Fri, 10 May 2019 16:07:32 +0200 Move CWSchemaTC to RQLExpressionTC
Philippe Pepiot <philippe.pepiot@logilab.fr> [Fri, 10 May 2019 16:07:32 +0200] rev 12597
Move CWSchemaTC to RQLExpressionTC The test actually doesn't require a cubicweb schema, except for testing EmailAdress which is out of scope of the test (testing RQLExpression.transform_has_permission()). Just move the test in existing RQLExpressionTC inheriting from TestCase and rename the tests to be more explicit.
Wed, 17 Apr 2019 16:41:41 +0200 [skeleton] Drop py27 tox environment
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 17 Apr 2019 16:41:41 +0200] rev 12596
[skeleton] Drop py27 tox environment Since we dropped py2 support from cubicweb, it does not make much sense to keep it in skeleton from now on.
Wed, 17 Apr 2019 15:30:42 +0200 [skeleton] Do not ship Debian and RPM packaging files in sdist
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 17 Apr 2019 15:30:42 +0200] rev 12595
[skeleton] Do not ship Debian and RPM packaging files in sdist
Wed, 17 Apr 2019 15:06:57 +0200 [skeleton] Add a check-manifest tox environment
Denis Laxalde <denis.laxalde@logilab.fr> [Wed, 17 Apr 2019 15:06:57 +0200] rev 12594
[skeleton] Add a check-manifest tox environment
Fri, 10 May 2019 16:04:37 +0200 Fix pyramid tests
Philippe Pepiot <philippe.pepiot@logilab.fr> [Fri, 10 May 2019 16:04:37 +0200] rev 12593
Fix pyramid tests Followup fa292e9 which require cubicweb.session.secret to be set.
Fri, 10 May 2019 11:42:24 +0200 Fix flake8 and check-manifest
Philippe Pepiot <philippe.pepiot@logilab.fr> [Fri, 10 May 2019 11:42:24 +0200] rev 12592
Fix flake8 and check-manifest Followup fa292e9
Fri, 10 May 2019 15:58:01 +0200 Merge 3.26
Philippe Pepiot <philippe.pepiot@logilab.fr> [Fri, 10 May 2019 15:58:01 +0200] rev 12591
Merge 3.26 This fixes tests with psycopg2
Wed, 08 May 2019 21:37:13 +0200 DeprecationWarning: In future versions of Waitress clear_untrusted_proxy_headers will be set to True by default. You may opt-out by setting this value to False, or opt-in explicitly by setting this to True.
Laurent Peuch <cortex@worlddomination.be> [Wed, 08 May 2019 21:37:13 +0200] rev 12590
DeprecationWarning: In future versions of Waitress clear_untrusted_proxy_headers will be set to True by default. You may opt-out by setting this value to False, or opt-in explicitly by setting this to True. Source: https://docs.pylonsproject.org/projects/waitress/en/stable/arguments.html?highlight=clear_untrusted_proxy_headers > This tells Waitress to remove any untrusted proxy headers ("Forwarded", > "X-Forwared-For", "X-Forwarded-By", "X-Forwarded-Host", "X-Forwarded-Port", > "X-Forwarded-Proto") not explicitly allowed by trusted_proxy_headers. According to grep we don't use any of those headers so let's turn it on for security reasons.
Wed, 08 May 2019 21:30:44 +0200 DeprecationWarning: The default pickle serializer is deprecated as of Pyramid 1.9 and it will be changed to use pyramid.session.JSONSerializer in version 2.0. Explicitly set the serializer to avoid future incompatibilities
Laurent Peuch <cortex@worlddomination.be> [Wed, 08 May 2019 21:30:44 +0200] rev 12589
DeprecationWarning: The default pickle serializer is deprecated as of Pyramid 1.9 and it will be changed to use pyramid.session.JSONSerializer in version 2.0. Explicitly set the serializer to avoid future incompatibilities . See "Upcoming Changes to ISession in Pyramid 2.0" for more information about this change. As describe here https://docs.pylonsproject.org/projects/pyramid/en/1.10-branch/narr/sessions.html#pickle-session-deprecation use a serializer that fallback on pickle if needed to avoid impacting users.
Wed, 08 May 2019 20:53:49 +0200 [pyramid/enh] generate pyramid.ini "create" and on "pyramid" command if needed
Laurent Peuch <cortex@worlddomination.be> [Wed, 08 May 2019 20:53:49 +0200] rev 12588
[pyramid/enh] generate pyramid.ini "create" and on "pyramid" command if needed
Wed, 08 May 2019 21:00:45 +0200 DeprecationWarning: The SafeConfigParser class has been renamed to ConfigParser in Python 3.2. This alias will be removed in future versions. Use ConfigParser directly instead.
Laurent Peuch <cortex@worlddomination.be> [Wed, 08 May 2019 21:00:45 +0200] rev 12587
DeprecationWarning: The SafeConfigParser class has been renamed to ConfigParser in Python 3.2. This alias will be removed in future versions. Use ConfigParser directly instead.
Mon, 08 Apr 2019 11:24:53 +0200 Account for new psycopg2 exception classes mapping 3.26
Denis Laxalde <denis.laxalde@logilab.fr> [Mon, 08 Apr 2019 11:24:53 +0200] rev 12586
Account for new psycopg2 exception classes mapping From psycopg2 >= 2.8, specific exceptions are raised corresponding to postgresql errors. E.g. a CheckViolation exception is raised instead of a generic IntegrityError previously when a constraint violation occurs. The way we intercept database errors, especially for constraint violation, is not compliant with that because we do not catch subclasses of IntegrityError in native source's doexec() method. We fix this by checking for the presence of IntegrityError error in exception class's mro. This is still overcomplicated and clumsy, because we still use string comparison, but this is the best we can do as far as I know. (A better fix would be 'isinstance(ex, IntegrityError)' but we have no engine-independent error classes, so this is not possible. Something like sqlalchemy's DBAPI Errors [1] might help: https://docs.sqlalchemy.org/en/latest/errors.html#dbapi-errors)
Fri, 12 Apr 2019 02:26:28 +0200 [cubicweb-ctl] remove "cubicweb-ctl wsgi" command following pyramid standardization
Laurent Peuch <cortex@worlddomination.be> [Fri, 12 Apr 2019 02:26:28 +0200] rev 12585
[cubicweb-ctl] remove "cubicweb-ctl wsgi" command following pyramid standardization
Fri, 12 Apr 2019 12:31:14 +0200 Use secure hash algorithm in WebConfiguration.sign_text
Laurent Peuch <cortex@worlddomination.be> [Fri, 12 Apr 2019 12:31:14 +0200] rev 12584
Use secure hash algorithm in WebConfiguration.sign_text Fix: PendingDeprecationWarning: HMAC() without an explicit digestmod argument is deprecated. The default hash algorithm used by hmac.new is md5. As of today, md5 is so weak that it's the equivalent of plaintext and can't be considered to be secured at all. Therefor, we switch to a secure hash algorithm. The rational for choosing sha3_512 is: * the recommended algorithm is at least sha_256 * the stronger, the more secured and sha3_512 is the stronger available * thinking about the future this should keep this part of the code safe long enough before people think about checking it again You can read more about choosing a secure hash algorithm in the NIST recommendations https://csrc.nist.gov/Projects/Hash-Functions/NIST-Policy-on-Hash-Functions This code modification should normally be transparent since check_text_sign is exactly this code 'self.sign_text(text) == signature' and that sign_text is only used in combination with it. The only impact is that the hash is going to move from 32 char to 128 which might make html page a bit bigger and that sha3_512 is slow to compute (which is a good thing for security)
(0) -10000 -3000 -1000 -300 -100 -14 +14 +100 +300 tip