![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / devel / rt3
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.25, Thu Sep 26 08:34:03 2019 UTC (4 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: HEAD
Changes since 1.24: +1 -1
lines
FILE REMOVED
rt3, p5-libapreq: remove p5-libapreq depends on mod_perl 1.x, which was removed in June. rt3 uses p5-libapreq.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Jan 1 22:29:25 2018 UTC (5 years, 11 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1
Changes since 1.23: +5 -5
lines
Diff to previous 1.23 (colored)
Sort PLIST files. Unsorted entries in PLIST files have generated a pkglint warning for at least 12 years. Somewhat more recently, pkglint has learned to sort PLIST files automatically. Since pkglint 5.4.23, the sorting is only done in obvious, simple cases. These have been applied by running: pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
Revision 1.22.4.1 / (download) - annotate - [select for diffs], Thu May 30 08:29:36 2013 UTC (10 years, 6 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.22: +4 -1
lines
Diff to previous 1.22 (colored) next main 1.23 (colored)
Pullup ticket #4142 - requested by spz
devel/rt3: security update
Revisions pulled up:
- devel/rt3/Makefile 1.52
- devel/rt3/Makefile.install 1.20
- devel/rt3/PLIST 1.23
- devel/rt3/distinfo 1.24
---
Module Name: pkgsrc
Committed By: spz
Date: Sun May 26 16:55:53 UTC 2013
Modified Files:
pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
Log Message:
security update for RT3, fixing:
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
It also includes a database upgrade, so please make sure to run `make
upgrade-database`.
Changes in detail are:
3.8.15->3.8.16:
ruz stop RT from locking on "large" mails
ruz make sure data is recorded (tests)
alexmv Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
alexmv Ensure that tickets are destroyed before global destruction, in more
alexmv Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
sunnavy destroy more tickets and objects before global destruction for modern
tsibley Remove the "signature" paragraph from the README's explanation of RT
3.8.16->3.8.17:
alexmv Ensure that filenames in inline image attributes are HTML-escaped
alexmv Deny direct access to callbacks
alexmv Protect calls to $m->comp with user input in ColumnMap
alexmv Ensure that subjects cannot contain embedded newlines
alexmv Remove filename= suggesions from Content-Disposition lines
alexmv Ensure consistent escaping of filenames in attachment URIs
alexmv Ensure that URLs placed in HTML attributes are escaped correctly, to
prevent XSS injection
alexmv Ensure that the default replacement does not pass through unescaped
content
alexmv Use File::Temp for non-predictable temporary filenames
Revision 1.23 / (download) - annotate - [select for diffs], Sun May 26 16:55:53 2013 UTC (10 years, 6 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1,
pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Changes since 1.22: +4 -1
lines
Diff to previous 1.22 (colored)
security update for RT3, fixing:
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
It also includes a database upgrade, so please make sure to run `make
upgrade-database`.
Changes in detail are:
3.8.15->3.8.16:
ruz stop RT from locking on "large" mails
ruz make sure data is recorded (tests)
alexmv Remove bogus argument to ->get(), which fail on HTTP::Message >= 5.05
alexmv Ensure that tickets are destroyed before global destruction, in more
alexmv Work around a bug in perl < 5.13.10 with open($fh, ">:raw", \$string)
sunnavy destroy more tickets and objects before global destruction for modern
tsibley Remove the "signature" paragraph from the README's explanation of RT
3.8.16->3.8.17:
alexmv Ensure that filenames in inline image attributes are HTML-escaped
alexmv Deny direct access to callbacks
alexmv Protect calls to $m->comp with user input in ColumnMap
alexmv Ensure that subjects cannot contain embedded newlines
alexmv Remove filename= suggesions from Content-Disposition lines
alexmv Ensure consistent escaping of filenames in attachment URIs
alexmv Ensure that URLs placed in HTML attributes are escaped correctly, to
prevent XSS injection
alexmv Ensure that the default replacement does not pass through unescaped
content
alexmv Use File::Temp for non-predictable temporary filenames
Revision 1.22 / (download) - annotate - [select for diffs], Wed Oct 31 20:39:26 2012 UTC (11 years, 1 month ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Branch point for: pkgsrc-2013Q1
Changes since 1.21: +2 -1
lines
Diff to previous 1.21 (colored)
Update to the latest version in the rt3 train. Contains security updates:
3.8.15 Release Notes
This release resolves a number of security vulnerabilities.
It resolves CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735,
and CVE-2012-4884.
In addition to these security fixes, RT 3.8.15 contains support for
partitioned PGP messages.
3.8.14 Release Notes
This release contains two fixes related to the 3.8.12 security release.
Access to search results URLs is now CSRF whitelisted, based on user
feedback.
An error in rt-email-dashboards has been corrected.
3.8.13 Release Notes
This release contains an important bugfix over the 3.8.12 security
release:
* Fix sending email with the 'perl-script' mod_perl handler, by
ensuring that STDIN was always on FD 0 before calling IPC::Open2.
This failure showed as either SIGPIPE or abnormal exit codes when
running sendmail.
* Fix for "Undefined value assigned to typeglob" and "Bad file
descriptor: core_output_filter" errors caused by the above change, by
ensuring that both FD 0 and FD 1 are prevented from being claimed by
Apache. This error only arose with the perfork MPM and mod_perl <=
2.0.4.
Revision 1.20.8.1 / (download) - annotate - [select for diffs], Mon May 28 10:50:59 2012 UTC (11 years, 6 months ago) by tron
Branch: pkgsrc-2012Q1
Changes since 1.20: +3 -5
lines
Diff to previous 1.20 (colored) next main 1.21 (colored)
Pullup ticket #3808 - requested by spz
devel/rt3: security update
Revisions pulled up:
- devel/rt3/Makefile 1.49
- devel/rt3/Makefile.install 1.18
- devel/rt3/PLIST 1.21
- devel/rt3/distinfo 1.22
- devel/rt3/patches/patch-lib_RT_Action_CreateTickets.pm deleted
- devel/rt3/patches/patch-lib_RT_Ticket__Overlay.pm deleted
- devel/rt3/patches/patch-lib_RT_Transaction__Overlay.pm deleted
- devel/rt3/patches/patch-share_html_Admin_CustomFields_Modify.html deleted
- devel/rt3/patches/patch-share_html_Search_Bulk.html deleted
- devel/rt3/patches/patch-share_html_Search_Elements_SelectChartType deleted
- devel/rt3/patches/patch-share_html_Ticket_Elements_PreviewScrips deleted
---
Module Name: pkgsrc
Committed By: spz
Date: Fri May 25 19:55:44 UTC 2012
Modified Files:
pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
Removed Files:
pkgsrc/devel/rt3/patches: patch-lib_RT_Action_CreateTickets.pm
patch-lib_RT_Ticket__Overlay.pm
patch-lib_RT_Transaction__Overlay.pm
patch-share_html_Admin_CustomFields_Modify.html
patch-share_html_Search_Bulk.html
patch-share_html_Search_Elements_SelectChartType
patch-share_html_Ticket_Elements_PreviewScrips
Log Message:
Update RT to version 3.8.12:
Changes from 3.8.11 to 3.8.12:
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
* Upgrade prototype.js to version 1.7, for compatibility with google
charts.
* Remove ie7.js, which is no longer used.
* Ensure that TransactionBatch scripts are only run once.
Changes from 3.8.10 to 3.8.11:
This release contains a number of bugfixes and minor security updates
since the 3.8.10 release, most notably:
* Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766
* New WebHttpOnlyCookies option, enabled by default, which hides RT's
cookie from direct Javascript access.
* Compatibility with perl 5.12 and 5.14, by removing deprecated "for
qw(...)" and "defined %hash" syntax.
* MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than
TYPE=InnoDB
* Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files
are loaded correctly.
* Fix session cleaner for on-disk sessions, broken since 3.8.0.
* Ensure that only one "Based on" attribute is stored for each custom
field.
* Fix the loading of Shredder plugins, broken in 3.8.10.
Revision 1.21 / (download) - annotate - [select for diffs], Fri May 25 19:55:43 2012 UTC (11 years, 6 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2
Changes since 1.20: +3 -5
lines
Diff to previous 1.20 (colored)
Update RT to version 3.8.12:
Changes from 3.8.11 to 3.8.12:
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-2082,
CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458,
CVE-2011-4459, and CVE-2011-4460.
* Upgrade prototype.js to version 1.7, for compatibility with google
charts.
* Remove ie7.js, which is no longer used.
* Ensure that TransactionBatch scripts are only run once.
Changes from 3.8.10 to 3.8.11:
This release contains a number of bugfixes and minor security updates
since the 3.8.10 release, most notably:
* Adjust FCGI dependency to one which resolves FCGI's CVE-2011-2766
* New WebHttpOnlyCookies option, enabled by default, which hides RT's
cookie from direct Javascript access.
* Compatibility with perl 5.12 and 5.14, by removing deprecated "for
qw(...)" and "defined %hash" syntax.
* MySQL 5.5 compatibility, by specifying ENGINE=InnoDB rather than
TYPE=InnoDB
* Ensure that RT::Interface::Web's _Overlay, _Local, and _Vendor files
are loaded correctly.
* Fix session cleaner for on-disk sessions, broken since 3.8.0.
* Ensure that only one "Based on" attribute is stored for each custom
field.
* Fix the loading of Shredder plugins, broken in 3.8.10.
Revision 1.20 / (download) - annotate - [select for diffs], Sat Apr 16 09:41:19 2011 UTC (12 years, 7 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Branch point for: pkgsrc-2012Q1
Changes since 1.19: +10 -2
lines
Diff to previous 1.19 (colored)
Upstream announce message: This release, in addition to being a bugfix release, also resolves a number of security vulnerabilities. It resolves CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and CVE-2011-1690. * Cleanups identified by perlcritic. * Clear the system attribute cache to avoid 'sticky' attributes like the queue subject tag. * Fix our signature escaping so we better match FCKEditor and don't misidentify signatures during processing. * Add the ability to create BasedOn Custom Fields from intiialdata * Provide a callback to affect the display format in admin pages * Fix id prefixing on Custom Fields to be RTIR compatible * Fix #16656 - Requestors with OwnTicket could show up in the owner list in other Queues. * Don't attach the original multipart mail to notifications that already contain one part of it. * Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our utf-8 encoded javascript.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Feb 27 17:05:57 2011 UTC (12 years, 9 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1
Changes since 1.18: +2 -1
lines
Diff to previous 1.18 (colored)
add a missing file, fix a few paths
Revision 1.18 / (download) - annotate - [select for diffs], Sat Feb 26 20:58:15 2011 UTC (12 years, 9 months ago) by spz
Branch: MAIN
Changes since 1.17: +6 -0
lines
Diff to previous 1.17 (colored)
Update of rt3 to version 3.8.9 Changelog: SECURITY * Move to a SHA-256 based password hashing scheme * Redirect users to their desired pages after login. This prevents possible back button attacks after a user logs out. * Clone Scrip's TicketObj since we change the CurrentUser and it can leak information (Custom field values, etc) INSTALLATION * Fixes to the RH Layout in config.layout ACCESS CONTROL * New AdminCustomFieldValues right that allows user to add/remove CF values, but not edit the CF CONFIGURATION * Add ResolveDefaultUpdateType to choose between Comment or Correspond on Resolve * When using Set($MailCommand, 'testfile') log all mail to the same tmpfile * Add a callback to allow extensions to redirect a user to an external auth logout URL using RT's logout button. This ensures that the user's RT session is cleared * Add SuppressAutoOpenOnUpdate preference DOCUMENTATION * Clean up README * Update UPGRADING.mysql documentation for users of older mysql * Flag that "Let this user be granted rights" means "Privileged" * Fix rt-crontool examples to use a real Condition * Undocument SenderMustExistInExternalDatabase since the code was never merged * Better document SetOutgoingMailFrom * Better document shrink_cgm_table.pl DATABASE * Add support for Postgres 9 * No longer record transactions for ACL Equivalence Groups * Don't delete all RT MySQL ACLs before invoke GRANT * Quote database name for GRANT on MySQL * Insert extensions' schema and acl files as the DBA * Fix searches for empty Attachments on Oracle EMAIL * Better handling of mail generated by Outlook * When RT's SendmailCommand fails, record it in ticket history * New GPG tests and bugfixes for corner cases * use EmailOutputEncoding for Content-Type.charset * Handle failures in MIME Encoding better * Small bugfixes for text/html templates * Fix MIME decoding on ticket subjects * Remove stray colons and whitespace in the default Admin Comment template USER INTERFACE * Fix an infinite loop when using the 3.4-compat theme * Fixes to CollectionList sorting * css positioning tweaks for page menus * Fixes for Bulk Update when users click 'Add More Files' * Skip all watchers when offering to add CCs as Watchers * Fix ahah.js to handle more than one CF 'Include page' link * Ensure that Nobody is always at the front of the Select Owner list * Link Basics in SelfService to the Update page * Fix toggling js to only run once * Ensure signatures are included in Jumbo edits * Better identify (in the UI) a misconfigured GPG setup * GPG key management UI updates * Add classes/ids to the Custom Field Editing pages * CSS Fixes for preferences widgets * Fix truncated top values on Charts * Wording and layout changes for the 'update password' widget * Ensure that we keep Anchor tags on redirects * Fix loading a new search on the Chart/Graph pages * Change Attachment size label from Bytes to Megabytes * Respect timezones in timestamps in /Approvals/ * Charset fixes for Ticket Attachment downloads * Bar graph fixes for large numbers of bars * Allow a callback on QuickCreate to pass a default Status * Fix Approvals to make one search for approval tickets that distincts and orders them * Link from Group Membership lists to User admin pages * New callbacks (autohandler, default queue, aborting ticket updates, after requestor on create) * Fix non-local local links and add t: syntax * Editing Transaction custom fields now shows errors inline * Use the ShowUser element more consistently across the UI TOOLS * Improvements to extract-message-catalog (translation tool) * Let shrink_cgm_table and shrink_transactions display "percent complete" * Added a simple script to naively generate a RTAddressRegexp * Install rt-attributes-viewer originally shipped with 3.8.8 * bin/rt now searches for global configs in LOCAL_ETC_PATH also OTHER BUG FIXES * No longer refuse to start if you upgraded from a version of RT that allowed you to have invalid Scrips * Handle broken Reminders links when users change their Organization * Trim whitespace from CustomFieldValues consistently * RFC2616 dates are always in UTC * Scrips can no longer have an empty Condition, Action or Template * make multi-value REST fields separated with commas ignore spaces * Localize ENV changes under mod_perl * Don't page group memberships for a User * Skip disabled Queues when a Simple Search term matches a Queue Name * Add TransactionObj to CreateTickets templates to match the docs * Fix the use of Tickets_Local.pm in rt-email-dashboards and rt-crontool * Escape more characters in graphviz output * Fix message when you fail to delete a saved search to tell you Permission Denied * Include Rules with Scrips when previewing recipients * Ensure that distribution upgrades that break Scalar::Util show up in apache logs * Fix warnings on empty Collection List headers * Log errors from safe_run_child * Refuse to run if webmux.pl and RT.pm are mismatched * Actually log the error that caused "Can't load a principal for id #" * Switch to using $Approver->Name in templates since an AdminCc can approve * Allow fastcgi_server to specify a port * Guard against SavedSearches with no content * Ensure our output is always flagged as utf-8 * Allow queries like "Priority > -2" * Fixes to Private/Public key methods * Return 'set private key' from SetPrivateKey, not 'unset private key' * Protect STDOUT under mod_perl - among other things, this fixes Scrips that use system() * Fix forwarding of messages without a top level textual part
Revision 1.17 / (download) - annotate - [select for diffs], Fri Sep 17 21:41:54 2010 UTC (13 years, 2 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.16: +15 -0
lines
Diff to previous 1.16 (colored)
update to version 3.8.8, partially by sno@
Upstream Changelog:
NEW FEATURES AND MAJOR CHANGES
* Aaron Sigel performed a security audit of RT and pointed out
a number of potential improvements which have been addressed
* Charts improvements
* Time-based charts can now show "hourly" goupings.
* ChartFont option is now hash with font per language.
* Two default fonts are shipped with RT to cover most
supported languages.
* The table of chart results now contains links to tickets
matching a given row.
* Timezones support, but protected with config option.
* Better scaling of Y axis.
* X axis labels are now vertical if there is not enough
space to display them horizontally.
* RTAddressRegexp option improvements
* No default value anymore.
* If no value is set then RT will attempt to calculate the right value
from the user-defined queue addresses.
* On create/update/people pages RT now checks addresses
users enter and stop users from entering known
addresses for RT queues.
* Admin UI improvements
* Improved display of the "About this RT" page.
* More pages in the Admin UI have been switched to generic
code to list objects (like tickets in search results)
* Display formats for these objects are now configurable
in the config file (%AdminSearchResultFormat)
* More columns in column maps for objects other than
tickets.
* Custom fields ordering and application improvements
* Queue specific custom fields now can be placed above
global, below or even in the middle. Order of global
custom fields stays the same in all queues, but a custom
field that is applied to particular queues can be placed
differently in each queue.
* Make it possible to apply a CF globally from 'Applies To'
page.
* RT no longer allows you to apply a CF globally and to queues
at the same time. When CF is applied globally it is
un-applied from specific queues first.
* Refactored simple (googleish) search
* new options in the config to control defaults
* new keywords to search for particular things
* RSS feeds now contain embedded single-query authentication strings
* We've Introduced a config option to prevent adding the
RT-Originator header in outgoing mails.
* New MessageBoxIncludeSignature* options
* LogoutRefresh config option to control how long to wait
before going back to login
* New config option for AttachmentUnits
* New config option for AlwaysDownloadAttachments
* RT now requires your current password to change any password
* Improved LinkValueTo and returned back functionality
* if LinkValueTo starts with __CustomField__ then don't
escape it, but make sure it's not a JS link
* escape links using HTML escaping
* don't wrap into <a> with empty href if link is empty
* Added DefaultMailPrecedence and DefaultErrorMailPrecedence
config options
* Squelch watchers on update. This makes doing silent
Updates possible
* New web handler: bin/fastcgi_server
* Refactored Elements/ShowUser so it's easy to add custom
formats. Several performance improvements in this code.
* MERGE_CACHE to cache information about merged tickets and
lower logs and DB impact on re-checks
* Made NotifyActor into a User Preference
* If the MIME entity has header X-RT-Squelch, do not send
the message
* Improved print layouts
* Serve images in js and css dirs as static files,
so browsers cache them more agressively
* Added HasAttribute and HasNoAttribute to TicketSQL
* New faster and less memory hungry TicketsMaps - First, Prev,
Next and Last links when you view tickets from the current
search. Size is now limited by a new config option. Floating
window is used to build the links.
CLEANUPS AND SMALL IMPROVEMENTS
* Updated doc/Security with more modern security tips
* Made the plaintext mono feature work in IE.
* Better timezone handling in Tools/Reports/ResolvedByDates.html
* Make sure we don't serve files outside RT's paths
* Additional checks to make sure that credentials
are sent to RT on Login
* Moved CustomField column map from tickets' to generic
* Make height, width, href and alt of the logo configurable
* Load as much as possible when a web-handler with forks
is used, this increase memory sharing across processes
* A link provided for approvals templates to whoever worked
the approval
* Global __WebRequestPath__ and __WebRequestPathDir__
column map entries
* Process custom fields in ModifyDates.html
* Handle Ccs and AdminCcs of the queue in SkipNotification
feature
* Sort callbacks within a root only, respect plugins
order
* Add some wording to the check boxes on the reply pages
* Reduce whitespace on bottom of boxes as was earlier
* Use smaller margin for reminders display to save space
* Use a reasonable length for scrip descriptions
* Removed a lie about RT CLI still being "unsupported"
* User friendlier errors handling thrown by Calendar::Simple
* Split some CSS from themes into base/xxx.css
* Googleish search was making incorrect assumptions
about RT::User and RT::Group's Load function
returning a boolean not a list. This was throwing
(harmless, but ugly) errors.
* Don't apply order on collections if sorting is not
allowed
* Removed the "URL" parameter to 'Logout' as it had no
legitimate use.
* make instal and testdeps tests to avoid some versions
of modules that are known to be buggy or incompatible,
for example DBD::Oracle 1.23
BUG FIXES
* properly use AND/OR when content is searched and
DontSearchFileAttachments option is enabled
* Make sure Merge only possible when user has Modify
right on both tickets
* Fixes for UseSQLForACLChecks option, it was possible
to construct a query and see tickets an user has no
right to see. Lots of tests have been added to make
sure it wouldn't happen again.
* SQL used for ACL checks has been refactored to get
more effective queries. Especially when list of
potential owners is built for the query builder.
* Unified API for tables with disabled column and
fixes when ->Count could return bigger value
when some CFs are disabled.
* I18N was transcoding attachments to UTF-8 one line
at a time. This doesn't work at all for UTF-16 and
probably other encodings.
* Fixed encoding problem when loading a dump file
produced by rt-dump-database.
* A closing </li> was missing in PreviewScrips comp
* Fixed config loading when Fcntl module or other exporting
symbols is loaded. Load was failing with "Not a SCALAR
reference" error.
* Returned back effective SQL when searching by CFs with
= or != operator
* Fixed error on login when user make mistake in password
and he entered character out of ASCII range.
* Honor a user's MessageBoxRichTextHeight setting
* Fixed query builder behaviour with NULLs and '' (empty values)
* Fixed potential information loose on incorrect GnuPG mails
* Fixed display-all-rows in Dashboards
* Fixed JS escaping issues
* Set context object in OCFV::CustomFieldObj
* Sessions ended up in /tmp/ in some cases
* Fixed safe_run_child when code dies between fork and exec,
deals with "mysql server has gone away" error
* fix Jumbo reloading and losing message content
* Stop infinite looping when you have global custom
fields and no Queue restriction
* Fixed sorting of custom fields in Results.tsv
* Set of fixes for Unicode characters in emails
and tests covering these changes
* Don't create handles we don't need, we can hit limit
* Prevent servers using GnuPG from running out of file handles
TRANSLATION
Updates merged from launchpad and two new languages: nn.po
and pt_PT.po. Thanks to all contributors.
CALLBACKS
* AboutThisUser in ShowPeople box
* Between the GnuPG and message rows
* AfterSubject
* Before and After CustomFields
* Before and After TransactionCustomFields
* AfterAddress in PreviewScrips
* At the top of ticket summary columns
* For adding links for attachment downloads
* At the bottom of the logout box
* Pass more information to the FormStart callback
in Ticket/Update.html
* AfterMessageBox on ticket create page
* ShowTransaction/AfterAnchor
* In EditDates and ShowDates
* Pass a reference to the signature in MessageBox's callback
* For inserting text after the transaction's description
* AfterUpdateType in Jumbo.html and Update.html
Revision 1.15.4.1 / (download) - annotate - [select for diffs], Fri Dec 4 15:42:38 2009 UTC (14 years ago) by tron
Branch: pkgsrc-2009Q3
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pullup ticket #2945 - requested by spz
rt3: security update
Revisions pulled up:
- devel/rt3/Makefile 1.40
- devel/rt3/Makefile.install 1.14
- devel/rt3/PLIST 1.16
- devel/rt3/distinfo 1.14
---
Module Name: pkgsrc
Committed By: spz
Date: Fri Dec 4 09:30:20 UTC 2009
Modified Files:
pkgsrc/devel/rt3: Makefile Makefile.install PLIST distinfo
Log Message:
update of rt3 to next version (without the session hijacking vulnerability)
upstream changelog:
UPGRADING FROM 3.8.5 and earlier - Changes:
You can now forward an entire Ticket history (in addition to specific
transactions) but this requires a new Template called forward ticket.
This template will be added when you run.
/opt/rt3/sbin/rt-setup-database --dba root --prompt-for-dba-password --action
upgrade
Custom fields with categories can optionally be split out into
hierarchical custom fields. If you wish to convert your old
category-based custom fields, run:
perl etc/upgrade/split-out-cf-categories
It will prompt you for each custom field with categories that it
finds, and the name of the custom field to create to store the
categories.
If you were using the LocalizedDateTime RT::Date formatter from code
and passing a DateFormat or TimeFormat argument, you need to switch from
the strftime methods to the cldr methods (ie full_date_format becomes
date_format_full)
You may have done this from your RT_SiteConfig.pm by using
Set($DateTimeFormat, { Format => 'LocalizedDateTime', DateFormat =>
'medium_date_format' );
Revision 1.16 / (download) - annotate - [select for diffs], Fri Dec 4 09:30:20 2009 UTC (14 years ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4
Changes since 1.15: +3 -2
lines
Diff to previous 1.15 (colored)
update of rt3 to next version (without the session hijacking vulnerability)
upstream changelog:
UPGRADING FROM 3.8.5 and earlier - Changes:
You can now forward an entire Ticket history (in addition to specific
transactions) but this requires a new Template called forward ticket.
This template will be added when you run.
/opt/rt3/sbin/rt-setup-database --dba root --prompt-for-dba-password --action upgrade
Custom fields with categories can optionally be split out into
hierarchical custom fields. If you wish to convert your old
category-based custom fields, run:
perl etc/upgrade/split-out-cf-categories
It will prompt you for each custom field with categories that it
finds, and the name of the custom field to create to store the
categories.
If you were using the LocalizedDateTime RT::Date formatter from code
and passing a DateFormat or TimeFormat argument, you need to switch from
the strftime methods to the cldr methods (ie full_date_format becomes
date_format_full)
You may have done this from your RT_SiteConfig.pm by using
Set($DateTimeFormat, { Format => 'LocalizedDateTime', DateFormat => 'medium_date_format' );
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jun 21 15:31:39 2009 UTC (14 years, 5 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2
Branch point for: pkgsrc-2009Q3
Changes since 1.14: +185 -80
lines
Diff to previous 1.14 (colored)
security update to version 3.8.4
Revision 1.14 / (download) - annotate - [select for diffs], Sun Jun 14 18:48:15 2009 UTC (14 years, 5 months ago) by joerg
Branch: MAIN
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
Convert @exec/@unexec to @pkgdir or drop it.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Jun 14 17:49:08 2009 UTC (14 years, 5 months ago) by joerg
Branch: MAIN
Changes since 1.12: +1 -169
lines
Diff to previous 1.12 (colored)
Remove @dirrm entries from PLISTs
Revision 1.11.4.1 / (download) - annotate - [select for diffs], Wed Sep 3 12:12:11 2008 UTC (15 years, 3 months ago) by tron
Branch: pkgsrc-2008Q2
Changes since 1.11: +7 -1
lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Pullup ticket #2514 - requested by tonnerre rt3: security update Update the "rt3" package to version 3.6.7 to fix Denial of Service vulnerability. Files patched: - devel/rt3/Makefile - devel/rt3/PLIST - devel/rt3/distinfo - devel/rt3/patches/patch-ac
Revision 1.12 / (download) - annotate - [select for diffs], Sat Aug 23 23:58:29 2008 UTC (15 years, 3 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.11: +594 -94
lines
Diff to previous 1.11 (colored)
Update rt3 to version 3.8.1 (from 3.6.6). Changes are: * New visual style (web2). * Rich text mails. * Email signatures and encryption. * User settings for: - Ticket history ordering. - Timezones. - Date and time format. - Username format. - Default queue. - Size of message text boxes. * Charts of ticket relationships. * Breeze through upgrades with new upgrade tools. * Subscribe to iCalendar feeds of ticket due dates. * Bookmark frequently-used tickets. * Turn off mail from RT when you go on vacation. * Get your mail from RT as a daily or weekly batch. * Delete historical or spam tickets with RT::Shredder (only as a superuser). * Set up more configurable business rules with new Scrip Conditions and Actions. * Forward tickets to third-parties from within RT. * Enable and Disable RT extensions with the new Plugins system. * Automatically log out inactive users with rt-clean-sessions. * Run faster with less memory, thanks to numerous performance improvements and bug fixes. * Fixed a potential HTML injection attck via user's properties. * Better support for installation on Solaris and FreeBSD (non-GNU make). * Updates to documentation and scripts for upgrading from MySQL 4.0 * Updated upgrade documentation for the new Queue Tag and bookmarks features. * Multiple bugs in iCal support fixed. * Backwards compatibility fixes for extensions developed against 3.6 * Added support for external links in tabs and targets. * Addition of a new callback before ticket creation so you can implement custom validation or stop creation for another reason. * Missing documentation to external authentication configuration variable in bin/rt and make it possible to set it via ENV. * Merged method in RT::Ticket.
Revision 1.11 / (download) - annotate - [select for diffs], Sat Apr 12 22:43:00 2008 UTC (15 years, 7 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 24 21:55:36 2008 UTC (15 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base,
pkgsrc-2008Q1
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Fix typo in @dirrm. Bump PKGREVISION.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Mar 22 18:44:44 2008 UTC (15 years, 8 months ago) by tonnerre
Branch: MAIN
Changes since 1.8: +3 -1
lines
Diff to previous 1.8 (colored)
Add rt upgrade dir for upgrades from versions lt 3.5.1 Approved-by: gavan, cube
Revision 1.8 / (download) - annotate - [select for diffs], Sun Mar 16 20:47:03 2008 UTC (15 years, 8 months ago) by tonnerre
Branch: MAIN
Changes since 1.7: +153 -7
lines
Diff to previous 1.7 (colored)
Update rt to version 3.6.6 Significant changes: - Reminders (remind of taking actions on an inactive bug at some point) - "Googleish" simple searches - Email input completion - Revamped theme engine - Support for UTF-8 password - Many more translations - Various Bugfixes Approved-by: cube
Revision 1.7 / (download) - annotate - [select for diffs], Tue Nov 13 02:40:06 2007 UTC (16 years ago) by cube
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base,
pkgsrc-2007Q4
Changes since 1.6: +3 -1
lines
Diff to previous 1.6 (colored)
Update to version 3.4.6.
Features:
New config option 'OldestTransactionsFirst'.
By default, RT shows newest transactions at the bottom
of the ticket history page, if you want see them
at the top set this to 0.
Email plugin may return special constant to indicate
that it's done requested action and RT shouldn't
run default action handling code.
See also RT::Interface::Email.
Added support for timezones in RT::Date::SetToMidnight
method, this allowed us to fix problems with searches
by date.
Applied David Schweikert's patch that adds the useful
LastUpdated field to the fields returned through
the REST interface.
Added a "RH" RedHat layout option to config.layout.
Thanks to Paulo Matos.
New command line options in the rt-crontool script:
* add --transaction argument with two possible
values: 'first' and 'last'
* add --transaction-type argument to allow a user
to select type of transaction, for example
'Correspond' or 'Comment'.
With these changes crontool can send notifications
and other actions which need access to transaction
object.
New callbacks in html/Ticket/Elements/ShowSummary:
LeftColumn and RightColumn.
Display a custom field value without lists HTML markup
when a ticket has only one value for the custom field.
Add additional HTML classes to the cells in
Ticket/Elements/ShowBasics and Ticket/Elements/ShowDates
mason templates.
Fixes:
Don't die any more on error during custom fields
creation in rt-setup-database, but report and
continue with next object.
Dropped 'exit' call in exceptions handling code.
Fixed untake operation during tickets transfer
between queues when an owner has no right to own
the ticket in the destination queue and the
current user is different person. Note in new
implementation we write untake tansaction from
RT_System user.
Fixed problem when RT were failing with error:
"Couldn't call method IsLocal on undefined value".
Got rid of some noisy warnings and cleaned up
some code.
Fixed attchments loosing during next steps:
1) open ticket #1
2) click reply
3) upload attachment
4) open ticket #2 in another browser window
5) send reply to the ticket #1
RT was loosing uploaded attachment due to step 4) as RT.
Finding disabled groups should actually find them, now.
Fixed `rt ls -l` when RT server isn't at /.
Thanks to Mark Eichin.
Reed Loden caught a perltidy error that, somewhat
terrifiyingly, was still a valid mason page.
People may saw error "Could not convert attachment
from assumed utf8 to ''" in the log. We don't even
try to convert any more when target encoding is empty.
Fixed maxsize attribute of input fields for subject.
In DB we have limit 200, but these tags were set to
old value of 100.
Backported fix for TimeTaken updates. RT could call
method _UpdateTimeTaken on record objects that have
no such method.
Fixed RT failures under mod_perl2 with Oracle database.
In QuickCreate element now we use SelectNewTicketQueue
instead of SelectQueue.
Fixed problems on server start up with error message
'Not root path(s) specified'.
Now we load only required regular expressions from
Regexp::Common namespace.
In RT::Tickets::_EnumLimit now we load referenced object
only if value is defined and is not number, this avoid
several fetches from caches or in worst case from DB.
Use this advantage in Quicksearch element, change in
"RT at glance" load time should be noticable on systems
with many queues.
Added handling for all possible errors in
the RT::Action::SendEmail module.
Improved handling of errors in the RT::Template class.
In the RT::Group method 'crit' was being called on
the wrong object. Thanks to Todd Chapman
Allow an administrator to add 0(zero) as a custom field
value.
Fixed decoding of MIME headers, this chould should fix:
* problems with non-ascii names of attachments
* problems with partly encoded fields with '=' chars
in not encoded parts, for example:
X-MyHeader: key="plain"; key="=?encoded?="
X-MyHeader: key="=?encoded?="; key="plain"
Fixed RT::Transaction::OldValue and ::NewValue in situations
when values of {Old,New}Reference fileds are false. You may
saw effect of this bug in a ticket's history saying that
custom field value was changed from "random" value to the
XXX instead of expected "custom field was set to XXX value".
Todd Chapman discovered a case where RT's mail gateway would
default to the RT::SystemUser if no valid 'From' header were
found. This could allow a malicious user to create tickets or
reply to tickets, but not to gain access to data.
Localization:
Updated German translation. Thanks to Torsten Brumm.
Revision 1.6 / (download) - annotate - [select for diffs], Sun Oct 1 18:44:57 2006 UTC (17 years, 2 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Made the dependency to SpeedyCGI optional, disabled by default. Bumped PKGREVISION.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jun 3 10:40:34 2006 UTC (17 years, 6 months ago) by seb
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2
Changes since 1.4: +2 -1
lines
Diff to previous 1.4 (colored)
Install sbin/rt-dump-database script. Apply fix from http://svn.bestpractical.com/cgi-bin/index.cgi/bps/revision?rev=5218 << * get rid of "masks earlier declaration" warnings >> Bump PKGREVISION to 1. Approved by MAINTAINER.
Revision 1.4 / (download) - annotate - [select for diffs], Mon May 1 09:38:08 2006 UTC (17 years, 7 months ago) by cube
Branch: MAIN
Changes since 1.3: +146 -62
lines
Diff to previous 1.3 (colored)
Update rt3 to version 3.4.5. This is _not_ an easy update, although the changes are apparently minor to a end user (but not for the site administrator). It'd very hard and very long to provide a full list of changes. The main changes in RT 3.4 are a complete rework of how Custom Fields are handled, which means there is a lot more flexibility in that area now (including Custom Fields for users, per-queue, per-transaction). RT 3.4 is also supposed to be faster, which certainly is no bad news. Another bonus of RT 3.4 are the availability of extensions, and I will commit RTx::Shredder and RTx::RightsMatrix very soon. Updating RT is not an easy task, be sure to backup your database, and don't forget to grant the new rights to relevant people. In pkgsrc, rt3 is also seeing a few changes. The main one is the situation of the "local" path, which is now set to /var/rt3, which seems less lame to me than the previous value. It could be debated, though.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Mar 24 17:04:12 2005 UTC (18 years, 8 months ago) by cube
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored)
Update to 3.2.3. I'm not yet sure I will do the 3.4.x update in-place or as a separate package. The change log for that versions is as always with RT very long and verbose. However, it is only a bug-fix release, and quite a few of them are fixed. Among other things, a Polish translation has been added. See the detailed information in the Changelog file at the root of the archive.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Nov 2 17:20:36 2004 UTC (19 years, 1 month ago) by cube
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4
Changes since 1.1: +13 -1
lines
Diff to previous 1.1 (colored)
Update to version 3.2.2. Changelog is in the archive, but is barely readable and 2000+ lines long, although there hasn't been many actual changes.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Aug 3 15:33:49 2004 UTC (19 years, 4 months ago) by cube
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of rt3, version 3.2.1, into the NetBSD Packages Collection. This package is based on the work of Dieter Roelants in pkgsrc-wip, with a lot of changes to make it proper WRT pkgsrc. RT is an industrial-grade ticketing system. It lets a group of people intelligently and efficiently manage requests submitted by a community of users. RT is used by systems administrators, customer support staffs, NOCs, developers and even marketing departments at over a thousand sites around the world.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Aug 3 15:33:49 2004 UTC (19 years, 4 months ago) by cube
Branch: MAIN
Initial revision