Merge branch 'release_18.09' into dev

config/galaxy.yml.sample

@@ -300,7 +300,7 @@ galaxy:
   # Set to True to enable monitoring of dynamic job rules. If changes
   # are found, rules are automatically reloaded. Takes the same values
   # as the 'watch_tools' option.
-  #watch_job_rules: false
+  #watch_job_rules: 'false'
 
   # As of 18.09, Galaxy defaults to setting up the object store
   # configuration for output datasets during the job queue step in job
@@ -1050,7 +1050,7 @@ galaxy:
   # server (above, sentry_dsn).  A value of '0' is disabled.  For
   # example, you would set this to .005 to log all queries taking longer
   # than 5 milliseconds.
-  #sentry_sloreq_threshold: 0
+  #sentry_sloreq_threshold: 0.0
 
   # Log to statsd Statsd is an external statistics aggregator
   # (https://github.com/etsy/statsd) Enabling the following options will

doc/source/admin/galaxy_options.rst

@@ -2163,7 +2163,7 @@
     server (above, sentry_dsn).  A value of '0' is disabled.  For
     example, you would set this to .005 to log all queries taking
     longer than 5 milliseconds.
-:Default: ``0``
+:Default: ``0.0``
 :Type: float
 
 

doc/source/releases/18.09.rst

@@ -820,6 +820,17 @@ Fixes
 * Fix slurm cli on secure shell
   (thanks to `@mvdbeek <https://github.com/mvdbeek>`__).
   `Pull Request 6845`_
+* update paramiko dep
+  `Pull Request 6859`_
+* Fix ``LocalShell`` doctest
+  (thanks to `@nsoranzo <https://github.com/nsoranzo>`__).
+  `Pull Request 6863`_
+* Keep xlsx files compressed
+  (thanks to `@mvdbeek <https://github.com/mvdbeek>`__).
+  `Pull Request 6867`_
+* Do not traceback when uploading a TS repo with no changes
+  (thanks to `@nsoranzo <https://github.com/nsoranzo>`__).
+  `Pull Request 6875`_
 
 .. github_links
 .. _Pull Request 5457: https://github.com/galaxyproject/galaxy/pull/5457
@@ -1162,4 +1173,8 @@ Fixes
 .. _Pull Request 6836: https://github.com/galaxyproject/galaxy/pull/6836
 .. _Pull Request 6839: https://github.com/galaxyproject/galaxy/pull/6839
 .. _Pull Request 6845: https://github.com/galaxyproject/galaxy/pull/6845
+.. _Pull Request 6859: https://github.com/galaxyproject/galaxy/pull/6859
+.. _Pull Request 6863: https://github.com/galaxyproject/galaxy/pull/6863
+.. _Pull Request 6867: https://github.com/galaxyproject/galaxy/pull/6867
+.. _Pull Request 6875: https://github.com/galaxyproject/galaxy/pull/6875
 

doc/source/releases/18.09_announce.rst

@@ -68,6 +68,22 @@ Tracked as GX-2018-0006. Servers running Galaxy 18.05 should be updated as soon
 See `the public announcement for full details
 <http://announce.list.galaxyproject.org/GX-2018-0006-Unauthorized-File-System-Operations-via-New-Upload-API-td4639432.html>`__.
 
+
+Tool Vulnerabilities Discovered
+-------------------------------
+Older versions of certain repositories in the Tool Shed were identified as vulnerable. All of these are owned and maintained by the ``iuc``. The repository list follows:
+
+* ``gemini_query``
+* ``gemini_stats``
+* ``gemini_gene_wise``
+* ``iqtree``
+* ``shovill``
+* ``fastq_dump``
+* ``sam_dump``
+* ``sra_pileup``
+
+If you have any of these repositories installed in your Galaxy, please update them to the latest revision immediately and disable/uninstall all older versions.
+
 Deprecation Notice
 ==================
 

lib/galaxy/datatypes/data.py

@@ -248,7 +248,7 @@ def _archive_composite_dataset(self, trans, data=None, **kwd):
             try:
                 if params.do_action == 'zip':
                     # Can't use mkstemp - the file must not exist first
-                    tmpd = tempfile.mkdtemp()
+                    tmpd = tempfile.mkdtemp(dir=trans.app.config.new_file_path, prefix='gx_composite_archive_')
                     util.umask_fix_perms(tmpd, trans.app.config.umask, 0o777, trans.app.config.gid)
                     tmpf = os.path.join(tmpd, 'library_download.' + params.do_action)
                     archive = zipfile.ZipFile(tmpf, 'w', zipfile.ZIP_DEFLATED, True)
@@ -374,7 +374,7 @@ def display_data(self, trans, data, preview=False, filename=None, to_ext=None, *
             file_path = trans.app.object_store.get_filename(data.dataset, extra_dir='dataset_%s_files' % data.dataset.id, alt_name=filename)
             if os.path.exists(file_path):
                 if os.path.isdir(file_path):
-                    with tempfile.NamedTemporaryFile(mode='w', delete=False) as tmp_fh:
+                    with tempfile.NamedTemporaryFile(mode='w', delete=False, dir=trans.app.config.new_file_path, prefix='gx_html_autocreate_') as tmp_fh:
                         tmp_file_name = tmp_fh.name
                         dir_items = sorted(os.listdir(file_path))
                         base_path, item_name = os.path.split(file_path)

lib/galaxy/webapps/galaxy/config_schema.yml

@@ -365,7 +365,7 @@ mapping:
 
       watch_job_rules:
         type: str
-        default: false
+        default: 'false'
         required: false
         desc: |
           Set to True to enable monitoring of dynamic job rules. If changes are
@@ -1609,7 +1609,7 @@ mapping:
 
       sentry_sloreq_threshold:
         type: float
-        default: 0
+        default: 0.0
         required: false
         desc: |
           Sentry slow request logging.  Requests slower than the threshold