Subject: CVS commit: pkgsrc/devel/rt4
From: Ryo ONODERA
Date: 2014-07-06 08:32:32
Message id: 20140706063232.5BFE596@cvs.netbsd.org

Log Message:
Update to 4.2.5 from 4.2.1

Changelog:
From http://bestpractical.com/release-notes/rt/4.2.5
This release is primarily a bugfix release; most notably, it explicitly
updates a dependency to fix a previously-announced security
vulnerability, resolves two serious bugs in the serializer, and fixes
the "paste" feature in the Rich Text editor.

Updated dependencies
 * Updated Email::Address::List dependency, to resolve CVE-2014-1474,
   as was previously announced in
   http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
 * Bump CGI dependency (under perl 5.20 and above, only) to quash
   warnings about CGI.pm's deprecation in core (#29053)

Serializer/Importer
 * Serialize binary data as binary, not as UTF-8 codepoints; this fixes
   a regression introduced in 4.2.3 which corrupted all binary data in
   serialized data.
 * Serialize ObjectScrips when cloning, which had been mistakenly
   omitted; this only partially resolves #29949, as it does not address
   serialization of ObjectScrips when not cloning.

General web UI
 * Force CKEDITOR_BASEPATH; this fixes errors during pasting into the
   Rich Text editor (#29780, #29987)
 * Ticket autocompletion (for links) is more predictable when completing
   on strings containing numbers (#25755)
 * Fix "Show Outgoing Email" and Reply/Comment/Forward links in
   Approvals (#29800)
 * Correctly decode text/html parts of old (RT 3.6.5 and prior) emails

Internationalization
 * Updated localizations (German, Greek, Slovak, Lithuanian)

Web administration
 * Display clean Stage name in ColumnMaps (#28739)
 * Add Scrips Select/Create menu, and maintain context on which list of
   Scrips the Select page should link to (#28787)
 * Granting rights to new groups no longer requires clicking in textbox
   twice in Firefox (#29911)

Server administration
 * Log when Encode::HanExtra would be useful in decoding emails, and
   make use of it if it is available.
 * Squash warnings in 4.1.17 upgrade step (#29595)
 * Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop
   sequence after dropping the table; avoids bugs on upgrading in a
   previously-upgraded database
 * Stop hardcoding the list of available themes, instead auto-detecting
   new themes as they are added (#14667)
 * Explicitly point to $AutocompleteOwners setting in warning that RT is
   switching to the autocompleter due to too many owners.
 * Remove caching of template object in rt-crontool; this fixes a bug
   where the same content would be sent on all tickets (#29454)
 * rt-fulltext-indexer now locks, to prevent more than one instance from
   running at once (#17423)

Developer
 * Add BeforeMessageBox callback in ModifyAll.html for parity with
   Create.html and Update.html
 * BeforeCustomFields callback in ShowCustomFields now takes $Table parameter
 * Default callback in ShowTransaction can now modify $ShowBody
 * Add a RT::Date->IsSet method
 * Fix invalid ContextObject on RT::CustomField->LoadByName when passed
   Queue => 0; this led to invalid LookupType limits on later calls to
   ->LoadByName.
 * Generalize RT::CustomField->LoadByName to work with non-Queue context
   objects, and to optionally return globally-applied CFs and not
   Disabled CFs.
 * Tests now pass again using RT_TEST_WEB_HANDLER=inline
 * ->AddCustomFieldValues no longer allows adding repeated values (#4553)

Documentation
 * Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1
 * Updated example plugins used in documentation, and suggest Plugin()
   over Set(@Plugins, ...)  (#29978)
 * Documentation for ColumnMap

From http://bestpractical.com/release-notes/rt/4.2.4
This release is primarily a bugfix release; notable changes include:

Database changes
 * Add the AutoOpenInactive action for upgrades; clean installs of RT
   4.2.0 or higher have this action already
 * Force Lifecycle and Disabled properties of the internal __Approvals
   queue to the values RT needs to function correctly

Notable new features
 * If indexed full-text searching is enabled, the simple search will
   search in both Content and Subject.
 * Align headers of collections to their content, by default.  This
   right-aligns the "#" header of ticket collections, for instance.
 * Send caching headers for all static content; this fixes a regression
   from RT 4.0, which correctly set caching headers on static images
   (#28640)
 * Re-order JS to optimize parallel resource fetching, and decrease load
   times
 * Allow LIKE and NOT LIKE with Status limits (#29654)

Regression fixes
 * Resolve a regression in 4.2.3 wherein TITLE information was lost
   after parsing on the Advanced page (#29425)
 * Fix a regression in 4.2.2, which caused "select" custom fields to not
   pick up their defaults when cloning tickets (#29751)
 * Fix a regression in 4.2.2 which caused checkbox CFs to add the same
   value multiple times (#29392)
 * Fix a regression in 4.2.2 when categories were set on a CF without
   using the "based on" feature.
 * Show reminders without due dates if $OnlyOverdue is set; this fixes a
   regression from RT 4.0

Email
 * Use "white-space: pre-wrap" when inserting plain-text into HTML
   templates.  This preserves line breaks but allows clients to wrap
   lines if need be.

Localization
 * Updated localizations from Launchpad; new Persian translation
 * Better cluing of pluralization and quantified terms for translators
 * Remove untranslatable locstrings (#29798)
 * Fix extra/missing numbers in Czech localization (#29741)
 * Remove no longer translated right names from PO files
 * Disambiguate "M" for "month" vs "megabyte"

General web UI
 * Better splitting of phrases with numbers in ticket link
   autocompletion
 * Autocomplete email addresses in Forward page (#28441)
 * Allow non-ASCII characters in passwords (#28784)
 * Add a "Reset" button to revert homepage portlet formatting to the
   system default
 * Remove uninitialized value warnings for upgrades from RT 3.8 (#17505)
 * Allow downloading attachments whose filenames contain a leading dot
   (#29700)
 * Prevent uninitialized value warning on search result pages with no
   query (#29699)
 * Hide user summary links in mobile UI, as there is no user summary
   page for mobile (#28788)
 * Always add the trailing delimiter when autocompleting multiple-entry
   objects, such as email addresses
 * Compress PNG images to decrease initial page load times
 * Avoid "That is already the current value" warning when changing
   between two queues with differing lifecycles but a same-name mapping
 * Don't nest <a> tags to User Summaries in queue watcher page
 * Require that saved searches have names in order to be created
   (#20210)
 * Give a proper error when attempting to merge a ticket into itself
   (#26407)
 * Searching for "ip version 6" no longer limits to ticket 6; the 6 is
   instead searched for in the subject. (#22470)
 * Give SystemError transactions their own CSS style
 * Fix ticket link autocompletion during ticket creation
 * Require that one or more addresses be provided to forward (#25308)
 * Respect the "color" attribute in HTML mail (#28389)
 * Rework the JS that prevented form resubmission; instead of disabling
   the submit button (which interacted poorly with the browser's back
   button), instead use an attribute on the form (#27489)
 * Squash warnings triggered by query builder when more than 50
   different users had OwnTicket
 * Serve rich text editor JS with the rest of the compressed JS; this
   ensures that it is better cached

Web administration
 * Allow external custom fields to have a "based on" category.
 * Hide the queue name, lifecycle, and disabled box on the edit page for
   the __Approvals queue; these must remain unchanged for Approvals
   functionality.
 * Correctly page user results in User Summary searches
 * Prevent warnings on Scrip edit pages if the user did not have global
   ShowTemplate rights

Configuration options
 * Add a new option ($AllowLoginPasswordAutoComplete) to allow the
   browser to remember user passwords on RT's login screen (#29071)
 * Add new $DefaultSearchResultOrderBy and $DefaultSearchResultOrder
   options to control the global default ordering of tickets
 * When the stylesheet is set to an unknown style, default to rudder,
   not aileron (#29132)

Server administration
 * Use one fewer database connections per rt-server process; this is
   most notable on FastCGI deployments, which spawn a number of
   rt-server processes
 * Default to connecting to sphinx via 127.0.0.1 instead of localhost on
   MySQL 5.5, due to http://sphinxsearch.com/bugs/view.php?id=1815
 * rt-validator can now detect and fix links to Articles with the wrong
   $Organization set
 * Check that the version in sbin/rt-server matches the version in
   lib/RT/Generated.pm during server startup
 * Follow up to 3 HTTP redirects when POSTing to the mail gateway.  This
   covers the common case of http: redirecting to https:, but the mail
   gateway referencing http: (#14114)
 * Return a status code 503 if we cannot connect to the database
   (#23332)

Installation
 * When configuring, pull the primary group of the current user using
   perl, instead of `groups`, which may not list the primary group
   first.
 * Ensure that rt-test-dependencies re-execs itself using its full path,
   as module installations may have changed the directory (#29024)
 * Properly detect an existing database but missing schema in the web
   installer
 * On perl 5.19.3 and above, a more recent version of
   Symbol::Global::Name is required, due to core perl changes

Upgrades
 * Bulletproof 4.0 Articles upgrade steps by dropping tables before
   attempting to create them
 * Correct documentation path in upgrade warning
 * In database upgrades, skip the "BACK UP BEFORE THIS STEP" warning if
   the --force option was provided, which gives no change to stop at
   that point.
 * Remove a warning in the optional time-worked-history.pl upgrade step

REST
 * Allow arbitrary Content-Disposition in REST uploads (#19770)

Developer
 * Add a comment warning about the use of the SetFieldsOnce callback in
   BuildFormatString; it will be removed in RT 4.4.
 * Fix behavior of RT::Date->AddDays when passed 0 days
 * Check POD of all files
 * Allow RT::Users->WhoBelongToGroups to optionally return unprivileged
   users
 * Provide hooks to implement a cache on MakeClicky
 * Document ExtractTicketId and ParseTicketId, as useful methods for
   local overrides
 * Update RT::CustomField->LoadByName, when called with a Queue
   argument, to return only ticket CFs; in 4.2, it also began finding
   queue CFs.  This reverts to the behavior from 4.0.
 * The Articles URI implementation is now consistent with Ticket URIs;
   ->LocalURIPrefix does not contain /article/
 * Allow @JSFiles to include files not under /static/js/ if they have a
   leading /
 * Add a generic style for reverse-color ticket titlebox tabs
 * Allow plugins to wrap the PSGI application in its entirety
 * Bulletproof role resolution for single-user roles
 * Win32 and IIS are not a supported platform; remove all lingering
   references to them
 * Allow ModifyAll.html's Default callback to change @results, like
   Modify.html
 * Make Widgets/Form/Select honor the Multiple flag (#12447)
 * Remove extraneous direct uses of Time::ParseDate (#24498)
 * Add a callback after Attachments on ticket display
 * Fix SetDisabled's return message on failure (#29802)
 * Refactor CSV export to allow its use by non-ticket collections

Documentation
 * Updated parts of RT::StyleGuide
 * Document the --no-users and --no-groups options to rt-serializer more
   clearly
 * Add documentation for rt-validate-aliases
 * Remove misleading comment about "an rt-mailgate user" from
   rt-mailgate documentation
 * Remove ambiguity of direction of $CanonicalizeEmailAddressMatch and
   $CanonicalizeEmailAddressReplace
 * Update schema.dot for the ObjectScrips table, new in 4.2
 * List SQLite in documentation as a possible database backend, for
   non-production use.
 * Update suggested backup strategy on MySQL to no longer require LOCK
   TABLES privileges (#22893)
 * Note that changing queue subject tags may require altering
   $EmailSubjectTagRegex
 * Suggest /etc/cron.d instead of root's crontab, for discoverability

From http://bestpractical.com/release-notes/rt/4.2.3
This release is primarily a bugfix release; notable changes include:

Administrator tasks
 * Avoid starting a FastCGI process manager in the common case of the
   FastCGI process being started by the webserver, and communicating
   over STDIN.  This restores the behavior from 4.0, where the process
   name is the full path to rt-server.fcgi, and not the static string
   "perl-fcgi-pm" or "perl-fcgi".
 * Automatically clean out Mason cache when updated HTML is installed
   during upgrades; this should prevent a common class of errors.
 * Fix paths in rt-importer when importing from a serialized dump which
   was written to an absolute path.
 * Additional optional upgrade script for users upgrading from RT 3.8
   who previously used RT::Extension::CustomField::Checkbox.
 * Pass characters, not bytes, to _EncodeLOB during de-serialization;
   this prevents invalid UTF-8 from a serialized dump from entering the
   new database.
 * Catch and warn of additional common misconfigurations of GPG/SMIME
   integration.
 * Prevent a possible infinite loop in rt-validator --resolve if
   Principal records were missing; default to forcing their creation.

Localization
 * Localization updates from Launchpad.

General user UI
 * Date and DateTime customfields now pass "mandatory" validation if
   unchanged.
 * "1970-01-01" is now treated as "unset" for purposes of \ 
Date and
   DateTime validation.
 * Add Date and DateTime fields to bulk update.
 * Don't conduct a user search if no string was entered.
 * Signal if a user is disabled at the top of User Summary pages.
 * Resolve regression in 4.2, which caused warnings during ticket
   creation when transaction custom fields were applied.
 * Respect transaction squelching during GPG/SMIME signing and
   encryption.  Lack of public key for a squelched user will no longer
   trigger errors, for instance.
 * Resolve regression in 4.2, where the recipient squelching
   checkboxes did not properly synchronize state between users who
   appeared multiple times.
 * Adjust the bottom edge of rolled-up tabs in ticket pages.
 * Sort data groupings in charts numerically, not ASCIIbetically, if
   they all appear to be numbers.
 * Ensure that Sidebar / Body panes in dashboard configuration display
   in a consistent order on perl 5.18 and above.
 * For strict DOM compliance, move a "name" attribute on <div> to
   "data-name".
 * Prevent "Can't call method "DependsOn" on an undefined \ 
value" error
   in bulk update if tickets were deleted.
 * Show links to tickets which are not readable by the user as numbers,
   not as blank titles.
 * Add a "ticket-active" class, as well as the current status as a
   class, to ticket links on ticket display page.
 * Fix a regression in 4.2 which caused an error when a user with
   only limited rights (Watch or WatchAsAdminCc) removed themselves as a
   watcher from a ticket or queue.
 * Allow SeeCustomField on a single queue to show its custom fields
   during search if the search is limited to that queue.

Documentation
 * Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to
   already have a more recent version of, by way of perl 5.10.1.
 * Correct reminders documentation to suggest RT::Action::Notify, not
   RT::Action::SendEmail.
 * Documentation on writing extensions for RT.

Admin interface
 * Fix "Queue" and "QueueId" columns in admin Scrips listing \ 
to emulate
   their display in 4.0.
 * Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites
   to increase the previously-hardcoded limit of 50 users in the
   drop-down before it switched to autocompletion.
 * Correctly style warnings about Articles needing configuration.
 * Resolve regression in 4.2 in admin interface, where the current group
   and rights tab is not preserved across rights submission.
 * Show static content roots in System Configuration, alongside Mason
   content roots.
 * Catch and warn of template compilation errors, such as unbalanced
   braces.

Database
 * Improve right-checking query plan (at least on PostgreSQL 9.3) by
   de-duplicating ACL equivalence objects, and using the RT::System's
   id.
 * Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and
   sequences before attempting to create them, except on Oracle.  This
   resolves the common case of testing an upgrade before re-importing a
   backup atop it for the final upgrade, leaving the new tables still in
   place.
 * Fix a regression in 4.2 which caused rt-server to hold extra database
   handles open.  For FastCGI processes, this was one extra per FastCGI
   process; for standalone servers, only one overall.

Callbacks
 * MassageDisplayHeaders callback in ShowTransactionAttachments is now
   passed $ShowHeaders.
 * Callbacks in EditTransactionCustomFields are now passed $InTable.
 * MassageCustomFields callback in EditCustomField is now correctly
   passed $CustomFields.
 * Correct a typo in the documentation for MakeClicky callbacks.

Developer
 * Provide and use a GetCustomFieldInputName() function to
   programmatically determine form field names from custom field
   objects.
 * Resolve a bug when associating unknown users with single-user roles;
   this primarily only affects Assets.
 * Allow consumers of /Elements/SimpleSearch to provide the placeholder
   text.
 * Default Stage for Scrips to be TransactionCreate; primarily for
   initialdata, but affects all callers of RT::Scrip->AddToObject.
 * Adjust etc/upgrade/shrink_transactions_table.pl to avoid new
   deprecation warnings.
 * Fix precedence errors of "return ... or ..." found by perl 5.19.
 * Allow consumers of EditCustomField to specify undef $Rows or $Cols to
   omit the respective attributes during form element rendering.
 * Prevent warnings on perl 5.19 and above.
 * Allow members to be added to groups during group creation in
   initialdata.
 * Prevent race conditions in 99-policy.t by skipping t/tmp/ and other
   volatile directories.
 * Pass Ticket object to ShowAttachments on Ticket/Forward.html, to
   allow for greater extensibility by providing more context.

From http://bestpractical.com/release-notes/rt/4.2.2
This release is primarily a bugfix release; of particular note is that
it contains schema changes for MySQL.  Though the changes are limited,
it is especially important to take, and verify you can recover from, a
database backup prior to upgrading.

Also notable is that this release fixes a bug in 4.2.0 and 4.2.1 where
failures of the HTML-to-text conversion would silently cause mail to
fail to be sent.  When using the rich text editor, RT will also now
quote the the HTML parts of email, and not simply their text
equivalents.

Other changes include:

Documentation
 * Wording fixes in Shredder
 * Clean up examples in Lifecycles documentation
 * Document additional indexes that increase performance of Shredder
 * Replace a suggested GnuPG option with one which is not deprecated
 * Note that errors reported from the GnuPG infrastructure may be caused
   by GnuPG not being configured, but having been automatically enabled.

Database
 * Ensure that even disabled scrips get the same id-to-name change that
   other scrips got during the 4.0 -> 4.2 upgrade.
 * On MySQL, alter the character set of all columns used to store email
   addresses to UTF-8
 * Ensure that invalid byte sequences that may have snuck into the
   database previously (on earlier versions on MySQL, for instance) are
   not blindly interpreted as UTF-8 when retrieved from the database.
   As a result, invalid bytes will be returned from the API as the four
   characters "\xHH", where HH is the hexadecimal encoding of the byte.
 * Ensure that all data containing non-ASCII is quoted-printable encoded
   for PostgreSQL, instead of merely all data not claiming to be
   "text/plain"
 * Additional warnings prevention on Oracle; tests now pass cleanly
 * Allow fully-automated database upgrades using --upgrade-from and
   --upgrade-to options to rt-setup-database
 * Clean out any remaining traces of RTFM that lingered in custom fields
   and custom field values that were disabled at the time of the
   previous upgrade step.
 * Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition

Serializer/importer
 * Install rt-serializer and rt-importer into sbin/
 * Ensure that incremental upgrade steps only run on incremental
   serializations, not all exports
 * Fix a runtime error in the incremental upgrade path to 4.2
 * Ensure that inflated Users and Groups are created with the same id as
   their Principal
 * Disable in-memory record caching when serializing and importing to
   improve performance
 * Only search non-Disabled custom fields when looking up BasedOn in
   initialdata files
 * Set up logging properly; warnings are now displayed during
   serialization and importing

Email
 * Don't die if HTML -> text conversion throws an error, which would
   silently prevent outgoing mail from being sent.  Instead, fall back
   to just sending text/html with no text/plain
 * Replying to an HTML mail with the rich text editor will now quote the
   HTML part, not the equivalent text version.
 * Set a transfer encoding on outgoing dashboards; this resolves issues
   with long lines when using the Sendmail MTA.
 * Cope with mangled and overly-quoted recipient headers occasionally
   generated by Outlook.

General user UI
 * Stop localizing custom field names, for consistency
 * Show a useful error on "show outgoing mail" if the user has no rights
   to see the page, rather than displaying an empty page.
 * Adjust UI to not block header on "show outgoing email" page
 * Hide the Take and Steal menu items if you already own the ticket,
   closing a regression in 4.2.0 and above.
 * Autocompletion custom fields now properly autocomplete when placed in
   custom field groupings
 * Improve rendering on Internet Explorer 6
 * Fix cascaded custom fields on Internet Explorer 8 and below.
 * Fix third-level cascading custom fields, broken in 4.2.1
 * Minor rendering bugs with Charts placed on homepages and dashboards
 * Whitelist "show outgoing email" and chart results from CSRF
   protection
 * RT 4.0.7 introduced a performance regression when building ticket
   searches that query Links; switch back to a much better-indexed
   query.
 * Fix "Clone ticket" functionality with Select-multiple custom fields.
 * Show the queue ID for the current queue in the ticket edit page, even
   if the user does not have SeeQueue; this prevents the user from
   accidentally changing the queue.
 * Respect custom field groupings on user preferences page

Query Builder
 * Warnings avoidance for searches with more than 1000 results.
 * Allow IS NULL to search for dates which are unset
 * Properly quote CF names containing non-ASCII characters in query
   builder, broken since 4.2.0
 * Add "UpdatedBy" TicketSQL limit

Admin
 * Correct a package load order problem which prevented the web
   installer from working since 4.2.0
 * Report the correct setting name in rt-validate-aliases
 * Fix real-time updating of Theme CSS on Internet Explorer 8 and below
 * Fix a minor display bug in the CF Admin pages, where the queue number
   instead of queue name would be displayed in requests shortly after
   server startup.
 * Add "Extra Info" as a possible field for "More About \ 
Requestor"

REST
 * Allow searching for users, queues, and groups in REST
 * Prevent a server error when attempting to guess content-type in the
   REST interface.

Development
 * Allow running tests with an explicit set of plugins enabled.
 * Custom Action and Condition packages (as supplied by extensions;
   these are not the text entry boxes in the UI) are now loaded at
   server startup time, to catch compile-time errors in such classes
   early as well as reducing RT's memory footprint on mod_perl.
   Previously, these errors would have logged errors only when their
   Scrip failed to fire.  This restores the behavior found in RT 3.8,
   which was mistakenly removed in RT 4.0.0.
 * Additional callbacks, including in charts, and on ticket reply pages
 * Remove an unused Makefile target

Files:
RevisionActionfile
1.13modifypkgsrc/devel/rt4/Makefile
1.6modifypkgsrc/devel/rt4/PLIST
1.7modifypkgsrc/devel/rt4/distinfo
1.1removepkgsrc/devel/rt4/patches/patch-share_html_Install_Initialize.html