| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an alphabetical ASCII character. (GH-99421)
Prevent urllib.parse.urlparse from accepting schemes that don't begin with an alphabetical ASCII character.
RFC 3986 defines a scheme like this: `scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )`
RFC 2234 defines an ALPHA like this: `ALPHA = %x41-5A / %x61-7A`
The WHATWG URL spec defines a scheme like this:
`"A URL-scheme string must be one ASCII alpha, followed by zero or more of ASCII alphanumeric, U+002B (+), U+002D (-), and U+002E (.)."`
(cherry picked from commit 439b9cfaf43080e91c4ad69f312f21fa098befc7)
Co-authored-by: Ben Kallus <49924171+kenballus@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-93463)
Note: This change is not effective on Microsoft Windows.
Cookies can store sensitive information and should therefore be protected
against unauthorized third parties. This is also described in issue #79096.
The filesystem permissions are currently set to 644, everyone can read the
file. This commit changes the permissions to 600, only the creater of the file
can read and modify it. This improves security, because it reduces the attack
surface. Now the attacker needs control of the user that created the cookie or
a ways to circumvent the filesystems permissions.
This change is backwards incompatible. Systems that rely on world-readable
cookies will breake. However, one could argue that those are misconfigured in
the first place.
|
| |
|
| |
|
|
|
|
|
| |
Bug: http://bugs.python.org/issue27226
Bug: https://bugs.gentoo.org/585060
|
|\ |
|
| |\ |
|
| | |\ |
|
| | | | |
|
| | | |\
| | | | |
| | | | | |
undo more of 6906755
|
| | | | | |
|
| | | |\|
| | | | |
| | | | | |
revert 6906755 and skip untranslated tests
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | |/ |
|
| | | |\
| | | | |
| | | | | |
add 7.3.15 draft release note, update sphinx issue extension
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | |\ \
| | | | |/
| | | |/| |
replace freenode.net references by libera.chat
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| | | | | |
| | | | | | |
Do not assign c-level slots when the python type has no function to assign
|
| | | | | | |
|
| | | | | | |
|
| | |/ / / |
|
| | | | |
| | | | |
| | | | |
| | | | | |
symlinked venv
|
| | |\ \ \
| | | | | |
| | | | | | |
remove bogus file name from venv list
|
| | | | | | |
|
| | |/ / / |
|
| | | | | |
|
| |\| | | |
|
| | |\| | |
|
| | | |\ \
| | | | |/
| | | |/| |
skip flaky test on CI
|
| | | | | |
|
| | | |/ |
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
go tail call optimization in the metainterp while tracing. this will
in particular mean storing fewer frames in the resume data and making
blackholing and resuming for tracing bridges more efficient.
|
| | | | |\ |
|
| | | | |\ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
this leaves the resulting code alone, however it means we
- capture less resume data
- re-construct fewer frames when blackholing
median number of snapshots per trace goes down by 25% for a single benchmark
(pypy pyinteractive.py -m test.pystone):
here are some frames that we can remove in the pypy interpreter in this
benchmark:
14286 W_TupleObjectUserDictWeakrefable.getdictvalue
12366 funccall__star_2
12346 get_and_call_function__star_1
10839 call_valuestack__AccessDirect_None
8656 funccall_valuestack__AccessDirect_None
8416 getattr
7375 fastfunc_descr_getattribute_2
6645 funccall__star_3
6441 PyFrame.__init__
6440 PyFrame.run
6376 Function.call_obj_args
6376 dispatcher_funcrun_obj
4907 _type_isinstance
4513 _flat_pycall__AccessDirect_None
4372 get_and_call_function__star_2
2744 call_args
2270 call_function__star_3
2221 get
2181 _type_issubtype
2127 _call
1971 fastfunc_descr_property_get_3
1622 W_Root.getdictvalue
1112 BuiltinActivation_UwS_ObjSpace_W_Root_W_Root_W_Root._run
1092 BytesDictStrategy.getitem
1020 BytesDictStrategy.getitem_str
913 funccall__star_1
872 get_and_call_function__star_0
807 fastfunc_descr_member_get_3
744 W_TupleObjectUserDictWeakrefable.getdict
724 W_TypeObject.descr_getattribute
709 AbstractAttribute.read
661 W_Super.getattribute
661 fastfunc_getattribute_2
658 _ll_list_resize_hint_really_look_inside_iff__listPtr_Signed_Bool
588 setattr
508 PyCode.funcrun_obj
459 PyCode.funcrun
430 dispatcher_setdictvalue
429 W_BytesObject.descr_contains
402 KwargsDictStrategy.setitem_str
399 len
375 descr_startswith
331 W_BytesObject.descr_getitem
330 AbstractAttribute.write
329 CALL_FUNCTION__AccessDirect_None
328 AbstractAttribute._reorder_and_add_look_inside_iff
325 dispatch_bytecode__AccessDirect_None
314 makespecialisedtuple
271 int_w__pypy_interpreter_baseobjspace_W_Root
231 dispatcher_shortcut_
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
(in pydrofoil it can take 15 min to load the target)
|
| | | | | | | |
|
| | | |\ \ \ \
| | | | | | | |
| | | | | | | | |
some small cleanups in rpython/: remove useless backendopts, speed up C tests, fix memory error check
|
| | | | | | | | |
|