
property of an address. So updating the behavior makes sense, but I'll be
conservative w.r.t. behavior changes
Gregory P. Smith added the comment:
New changeset b913f47e87f788e705716ae037ee9f68b4265e69 by Miss Islington (bot)
in branch '3.10':
bpo-39950: Fix deprecation warning in test for `pathlib.Path.link_to()`
(GH-26155) (GH-26178)
https://github.com/python/cpython/commit
Change by Gregory P. Smith :
--
keywords: +patch
pull_requests: +24791
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/26157
___
Python tracker
<https://bugs.python.org/issu
New submission from Gregory P. Smith :
This prevents parallel hmac computations.
see michaelforney's comment left on https://github.com/python/cpython/pull/20129
where the problem was introduced when adding support for using OpenSSL's HMAC
implementations.
easy fix. PR coming.
We don't
Gregory P. Smith added the comment:
This would be useful beyond macOS. Clang/LLVM is the compiler toolchain of
choice for a lot of the world these days. Including lldb. gdb cannot be
assumed to be available or even work everywhere. This would be a great thing
to have
Change by Gregory P. Smith :
--
resolution: -> fixed
stage: patch review -> commit review
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
The logic for bailing out to a slow copy is currently:
https://github.com/python/cpython/blob/main/Lib/shutil.py#L158
that condition appears to not be happening in Alexei's test. Suggesting that
either at least one sendfile call succeeded and thus offset
New submission from Gregory P. Smith :
A long-standing wart in Python is that once a module is loaded, when rendering
a traceback and including source lines, we do not verify if the source file
we're loading is the same as the one representing the code we are running.
It could have been
Gregory P. Smith added the comment:
TL;DR - A tar file being extracted doesn't check to see if it is overwriting an
existing file, which could be a symlink to elsewhere leading to elsewhere's
contents being clobbered assuming the elsewhere file exists.
doing an unlink before opening
Change by Gregory P. Smith :
--
assignee: -> pablogsal
nosy: +pablogsal
___
Python tracker
<https://bugs.python.org/issue44058>
___
___
Python-bugs-list mai
Gregory P. Smith added the comment:
Others are reporting this works. if that is not true on the most recent python
3.9 release, please reopen with more detailed reproduction instructions.
--
nosy: +gregory.p.smith
resolution: -> works for me
stage: -> needs patch
status
Gregory P. Smith added the comment:
without inspecting the code: I wonder if this is related to the same change as
https://bugs.python.org/issue44061 ?
--
nosy: +gregory.p.smith
___
Python tracker
<https://bugs.python.org/issue44
Change by Gregory P. Smith :
--
keywords: +3.10regression, 3.8regression, 3.9regression
priority: normal -> high
___
Python tracker
<https://bugs.python.org/issu
Change by Gregory P. Smith :
--
nosy: +brett.cannon
___
Python tracker
<https://bugs.python.org/issue44070>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Gregory P. Smith :
--
nosy: +steve.dower
___
Python tracker
<https://bugs.python.org/issue44070>
___
___
Python-bugs-list mailing list
Unsubscribe:
Gregory P. Smith added the comment:
There is no less intrusive fix as far as I can see. I believe we're down to
either stick with what we've done, or do nothing. It doesn't have to be the
same choice in all release branches, being more conservative with changes the
older the stable branch
Gregory P. Smith added the comment:
httplib.py is a Python 2 concept. Python 2 is end of life. bugs.python.org no
longer tracks issues with its code. I don't doubt that Python 2.7 has bugs.
As a matter of policy, we don't care -
https://www.python.org/doc/sunset-python-2/. Python 3.6
Gregory P. Smith added the comment:
thanks for the PR!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Gregory P. Smith added the comment:
FWIW, if we were to add a parameter, I'd lean towards a name of
"invalid_url_characters = None" defaulting to using what's in our private
_UNSAFE_URL_BYTES_TO_REMOVE global when None but otherwise letting the user
specify a sequence of
Gregory P. Smith added the comment:
Of note: If we had chosen to raise a ValueError (or similar) for these
characters by default, the cloud-init code would also fail to behave as
intended today (based on what I see in
https://github.com/canonical/cloud-init/commit
Gregory P. Smith added the comment:
We try to not add a new parameter in a bugfix release as that can be difficult
to use. That said, adding a new bool keyword only parameter to control this
behavior seems feasible.
Unfortunately you already have to deal with the existence of 3.9.5 having
Gregory P. Smith added the comment:
New changeset fbefdaf92e40134c43142c182f7c5bfe406e4c2b by Miss Islington (bot)
in branch '3.10':
bpo-44059: Register the SerenityOS Browser in the webbrowser module (GH-25947)
(GH-25950)
https://github.com/python/cpython/commit
Gregory P. Smith added the comment:
If anyone wants a CVE for it, that's up to them. This bug is in the CPython
http.client module which is what urllib uses for http/https. I'd rate it low
severity. A malicious server can hold a http connection from this library open
as a network traffic
Gregory P. Smith added the comment:
For completeness reference, the 'main' branch after the master->main rename
also got fixed to check it early the same was as the release branches via:
https://github.com/python/cpython/commit/985ac016373403e8ad41f8d563c4355ffa8d49ff
our robot updat
Gregory P. Smith added the comment:
I don't believe CPython should be working around a bug in specific Linux kernel
versions in the standard library unless they are extremely pernicious and not
considered to be a bug and thus ever be fixed in the OS kernel.
As the sendfile system call
Gregory P. Smith added the comment:
Quite a humorous long list of historical browsers still in the webbrowser
module. This can join the list. The PR should automerge after the CI runs
complete.
--
assignee: -> gregory.p.smith
nosy: +gregory.p.sm
Gregory P. Smith added the comment:
(obviously we're missing any tests for use of Path objects in this situation)
--
stage: -> needs patch
type: crash -> behavior
___
Python tracker
<https://bugs.python.org/i
Gregory P. Smith added the comment:
This caused a regression described in https://bugs.python.org/issue44061
--
nosy: +gregory.p.smith
___
Python tracker
<https://bugs.python.org/issue43
Gregory P. Smith added the comment:
https://bugs.python.org/issue43105 and
https://github.com/python/cpython/pull/25121 caused this regression.
--
assignee: -> steve.dower
keywords: +3.8regression, 3.9regression
nosy: +gregory.p.smith, lukasz.langa, steve.dower
priority: nor
Gregory P. Smith added the comment:
New changeset 60ba0b68470a584103e28958d91e93a6db37ec92 by Miss Islington (bot)
in branch '3.10':
bpo-44022: Fix http client infinite line reading (DoS) after a HTTP 100
Continue (GH-25916) (GH-25931)
https://github.com/python/cpython/commit
Gregory P. Smith added the comment:
Thanks guangli dong (leveryd)!
This is in and the 3.10-3.6 PRs should automerge (thru 3.9) after the CI runs,
or be merged by the release managers (3.6-3.8).
--
resolution: -> fixed
stage: patch review -> commit review
status: open -&g
Gregory P. Smith added the comment:
Mike: There may be multiple ways to read that WHATWG recommendation? The
linked to section is about implementing a state machine for parsing a URL into
parts safely. But that may not imply that anything that passed through that
state machine should
Gregory P. Smith added the comment:
The bug: Our http client can get stuck infinitely reading len(line) < 64k lines
after receiving a '100 Continue' http response. So yes, this could lead to our
client being a bandwidth sink for anyone in control of a server.
Clear issue: That's a den
Change by Gregory P. Smith :
--
assignee: -> gregory.p.smith
nosy: +gregory.p.smith
title: "urllib" will result to deny of service -> urllib http client possible
infinite loop on a 100 Continue response
versions: +Python 3.10, Python
Change by Gregory P. Smith :
--
assignee: -> eric.snow
nosy: +eric.snow
___
Python tracker
<https://bugs.python.org/issue44050>
___
___
Python-bugs-list mai
Change by Gregory P. Smith :
--
dependencies: +unaligned memory access in the _sha3 extension
___
Python tracker
<https://bugs.python.org/issue44043>
___
___
Change by Gregory P. Smith :
--
pull_requests: +24594
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/25927
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
that patch looks fine, i'll turn it into a PR.
--
assignee: christian.heimes -> gregory.p.smith
nosy: +gregory.p.smith
___
Python tracker
<https://bugs.python.org/issu
Change by Gregory P. Smith :
--
assignee: -> christian.heimes
versions: +Python 3.10, Python 3.11, Python 3.9
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
Thanks Florian! Indeed, I'm glad you have tests for this. (I expect anyone
writing their own validation code will have such tests)
Making urlsplit raise an exception where it never has before has other
consequences:
In CPython's own test suite
Gregory P. Smith added the comment:
Both Django and Botocore issues appear to be in the category of: "depending on
invalid data being passed through our urlsplit API so that they could look for
it later" Not much sympathy. We never guaranteed we'd pass invalid data
through
Gregory P. Smith added the comment:
FWIW rather than implementing our own URL parsing at all... wrapping a library
extracted from a compatible-license major browser (Chromium or Firefox) and
keeping it updated would avoid disparities.
Unfortunately, I'm not sure how feasible this really
Gregory P. Smith added the comment:
That makes sense. It seems like we're missing information signature() would
need to be able to differentiate between when it should default to follow
.__wrapped__ vs when it shouldn't. Neither default can satisfy everyone
Gregory P. Smith added the comment:
rejecting. code trying to make direct use of __defaults__ is likely better off
using inspect.signature(). there might be an issue with inspect in some cases
(https://bugs.python.org/issue41232) but I do not believe that is true for
lru_cache wrapped
Gregory P. Smith added the comment:
Even if we shouldn't blindly propagate defaults (wrong in some wrapping
scenarios), there is still a problem here as noted in Thor's opening message.
A bug exists between functools.wraps and inspect.signature. The signature
reported is wrong. why
Gregory P. Smith added the comment:
Oh, I didn't realize mutating those would actually change the code runtime
behavior. But it makes sense, those are needed before the code object is
entered.
Yeah that is different, and suggests making this the default is not actually
desired
Change by Gregory P. Smith :
--
type: behavior -> enhancement
versions: -Python 3.10, Python 3.9
___
Python tracker
<https://bugs.python.org/issue44003>
___
_
Gregory P. Smith added the comment:
https://bugs.python.org/issue41232 covers the more general case of suggesting
changing update_wrapper's behavior. That would alleviate the need to fix the
pure python implementation within my own PR
Gregory P. Smith added the comment:
I'm working on a more specialized case of this for functools.lru_cache in
bpo-issue44003. But I believe this issue also makes sense. It is basically
suggesting that __defaults__ and __kwdefaults__ should be included in the
default set of assigned
Gregory P. Smith added the comment:
An inner function can't know if somebody else might want to inspect it.
This is a decorator that does not change anything about the argument signature
of the wrapped function, carrying over the reference to meta-information about
that by default seems
Gregory P. Smith added the comment:
__defaults__ and __kwdefaults__ get used for code introspection. Just as
__annotations__ does. __annotations__ is already available on the lru_cache
wrapped function. All of those seem to go together from a runtime inspection
point of view
Change by Gregory P. Smith :
--
keywords: +patch
pull_requests: +24487
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/25800
___
Python tracker
<https://bugs.python.org/issu
Gregory P. Smith added the comment:
the pure python functools.lru_cache doesn't get this right either. here's a
desirable testcase for this bug:
```
def test_lru_defaults_bug44003(self):
@self.module.lru_cache(maxsize=None)
def func(arg='ARG', *, kw='KW
Gregory P. Smith added the comment:
That was anecdotal evidence:
```
Python 3.9.1 (v3.9.1:1e5d33e9b9, Dec 7 2020, 12:10:52)
[Clang 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
Change by Gregory P. Smith :
--
keywords: +patch
pull_requests: +24486
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/25798
___
Python tracker
<https://bugs.python.org/issu
New submission from Gregory P. Smith :
When the C implementation of functools.lru_cache was added in bpo/issue14373,
it appears to have omitted setting `.__defaults__` on its wrapped function.
```
Python 3.10.0a7+ (heads/master-dirty:823fbf4e0e, May 1 2021, 11:10:30) [Clang
12.0.0 (clang
Gregory P. Smith added the comment:
Yeah, the Quoter class seems a little odd...
Past notes of some the caching performance around the character quoting for
quote() can be found in https://bugs.python.org/issue1285086 circa 2005-2010.
--
nosy: -rhettinger
New submission from Gregory P. Smith :
`urllib.parse` has custom caching code for both `urlsplit()` and `quote()`.
From 1996.
https://github.com/python/cpython/commit/3fd32ecd9232fcb041b9f1f7a19a1e7e65cf11a0
https://github.com/python/cpython/commit/74495409861b357d9925937d6576229c74e2550d
Gregory P. Smith added the comment:
I think there's still a flaw in the fixes implemented in 3.10 and 3.9 so far.
We're closer, but probably not quite good enough yet.
why? We aren't stripping the newlines+tab early enough.
I think we need to do the stripping *right after
Gregory P. Smith added the comment:
New changeset 251ffa9d2b16b091046720628deb6a7906c35d29 by Ma Lin in branch
'master':
bpo-41486: Fix initial buffer size can't > UINT32_MAX in zlib module (GH-25738)
https://github.com/python/cpython/commit/251ffa9d2b16b091046720628deb6a7906c35
Gregory P. Smith added the comment:
Renaming to OutputBuffer sounds like a good idea.
On Thu, Apr 29, 2021, 7:55 PM Ma Lin wrote:
>
> Ma Lin added the comment:
>
> Found a backward incompatible behavior.
>
> Before the patch, in 64-bit build, zlib module allow
301 - 400 of 5107 matches
Mail list logo
