I'm proud to release version 1.5.1 of Roundup which has been possible
due to the help of several contributors. This release contains
important security enhancements, so make sure to read
`doc/upgrading.txt <http://www.roundup-tracker.org/docs/upgrading.html>`_
to bring your tracker up to date. Other changes, as usual, include some
new features and many bug fixes.
Features:
- The example local_replace.py has been updated to show how to link to
modern revision systems using hex revision identifiers.
This extension is used to expand shortcuts in msgs. (Bernhard Reiter)
- Drop comment in user settings about numeric hour offsets instead of using
pytz timezone names. Due to DST these are wrong half of the year, it is
much better to use timezone names. (Thomas Arendsen Hein)
- issue2550793: Wrap messages with very long lines in the web interface.
(Thomas Arendsen Hein)
- New Link / Multilink option "try_id_parsing": Sometimes the key of a
class can be numeric -- in that case roundup will try to parse the
value as an ID when evaluating form values -- not as a key. Specifying
try_id_parsing='no' for these Link/Multilink will skip the ID step,
default is 'yes'. (Ralf Schlatterbeck)
- New configuration option 'isolation_level' in rdbms section. Currently
supported for Postgres and mysql, sets the transaction isolation level.
Wrong history entries for concurrent database updates observed in
issue2550806 can be prevented by setting this to 'repeatable read' if
you want to pay the performance penalty. We test this behaviour in the
regression tests for Postgres but not currently for mysql.
See http://www.postgresql.org/docs/9.1/static/transaction-iso.html
(Ralf Schlatterbeck)
- /xmlrpc endpoint now shows link to XML-RPC documentation if accessed
through browser, without text/xml Content-Type (anatoly techtonik)
- docs: New dedicated chapter for extensions in ``doc/customizing.txt``
(anatoly techtonik)
- Increase default height of classhelp windows from 400 to 600.
(Thomas Arendsen Hein)
- Date properties now can specify (on input) an explicit timezone suffix
(similar to RFC 2822), e.g. +0200 for CEST or -0500 for EST. This also
works in the XMLRPC interface. For examples see roundup.date.Date.
(Ralf Schlatterbeck)
- Add RejectRaw exception to allow unescaped HTML error messages to be
displayed to the user (thanks Ezio Melotti for the initial patch)
(John Kristensen)
Fixed:
- issue2550869 Duplicate mail headers (Reply-To, Message-ID, In-Reply-To)
when sending out email. Reported with first fix by Mathias Behrle.
(Bernhard Reiter)
- issue2550830 An empty LinkHTMLProperty cannot be compared successfully.
Improves the query editing page. Reported and fixed by R David Murray
(Bernhard Reiter).
- Fix Release-date of 1.5.0 in this file (thanks to Bernhard for
discovery) (Ralf Schlatterbeck)
- Pythons cgi form code can return a TypeError, we now guard for this
condition. (Ralf Schlatterbeck)
- Small bug-fix in SQL backends: A query (e.g. in a html menu) with a
where-clause that always evaluates to false now will not raise a
traceback. (Ralf Schlatterbeck)
- Remove Python 2.3 compatibility code for i18n (anatoly techtonik)
- If documentation 'sphinx-build' tool is not found in system PATH,
'setup.py build_doc' command now tries to detect it from PYTHONPATH
(anatoly techtonik)
- Read version and release for generated documentation from
roundup/__init__.py. (Thomas Arendsen Hein)
- Do not throw an internal error if a .mo file can not be read
(Thomas Arendsen Hein)
- issue2550673 Make the "Make a copy" link work by fixing copy_url to properly
handle multilink properties. (John Rouillard)
- issue2550583, issue2550635 Do not limit results with Xapian indexer
(Thomas Arendsen Hein)
- Allow using plain() on unsaved dates in HTML forms
(Thomas Arendsen Hein)
- setup.py now installs static files of the HTML documentation (stylesheets,
images, etc.) (Thomas Arendsen Hein)
- executable .py scripts need "#!/usr/bin/env python", add this to demo.py,
remove exec bits from website/wiki/wiki/data/plugin/theme/roundup.py
(Thomas Arendsen Hein)
- issue2550822: Fix showing more than one additional property in class menu.
Report and fix by James Mack (Thomas Arendsen Hein)
- Fix String search with special SQL wildcard characters in LIKE/ILIKE
clause and add testcase (Ralf Schlatterbeck)
- Fix subtle bug when sorting by a Link that contains a Multilink from
which we also search for an attribute. In that case the LEFT OUTER
JOIN clause was missing in generated SQL. (Ralf Schlatterbeck)
- Fix another XSS issue2550817. Note that the code that triggers that
particular bug is no longer in roundup core. But the change to the
templates we suggest is a *lot* safer as it by default escapes the
error and ok messages now. Thanks to Thibault Fevry for the original
bug-report. (Ralf Schlatterbeck)
- issue2117897: Fixed two more places in date.py where seconds can be
rounded to 60.0 and causing exceptions. Change them to 59.999 as was
done in the fix for issue2550802. (Thomas Arendsen Hein)
- Fix batch.propchanged for transitive id properties (would result in a
backtrace when trying to group by property.id) (Ralf Schlatterbeck)
- Fix issue2550835, the test checks for date-range queries with an
interval that depends on the local time. Put the queried date a little
later to avoid a race condition where the queried interval doesn't
match the date because the clock has advanced. (Ralf Schlatterbeck)
- Apply german translation fixes from Debian team in issue2550761,
thanks to Kai Storbeck for taking the time to report these.
(Ralf Schlatterbeck)
- Fix issue2550843 Pass text of Unauthorised and Login exceptions instead
of the exception instance to avoid traceback with string operations.
(Thomas Arendsen Hein)
- Fix issue2550841 roundup-demo templates not found in virtualenv (John
Kristensen)
- Security: Default user permissions should not include all user
attributes. We now limit this to the username, realname and some
further attributes depending on the schema. Note that we no longer
include the email addresses, depending on your installation you may
want to further restrict this or add some attributes like ``address``
and ``alternate_addresses``. (Ralf Schlatterbeck)
- Correctly recreate the database directory when re-initialising a tracker
instance. (John Kristensen)
- In case of an error, date fields would lose the calendar help, fixed.
(Ralf Schlatterbeck)
- demo.py usage message improved: explains "nuke" now. (Bernhard Reiter)
- Fix issue2550735 Missing doc for xmlrpc schema. Thanks to Cedric Krier
for the patch. (anatoly techtonik)
- Fix two line-break accidents in devel and responsive milestone.item.html
(Thomas Arendsen Hein)
- Fix broken images in legacy spec.html and original_overview.html, and
restore web presence for "Roundup's Design Document" (anatoly techtonik)
- Template jinja2: Updated URL to point to http://www.roundup-tracker.org/,
fixed a typo. (Bernhard Reiter)
- Security: Add mime-type whitelist for attachmens that can be safely
rendered from Roundup without trigerring security bugs in browser
plugins, XSS issues and spam. The option ``allow_html_file`` didn't
provide protection for invalid content-type, in which case browser
tried to guess the best one. Thanks to Kay Hayen for reporting and
helping debug this. issue2550848 (Ralf Schlatterbeck, anatoly techtonik)
- Documentation: configuration messages_to_author value "nosy" now documented
in chapter "customizing". (Bernhard Reiter)
- issue2550877 Failures in test_mailgw.py because of duplicated headers
and more precise comparision. Writing headers with the email module will use
continuation_ws = ' ' now for python 2.5 and 2.6. (Bernhard Reiter)
- issue2550870 migrate use of 'rfc822' module to the 'email' module
(Bernhard Reiter/John Kristensen)
- Doctests for roundup.date.Date are now really executable and don't
fail. Bug-Fixes in range properties, open intervals with 'to' didn't
always work. (Ralf Schlatterbeck)
- issue2550881 demo.py: Add pointer how to access demo from remote host.
Suggested by Karl-Philipp Richter. (Bernhard Reiter)
- issue2550884 roundup-mailgw --help text improved to explain the allowed
parameters better. Suggested by by Karl-Philipp Richter. (Bernhard Reiter)
- Fix form-parsing: If multiple new items are added to a multilink
property, the old version would create the new items but only link
one. (Ralf Schlatterbeck)
- issue2550892 (translation error of priority in locale de) Thanks
Martin Thomas Swaton for reporting. (Bernhard Reiter)
- Help-Window now gets focus, this prevents the case that help doesn't
work because an old help-window is below the main window.
(Ralf Schlatterbeck)
- issue2550811 20% fix: jinja2 template engine now has an example
how to use non-ascii unicode contents with a custom filter ('| u').
See updates on http://www.roundup-tracker.org/cgi-bin/moin.cgi/Jinja2
(Bernhard Reiter)
If you're upgrading from an older version of Roundup you *must* follow
the "Software Upgrade" guidelines given in the maintenance documentation.
Roundup requires python 2.5 or later (but not 3+) for correct operation.
To give Roundup a try, just download (see below), unpack and run::
python demo.py
Release info and download page:
http://pypi.python.org/pypi/roundup
Source and documentation is available at the website:
http://roundup-tracker.org/
Mailing lists - the place to ask questions:
http://sourceforge.net/mail/?group_id=31577
About Roundup
=============
Roundup is a simple-to-use and -install issue-tracking system with
command-line, web and e-mail interfaces. It is based on the winning design
from Ka-Ping Yee in the Software Carpentry "Track" design competition.
Note: Ping is not responsible for this project. The contact for this
project is richard(a)users.sourceforge.net.
Roundup manages a number of issues (with flexible properties such as
"description", "priority", and so on) and provides the ability to:
(a) submit new issues,
(b) find and edit existing issues, and
(c) discuss issues with other participants.
The system will facilitate communication among the participants by managing
discussions and notifying interested parties when issues are edited. One of
the major design goals for Roundup that it be simple to get going. Roundup
is therefore usable "out of the box" with any python 2.5+ (but not 3+)
installation. It doesn't even need to be "installed" to be operational,
though an install script is provided.
It comes with two issue tracker templates (a classic bug/feature tracker and
a minimal skeleton) and four database back-ends (anydbm, sqlite, mysql
and postgresql).
This is an announcement of a popular & free-to-participate,
Python-focused un-conference taking place in Cologne, Germany. My
apologies to all readers from other countries.
-----
Liebe Python-Fans,
es ist wieder soweit: Am * Freitag, den 15. Januar * öffnen wir die
Online-Anmeldung für Teilnehmer des PythonCamps 2016!
Die nunmehr siebte Ausgabe des PythonCamps wird erneut durch die Python
User Group Köln sowie den Python Software Verband e.V. in den Räumen
unseres Partners GFU Cyrus AG in Köln ausgerichtet.
* PythonCamp 2016: Sa-So, 02.04.2016 - 03.04.2016 *
* http://www.pythoncamp.de *
Unsere zweitägige Veranstaltung richtet sich an alle, die sich für die
Programmiersprache Python und deren Einsatz begeistern - sei es im
Bereich Web Development, Automatisierung, Scientific Computing oder
einfach nur zum Spaß. Die Themen des PythonCamps sind so vielfältig wie
die Einsatzmöglichkeiten von Python selbst, denn das Programm wird - wie
bei einem BarCamp üblich - ausschließlich von unseren Teilnehmern selbst
gestaltet.
Ihr habt einen Vortrag oder eine Demo im Angebot, möchtet eine
Diskussionsrunde leiten oder mit Gleichgesinnten ein offenes
Brainstorming abhalten? Alles ist möglich - bringt euren
Session-Vorschlag einfach mit. Ihr seid noch keine "Vortrags-Veteranen"?
Das macht nichts. In unserer familiären Atmosphäre haben schon viele
Teilnehmer ihren ersten öffentlichen Vortrag gehalten - traut euch!
Dank unserer Sponsoren können wir euch diese "Un-Konferenz" *kostenlos*
(Hinweis: Teilnahme nur nach Voranmeldung) anbieten und sorgen dabei
tagsüber auch für euer leibliches Wohl. So treffen bei uns seit Jahren
Berufstätige, Studenten und auch Schüler aus den verschiedensten
Tätigkeitsfeldern, Branchen und Organisationen aufeinander und
bereichern sich gegenseitig.
Meldet euch frühzeitig an - unsere Plätze sind begrenzt!
Euer PythonCamp Orga-Team
info(a)pythoncamp.de
P.S.: Du kennst eine weitere Mailingliste, deren Leser unser PythonCamp
ebenfalls interessieren könnte? Wir freuen uns über Anregungen!
================
pyspread 1.0.1
================
Pyspread 1.0.1 is released.
This is a bugfix release.
Major changes to 1.0:
* Jedi 0.9 API change fixed.
* French translation added.
* Translations updated.
* GPG now only accepts the chosen key as valid.
* When an unsaveable xlsx file is opened, a Save As dialog opens.
* The default file type can now be adjusted in the .pyspreadrc file.
* Undoing a merge operation now correctly restores data from the
merged cells.
About pyspread
==============
Pyspread is a non-traditional spreadsheet application that is based on
and written in the programming language Python.
The goal of pyspread is to be the most pythonic spreadsheet application.
Pyspread is free software. It is released under the GPL v3.
Project website: https://manns.github.io/pyspread/
Download page: https://pypi.python.org/pypi/pyspread
Source code: https://github.com/manns/pyspread
Enjoy
Martin
If one birthday release is good, two is surely better? To test that theory PyCA cryptography 1.2.1 has been released. This version, in addition to all the changes outlined in the 1.2 release, contains a fix for an issue that caused pyOpenSSL to raise an exception in many situations (https://cryptography.io/en/latest/changelog/).
-Paul Kehrer (reaperhulk)
On behalf of all our contributors I am pleased to announce the release of PyCA/cryptography (https://github.com/pyca/cryptography) version 1.2. cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your "cryptographic standard library". We support Python 2.6-2.7, Python 3.3+, and PyPy.
Changelog (https://cryptography.io/en/latest/changelog/):
* BACKWARDS INCOMPATIBLE: RevokedCertificate extensions now uses extension classes rather than returning raw values inside the Extension value.
* Deprecated support for OpenSSL 0.9.8 and 1.0.0. At this time there is no time table for actually dropping support, however we strongly encourage all users to upgrade as those versions no longer receive support from the OpenSSL project.
* The Certificate class now has signature and tbs_certificate_bytes attributes.
* The CertificateSigningRequest class now has signature and tbs_certrequest_bytes attributes.
* The CertificateRevocationList class now has signature and tbs_certlist_bytes attributes.
* NameConstraints are now supported in the CertificateBuilder and CertificateSigningRequestBuilder.
* Support serialization of certificate revocation lists using the public_bytes() method of CertificateRevocationList.
* Add support for parsing CertificateRevocationList extensions() in the OpenSSL backend.
* Added CertificateRevocationListBuilder and RevokedCertificateBuilder to allow creation of CRLs.
* Unrecognized non-critical X.509 extensions are now parsed into an UnrecognizedExtension object.
...and various other improvements. Please see the website changelog for documentation and additional details.
-Paul Kehrer (reaperhulk)
(sorry for the double posting, if any)
Dear pythraners and pythonists,
The pythran team (a great total of 2 active developers) is delighted to
announce the release of Pythran 0.7.4, available on the traditional
channels:
- pypi: https://pypi.python.org/pypi/pythran
- conda: https://anaconda.org/serge-sans-paille/pythran
- github: https://github.com/serge-sans-paille/pythran
As usual, here is a (new) code sample, once again adapted from a
stackoverflow question[0] that showcases pythran capability:
#pythran export check_mask(bool[][], bool[])
# ^~~~~~~ non intrusive top-level annotation
import numpy as np
# ^~~~~~ numpy support (partial)
def check_mask(db, out, mask=[1, 0, 1]):
for idx, line in enumerate(db):
target, vector = line[0], line[1:]
# ^~~~~ type destructuring, array view
if (mask == np.bitwise_and(mask, vector)).all():
# ^~~~~~~ optimization of high level construct
if target == 1:
out[idx] = 1
return out
Compiled with:
% pythran check_mask.py
And benchmarked with:
% python -m timeit -s 'n=10e3 ; import numpy as np;db = np.array(np.random.randint(2, size=(n, 4)), dtype=bool); out = np.zeros(int(n),dtype=bool); from eq import check_mask' 'check_mask(db, out)'
On average, the CPython version runs in 137 msec while the pythran version run in 450us on my laptop :-)
Here is an extract of the changelog:
2016-01-05 Serge Guelton <serge.guelton(a)telecom-bretagne.eu>
* IPython's magic for pythran now supports extra compile flags
* Pythran's C++ output is compatible with Python3 and pythran3 can compile it!
* More syntax checks (and less template traceback)
* Improved UI (multiline pythran exports, better setup.py...)
* Pythonic leaning / bugfixing (this tends to be a permanent item)
* More generic support for numpy's dtype
* Simpler install (no more boost.python deps, nor nt2 configuration)
* Faster compilation (no more boost.python deps, smarter pass manager)
* Better testing (gcc + clang)
Again, thanks a lot to Pierrick for his continuous top-quality work, and
to the OpenDreamKit[1] project that funded (most of) the recent developments!
Special thanks to @hainm, @nbecker, @pkoch, @fsteinmetz, @Suor for their
feedbacks. *You* give us the motivation to go on!
[0] http://stackoverflow.com/questions/34500913/numba-slower-for-numpy-bitwise-…
[1] http://opendreamkit.org/
Hi all,
On behalf of the Bokeh team, I am excited to announce the release of version
0.11 of Bokeh.
Bokeh Version 0.11 is a large release with *many* new improvements. The
major focus of this release was to introduce a new Bokeh server, based on
Tornado and websockets that is more stable, has higher performance, and simpler
to use and deploy. You can already see a small sample of hosted Bokeh
application examples at a new site located here:
http://demo.bokehplots.com
We will be adding many new examples here over the coming weeks.
There is so much exciting in this release, that we will need a few blog
posts to talk about everything. Keep an eye on our Twitter @BokehPlots or the
mailing list for upcoming blog announcements. Some of the highlights from this
release are:
* New Bokeh Server based on Tornado and websockets
- highly expanded documentation, with examples and guidance for usage
* User-Defined Models allowing anyone to extend Bokeh
* Significant GIS features and improvements
- Support for Stamen, OpenStreetMap, and other tile sources
- GeoJSON data source
- Patches with holes
* WebGL support for rendering lines
* Python -> JS compilation for CustomJS callbacks (Py3 only for now)
* New general push_notebook() based on Jupyter comms
* Updates to charts, charts examples, and charts docs
* UX improvements
- configurable and "auto" range bounds
- wheel zoom scroll capture turned off by default
- easily set visual styling for highlighting hovered points
- responsive improvements, maintain plot aspect and auto-resize
Nearly 400 issues and PRs were closed for the release! See the CHANGELOG for full
details, and the release notes for known issues and any migration notes.
The next big feature we plan is to dramatically improve our layout options
using PhosporJS, which is also the foundation of the new Jupyter Workbench
project. We also plan to have several, more frequent point releases with
smaller incremental improvements and fixes.
I'd also like to take the opportunity to thank all the Bokeh contributors,
and especially new people who have helped greatly with this release: Havoc
Pennington, Greg Nordin, and Christian Tremblay.
If you are using Anaconda/miniconda, you can install it with conda:
conda install bokeh
Alternatively, you can also install it with pip:
pip install bokeh
Issues, enhancement requests, and pull requests can be made on the Bokeh
Github page: https://github.com/bokeh/bokeh
Full documentation is available at http://bokeh.pydata.org/en/0.11.0
Questions can be directed to the Bokeh mailing list: bokeh(a)continuum.io
Thanks,
The Bokeh Team
