Mailman 3 October 2019 - Python-announce-list

pytest 5.2.2
by Bruno Oliveira 25 Oct '19

25 Oct '19

pytest 5.2.2 has just been released to PyPI. This is a bug-fix release, being a drop-in replacement. To upgrade:: pip install --upgrade pytest The full changelog is available at https://docs.pytest.org/en/latest/changelog.html. Thanks to all who contributed to this release, among them: * Albert Tugushev * Andrzej Klajnert * Anthony Sottile * Bruno Oliveira * Daniel Hahler * Florian Bruhin * Nattaphoom Chaipreecha * Oliver Bestwalter * Philipp Loose * Ran Benita * Victor Maryama * Yoav Caspi Happy testing, The pytest Development Team

1 0

roundup issue tracker release 2.0.0alpha0
by John P. Rouillard 23 Oct '19

23 Oct '19

I'm proud to release version 2.0.0alpha0 of the Roundup issue tracker which has been possible due to the help of several contributors. This release contains some major changes, so make sure to read `docs/upgrading.txt <http://www.roundup-tracker.org/dev-docs/upgrading.html>`_ to bring your tracker up to date. The changes, as usual, include some new features and many bug fixes. You can download it with: pip download roundup==2.0.0alpha0 then unpack and test/install the tarball. Among the notable improvements are: Roundup is multilingual and will run under either Python 3 or Python 2. If you want to use Python 3, you *must read* the Python 3 Support section in the upgrading doc. Depending on the database backend you may have to export/import the tracker. Also you will need to make sure your tracker's Python code is Python 3 compliant. Thanks to Joseph Myers with help from Christof Meerwald. Roundup has a rest API to go along with the existing xmlrpc API. See doc/rest.txt for details on configuring, authorizing access (per role) and making a request. Thanks to Ralf Schlatterbeck who integrated and updated Chau Nguyen's GSOC code. PGP encryption is now done using the gpg module and not the obsolete pyme library. Thanks to Christof Meerwald. Use of mod_python is deprecated. Apache mod_wsgi documentation has been updated along with gunicorn and uwsgi and is the preferred mechanism. The file CHANGES.txt has a detailed list of feature additions and bug fixes. The most recent changes from there are at the end of this announcement. Also see the information in doc/upgrading.txt. How You Can Help ================ We are looking for one or two front end developers to kick the tires on the rest interface. The rest interface is available by running demo.py as described below. If you are interested in helping please contact "rouilj+rit at ieee.org". The Zope deployment mode has not had any testing under Python 3. We are looking for community involvement to help get this deployment mode validated. It may also have issues under Python 2. If you are interested in helping with this please see: https://issues.roundup-tracker.org/issue2141835 Email input using POP and IMAP modes need testing under Python 3 and Python 2. We have new documentation for deploying with apache and mod_wsgi. It needs testing and enhancement. There are other documentation issues at: https://issues.roundup-tracker.org/issue?@columns=title,id,activity,status&… If you find bugs, please report them to issues AT roundup-tracker.org or create an account at https://issues.roundup-tracker.org and open a new ticket. If you have patches to fix the issues they can be attached to the email or uploaded to the tracker. Upgrading ========= If you're upgrading from an older version of Roundup you *must* follow all the "Software Upgrade" guidelines given in the doc/upgrading.txt documentation. Roundup requires Python 2 newer than version 2.7.2 or Python 3 newer than or equal to version 3.4 for correct operation. The wsgi, server and cgi web deployment modes are the ones with the most testing. To give Roundup a try, just download (see below), unpack and run:: python demo.py Release info and download page: https://pypi.org/project/roundup Source and documentation is available at the website: http://roundup-tracker.org/ Mailing lists - the place to ask questions: https://sourceforge.net/p/roundup/mailman/ About Roundup ============= Roundup is a simple-to-use and install issue-tracking system with command-line, web and e-mail interfaces. It is based on the winning design from Ka-Ping Yee in the Software Carpentry "Track" design competition. Note: Ping is not responsible for this project. The contact for this project is richard(a)users.sourceforge.net. Roundup manages a number of issues (with flexible properties such as "description", "priority", and so on) and provides the ability to: (a) submit new issues, (b) find and edit existing issues, and (c) discuss issues with other participants. The system facilitates communication among the participants by managing discussions and notifying interested parties when issues are edited. One of the major design goals for Roundup that it be simple to get going. Roundup is therefore usable "out of the box" with any Python 2.7.2+ (or 3.4+) installation. It doesn't even need to be "installed" to be operational, though an install script is provided. It comes with five issue tracker templates * a classic bug/feature tracker * a more extensive devel tracker for bug/features etc. * a responsive version of the devel tracker * a jinja2 version of the devel template (work in progress) * a minimal skeleton and supports four database back-ends (anydbm, sqlite, mysql and postgresql). Recent Changes ============== Features: - issue2550901: add search page to jinja2 template (Christof Meerwald) - issue2550982: use PBKDF2 in Python's hashlib, if available (Python 2.7.8+), to improve performance over bundled pure Python version. Note that acceleration via m2crypto is no longer supported (Christof Meerwald) - issue2550989: PGP encryption is now done using the gpg module instead of pyme. (Christof Meerwald) - issue2550987: Use updated MySQL client module that supports Python 3. (Christof Meerwald) - issue2550967: the jinja2 loader has been extended to look for .xml files as well as .html files similar to the TAL loader. (Christof Meerwald) - Support for Python 3 (3.4 and later). See doc/upgrading.txt for details of what is required to move an existing tracker from Python 2 to Python 3 (Joseph Myers, Christof Meerwald) - Merge the Google Summer of Code Project of 2015, the implementation of a REST-API for Roundup. This was implemented by Chau Nguyen under the supervision of Ezio Melotti. Some additions were made, most notably we never destroy an object in the database but retire them with the DELETE method. We also don't allow to DELETE a whole class. Python3 support was also fixed and we have cherry-picked two patches from the bugs.python.org branch in the files affected by the REST-API changes. - Patch to client.py and roundup-server needed by REST-API code. Support OPTIONS verb and prevent hangs when processing a verb other than GET that doesn't have a payload. E.G. DELETE, PATCH or OPTIONS. Verbs like PUT and POST usually have payloads, so this patch doesn't touch processing of these methods. (John Rouillard) - Patches to new rest code: - Generated links in responses should use the base url specified in config.ini. - allow user (e.g. in browser) to override response type/Accept header using extension in url. E.G. .../issues.json. This fixes the existing code so it works. - fix SECURITY issue. Retrieving the item of a class (e.g. /rest/data/user/2) would display properties the user wasn't allowed to access. Note that unlike the web interface, passwords and roles for users are still retreivable if the user has access rights to the properties. - ETags are sent by GET operations and required for DELETE, PUT and PATCH operations. ETag can be supplied by HTTP header or in the payload by adding the field @etag to the form with the value of the etag. - If dict2xml.py is installed, the rest interface can produce an XML format response if the accept header is set to text/xml. (See: https://pypi.org/project/dict2xml/) - When retrieving collection move list of collection elements to collection property. Add @links property with self, next and prev links (where needed). Add @total_size with size of entire collection (unpaginated). Pagination index starts at 1 not 0. - accept content-type application/json payload for PUT, PATCH, POST requests in addition to application/x-www-form-urlencoded. (John Rouillard) - issue2550833: the export_csv web action now returns labels/names rather than id's. Replace calls to export_csv with the export_csv_id action to return the same data as the old export_csv action. (Tom Ekberg (tekberg), Andreas (anrounham14) edited/applied and tests created by John Rouillard) - issue2551018: Add new note_filter parameter to nosymessage. The function supplied by this parameter can rewrite the body of the nosymessage before it gets sent. See issue: https://issues.roundup-tracker.org/issue2551018 for example nosyreaction and generated email. (Tom Ekberg (tekberg)) - issue2550949: Rate limit password guesses/login attempts. Rate limit mechanism added for web page logins. Default is 3 login attempts/minute for a user. After which one login attempt every 20 seconds can be done. (John Rouillard) - issue2551043: Add X-Roundup-issue-id email header. Add a new header to make it easier to filter notification emails without having to parse the subject line. (John Rouillard) - The database filter method now can also do an exact string search. - The database filter method now has limit and offset parameters that map to the corresponding parameters of SQL. - issue2551061: Add rudimentary experimental support for JSON Web Tokens (jwt) to allow delegation of limited access rights to third parties. See doc/rest.txt for details and intent. (John Rouillard) - issue2551058: Add new permissions: 'Rest Access' and 'Xmlrpc Access' to allow per-user access control to rest and xmlrpc interfaces using roles. (John Rouillard) - issue2551059: added new values for tx_Source to indicate when /rest or /xmlrpc endpoint is being used rather than the normal web endpoints. (John Rouillard) - issue2551062: roundup-admin security now validates all properties in permissions. It reports invalid properties. (John Rouillard) - issue2551065: Reorder html entities generated by submit button so that styles can be applied. Thanks to Garth Jensen for the patch against release 1.6 that was ported to upcoming 2.0 release (Ralf Schlatterbeck). Fixed: - issue2550811: work around Unicode encoding issues in jinja2 template by explicitly converting data to Unicode; also fixed pagination and selecting columns to display in the issues list (Christof Meerwald) - issue2550988: fixed fallback to pseudo random number generator in case SystemRandom isn't available, prefer use of secrets module if available (Python 3.6+) (Christof Meerwald) - issue2550993: fixed edit CSV action to update restored items to the new value instead of restoring with the previous value (Christof Meerwald) - issue2550994: avoid breakage caused by use of backports of Python 3 configparser module to Python 2. (Joseph Myers) - Make non-existent items in history not cause a traceback (Ralf Schlatterbeck) - issue2550722: avoid errors from selecting "no selection" on multilink. (Joseph Myers) - issue2550992: avoid errors from invalid Authorization headers. (Joseph Myers) - issue2551022: support non-ASCII prefixes in instance config for finding static files. (Cédric Krier) - issue2551023: Fix CSRF headers for use with wsgi and cgi. The env variable array used - separators rather than _. Compare: HTTP_X-REQUESTED-WITH to HTTP_X_REQUESTED_WITH. The last is correct. Also fix roundup-server to produce the latter form. (Patch by Cédric Krier, reviewed/applied John Rouillard.) - issue2551035 - fix XSS issue in wsgi and cgi when handing url not found/404. Reported by hannob at https://github.com/python/bugs.python.org/issues/34, issue opened by JulienPalard. - issue2551026: template variable not defined even though it is. Fix issue where variables defined in TAL expression are not available in the scope of the definition. (Tom Ekberg (tekberg)) - Make all links created with rel=nofollow include noopener. Deals with possible hijack of original page due to malicious link target. https://mathiasbynens.github.io/rel-noopener/ (John Rouillard) - Fix bug where some protected properties were not identified as such when using the anydbm backend (John Rouillard) - issue2551041 - change permission check from "Create User" to "Register User" in page.html for the responsive and devel templates. (reporter Cédric Krier, John Rouillard) - issue2550144 - fix use of undefined icing macro in devel template. Replace with frame macro. (Cédric Krier) - handle UnicodeDecodeError in file class when file contents are not text (e.g. jpg). (John Rouillard) - issue2551033: prevent reverse engineering hidden data by using etags as an oracle to identify when the right data has been guessed. (Joseph Myers, John Rouillard) - issue2551029: Jinja2 template install error. Update configuration code to make sure valid backend database is set. Remove config.ini from templates to make sure that roundup-admin install writes a new default config.ini based on configuration.py. - issue2551040: New release of psycopg2 drops support for psycopg1 - need to rewrite. Now uses psycopg2 throughout. (John Rouillard) - issue2551009: Flint not supported error during reindex. Upgrading doc updates to discuss this when reindexing. (Reported by Gabi, Change by John Rouillard) - issue2551030: Roundup fails to start if pytz to access Olson timezone database not installed. (John Rouillard) - issue2551029: Jinja2 template install error. Handle issue with template's config.ini not getting updated. Provide an alternate file: config_ini.ini for required config settings that are merged into the default values producing an up to date config.ini on install. - issue2551008: fix incorrect encoding handling in mailgw.py (Ezio Melotti, John Rouillard) - issue2551053: the routing dictionary in rest.py used compiled regular expressions as dictionary keys. This worked most of the time because the regex lib uses a cache but resulted in duplicate keys in the dictionary in some cases where a single key should have been used. Thanks to Robert Klonner for discovering the problem, debugging the root cause and providing a first proposed fix. - Make searching with a multiselect work for Link/Multilink properties that may contain numeric *key* values. For these a menu would render options with IDs and later look up the IDs as *key* of the Link/Multilink. Now numeric IDs take precedence -- like they already do in the menu method of Link and Multilink. - issue2551013: Reversed sorting in hyperdb property wrapper object's sorted() method. Patch by David Sowder, application and doc change by John Rouillard. - issue2550821 - patches for depricated mod_python apache.py interface (John Rouillard) - issue2551005 - deprecation of mod_python (John Rouillard) - issue2551066: IMAP mail handling wasn't working and produced a traceback. - issue2550925 if deployed as CGI and client sends an http PROXY header, the tainted HTTP_PROXY environment variable is created. It can affect calls using requests package or curl. A roundup admin would have to write detectors/extensions that use these mechanisms. Not exploitable in default config. (John Rouillard) - Add config option to keep/delete previous logging config. Needed to make gunicorn --access-logfile work as it uses python logfile module too. -- -- rouilj John Rouillard =========================================================================== My employers don't acknowledge my existence much less my opinions.

1 0

[ANN] Austin -- CPython frame stack sampler v1.0.0 is now available
by Gabriele 20 Oct '19

20 Oct '19

I am delighted to announce the release 1.0.0 of Austin. If you haven't heard of Austin before, it is a frame stack sampler for CPython. It can be used to obtain statistical profiling data out of a running Python application without a single line of instrumentation. This means that you can start profiling a Python application straightaway, even while it's running on a production environment, with minimal impact on performance. The simplest way of using Austin is by piping its output to FlameGraph for a quick and detailed representation of the collected samples. The latest release introduces a memory profiling mode which allows you to profile memory usage. Austin is a pure C application that has no other dependencies other than the C standard library. Its source code is hosted on GitHub at https://github.com/P403n1x87/austin The README contains installation and usage details, as well as some examples of Austin in action. Details on how to contribute to Austin's development can be found at the bottom of the page. All the best, Gabriele What's New ========== - Added support for multi-process Python applications. - Added support for Python 3.8. Bugfixes ======== - Fixed support for WSL on Windows.

1 0

[RELEASE] Python 2.7.17
by Benjamin Peterson 19 Oct '19

19 Oct '19

Greetings, I'm wealful to announce the immediate availability of Python 2.7.17, another bugfix release in the Python 2.7 series. Downloads are on python.org: https://www.python.org/downloads/release/python-2717/ No code changes occurred between the 2.7.17 release candidate and the final release, but there were some documentation changes. See the 2.7.17rc1 changelog for changes between 2.7.16 and 2.7.17: https://raw.githubusercontent.com/python/cpython/c2f86d86e6c8f5fd1ef602128b… PEP 373, the Python 2.7 releases schedule, designates 2.7.17 as the penultimate Python 2.7 release. So, be aware that the upstream demise of Python 2 is not far away. For the time being, bugs may be reported to https://bugs.python.org. See you soon for The End, Benjamin

1 0

NumPy 1.17 3 released
by Charles R Harris 17 Oct '19

17 Oct '19

Hi All, On behalf of the NumPy team I am pleased to announce that NumPy 1.17.3 has been released. This is a bugfix release. The Python versions supported in this release are 3.5-3.8. Downstream developers should use Cython >= 0.29.13 for Python 3.8 support and OpenBLAS >= 3.7 to avoid wrong results on the Skylake architecture. The NumP Wheels for this release can be downloaded from PyPI <https://pypi.org/project/numpy/1.17.3/>, source archives and release notes are available from Github <https://github.com/numpy/numpy/releases/tag/v1.17.3>. *Highlights* - Wheels for Python 3.8 - Boolean matmul fixed to use booleans instead of integers. *Compatibility notes* - The seldom used PyArray_DescrCheck macro has been changed/fixed. *Contributors* A total of 7 people contributed to this release. People with a "+" by their names contributed a patch for the first time. - Allan Haldane - Charles Harris - Kevin Sheppard - Matti Picus - Ralf Gommers - Sebastian Berg - Warren Weckesser *Pull requests merged* A total of 12 pull requests were merged for this release. - gh-14456: MAINT: clean up pocketfft modules inside numpy.fft namespace. - gh-14463: BUG: random.hypergeometic assumes npy_long is npy_int64, hung... - gh-14502: BUG: random: Revert gh-14458 and refix gh-14557. - gh-14504: BUG: add a specialized loop for boolean matmul. - gh-14506: MAINT: Update pytest version for Python 3.8 - gh-14512: DOC: random: fix doc linking, was referencing private submodules. - gh-14513: BUG,MAINT: Some fixes and minor cleanup based on clang analysis - gh-14515: BUG: Fix randint when range is 2**32 - gh-14519: MAINT: remove the entropy c-extension module - gh-14563: DOC: remove note about Pocketfft license file (non-existing here). - gh-14578: BUG: random: Create a legacy implementation of random.binomial. - gh-14687: BUG: properly define PyArray_DescrCheck Cheers, Charles Harris

1 0

PyCA cryptography 2.8 released
by Paul Kehrer 17 Oct '19

17 Oct '19

PyCA cryptography 2.8 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 2.7, Python 3.4+, and PyPy. Changelog (https://cryptography.io/en/latest/changelog/#v2-8): * Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1d. * Added support for Python 3.8. * Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations. * Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9. * We now ship manylinux2010 wheels in addition to our manylinux1 wheels. * Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder. * cryptography no longer depends on asn1crypto. * FreshestCRL is now allowed as a CertificateRevocationList extension. -Paul Kehrer (reaperhulk)

1 0

[RELEASE] Python 3.7.5 is now available
by Ned Deily 15 Oct '19

15 Oct '19

Python 3.7.5 is now available, the next maintenance release of Python 3.7. You can find the release files, a link to the changelog, and more information here: https://www.python.org/downloads/release/python-375/ Note that the next feature release of Python 3, Python 3.8.0, is also now available. Python 3.8 contains many new features and optimizations. You should consider upgrading to it. We plan to continue regular bugfix releases of Python 3.7.x through mid-year 2020 and provide security fixes for it until mid-year 2023. More details are available in PEP 537, the Python 3.7 Release Schedule (https://www.python.org/dev/peps/pep-0537/). Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation. -- Ned Deily nad(a)python.org -- []

1 0

UG Announcement - Python Tanzania Community
by Noah . 15 Oct '19

15 Oct '19

Dear Listers, As per requirements, we are pleased to announce the existence of the Python language community in Tanzania. Please find below some information and the current developments. *User Group Details;* Name: Python Community Tanzania Mailing list: https://mail.python.org/mailman3/lists/tanzania.python.org/ Under Other: Africa First Local Meetings Held: Yes *Meetings and Events;* Name: PyCon Tanzania Website: pycon.or.tz Github: https://github.com/pycontanzania Under Other: Africa Organizing Members: 5 - 10 Goal and motivation: To build and sustain while bringing together and growing the Python language users and community in Tanzania through Python related meetups, workshops and annual events. FWIW, Tanzania is a peaceful nation formed out of the political union between (Tanganyika and Zanzibar ) in the East African Region. The land of the Serengeti Game Park and the tallest mountain in Africa, the Kilimanjaro. For more about Tanzania [1] http://www.tanzania.go.tz/home/pages/68 Cheers, Noah Community Moderator https://twitter.com/PyconTanzania

1 0

Trac 1.0.19 Released
by Ryan Ollos 15 Oct '19

15 Oct '19

Trac 1.0.19, the latest maintenance release for the older stable branch, is available. You will find this release at the usual places: https://trac.edgewall.org/wiki/TracDownload#PreviousStableRelease You can find the detailed release notes for 1.0.19 on the following pages: https://trac.edgewall.org/wiki/1.0/TracChangeLog https://trac.edgewall.org/wiki/TracDev/ReleaseNotes/1.0#MaintenanceReleases Now to the packages themselves: URLs: https://download.edgewall.org/trac/Trac-1.0.19.tar.gz https://download.edgewall.org/trac/Trac-1.0.19-py2-none-any.whl https://download.edgewall.org/trac/Trac-1.0.19.win32.exe https://download.edgewall.org/trac/Trac-1.0.19.win-amd64.exe MD5 sums: a2f7d22657ef09df6a7117c8b7474d69 Trac-1.0.19.tar.gz 13d2e3885c46445ac2044aecf489d3c7 Trac-1.0.19-py2-none-any.whl 20422a1f977dd0c4b799383cab52d0f7 Trac-1.0.19.win32.exe 0d61b5612ada6fc6bcce4db1f88007bf Trac-1.0.19.win-amd64.exe SHA256 sums: 026cf713f9e20af9b487e2f8915399a061694e340f7ea4492552ac7c2f48ed13 Trac-1.0.19.tar.gz badbc390a2c77a767ed0ceda3235760762ec7e7fdde56d149332b0af273560ef Trac-1.0.19-py2-none-any.whl e65b59ff1010122a71ffc972786cdf9f9c09d93f9d7fa9c5350fff951e28e701 Trac-1.0.19.win32.exe 7e5e7815ef4b4cf39a1da779dbb185d125f158f871def909237fe6c6e75652f2 Trac-1.0.19.win-amd64.exe Acknowledgements ================ Many thanks to the growing number of people who have, and continue to, support the project. Also our thanks to all people providing feedback and bug reports that helps us make Trac better, easier to use and more effective. Without your invaluable help, Trac would not evolve. Thank you all. Finally, we hope that Trac will be useful to like-minded programmers around the world, and that this release will be an improvement over the last version. Please let us know. /The Trac Team https://trac.edgewall.org/

1 0

[RELEASE] Python 3.8.0 is now available
by Łukasz Langa 14 Oct '19

14 Oct '19

On behalf of the Python development community and the Python 3.8 release team, I’m pleased to announce the availability of Python 3.8.0. Python 3.8.0 is the newest feature release of the Python language, and it contains many new features and optimizations. You can find Python 3.8.0 here: https://www.python.org/downloads/release/python-380/ <https://www.python.org/downloads/release/python-380/> Most third-party distributors of Python should be making 3.8.0 packages available soon. See the “What’s New in Python 3.8 <https://docs.python.org/3.8/whatsnew/3.8.html>” document for more information about features included in the 3.8 series. Detailed information about all changes made in 3.8.0 can be found in its change log. Maintenance releases for the 3.8 series will follow at regular bi-monthly intervals starting in December of 2019. We hope you enjoy Python 3.8! Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organization contributions to the Python Software Foundation. https://www.python.org/psf/ <https://www.python.org/psf/> - Ł

1 0