The NetBSD Project

CVS log for pkgsrc/devel/rt4/PLIST

[BACK] Up to [] / pkgsrc / devel / rt4

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 13 03:19:13 2019 UTC (4 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, HEAD
Changes since 1.11: +10 -6 lines
Diff to previous 1.11 (colored)

Update to 4.2.16

This patch is provided by spz@, thank you.



Security Updates

  * One of RT's dependencies, the Perl module Email::Address, has a
    denial of service vulnerability which could induce a denial of
    service of RT itself. We recommend updating to Email::Address
    version 1.912 or later. The Email::Address vulnerabilities are
    assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was
    addressed in RT with a previous update. Email::Address version
    1.912 addresses both of these CVEs with updates directly in the
    source module. Thanks to Ricardo Signes for helping us with these

  * One of RT's dependencies, the Perl module Email::Address::List,
    relies on and operates similarly to Email::Address and therefore
    also has potential denial of service vulnerabilities. These
    vulnerabilities are assigned CVE-2018-18898. We recommend
    administrators install Email::Address::List version 0.06 or
    later. Thanks to Lukas Kramer for reporting the issue and Alex
    Vandiver for contributing fixes.

  * An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML
    in some cases. Since RT relies on this module to escape HTML
    content, it's possible this issue could allow malicious HTML to be
    displayed in RT. For RT's using this optional module, we recommend
    administrators install HTML::Gumbo version 0.18 or later. Thanks
    to Ruslan Zakirov for updating this module.

  * The version of jQuery used in RT 4.2 and 4.4 has a Cross-site
    Scripting (XSS) vulnerability when using cross-domain Ajax
    requests. This vulnerability is assigned CVE-2015-9251. RT does
    not use this jQuery feature so it is not directly
    vulnerable. jQuery version 1.12 no longer receives official
    updates, however a fix was posted with recommendations for
    applications to patch locally, so RT will follow this
    recommendation and ship with a patched version.


General user UI
  * Show the Ticket's Subject when modifying the ticket.
  * Re-format RT/ so the `# loc` comment parses correctly.

Web Administration
  * Stop wrapping ShowUser in <a> tags to avoid unnecessary nested links.
  * When listing group members, sort by text-only representation of the
    user, not HTML (I#30771)
  * In the group admin page, stop pre-computing ShowUser.
  * In shredder, check for both id and name mismatches when loading objects
  * Retain scrip sort order in pagination links

  * Cache OCFVs to improve performance searching for duplicates when adding
  * Remove unused dependencies on File::Copy and Carp.
  * On Oracle, return the empty string instead of undef for Subject when it
    has no value on a ticket.
  * Handle alphabetic words in RT::Plugin::Version

  * Avoid using $id in /Ticket/Display.html so callbacks can modify id in ARGS.

  * Mention the RT-Attach-Message: yes header in template docs.
  * Fix incorrect path in portlet documentation.

  * Many changes to refactor sections of RT's internationalization code.


  * RT 4.0.0 and above are vulnerable to an information leak of cross-site
    request forgery (CSRF) verification tokens if a user visits a specific
    URL crafted by an attacker. This vulnerability is assigned
    CVE-2017-5943. It was discovered by a third-party security researcher.

  * RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack
    if an attacker uploads a malicious file with a certain content type.
    Installations which use the AlwaysDownloadAttachments config setting are
    unaffected. This fix addresses all existant and future uploaded
    attachments. This vulnerability is assigned CVE-2016-6127. This was
    responsibly disclosed to us first by Scott Russo and the GE Application
    Security Assessment Team.

  * One of RT's dependencies, a Perl module named Email::Address, has a
    denial of service vulnerability which could induce a denial of service
    of RT itself. We recommend administrators install Email::Address version
    1.908 or above, though we additionally provide a new workaround within
    RT. The Email::Address vulnerability was assigned CVE-2015-7686. This
    vulnerability's application to RT was brought to our attention by Pali

  * RT 4.0.0 and above are vulnerable to timing side-channel attacks for
    user passwords. By carefully measuring millions or billions of login
    attempts, an attacker could crack a user's password even over the
    internet. RT now uses a constant-time comparison algorithm for secrets
    to thwart such attacks. This vulnerability is assigned CVE-2017-5361.
    This was responsibly disclosed to us by Aaron Kondziela.

  * RT's ExternalAuth feature is vulnerable to a similar timing side-channel
    attack. Both RT 4.0/4.2 with the widely-deployed RT::Authen::ExternalAuth
    extension, as well as the core ExternalAuth feature in RT 4.4 are
    vulnerable. Installations which don't use ExternalAuth, or which use
    ExternalAuth for LDAP/ActiveDirectory authentication, or which use
    ExternalAuth for cookie-based authentication, are unaffected. Only
    ExternalAuth in DBI (database) mode is vulnerable.

  * RT 4.0.0 and above are potentially vulnerable to a remote code execution
    attack in the dashboard subscription interface. A privileged attacker
    can cause unexpected code to be executed through carefully-crafted saved
    search names. Though we have not been able to demonstrate an actual
    attack owing to other defenses in place, it could be possible. This fix
    addresses all existant and future saved searches. This vulnerability is
    assigned CVE-2017-5944. It was discovered by an internal security audit.

  * RT 4.0.0 and above have misleading documentation which could reduce
    system security. The RestrictLoginReferrer config setting (which has
    security implications) was inconsistent with its implementation, which
    checked for a slightly different variable name. RT will now check for the
    incorrect name and produce an error message. This was responsibly
    disclosed to us by Alex Vandiver.

General user UI
  * Avoid divide-by-zero in charts with no data (I#32143)
  * Remove dashboard from menu if it can't be loaded (I#29719)
  * Avoid wrapping one-time recipient checkbox separately from its
    label (I#32117)
  * Use only top-level attachments for generating one-time recipient lists
    to avoid e.g. phishing addresses
  * Fix bulk update for asset custom fields (I#32509)
  * Sort one-time recipient addresses (I#31879)
  * Fix article quicksearch degrading the article menu (#31591)
  * Avoid noisy "CF changed from 0 to 0" messages (I#32440)
  * Avoid showing a truncated list of articles due to permissions (I#31989)
  * Include the new Request Tracker logo
  * Stop double-escaping HTML which is made into links (I#31169)

  * Avoid overaggressively trimming whitespace from MIME encoded-words
  * Add config option $OverrideMailPrecedence to help avoid out-of-office
  * Fix issues with encrypted attachments being unreadable/absent

  * Replace deprecated NOCREATEUSER with NOSUPERUSER for
    Postgres 9.6 (I#32511)

  * Fix several incorrect references in output (I#31803, I#31804, I#31805,
  * Add --exclude-organization option  (I#31812, I#31813)
  * Add --limit-queues and --limit-cfs options
  * Suppress semi-unmigrated link relationships by default
  * Add --hyperlink-unmigrated option
  * Fix queue change transactions to mention unmigrated queues by name
  * Support for dashboards in menu preference (I#31810)
  * Support for RT at a Glance preference (I#31809)
  * Don't skip RT->System searches
  * Avoid breaking rights granted to users (I#31806)

Web Administration
  * Add checkbox for selecting all custom field values in admin UI
  * Log a history entry when adjusting whether a user is Privileged
  * Log history entries when adding/removing a group member both to
    the group and to the member
  * Hide disabled scrips by default, adding a "include disabled scrips"
    checkbox (I#30131)
  * Add missing timezone field on user create/modify (I#29977)
  * Add RT extension names and versions to System Configuration page (I#31482)

Server Administration
  * Avoid error messages in 4.0.1 upgrade step
  * Improve automatic identification of `find` command
  * Add RefreshIntervals config option for managing homepage and
    dashboard refresh
  * Log failure to unlink temp file after email parse (I#32142)
  * Make automatically linking a used article to the ticket configurable
    with $LinkArticlesOnInclude config
  * Avoid undef warnings with mbox MailCommand and FastCGI
  * Avoid regex deprecation warnings on perl 5.21.1+
  * Avoid issues with modern Perl versions excluding ./ from @INC
  * Reduce log levels of custom field loading issues caused by ordinary
    end-user actions (I#31742)
  * Adapt SMIME probe to work with openssl 1.1
  * Double bcrypt cost for password hashing
  * Avoid "Couldn't load object RT::Transaction #0" warnings (I#31548)
  * Avoid broken DateTime::Locale versions (I#31542)
  * Avoid incompatible DBD::mysql version (I#32670)

  * Clarify the usage of skip_update in /Ticket/Update.html BeforeUpdate
  * Fix whitespace-related test failures under Mojolicious 7.0
  * Fix test failures when /usr/bin/sendmail absent
  * Factor out _OutgoingMailFrom into a separate method for extensibility
  * Ensure that Test::NoWarnings is skipped if skip_all is used
  * Fix bug where RT::Ticket->Create's SquelchMailTo would squelch only
    to the first address (I#31600)
  * Avoid test failure caused by hash randomization
  * Set up default args for customizations calling SignEncrypt directly
  * New callbacks:
      /Elements/ShowCustomFieldWikitext WikiFormatArgs
      /Search/Elements/Chart AfterChartTable
  * Improved callbacks:
      /Elements/Tabs Privileged adds Search_Args and Has_Query parameters

  * Update links to the RT wiki
  * Update mailing list references to point to community forum
  * Improve documentation around creating a custom theme (I#31800)
  * Document how to include custom fields in format strings

  * Improvth @RefreshIntervals
  * Update translations for: Brazilian Portuguese, Dutch, German, Latvian,
    Macedonian, Russian, Serbian, Slovenian, and Spanish


General User UI
  * Avoid race condition where a ticket's Started timestamp could be
    before its Created timestamp
  * Users without ability to update a saved search are no longer shown
    an Update button
  * IP custom field textboxes now wide enough for full IPv6 addresses (I#24565)
  * Self-service Cc field now allows for autocompleting multiple users
  * When possible sort charts numerically rather than ascii-betically
  * QuickCreate now respects DefaultQueue and RememberDefaultQueue (I#30913)
  * Make user preferences use label tags for better clickiness (I#30953)
  * Hide "Transaction has no content" from Extract Article (I#31027)
  * Improve CSRF detection by whitelisting more specific parameters (I#31090)
  * Empty selection boxes no longer render 1px wide (I#31316)
  * Show queue ID if the user can't see the queue name
  * Search builder display format now properly supports "large" sizing
  * Fix SMIME encoding issue (I#31155)
  * Improve messaging and logging around reminders that users can't see
  * Queue name on ticket display is now a link to a search for all active
    tickets in that queue
  * Support autocomplete custom fields in bulk update (I#15259)
  * Hint to the user that not all CF types are supported by bulk update,
    instead of silently excluding them (I#15259)
  * Improve compliance with RFC4480 for GPG armor lines (I#30372)
  * Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)
  * Fix a regression with time zones in datetime custom fields (I#31674)
  * Fix certain attachment links containing HTML metacharacters from
    double escaping (I#31751)
  * Fix custom attachment URLs for self-service users (I#30960)

  * "schema" upgrade files no longer issue CREATE INDEX statements, instead
    there are now "indexes" upgrade files that describe the end state of the
    indexes RT requires. This better handles indexes that may have been
    deployed by hand or otherwise already exist.
  * We now correctly shred ObjectCustomFields records when shredding a
  * Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning
    no limit) for tuning how very large attachments are included in the
    full-text index
  * Improve 4.0 upgrade scripts running under 4.2

Web Administration
  * We now record transactions for changes to queues
  * Improve visual design of Shredder forms

Server Administration
  * Add missing dependency on Encode 2.64
  * New files now get a "use utf8;" by default to allow
    config options to use Unicode
  * bcrypt cost has been doubled on schedule to improve password hashing
  * Allow multiple --action and --action-arg options in rt-crontool
  * Fix "use of localtime without parentheses" warning
  * rt-email-dashboards now has a --log parameter for setting log level
  * Add config %ReferrerComponents to provide fine-grained control over
    referrer checking behavior
  * Clarify web config validation log messages (I#31117)
  * Add a no_ticket_transactions option to user shredder
  * Remove now-unnecessary dependency on Apache::DBI (I#31210)
  * Avoid DateTime::Locale versions 1.00 and 1.01
  * Have ./configure test whether to use GNU-style syntax or BSD-style
    syntax for `find -perm` (I#31308)

  * Improve test compatibility with File::Which 1.17
  * Improve test compatibility with HTML::FormatText::WithLinks::AndTables
  * Remove unused RT::Shredder::Record
  * Transactions now have a ColumnMap
  * New callbacks:
      /Ticket/Create.html MassageCloneArgs
      /Admin/Queues/Modify.html FormStart
      /Ticket/Elements/ShowBasics AfterTimeLeft, AfterPriority, AfterQueue,
          and AfterTable
      /Ticket/Elements/ShowSummary AfterBasics, AfterPeople, AfterReminders,
          and AfterDates
      /Ticket/Graphs/index.html BeforeActionList, FormStart, AfterForm, and
      /Ticket/Update.html RightColumnBottom
      /Admin/CustomFields/Modify.html EndOfPage
      /Elements/CollectionAsTable/Row EachField
      /Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields,
          and MassageSubscriptionFields
      /Elements/ShowTransactionAttachments BeforeAttachment
  * Improved callbacks:
      /Admin/CustomFields/Modify.html Initial adds $Results

  * New documentation on format strings (docs/format-strings.pod) for
    controlling how search results are displayed
  * Update documentation to expect that most installations will deploy
    fulltext search
  * Also remind users that they should set up backups in the README
  * Fix UPGRADING-4.2's description of PostgreSQL full-text search using
    GiST; it uses GIN indexes (I#31844)

  * Adjust the string "CustomFields" to instead use the existing
    "Custom Fields" to ease translation
  * We now display translated ticket properties and statuses on graphs
  * Update translations for: Brazilian Portuguese, Czech, Finnish, French,
    German, Greek, Hungarian, Japanese, Latvian, Lithuanian, Occitan, Polish,
    Russian, Spanish, Swedish, and Turkish

Revision 1.11 / (download) - annotate - [select for diffs], Mon Jan 1 22:29:25 2018 UTC (5 years, 11 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)

Sort PLIST files.

Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:

  pkglint -Cnone,PLIST -Wnone,plist-sort -r -F

Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 30 23:54:20 2016 UTC (7 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

Update to 4.2.12

This release is a security release which addresses the following

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin Kope at Data Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface.  This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.

Revision 1.9 / (download) - annotate - [select for diffs], Mon May 18 13:35:30 2015 UTC (8 years, 6 months ago) by manu
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.8: +3 -19 lines
Diff to previous 1.8 (colored)

Update to RT 4.2.11

RT 4.2.11 -- 2015-05-07

This release is a bugfix release; most notably, it improves indexing
time for full-text search, as well as improving support for Apache 2.4
and MySQL 5.5.  Interactive command-line tools (including upgrade tools)
will now also default to displaying warnings to STDERR, to aid in
awareness of potential errors.

The complete list of changes includes:

General user UI
 * If storing a transaction failed, note the failure obviously in the
   ticket history (#30419)
 * Make sub-menus accessible on screen-readers
 * Prevent Dashboard portlet from rendering with too many columns
 * Hint that a transaction is Correspondence, using red background, on Jumbo
   and Bulk Update pages as well.
 * Articles distinction between "no classes exist" and "none visible to user"
 * Skip Articles Class selection page if there is only one valid option
 * For consistency with other roles, don't attempt to send email
   notifications to owners that are disabled
 * Improve search performance when searching custom field values on users
 * Allow ModifyTicket to change nobody -> someone else, without OwnTicket
 * Allow HTML5 <s> and <del> tags for the replaced <strike> tag
 * Respect the user's chosen units for Time Worked across page loads, instead
   of always defaulting to minutes. (#17985)
 * In Jumbo, preserve ticket basics so in progress changes persist after
   returning to the page
 * Make elements styled as .button render the same as other buttons
 * Add print styles for button and .button that match other inputs

 * Default to enabling error warnings to the screen for interactive commands
 * Standardize --help, --quiet and --verbose options across tools
 * Allow GSSAPI authentication with bin/rt (#25074)

Web Administration
 * Don't show rights on role groups rights list which are nonsensical (#30556)
 * Support setting multiply-valued custom fields during REST ticket creation
 * Fix an infinite loop in multiple-valued custom field parsing
 * Recover gracefully on template creation failure (#29021)
 * Provide a user-legible representation of the user's GPG key (#25376)
 * Ability to change back to "role" UsernameFormat
 * Consistently store un-encoded header data for forwards (#29714)

Server Administration
 * Improve full-text indexing by 1-2 orders of magnitude, on both PostgreSQL
   and MySQL.
 * Warn if innodb_log_file_size would limit uploads to < 5M on MySQL 5.5 and later
 * Increase the warn threshold on max_allowed_packet to 5M
 * Validate lifecycle right name length
 * For convenience, allow using the distribution name instead of package
   name in Plugin(); for example: Plugin('RT-Extension-SLA')
 * Suggest explicit binlog_path for sphinx >= 1.10
 * Drop DatabaseRequireSSL option that does nothing; replace with
   DatabaseExtraDSN option to allow passing of arbitrary additional
   database parameters to the database interface
 * Respect configure-time FontPath configuration
 * Configurable transaction suppression for EscalatePriority (#29465)
 * Switch from Oracle DBA-only tables to tables the user can inspect (#30393)
 * Properly handle large IN sql arguments by breaking them up in to separate

 * Deprecate unused RT::Interface::CLI::debug sub
 * Standardize and simplify boilerplate for command-line options
 * Make rt-validator infinite loop checker actually work
 * Add 'mbox' option to $MailCommand which writes mbox-formatted output
 * Allow attributes to be set after object creation in initialdata
   files (#13036)
 * Do not set charset and body on multipart messages in ContentAsMIME (#23671)
 * Look harder for content in message/rfc822 parts
 * Allow creation of multipart/related via REST, by providing Content-IDs
 * Fold RT::Shredder code into core record classes
 * Skip Shredder tests on all non-SQLite databases
 * Built in HTTP Basic auth and htpasswd support in rt-apache tool
 * New callbacks for Ticket/Elements/ShowBasics, AfterTimeEstimated and
 * Use %ARGS values in /Admin/Users/Modify.html to allow callbacks to modify
   them (#27655)
 * Allow passing SquelchMailTo to Ticket->Create
 * Explicitly depend on Class::Accessor::Fast not Class::Accessor
 * Add BodyClass parameter to Elements/Header so callbacks can more easily
   style only their own pages.

 * Extend the documentation to support Apache 2.4 deployment
 * Attempt to improve reliability in lighttpd by suggesting sockets instead of
   TCP connection
 * Information on finding and installing plugins
 * Information on the new rights interface in the UPGRADING doc (#29515)

 * Localize EmailFrequency properties
 * Updated localizations (German, Spanish, French, Icelandic, Italian,
   Japanese, Lithuanian, Russian, Swedish, Traditional Chinese)

Revision 1.8 / (download) - annotate - [select for diffs], Sun Mar 1 21:25:17 2015 UTC (8 years, 9 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.7: +6 -4 lines
Diff to previous 1.7 (colored)

Update to 4.2.10

RT 4.2.10 -- 2015-02-26

RT 4.2.10 contains important security fixes, as well as minor bugfixes.

This release is primarily a security release; it addresses CVE-014-9472,
a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and
CVE-2015-1464, which allow for information disclosure and session
hijacking via RT's RSS feeds.

As part of these security updates, RT's dependency on the Encode module
has been changed, to Encode 2.64.  If upgrading, be sure to run
rt-test-dependencies to verify that your installed version of Encode
meets this requirement; if not, you will need to install a newer version
from CPAN.

This release is also a bugfix release; most notably, it addresses a bug
which causes RT to generate blank outgoing text/plain parts.  This fix
requires installing the HTML::FormatExternal module, and having an
external tool (w3m, elinks, etc) installed on the server.

It also introduces indexed full-text searching for MySQL without the
need to recompile MySQL to use the external Sphinx tool; instead, a
MyISAM table is used for indexing.  On MySQL 5.6 and above, an
additional InnoDB table can also be used.

The complete list of changes includes:

General user UI
 * Speed up the default simple search on all FTS-enabled installs by not
   OR'ing it with a Subject match.  This returns equivalent results for
   almost all tickets, and allows the database to make full use of the
   FTS index.
 * Pressing enter in user preference form fields no longer instead
   resets the auth token (#19431)
 * Pressing enter in ticket create and modify form fields now creates or
   updates the ticket, instead being equivalent to "add more
   attachments", or the "search" on People pages (#19431)
 * Properly encode headers in forwarded emails that contain non-ASCII
   text (#29753)
 * Allow users to customize visibility of chart/table/TicketSQL in saved
 * Allow groups to be added as requestors on tickets
 * Perform group searches case-insensitively on People page (#27835)
 * Ticket create transactions for tickets created via the web UI now
   contain mocked-up From, To, and Date headers; this causes them to
   render more correctly when forwarded
 * Update wording of error message for saved searches without a
   description (#30435)
 * Flush TSV download every 10 rows, for responsiveness
 * Retain values in Quick Create on homepage if it fails (#19431)
 * Limit the custom field value autocomplete to 10 values, like other
   autocompletes (#30190)
 * Fix a regression in 4.0.20/4.2.4 which caused some users to have
   blank homepages (#30106)
 * Fix styling on "unread messages" box on Ballard and Web2 themes
 * Fix format of Date headers in RSS feeds (#29712)
 * Adjust width of transaction date to accommodate all date formats
 * Allow searching for tickets by queue lifecycle

 * Fix server name displayed at password prompt when RT is deployed at
   a non-root path like /rt (#22708)

 * If the optional HTML::FormatExternal module is installed, use w3m,
   elinks, links, html2text, or lynx to format HTML to text.  This
   addresses problems with the pure-Perl HTML-to-text converted which
   resulted in blank outgoing emails.  (#30176)
 * Add support for native (non-Sphinx) indexed full-text search on
   MySQL.  This uses the InnoDB fulltext engine on MySQL 5.6, and an
   additional MyISAM table on prior versions of MySQL.
 * Support MySQL database names with dashes in them (#7568)
 * Properly escape quotes and backslashes in config options in web
   installer (#29990)
 * Increase length of template title form input
 * Clarify wording on updating old Organization values by rt-validator
 * Resolve a runtime error for SMIME without secret keys (#30436)
 * Empty email addresses are no longer caught as being "an RT address"
   if there exist queues without Correspond addresses set (#18380)
 * Allow Parents/Children/Members/MemberOf in CreateTickets action
 * Allow RT-Originator to be overridden in templates
 * Ensure that HTML-encoded entities are indexed in FTS
 * Fix uninitialized value warnings from charts grouped by date
 * Remove no-op $CanonicalizeOnCreate configuration variable;
   RT::User->CanonicalizeUserInfo is always called
 * Make NotifyGroup action respect AlwaysNotifyActor argument
 * Fix X-RT-Interface header on incoming email on existent tickets
 * Warn on startup if queues have invalid lifecycles set (#28352)

 * Add AfterHeaders callback to ShowMessageHeaders
 * Update all upgrade steps to use .in files (#18856)
 * Add policy tests to enforce the new upgrade step standards
 * Remove +x bit from multiple non-executable files
 * Make Obfuscate callback in configuration options be passed the
   current user, as was documented
 * Remove obsolete _CacheConfig parameters
 * Preferentially use IN rather than multiple OR clauses
 * Respect RowsPerPage for external custom field values
 * Localize default statuses from, instead of hardcoding
 * Add callbacks within Dates box after each type of Date
 * Pass the CustomFieldObj down to CustomFieldValue objects intact, so
   its ContextObj can be inspected; this is particularly useful for
   external custom fields.
 * Allow more than one right per @ACL in initialdata
 * Don't hardcode share/html in tests, for non-default layouts
 * Base detection of new themes on presence of main.css file, not
   base.css file (#30554)
 * Allow for relative "lib" in @INC when running tests
 * Allow EditComponentName customfield callback to alter Rows/Cols

 * Memory usage improvements in both serialization and import
 * Templates, Scrips, and ObjectScrips now serialize correctly
   when not cloning

 * Document how to enable un-indexed full-text-search, and its drawbacks
 * Note that after restoring from backups, PostgreSQL may need to have
   statistics updated
 * New documentation on writing portlets
 * Add an =pod directive so the first paragraph of UPGRADING is not
 * Clarify when UPGRADING-x.y steps should be run
 * Better document known bugs with Sphinx FTS
 * Add missing semicolon on Shredder suggested indexes

Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 30 00:20:44 2014 UTC (9 years ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.6: +5 -0 lines
Diff to previous 1.6 (colored)

Update to 4.2.9

RT 4.2.9 -- 2014-10-29
General user UI
* Fix Subject header during ticket printing (#30362)
* Comparisons of long text Custom Fields were erroneously reporting
  updates (#30378)
* Broken logo link for the mobile UI when used with $WebPath
* No longer leak base64 data to non-english users who change a Dashboard
  subscription and futureproof for other Attribute updates (#24665)
* Previous column selection is remembered when updating search formats (#16972)
* Charts could return quadrupled data for aggregate data (such as Time
  Worked) depending on your rights configuration.
* Charts can now be grouped by Priority
* Ticket Creation form now leaves Requestor blank on page reload if you
  cleared it out.

* "check to delete all values" is now localized

* BeforeDue action now accepts 2D as well as 2d (#30449)
* bin/rt no longer shows a default Due date unless one is configured
  on the Queue. Additionally, Starts and Due are served in your time
  zone (#20334)

* Improvements to the layout of the Group Members page

* Fix tests that used send_via_mailgate to properly check returns (#19156)
* Improvements to rt-static-docs for generating online documentation
* Proper warnings testing for cf_date tests
* Remove unused code to render Rules during replies/comments
* Undo a regression that meant Custom Fields passed to Ticket->Create
  needed to be readable by the user creating the ticket.

* Add a mention of SelfService to the documentation of $AllowUserAutocompleteForUnprivileged
* Update our backups documentation to cover restoring from the suggested

RT 4.2.8 -- 2014-10-02
General user UI
 * Properly hide ticket list when MoreAboutRequestorTicketList is set to

 * Allow text in Squelch box on ModifyPeople page to be translatable.
 * Updated German, Basque, French, Hungarian, and Russian translations.

 * Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative
   to name
 * Stop calling the deprecated _SQLLimit method when limiting by
   transaction date
 * Stop hiding the value of the AllowLoginPasswordAutoComplete setting
   in System Configuration (#30417)
 * Resolve CVE-2014-7227, arbitrary execution of code by privileged
   users via SMIME by way of CVE-2015-6271.

 * Add a ModifyMaxResults callback for Autocomplete endpoints
 * Properly pass collection class to ColumnMap in /Elements/TSVExport

 * Update POD for AddRoleMember/DeleteRoleMember being in
   RT::Record::Role::Roles now, not RT::Record.

RT 4.2.7 -- 2014-09-11
General user UI
 * Fix algorithm for determining which links to display in ticket
   relationship graphs with a MaxDepth
 * Use "Correspondence added" or "Comment added" rather than the general
   "Message recorded"
 * Loading saved charts should load all of their settings (#29015)
 * Stop fixing the width of "New ticket in" button (#27649)
 * Record transactions in ticket history when attachments were dropped
   or truncated due to $MaxAttachmentSize
 * Still delay transaction loading when "full headers" have been
 * Add an "overdue" class on Due columns, to match DueRelative columns.
 * Only show "overdue" class if the ticket status is still active
 * Fix styling of "There are unread messages" box in aileron
 * Keep date and datetime custom field inputs during failed ticket
 * Silence warnings from emails without Content-Transfer-Encoding
 * Silence warnings on user modify pages for disabled users
 * Let custom field grouping boxes link on Display pages link to the
   appropriate anchor on editing pages (#30195)

 * Localize "Recursive" column title in group memberships page
 * Additional missing locstrings for numerous titleboxes
 * Stop translating titles piecemeal in SelfService (#14736)
 * Updated Catalan, German, Basque, Italian, Japanese, Dutch, Brazilian
   Portuguese, and Russian translations

 * Reduce values queried using "rt ls" to only those displayed; this
   speeds request time significantly when a large number of custom
   fields are applied
 * Add -s option to "rt comment", to set status when adding a comment or
   correspondence (#30375)

 * Add %AdminSearchResultRows configuration for altering the number of
   rows per page of object types in the administrative interface
 * Add an additional suggested index on Attachments' Creator for
   deleting users with Shredder
 * Fix rt-dump-metadata, by removing PrivateKey from _Accessible
 * Rework internals dealing with characters/bytes, for better internal
   consistency, and su support DBD::Pg 3.3.0 and above.
 * Provide rt-mailgate version in User-Agent string (#18420)
 * Reword errors given for rt-crontool when no valid user is found
 * Show the right error message when rt-crontool fails to load a module
 * Properly detect when rt-server is called without --listen
 * Detect auto-generated mail in the presence of multiple Precedence:
 * Strip non-word characters from custom field variable names in Simple
   templates; this allows use of custom fields with spaces (#18446)
 * Streamline 3.8 -> 4.0 and 4.0 -> 4.2 upgrade steps by reducing the
   number of ALTER TABLE calls that are run, adding/dropping multiple
   columns at once (#21309)
 * Remove LogoImageHeight and LogoImageWidth configuration varables,
   which had no effect (#26827)

 * Add a callback to manipulate which link types are displayed on
 * Allow Object to be a subref in @Attributes in initialdata, to allow
   for attributes on arbitrary objects
 * Ignore vim swap files when testing
 * Allow the SuccessfulLogin callback to alter where RT redirects to
 * Add a callback to alter arguments to Showhistory
 * Consistently use ->_GroupingClass when determining record class for
   grouping lookup.
 * Allow ->Deprecated to take a loglevel
 * Switch from MIME::Head->set(), deprecated for the last 16 years, to
   ->replace() (#18417)

 * Correct documentation on where Shredder places sqldump files (#19167)
 * Consistently use say 1/0 instead of true/false in
 * Document how ordering in lifecycle transitions controls ordering in
   the status drop-down

RT 4.2.6 -- 2014-07-16
General web UI
 * Fix a regression introduced in 4.2.4, which caused lack of formatting
   of plain text when responding via the rich text editor.
 * Allow tables in HTML mail if the optional HTML::Gumbo dependency is
 * Fix a regression in 4.2.5 which prevented core date fields (Due,
   Starts, etc) from being unset (#30180)
 * Hide empty transaction custom fields when they have no value; this
   fixes a regression in 4.2.1 where transaction custom fields began
   displaying on all transactions. (#29757)
 * Allow searching on requestor city, state, zip, and country in query
   builder (#26960)
 * Don't attempt to parse IP/Date(time) CFs if the value is NULL; this
   prevents warnings.
 * Remove border-radius: 0 to allow Firefox to use native text entry
   widgets (#28233)
 * Allow Firefox to reflow the data table below the chart on rudder
 * Whitelist user search from CSRF restrictions
 * Only include closing paren in MakeClicky link if it included an open
   paren (#29064)
 * Canonicalize CF values (including dates, IP addresses, and IP ranges)
   before comparing to the database value; this prevents spurious
   "changed from a to a" messages.
 * Allow downloading 0-length files if they have a filename (#9050)
 * Quick Create now defaults to the lifecycle's default create status,
   instead of hardcoding "new"
 * Show Wikitext CFs in bulk update
 * Add autocompletion to link boxes on bulk update

 * Add localization strings for Articles admin pages
 * Add localization strings for user "Create Ticket" user summary portlet
 * Add new #loc{key} form, to allow for more concise Lifecyles in config
 * Updated German translation

Web administration
 * Provide a default Category on External custom fields, for performance
 * Provide a new "Notify Owner or AdminCCs" action
 * Move search widgets for custom field admin interface to the top of
   the page, to match other admin pages
 * Use "LIKE" as the default search operator in the queue admin interface
 * Enable searching by Lifecycle and SubjectTag in the queue admin
 * Add SubjectTag to the default AdminSearchResultFormat for queues
 * Move Disabled to the last column of the default Queue admin search
   result format, to match Scrips
 * Add Disabled column to AdminSearchResultFormat for Classes,
   CustomFields, Groups, and Users
 * Add Disabled ColumnMap entry for Classes, Groups, and Users
 * Prevent RT from locking up if a too-large image was uploaded for the
   logo (#29929)
 * Fix bugs in cascaded CFs of radio buttons and checkboxes when
   categories contained spaces or periods.
 * Quiet "No valid Type specified" warnings from queue watcher page for
   user search results that were left blank (#29993)

Server administration
 * DBD::Pg 3.3.0 conflicts with RT's UTF-8 handling; for this release,
   it has been blacklisted.  If you are using PostgreSQL as your
   database and have DBD::Pg 3.3.0 installed, you will need to download
   and install DBD::Pg 3.2.1 from CPAN.
 * Allow the validator to fix incorrect values for Owner (#28403)
 * Fix a regression in 4.2.5 which caused errors when calling
   rt-crontool with a numeric --template argument.
 * Quiet warnings in the 4.2.2 upgrade step for users upgrading from
 * Add not_member_of restriction for User shredder plugin
 * Warnings avoidance for RT::Attachments->Address when run as the
   System User
 * Update logo attribute as the current user, to allow auditing of who
   changed it last
 * Alter Links table on MySQL to support Unicode URLs (#19338)
 * Warn on non-ASCII right names (#19339)
 * Support Sphinx builds compiled with --enable-id64
 * For compatibility with RT::Extension::MergeUsers, ensure that
   Shredder checks that a user (possibly resolved from a merged user) is
   valid before attempting to shred them
 * Correctly detect presence of graphviz binary (`dot`), instead of, for perl dependency calculation
 * When merging instances with identical $Organization values, do not
   qualify groups and queues

 * Move AboutThisUser callback back to /Ticket/Elements/ShowGroupMembers
   where it appears to originate, from where RT 4.2.0 accidentally moved
   it, /Elements/ShowPrincipal/AboutThisUser
 * Move all runtime module loading to UNIVERSAL::require
 * Correct error message from RT::Date->Timezone
 * Simplify code to assume Postgres 8.4, as RT 4.2 requires
 * Add more class and id attributes to user admin pages and preferences
 * Pass right number of arguments to sprintf, for Perl 5.22
 * Move sbin/rt-message-catalog into devel/tools and streamline to unify
   with Launchpad import format
 * Adjust more tests for RT_TEST_WEB_HANDLER=inline
 * Remove dependency checks in t/, as they are covered by required
   developer dependencies

 * Improved documentation for RT::Date
 * Link POD, URLs, and emails in HTML generated from README
 * Document "Satisfy any" technique for allowing rt-mailgate to post to
   RT when $WebRemoteUserAuth and Apache authentication is used
 * Document explicit steps for adding a new status to a lifecycle

Revision 1.6 / (download) - annotate - [select for diffs], Sun Jul 6 06:32:32 2014 UTC (9 years, 4 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3
Changes since 1.5: +15 -3 lines
Diff to previous 1.5 (colored)

Update to 4.2.5 from 4.2.1

This release is primarily a bugfix release; most notably, it explicitly
updates a dependency to fix a previously-announced security
vulnerability, resolves two serious bugs in the serializer, and fixes
the "paste" feature in the Rich Text editor.

Updated dependencies
 * Updated Email::Address::List dependency, to resolve CVE-2014-1474,
   as was previously announced in
 * Bump CGI dependency (under perl 5.20 and above, only) to quash
   warnings about's deprecation in core (#29053)

 * Serialize binary data as binary, not as UTF-8 codepoints; this fixes
   a regression introduced in 4.2.3 which corrupted all binary data in
   serialized data.
 * Serialize ObjectScrips when cloning, which had been mistakenly
   omitted; this only partially resolves #29949, as it does not address
   serialization of ObjectScrips when not cloning.

General web UI
 * Force CKEDITOR_BASEPATH; this fixes errors during pasting into the
   Rich Text editor (#29780, #29987)
 * Ticket autocompletion (for links) is more predictable when completing
   on strings containing numbers (#25755)
 * Fix "Show Outgoing Email" and Reply/Comment/Forward links in
   Approvals (#29800)
 * Correctly decode text/html parts of old (RT 3.6.5 and prior) emails

 * Updated localizations (German, Greek, Slovak, Lithuanian)

Web administration
 * Display clean Stage name in ColumnMaps (#28739)
 * Add Scrips Select/Create menu, and maintain context on which list of
   Scrips the Select page should link to (#28787)
 * Granting rights to new groups no longer requires clicking in textbox
   twice in Firefox (#29911)

Server administration
 * Log when Encode::HanExtra would be useful in decoding emails, and
   make use of it if it is available.
 * Squash warnings in 4.1.17 upgrade step (#29595)
 * Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop
   sequence after dropping the table; avoids bugs on upgrading in a
   previously-upgraded database
 * Stop hardcoding the list of available themes, instead auto-detecting
   new themes as they are added (#14667)
 * Explicitly point to $AutocompleteOwners setting in warning that RT is
   switching to the autocompleter due to too many owners.
 * Remove caching of template object in rt-crontool; this fixes a bug
   where the same content would be sent on all tickets (#29454)
 * rt-fulltext-indexer now locks, to prevent more than one instance from
   running at once (#17423)

 * Add BeforeMessageBox callback in ModifyAll.html for parity with
   Create.html and Update.html
 * BeforeCustomFields callback in ShowCustomFields now takes $Table parameter
 * Default callback in ShowTransaction can now modify $ShowBody
 * Add a RT::Date->IsSet method
 * Fix invalid ContextObject on RT::CustomField->LoadByName when passed
   Queue => 0; this led to invalid LookupType limits on later calls to
 * Generalize RT::CustomField->LoadByName to work with non-Queue context
   objects, and to optionally return globally-applied CFs and not
   Disabled CFs.
 * Tests now pass again using RT_TEST_WEB_HANDLER=inline
 * ->AddCustomFieldValues no longer allows adding repeated values (#4553)

 * Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1
 * Updated example plugins used in documentation, and suggest Plugin()
   over Set(@Plugins, ...)  (#29978)
 * Documentation for ColumnMap

This release is primarily a bugfix release; notable changes include:

Database changes
 * Add the AutoOpenInactive action for upgrades; clean installs of RT
   4.2.0 or higher have this action already
 * Force Lifecycle and Disabled properties of the internal __Approvals
   queue to the values RT needs to function correctly

Notable new features
 * If indexed full-text searching is enabled, the simple search will
   search in both Content and Subject.
 * Align headers of collections to their content, by default.  This
   right-aligns the "#" header of ticket collections, for instance.
 * Send caching headers for all static content; this fixes a regression
   from RT 4.0, which correctly set caching headers on static images
 * Re-order JS to optimize parallel resource fetching, and decrease load
 * Allow LIKE and NOT LIKE with Status limits (#29654)

Regression fixes
 * Resolve a regression in 4.2.3 wherein TITLE information was lost
   after parsing on the Advanced page (#29425)
 * Fix a regression in 4.2.2, which caused "select" custom fields to not
   pick up their defaults when cloning tickets (#29751)
 * Fix a regression in 4.2.2 which caused checkbox CFs to add the same
   value multiple times (#29392)
 * Fix a regression in 4.2.2 when categories were set on a CF without
   using the "based on" feature.
 * Show reminders without due dates if $OnlyOverdue is set; this fixes a
   regression from RT 4.0

 * Use "white-space: pre-wrap" when inserting plain-text into HTML
   templates.  This preserves line breaks but allows clients to wrap
   lines if need be.

 * Updated localizations from Launchpad; new Persian translation
 * Better cluing of pluralization and quantified terms for translators
 * Remove untranslatable locstrings (#29798)
 * Fix extra/missing numbers in Czech localization (#29741)
 * Remove no longer translated right names from PO files
 * Disambiguate "M" for "month" vs "megabyte"

General web UI
 * Better splitting of phrases with numbers in ticket link
 * Autocomplete email addresses in Forward page (#28441)
 * Allow non-ASCII characters in passwords (#28784)
 * Add a "Reset" button to revert homepage portlet formatting to the
   system default
 * Remove uninitialized value warnings for upgrades from RT 3.8 (#17505)
 * Allow downloading attachments whose filenames contain a leading dot
 * Prevent uninitialized value warning on search result pages with no
   query (#29699)
 * Hide user summary links in mobile UI, as there is no user summary
   page for mobile (#28788)
 * Always add the trailing delimiter when autocompleting multiple-entry
   objects, such as email addresses
 * Compress PNG images to decrease initial page load times
 * Avoid "That is already the current value" warning when changing
   between two queues with differing lifecycles but a same-name mapping
 * Don't nest <a> tags to User Summaries in queue watcher page
 * Require that saved searches have names in order to be created
 * Give a proper error when attempting to merge a ticket into itself
 * Searching for "ip version 6" no longer limits to ticket 6; the 6 is
   instead searched for in the subject. (#22470)
 * Give SystemError transactions their own CSS style
 * Fix ticket link autocompletion during ticket creation
 * Require that one or more addresses be provided to forward (#25308)
 * Respect the "color" attribute in HTML mail (#28389)
 * Rework the JS that prevented form resubmission; instead of disabling
   the submit button (which interacted poorly with the browser's back
   button), instead use an attribute on the form (#27489)
 * Squash warnings triggered by query builder when more than 50
   different users had OwnTicket
 * Serve rich text editor JS with the rest of the compressed JS; this
   ensures that it is better cached

Web administration
 * Allow external custom fields to have a "based on" category.
 * Hide the queue name, lifecycle, and disabled box on the edit page for
   the __Approvals queue; these must remain unchanged for Approvals
 * Correctly page user results in User Summary searches
 * Prevent warnings on Scrip edit pages if the user did not have global
   ShowTemplate rights

Configuration options
 * Add a new option ($AllowLoginPasswordAutoComplete) to allow the
   browser to remember user passwords on RT's login screen (#29071)
 * Add new $DefaultSearchResultOrderBy and $DefaultSearchResultOrder
   options to control the global default ordering of tickets
 * When the stylesheet is set to an unknown style, default to rudder,
   not aileron (#29132)

Server administration
 * Use one fewer database connections per rt-server process; this is
   most notable on FastCGI deployments, which spawn a number of
   rt-server processes
 * Default to connecting to sphinx via instead of localhost on
   MySQL 5.5, due to
 * rt-validator can now detect and fix links to Articles with the wrong
   $Organization set
 * Check that the version in sbin/rt-server matches the version in
   lib/RT/ during server startup
 * Follow up to 3 HTTP redirects when POSTing to the mail gateway.  This
   covers the common case of http: redirecting to https:, but the mail
   gateway referencing http: (#14114)
 * Return a status code 503 if we cannot connect to the database

 * When configuring, pull the primary group of the current user using
   perl, instead of `groups`, which may not list the primary group
 * Ensure that rt-test-dependencies re-execs itself using its full path,
   as module installations may have changed the directory (#29024)
 * Properly detect an existing database but missing schema in the web
 * On perl 5.19.3 and above, a more recent version of
   Symbol::Global::Name is required, due to core perl changes

 * Bulletproof 4.0 Articles upgrade steps by dropping tables before
   attempting to create them
 * Correct documentation path in upgrade warning
 * In database upgrades, skip the "BACK UP BEFORE THIS STEP" warning if
   the --force option was provided, which gives no change to stop at
   that point.
 * Remove a warning in the optional upgrade step

 * Allow arbitrary Content-Disposition in REST uploads (#19770)

 * Add a comment warning about the use of the SetFieldsOnce callback in
   BuildFormatString; it will be removed in RT 4.4.
 * Fix behavior of RT::Date->AddDays when passed 0 days
 * Check POD of all files
 * Allow RT::Users->WhoBelongToGroups to optionally return unprivileged
 * Provide hooks to implement a cache on MakeClicky
 * Document ExtractTicketId and ParseTicketId, as useful methods for
   local overrides
 * Update RT::CustomField->LoadByName, when called with a Queue
   argument, to return only ticket CFs; in 4.2, it also began finding
   queue CFs.  This reverts to the behavior from 4.0.
 * The Articles URI implementation is now consistent with Ticket URIs;
   ->LocalURIPrefix does not contain /article/
 * Allow @JSFiles to include files not under /static/js/ if they have a
   leading /
 * Add a generic style for reverse-color ticket titlebox tabs
 * Allow plugins to wrap the PSGI application in its entirety
 * Bulletproof role resolution for single-user roles
 * Win32 and IIS are not a supported platform; remove all lingering
   references to them
 * Allow ModifyAll.html's Default callback to change @results, like
 * Make Widgets/Form/Select honor the Multiple flag (#12447)
 * Remove extraneous direct uses of Time::ParseDate (#24498)
 * Add a callback after Attachments on ticket display
 * Fix SetDisabled's return message on failure (#29802)
 * Refactor CSV export to allow its use by non-ticket collections

 * Updated parts of RT::StyleGuide
 * Document the --no-users and --no-groups options to rt-serializer more
 * Add documentation for rt-validate-aliases
 * Remove misleading comment about "an rt-mailgate user" from
   rt-mailgate documentation
 * Remove ambiguity of direction of $CanonicalizeEmailAddressMatch and
 * Update for the ObjectScrips table, new in 4.2
 * List SQLite in documentation as a possible database backend, for
   non-production use.
 * Update suggested backup strategy on MySQL to no longer require LOCK
   TABLES privileges (#22893)
 * Note that changing queue subject tags may require altering
 * Suggest /etc/cron.d instead of root's crontab, for discoverability

This release is primarily a bugfix release; notable changes include:

Administrator tasks
 * Avoid starting a FastCGI process manager in the common case of the
   FastCGI process being started by the webserver, and communicating
   over STDIN.  This restores the behavior from 4.0, where the process
   name is the full path to rt-server.fcgi, and not the static string
   "perl-fcgi-pm" or "perl-fcgi".
 * Automatically clean out Mason cache when updated HTML is installed
   during upgrades; this should prevent a common class of errors.
 * Fix paths in rt-importer when importing from a serialized dump which
   was written to an absolute path.
 * Additional optional upgrade script for users upgrading from RT 3.8
   who previously used RT::Extension::CustomField::Checkbox.
 * Pass characters, not bytes, to _EncodeLOB during de-serialization;
   this prevents invalid UTF-8 from a serialized dump from entering the
   new database.
 * Catch and warn of additional common misconfigurations of GPG/SMIME
 * Prevent a possible infinite loop in rt-validator --resolve if
   Principal records were missing; default to forcing their creation.

 * Localization updates from Launchpad.

General user UI
 * Date and DateTime customfields now pass "mandatory" validation if
 * "1970-01-01" is now treated as "unset" for purposes of Date and
   DateTime validation.
 * Add Date and DateTime fields to bulk update.
 * Don't conduct a user search if no string was entered.
 * Signal if a user is disabled at the top of User Summary pages.
 * Resolve regression in 4.2, which caused warnings during ticket
   creation when transaction custom fields were applied.
 * Respect transaction squelching during GPG/SMIME signing and
   encryption.  Lack of public key for a squelched user will no longer
   trigger errors, for instance.
 * Resolve regression in 4.2, where the recipient squelching
   checkboxes did not properly synchronize state between users who
   appeared multiple times.
 * Adjust the bottom edge of rolled-up tabs in ticket pages.
 * Sort data groupings in charts numerically, not ASCIIbetically, if
   they all appear to be numbers.
 * Ensure that Sidebar / Body panes in dashboard configuration display
   in a consistent order on perl 5.18 and above.
 * For strict DOM compliance, move a "name" attribute on <div> to
 * Prevent "Can't call method "DependsOn" on an undefined value" error
   in bulk update if tickets were deleted.
 * Show links to tickets which are not readable by the user as numbers,
   not as blank titles.
 * Add a "ticket-active" class, as well as the current status as a
   class, to ticket links on ticket display page.
 * Fix a regression in 4.2 which caused an error when a user with
   only limited rights (Watch or WatchAsAdminCc) removed themselves as a
   watcher from a ticket or queue.
 * Allow SeeCustomField on a single queue to show its custom fields
   during search if the search is limited to that queue.

 * Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to
   already have a more recent version of, by way of perl 5.10.1.
 * Correct reminders documentation to suggest RT::Action::Notify, not
 * Documentation on writing extensions for RT.

Admin interface
 * Fix "Queue" and "QueueId" columns in admin Scrips listing to emulate
   their display in 4.0.
 * Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites
   to increase the previously-hardcoded limit of 50 users in the
   drop-down before it switched to autocompletion.
 * Correctly style warnings about Articles needing configuration.
 * Resolve regression in 4.2 in admin interface, where the current group
   and rights tab is not preserved across rights submission.
 * Show static content roots in System Configuration, alongside Mason
   content roots.
 * Catch and warn of template compilation errors, such as unbalanced

 * Improve right-checking query plan (at least on PostgreSQL 9.3) by
   de-duplicating ACL equivalence objects, and using the RT::System's
 * Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and
   sequences before attempting to create them, except on Oracle.  This
   resolves the common case of testing an upgrade before re-importing a
   backup atop it for the final upgrade, leaving the new tables still in
 * Fix a regression in 4.2 which caused rt-server to hold extra database
   handles open.  For FastCGI processes, this was one extra per FastCGI
   process; for standalone servers, only one overall.

 * MassageDisplayHeaders callback in ShowTransactionAttachments is now
   passed $ShowHeaders.
 * Callbacks in EditTransactionCustomFields are now passed $InTable.
 * MassageCustomFields callback in EditCustomField is now correctly
   passed $CustomFields.
 * Correct a typo in the documentation for MakeClicky callbacks.

 * Provide and use a GetCustomFieldInputName() function to
   programmatically determine form field names from custom field
 * Resolve a bug when associating unknown users with single-user roles;
   this primarily only affects Assets.
 * Allow consumers of /Elements/SimpleSearch to provide the placeholder
 * Default Stage for Scrips to be TransactionCreate; primarily for
   initialdata, but affects all callers of RT::Scrip->AddToObject.
 * Adjust etc/upgrade/ to avoid new
   deprecation warnings.
 * Fix precedence errors of "return ... or ..." found by perl 5.19.
 * Allow consumers of EditCustomField to specify undef $Rows or $Cols to
   omit the respective attributes during form element rendering.
 * Prevent warnings on perl 5.19 and above.
 * Allow members to be added to groups during group creation in
 * Prevent race conditions in 99-policy.t by skipping t/tmp/ and other
   volatile directories.
 * Pass Ticket object to ShowAttachments on Ticket/Forward.html, to
   allow for greater extensibility by providing more context.

This release is primarily a bugfix release; of particular note is that
it contains schema changes for MySQL.  Though the changes are limited,
it is especially important to take, and verify you can recover from, a
database backup prior to upgrading.

Also notable is that this release fixes a bug in 4.2.0 and 4.2.1 where
failures of the HTML-to-text conversion would silently cause mail to
fail to be sent.  When using the rich text editor, RT will also now
quote the the HTML parts of email, and not simply their text

Other changes include:

 * Wording fixes in Shredder
 * Clean up examples in Lifecycles documentation
 * Document additional indexes that increase performance of Shredder
 * Replace a suggested GnuPG option with one which is not deprecated
 * Note that errors reported from the GnuPG infrastructure may be caused
   by GnuPG not being configured, but having been automatically enabled.

 * Ensure that even disabled scrips get the same id-to-name change that
   other scrips got during the 4.0 -> 4.2 upgrade.
 * On MySQL, alter the character set of all columns used to store email
   addresses to UTF-8
 * Ensure that invalid byte sequences that may have snuck into the
   database previously (on earlier versions on MySQL, for instance) are
   not blindly interpreted as UTF-8 when retrieved from the database.
   As a result, invalid bytes will be returned from the API as the four
   characters "\xHH", where HH is the hexadecimal encoding of the byte.
 * Ensure that all data containing non-ASCII is quoted-printable encoded
   for PostgreSQL, instead of merely all data not claiming to be
 * Additional warnings prevention on Oracle; tests now pass cleanly
 * Allow fully-automated database upgrades using --upgrade-from and
   --upgrade-to options to rt-setup-database
 * Clean out any remaining traces of RTFM that lingered in custom fields
   and custom field values that were disabled at the time of the
   previous upgrade step.
 * Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition

 * Install rt-serializer and rt-importer into sbin/
 * Ensure that incremental upgrade steps only run on incremental
   serializations, not all exports
 * Fix a runtime error in the incremental upgrade path to 4.2
 * Ensure that inflated Users and Groups are created with the same id as
   their Principal
 * Disable in-memory record caching when serializing and importing to
   improve performance
 * Only search non-Disabled custom fields when looking up BasedOn in
   initialdata files
 * Set up logging properly; warnings are now displayed during
   serialization and importing

 * Don't die if HTML -> text conversion throws an error, which would
   silently prevent outgoing mail from being sent.  Instead, fall back
   to just sending text/html with no text/plain
 * Replying to an HTML mail with the rich text editor will now quote the
   HTML part, not the equivalent text version.
 * Set a transfer encoding on outgoing dashboards; this resolves issues
   with long lines when using the Sendmail MTA.
 * Cope with mangled and overly-quoted recipient headers occasionally
   generated by Outlook.

General user UI
 * Stop localizing custom field names, for consistency
 * Show a useful error on "show outgoing mail" if the user has no rights
   to see the page, rather than displaying an empty page.
 * Adjust UI to not block header on "show outgoing email" page
 * Hide the Take and Steal menu items if you already own the ticket,
   closing a regression in 4.2.0 and above.
 * Autocompletion custom fields now properly autocomplete when placed in
   custom field groupings
 * Improve rendering on Internet Explorer 6
 * Fix cascaded custom fields on Internet Explorer 8 and below.
 * Fix third-level cascading custom fields, broken in 4.2.1
 * Minor rendering bugs with Charts placed on homepages and dashboards
 * Whitelist "show outgoing email" and chart results from CSRF
 * RT 4.0.7 introduced a performance regression when building ticket
   searches that query Links; switch back to a much better-indexed
 * Fix "Clone ticket" functionality with Select-multiple custom fields.
 * Show the queue ID for the current queue in the ticket edit page, even
   if the user does not have SeeQueue; this prevents the user from
   accidentally changing the queue.
 * Respect custom field groupings on user preferences page

Query Builder
 * Warnings avoidance for searches with more than 1000 results.
 * Allow IS NULL to search for dates which are unset
 * Properly quote CF names containing non-ASCII characters in query
   builder, broken since 4.2.0
 * Add "UpdatedBy" TicketSQL limit

 * Correct a package load order problem which prevented the web
   installer from working since 4.2.0
 * Report the correct setting name in rt-validate-aliases
 * Fix real-time updating of Theme CSS on Internet Explorer 8 and below
 * Fix a minor display bug in the CF Admin pages, where the queue number
   instead of queue name would be displayed in requests shortly after
   server startup.
 * Add "Extra Info" as a possible field for "More About Requestor"

 * Allow searching for users, queues, and groups in REST
 * Prevent a server error when attempting to guess content-type in the
   REST interface.

 * Allow running tests with an explicit set of plugins enabled.
 * Custom Action and Condition packages (as supplied by extensions;
   these are not the text entry boxes in the UI) are now loaded at
   server startup time, to catch compile-time errors in such classes
   early as well as reducing RT's memory footprint on mod_perl.
   Previously, these errors would have logged errors only when their
   Scrip failed to fire.  This restores the behavior found in RT 3.8,
   which was mistakenly removed in RT 4.0.0.
 * Additional callbacks, including in charts, and on ticket reply pages
 * Remove an unused Makefile target

Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 17 11:10:40 2014 UTC (9 years, 5 months ago) by markd
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.4: +162 -78 lines
Diff to previous 1.4 (colored)

Fix PKG_SYSCONFDIR and VARDIR handling, similar to rt3 package.
Fix installing of update scripts (find using the non portable "-not")
Bump PKGREVISION.   OK'ed by ryoon.

Revision 1.4 / (download) - annotate - [select for diffs], Wed Jan 1 03:31:50 2014 UTC (9 years, 11 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.3: +563 -566 lines
Diff to previous 1.3 (colored)

Update to 4.2.1

This release is primarily a bugfix release; notable changes include:

  * Resolve numerous issues with the 4.0 -> 4.2 upgrade steps on Oracle
  * In-database sessions on Oracle are no longer truncated at 8k,
    leading to spurious logouts

Internet Explorer:
  * Fix submission issues under Internet Explorer

Rich text editor:
  * If returning to a reply/correspond page with the back button, the
    rich text editor will no longer double-escape previously written

  * Fix an empty 'text/plain' part when tickets are created using the
    REST interface.

Other bugfixes:
  * Optimize transaction display code to speed up long ticket displays
    by short-circuiting transaction custom field checking.
  * Supply a default $PATH for SMIME and GnuPG under FastCGI
  * Support index upgrade steps on Pg when in a custom schema
  * Close a memory leak in ColumnMap
  * Fix "check all" checkboxes for new jQuery version
  * Secondarily sort user ticket lists by id, as well as priority.
  * Remove call to deprecated function used by PreviewScripMessages
  * Many localization fixes (thanks to Emmanuel Lacour)
  * Show customized rights in their correct tabs
  * Ensure RFC2822 date format uses two-digit days in output
  * Display iCal dates in the user's timezone, resolving off-by-one
    errors for timezones significantly off from GMT.
  * Correctly parse complex format strings for listing in the bottom of
    the Query Builder

  * Move ModifyQueryProperties callback to before its values are used
  * Additional callbacks on ticket modify pages
  * Additional callbacks on ticket reply/comment page
  * Additional callback on search results page
  * Additional callback before transactions in history list
  * Allow header callback to modify %ARGS

  * Allow bulk update to delete _all_ CF values for a given CF
  * Support CF.Foo in columnmaps, in addition to CF.{Foo} and
  * Autocompletion CFs now autocomplete in search builder
  * Support cascaded selects with any combination of listbox, dropdown,
    and radio button
  * Support ShowUnreadMessageNotifications in SelfService

RT 4.2.0 -- 2013-10-03

We're incredibly pleased to announce the availability of RT 4.2.0 - the
first release for the next major version of RT.  This release adds
exciting new functionality, as well as streamlining and generalizing the

When upgrading, please be sure to review the upgrading documentation
available in docs/UPGRADING-4.2, as there are a number of
backward-incompatible changes that come along with the new version
number.  Upgrading documentation is also available at

a24bd767263cdcee92bf52c6b06a1a573aa0a615  rt-4.2.0.tar.gz
0717fd7d928efaadba2228de855c014e6be735cb  rt-4.2.0.tar.gz.asc

A partial list of the new features in RT 4.2.0 is included below, and on  Many of the new features will also
be described and demoed in a series of blog posts on in the coming weeks.

If you have questions as you upgrade, please don't hesitate to write to for community support.  If you'd rather
have professional support from the folks who built RT, drop us a line at

 - Alex Vandiver, for Best Practical

  * Much improved reporting via search result charting
      - Multiple group by and statistic calculations in a table
      - Time statistics such as average, minimum, and maximum durations
        between Created and Resolved, Created and Started, Started and
        Resolved, and more.
      - More robust layout of charts

  * Increased performance for searches and ticket pages
      - Faster searches on all databases (especially Pg)
      - Ticket pages load quicker
      - Menus load before the rest of the page is loaded
      - History is loaded asynchronously
      - Faster serving of static assets

  * Scrips per queue
      - Apply scrips globally or ad-hoc to individual queues, a la custom
      - Less duplication of scrips and/or need for empty templates

  * Custom field groupings
      - Display CFs in configurable groupings (boxes) on the ticket
        display/edit pages
      - Includes arbitrary grouping names as well as standard ticket
        groupings (Basics, Dates, People, Links, etc.)

  * User summary pages

      - Display information about users such as tickets, history, groups,
      - An extended "More about requestors" page for any user
      - Easy to get to via links and user search

  * HTML templates enabled by default for new installs, available for
    upgrades too

  * History improvements
      - Rich text/HTML messages are preferred for display by default
      - Images are inlined with text in ticket history display instead of
        presented at bottom
      - Clickable users, tickets, articles, and other items

  * Many interface improvements, such as:
      - Per-user preferences for the dashboards which appear in the Home
      - Floating page menu for quicker access to ticket actions, subpages,
      - Autocomplete for ticket links, including when merging
      - Autocomplete available to self service users
      - Improved CF and links display in search results
      - Sticky simple search for quick search refinements
      - Attachments on reply can no longer be mixed up when replying to
        multiple tickets at once
      - ReassignTicket right to assign tickets without stealing first;
        useful for managers

  * S/MIME support integrated with GnuPG support
      - Decrypt and verify incoming GPG and SMIME messages
      - Send all outgoing messages as either GPG or SMIME

  * Migration tools
      - Migrate from one database type to another (MySQL, Pg, Oracle)
      - Merge multiple RT instances together

  * Thousands of bug fixes; nearly 2000 commits totalling more than
    250,000 lines of code changed.

This release is primarily a bugfix release; most notably, it addresses
compatibility issues with recent versions of the Encode perl module.
Notable changes include:

 * Cope with Encode version 2.33 and later, which altered their internal
   functionality and caused RT to double-encode Subject lines in
   outgoing email.
 * Fix HTML rendering errors in dashboard emails.
 * Fix overzealous quoting around decoded MIME words.

 * In the rights UI, entering the name of a user or group which already
   has rights will now correctly select them for rights granting, as if
   their name had been selected.
 * Display types in the "applies to" dropdown for custom fields in
   consistent order
 * Paginate the Queues list in the administrative interface into 50
   results per page.
 * Support for cascading selections with a multiple-select parent.
 * Clarify that $ParseNewMessageForTicketCcs only applies to new, and
   not existing, tickets.
 * Clarify how an undefined $RTAddressRegexp is treated, and that it
   does not come at any notable performance penalty.

 * Fix verbosity of syslog messages; now only the 'debug' level includes
   originating filename and line.
 * Include process ID in log messages, for ease of isolation in a
   multi-process environment.
 * Log the From: address of incoming mail which triggered an error, for
   ease of debugging.

Other Bugfixes
 * Avoid linking trailing punctuation, or html tags, in URL anchors in
 * Fix the Quick Search (QueueSummary) portlet when non-lowercase statuses are used.
 * Show Date and DateTime custom fields in the user's format and time
   zone in search results.
 * Allow rt-email-group-admin to be passed an email address that RT is
   not already aware of.
 * Show submitted content from the user on errors in REST submission,
   for ease of re-editing and re-submission.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Aug 24 00:27:50 2013 UTC (10 years, 3 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.2: +42 -0 lines
Diff to previous 1.2 (colored)

Update to 4.0.17

RT 4.0.17 -- 2013-08-02

This release fixes an important regression in the upgrade script
included in 4.0.14, 4.0.15, and 4.0.16.  Attempting to upgrade from 3.x
would skip key upgrade steps.  New installs, and sites upgrading from
within the 4.0.x series, are unaffected.

RT 4.0.16 -- 2013-07-29

This release fixes an important regression in the Shredder tool included
in 4.0.14 and 4.0.15.  Attempting to run the Shredder tool from the
command line would fail with a compile-time error.

4.0.15 Release Notes


This release fixes an important regression in the ugprade scripts
included in 4.0.14.  If you attempted to upgrade from 3.8 with the RT
FAQ Manager tables (FM_*) in your database, one of the upgrade scripts
would error out.

4.0.14 Release Notes


This release is primarily a bugfix release. It also contains automated
tests for security vulnerabilities announced on 2012-10-25.

* Ticket watcher searches that involve a large number of ORs will now
  use a much-improved SQL query, instead of the old many-join solution.
* Do a better job wrapping text before quoting it in a reply.
* Simple search now supports to search for tickets
  requested by users with email addresses ending in
* If our display parsing of an HTML attachment fails for known reasons,
  a better error message is provided, directing admins to contact us with
  a sample.
* Tickets created via the REST interface can provide attachments.
* Comments and Replies in the REST interface may include a Content-Type.
* RT's Quote recognition now triggers on > and ignores things like
  !,|,#,% etc.  This should resolve a number of false positives.
* RT is now compatible with perl 5.18.0.

* Resolve several corner cases where RT's database handle can be
  disconnected unexpectedly.
* When a TicketSQL query fails, report that failure to the user rather
  than silently displaying an empty ticket list.
* Display and add attachments to tickets in alphabetical rather than
  random order.
* Ensure that LifeCycle statuses are compared case-insensitively.
* Report Reminder creation/updates back to the user more consistently.
* Ensure that Reminders are created in the reminder_on_open LifeCycle
* The Bookmarks portlet is no longer unlimited and obeys standard
  homepage restrictions.
* Display non-ticket links in search result formats.
* RT::CurrentUser->Attributes now returns attributes for the relevant
  User, resolves a bug noticed in RT-Extension-MergeUsers.
* Always filter empty OrderBy directives, which may come from old saved
  search preferences.
* Uploaded attachments are now always marked Content-Disposition: attachment.
* Allow Custom Field Values to change case.
* The error message for Truncated Attachments is now marked text/plain
  rather than plain/text.
* When bulk updating Tickets with Transaction Custom Fields, the
  list of Transaction Custom Fields is based on the Queues of the
  Tickets displayed, not the Queues of the Tickets updated in the
  previous update.

* Clarify the cause of certain PostgreSQL full text indexing errors.
* Remove an error preventing logging of an actual error related to
  problems storing sessions.
* Clean the lock files used for file based sessions more aggressively.
* SetOutgoingMailFrom will now accept an email address to be used
* OverrideOutgoingMailFrom now falls back to the global
  CorrespondAddress if the Queue does not declare one.
* rt-setup-database now prints the DatabasePort when describing the
  database it is modifying.
* rt-setup-database tries to detect when it is being run from an invalid
  location or being given an invalid upgrade directory.
* rt-setup-database detects an upgrade running on Pg 9.2 and directs the
  admin to install a newer DBD::Pg.
* rt-email-digest no longer prints output when sending digests unless
  the --verbose flag is passed.

* CleanSlate on collections more thoroughly resets the collection.
* A new callback and better support for JS/CSS tweaking of our
  Autocompleter display formats.
* New warning when an RT::URI::* resolver object cannot be created.
* Extensions may use rt-setup-database --action upgrade --package
  extension to provide RT's friendlier upgrade infrastructure.
* Refactoring of TicketSQL parse to support TxnCF.{CFName} or
  QueueCF.{CFName} in the future.

* Correct the example backup `date` command in backups.pod
* MailCommand's testfile argument is now documented.
* Multiple cleanups to better support
* RT::Classes and RT::Principals now default to honoring the Disabled flag.

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jun 11 13:55:16 2013 UTC (10 years, 5 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.1: +3 -0 lines
Diff to previous 1.1 (colored)

Update PLIST.

Revision 1.1 / (download) - annotate - [select for diffs], Sun Apr 21 13:59:34 2013 UTC (10 years, 7 months ago) by ryoon
Branch: MAIN

Import rt4-4.0.11 as devel/rt4.

RT is an industrial-grade ticketing system. It lets a group of
people intelligently and efficiently manage requests submitted by
a community of users. RT is used by systems administrators, customer
support staffs, NOCs, developers and even marketing departments at
over a thousand sites around the world.

This packages tracks RT 4.x branch.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>