Path to this page:
Subject: CVS commit: pkgsrc/devel/rt4
From: Ryo ONODERA
Date: 2014-07-06 08:32:32
Message id: 20140706063232.5BFE596@cvs.netbsd.org
Log Message:
Update to 4.2.5 from 4.2.1
Changelog:
From http://bestpractical.com/release-notes/rt/4.2.5
This release is primarily a bugfix release; most notably, it explicitly
updates a dependency to fix a previously-announced security
vulnerability, resolves two serious bugs in the serializer, and fixes
the "paste" feature in the Rich Text editor.
Updated dependencies
* Updated Email::Address::List dependency, to resolve CVE-2014-1474,
as was previously announced in
http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html
* Bump CGI dependency (under perl 5.20 and above, only) to quash
warnings about CGI.pm's deprecation in core (#29053)
Serializer/Importer
* Serialize binary data as binary, not as UTF-8 codepoints; this fixes
a regression introduced in 4.2.3 which corrupted all binary data in
serialized data.
* Serialize ObjectScrips when cloning, which had been mistakenly
omitted; this only partially resolves #29949, as it does not address
serialization of ObjectScrips when not cloning.
General web UI
* Force CKEDITOR_BASEPATH; this fixes errors during pasting into the
Rich Text editor (#29780, #29987)
* Ticket autocompletion (for links) is more predictable when completing
on strings containing numbers (#25755)
* Fix "Show Outgoing Email" and Reply/Comment/Forward links in
Approvals (#29800)
* Correctly decode text/html parts of old (RT 3.6.5 and prior) emails
Internationalization
* Updated localizations (German, Greek, Slovak, Lithuanian)
Web administration
* Display clean Stage name in ColumnMaps (#28739)
* Add Scrips Select/Create menu, and maintain context on which list of
Scrips the Select page should link to (#28787)
* Granting rights to new groups no longer requires clicking in textbox
twice in Firefox (#29911)
Server administration
* Log when Encode::HanExtra would be useful in decoding emails, and
make use of it if it is available.
* Squash warnings in 4.1.17 upgrade step (#29595)
* Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop
sequence after dropping the table; avoids bugs on upgrading in a
previously-upgraded database
* Stop hardcoding the list of available themes, instead auto-detecting
new themes as they are added (#14667)
* Explicitly point to $AutocompleteOwners setting in warning that RT is
switching to the autocompleter due to too many owners.
* Remove caching of template object in rt-crontool; this fixes a bug
where the same content would be sent on all tickets (#29454)
* rt-fulltext-indexer now locks, to prevent more than one instance from
running at once (#17423)
Developer
* Add BeforeMessageBox callback in ModifyAll.html for parity with
Create.html and Update.html
* BeforeCustomFields callback in ShowCustomFields now takes $Table parameter
* Default callback in ShowTransaction can now modify $ShowBody
* Add a RT::Date->IsSet method
* Fix invalid ContextObject on RT::CustomField->LoadByName when passed
Queue => 0; this led to invalid LookupType limits on later calls to
->LoadByName.
* Generalize RT::CustomField->LoadByName to work with non-Queue context
objects, and to optionally return globally-applied CFs and not
Disabled CFs.
* Tests now pass again using RT_TEST_WEB_HANDLER=inline
* ->AddCustomFieldValues no longer allows adding repeated values (#4553)
Documentation
* Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1
* Updated example plugins used in documentation, and suggest Plugin()
over Set(@Plugins, ...) (#29978)
* Documentation for ColumnMap
From http://bestpractical.com/release-notes/rt/4.2.4
This release is primarily a bugfix release; notable changes include:
Database changes
* Add the AutoOpenInactive action for upgrades; clean installs of RT
4.2.0 or higher have this action already
* Force Lifecycle and Disabled properties of the internal __Approvals
queue to the values RT needs to function correctly
Notable new features
* If indexed full-text searching is enabled, the simple search will
search in both Content and Subject.
* Align headers of collections to their content, by default. This
right-aligns the "#" header of ticket collections, for instance.
* Send caching headers for all static content; this fixes a regression
from RT 4.0, which correctly set caching headers on static images
(#28640)
* Re-order JS to optimize parallel resource fetching, and decrease load
times
* Allow LIKE and NOT LIKE with Status limits (#29654)
Regression fixes
* Resolve a regression in 4.2.3 wherein TITLE information was lost
after parsing on the Advanced page (#29425)
* Fix a regression in 4.2.2, which caused "select" custom fields to not
pick up their defaults when cloning tickets (#29751)
* Fix a regression in 4.2.2 which caused checkbox CFs to add the same
value multiple times (#29392)
* Fix a regression in 4.2.2 when categories were set on a CF without
using the "based on" feature.
* Show reminders without due dates if $OnlyOverdue is set; this fixes a
regression from RT 4.0
Email
* Use "white-space: pre-wrap" when inserting plain-text into HTML
templates. This preserves line breaks but allows clients to wrap
lines if need be.
Localization
* Updated localizations from Launchpad; new Persian translation
* Better cluing of pluralization and quantified terms for translators
* Remove untranslatable locstrings (#29798)
* Fix extra/missing numbers in Czech localization (#29741)
* Remove no longer translated right names from PO files
* Disambiguate "M" for "month" vs "megabyte"
General web UI
* Better splitting of phrases with numbers in ticket link
autocompletion
* Autocomplete email addresses in Forward page (#28441)
* Allow non-ASCII characters in passwords (#28784)
* Add a "Reset" button to revert homepage portlet formatting to the
system default
* Remove uninitialized value warnings for upgrades from RT 3.8 (#17505)
* Allow downloading attachments whose filenames contain a leading dot
(#29700)
* Prevent uninitialized value warning on search result pages with no
query (#29699)
* Hide user summary links in mobile UI, as there is no user summary
page for mobile (#28788)
* Always add the trailing delimiter when autocompleting multiple-entry
objects, such as email addresses
* Compress PNG images to decrease initial page load times
* Avoid "That is already the current value" warning when changing
between two queues with differing lifecycles but a same-name mapping
* Don't nest <a> tags to User Summaries in queue watcher page
* Require that saved searches have names in order to be created
(#20210)
* Give a proper error when attempting to merge a ticket into itself
(#26407)
* Searching for "ip version 6" no longer limits to ticket 6; the 6 is
instead searched for in the subject. (#22470)
* Give SystemError transactions their own CSS style
* Fix ticket link autocompletion during ticket creation
* Require that one or more addresses be provided to forward (#25308)
* Respect the "color" attribute in HTML mail (#28389)
* Rework the JS that prevented form resubmission; instead of disabling
the submit button (which interacted poorly with the browser's back
button), instead use an attribute on the form (#27489)
* Squash warnings triggered by query builder when more than 50
different users had OwnTicket
* Serve rich text editor JS with the rest of the compressed JS; this
ensures that it is better cached
Web administration
* Allow external custom fields to have a "based on" category.
* Hide the queue name, lifecycle, and disabled box on the edit page for
the __Approvals queue; these must remain unchanged for Approvals
functionality.
* Correctly page user results in User Summary searches
* Prevent warnings on Scrip edit pages if the user did not have global
ShowTemplate rights
Configuration options
* Add a new option ($AllowLoginPasswordAutoComplete) to allow the
browser to remember user passwords on RT's login screen (#29071)
* Add new $DefaultSearchResultOrderBy and $DefaultSearchResultOrder
options to control the global default ordering of tickets
* When the stylesheet is set to an unknown style, default to rudder,
not aileron (#29132)
Server administration
* Use one fewer database connections per rt-server process; this is
most notable on FastCGI deployments, which spawn a number of
rt-server processes
* Default to connecting to sphinx via 127.0.0.1 instead of localhost on
MySQL 5.5, due to http://sphinxsearch.com/bugs/view.php?id=1815
* rt-validator can now detect and fix links to Articles with the wrong
$Organization set
* Check that the version in sbin/rt-server matches the version in
lib/RT/Generated.pm during server startup
* Follow up to 3 HTTP redirects when POSTing to the mail gateway. This
covers the common case of http: redirecting to https:, but the mail
gateway referencing http: (#14114)
* Return a status code 503 if we cannot connect to the database
(#23332)
Installation
* When configuring, pull the primary group of the current user using
perl, instead of `groups`, which may not list the primary group
first.
* Ensure that rt-test-dependencies re-execs itself using its full path,
as module installations may have changed the directory (#29024)
* Properly detect an existing database but missing schema in the web
installer
* On perl 5.19.3 and above, a more recent version of
Symbol::Global::Name is required, due to core perl changes
Upgrades
* Bulletproof 4.0 Articles upgrade steps by dropping tables before
attempting to create them
* Correct documentation path in upgrade warning
* In database upgrades, skip the "BACK UP BEFORE THIS STEP" warning if
the --force option was provided, which gives no change to stop at
that point.
* Remove a warning in the optional time-worked-history.pl upgrade step
REST
* Allow arbitrary Content-Disposition in REST uploads (#19770)
Developer
* Add a comment warning about the use of the SetFieldsOnce callback in
BuildFormatString; it will be removed in RT 4.4.
* Fix behavior of RT::Date->AddDays when passed 0 days
* Check POD of all files
* Allow RT::Users->WhoBelongToGroups to optionally return unprivileged
users
* Provide hooks to implement a cache on MakeClicky
* Document ExtractTicketId and ParseTicketId, as useful methods for
local overrides
* Update RT::CustomField->LoadByName, when called with a Queue
argument, to return only ticket CFs; in 4.2, it also began finding
queue CFs. This reverts to the behavior from 4.0.
* The Articles URI implementation is now consistent with Ticket URIs;
->LocalURIPrefix does not contain /article/
* Allow @JSFiles to include files not under /static/js/ if they have a
leading /
* Add a generic style for reverse-color ticket titlebox tabs
* Allow plugins to wrap the PSGI application in its entirety
* Bulletproof role resolution for single-user roles
* Win32 and IIS are not a supported platform; remove all lingering
references to them
* Allow ModifyAll.html's Default callback to change @results, like
Modify.html
* Make Widgets/Form/Select honor the Multiple flag (#12447)
* Remove extraneous direct uses of Time::ParseDate (#24498)
* Add a callback after Attachments on ticket display
* Fix SetDisabled's return message on failure (#29802)
* Refactor CSV export to allow its use by non-ticket collections
Documentation
* Updated parts of RT::StyleGuide
* Document the --no-users and --no-groups options to rt-serializer more
clearly
* Add documentation for rt-validate-aliases
* Remove misleading comment about "an rt-mailgate user" from
rt-mailgate documentation
* Remove ambiguity of direction of $CanonicalizeEmailAddressMatch and
$CanonicalizeEmailAddressReplace
* Update schema.dot for the ObjectScrips table, new in 4.2
* List SQLite in documentation as a possible database backend, for
non-production use.
* Update suggested backup strategy on MySQL to no longer require LOCK
TABLES privileges (#22893)
* Note that changing queue subject tags may require altering
$EmailSubjectTagRegex
* Suggest /etc/cron.d instead of root's crontab, for discoverability
From http://bestpractical.com/release-notes/rt/4.2.3
This release is primarily a bugfix release; notable changes include:
Administrator tasks
* Avoid starting a FastCGI process manager in the common case of the
FastCGI process being started by the webserver, and communicating
over STDIN. This restores the behavior from 4.0, where the process
name is the full path to rt-server.fcgi, and not the static string
"perl-fcgi-pm" or "perl-fcgi".
* Automatically clean out Mason cache when updated HTML is installed
during upgrades; this should prevent a common class of errors.
* Fix paths in rt-importer when importing from a serialized dump which
was written to an absolute path.
* Additional optional upgrade script for users upgrading from RT 3.8
who previously used RT::Extension::CustomField::Checkbox.
* Pass characters, not bytes, to _EncodeLOB during de-serialization;
this prevents invalid UTF-8 from a serialized dump from entering the
new database.
* Catch and warn of additional common misconfigurations of GPG/SMIME
integration.
* Prevent a possible infinite loop in rt-validator --resolve if
Principal records were missing; default to forcing their creation.
Localization
* Localization updates from Launchpad.
General user UI
* Date and DateTime customfields now pass "mandatory" validation if
unchanged.
* "1970-01-01" is now treated as "unset" for purposes of \
Date and
DateTime validation.
* Add Date and DateTime fields to bulk update.
* Don't conduct a user search if no string was entered.
* Signal if a user is disabled at the top of User Summary pages.
* Resolve regression in 4.2, which caused warnings during ticket
creation when transaction custom fields were applied.
* Respect transaction squelching during GPG/SMIME signing and
encryption. Lack of public key for a squelched user will no longer
trigger errors, for instance.
* Resolve regression in 4.2, where the recipient squelching
checkboxes did not properly synchronize state between users who
appeared multiple times.
* Adjust the bottom edge of rolled-up tabs in ticket pages.
* Sort data groupings in charts numerically, not ASCIIbetically, if
they all appear to be numbers.
* Ensure that Sidebar / Body panes in dashboard configuration display
in a consistent order on perl 5.18 and above.
* For strict DOM compliance, move a "name" attribute on <div> to
"data-name".
* Prevent "Can't call method "DependsOn" on an undefined \
value" error
in bulk update if tickets were deleted.
* Show links to tickets which are not readable by the user as numbers,
not as blank titles.
* Add a "ticket-active" class, as well as the current status as a
class, to ticket links on ticket display page.
* Fix a regression in 4.2 which caused an error when a user with
only limited rights (Watch or WatchAsAdminCc) removed themselves as a
watcher from a ticket or queue.
* Allow SeeCustomField on a single queue to show its custom fields
during search if the search is limited to that queue.
Documentation
* Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to
already have a more recent version of, by way of perl 5.10.1.
* Correct reminders documentation to suggest RT::Action::Notify, not
RT::Action::SendEmail.
* Documentation on writing extensions for RT.
Admin interface
* Fix "Queue" and "QueueId" columns in admin Scrips listing \
to emulate
their display in 4.0.
* Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites
to increase the previously-hardcoded limit of 50 users in the
drop-down before it switched to autocompletion.
* Correctly style warnings about Articles needing configuration.
* Resolve regression in 4.2 in admin interface, where the current group
and rights tab is not preserved across rights submission.
* Show static content roots in System Configuration, alongside Mason
content roots.
* Catch and warn of template compilation errors, such as unbalanced
braces.
Database
* Improve right-checking query plan (at least on PostgreSQL 9.3) by
de-duplicating ACL equivalence objects, and using the RT::System's
id.
* Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and
sequences before attempting to create them, except on Oracle. This
resolves the common case of testing an upgrade before re-importing a
backup atop it for the final upgrade, leaving the new tables still in
place.
* Fix a regression in 4.2 which caused rt-server to hold extra database
handles open. For FastCGI processes, this was one extra per FastCGI
process; for standalone servers, only one overall.
Callbacks
* MassageDisplayHeaders callback in ShowTransactionAttachments is now
passed $ShowHeaders.
* Callbacks in EditTransactionCustomFields are now passed $InTable.
* MassageCustomFields callback in EditCustomField is now correctly
passed $CustomFields.
* Correct a typo in the documentation for MakeClicky callbacks.
Developer
* Provide and use a GetCustomFieldInputName() function to
programmatically determine form field names from custom field
objects.
* Resolve a bug when associating unknown users with single-user roles;
this primarily only affects Assets.
* Allow consumers of /Elements/SimpleSearch to provide the placeholder
text.
* Default Stage for Scrips to be TransactionCreate; primarily for
initialdata, but affects all callers of RT::Scrip->AddToObject.
* Adjust etc/upgrade/shrink_transactions_table.pl to avoid new
deprecation warnings.
* Fix precedence errors of "return ... or ..." found by perl 5.19.
* Allow consumers of EditCustomField to specify undef $Rows or $Cols to
omit the respective attributes during form element rendering.
* Prevent warnings on perl 5.19 and above.
* Allow members to be added to groups during group creation in
initialdata.
* Prevent race conditions in 99-policy.t by skipping t/tmp/ and other
volatile directories.
* Pass Ticket object to ShowAttachments on Ticket/Forward.html, to
allow for greater extensibility by providing more context.
From http://bestpractical.com/release-notes/rt/4.2.2
This release is primarily a bugfix release; of particular note is that
it contains schema changes for MySQL. Though the changes are limited,
it is especially important to take, and verify you can recover from, a
database backup prior to upgrading.
Also notable is that this release fixes a bug in 4.2.0 and 4.2.1 where
failures of the HTML-to-text conversion would silently cause mail to
fail to be sent. When using the rich text editor, RT will also now
quote the the HTML parts of email, and not simply their text
equivalents.
Other changes include:
Documentation
* Wording fixes in Shredder
* Clean up examples in Lifecycles documentation
* Document additional indexes that increase performance of Shredder
* Replace a suggested GnuPG option with one which is not deprecated
* Note that errors reported from the GnuPG infrastructure may be caused
by GnuPG not being configured, but having been automatically enabled.
Database
* Ensure that even disabled scrips get the same id-to-name change that
other scrips got during the 4.0 -> 4.2 upgrade.
* On MySQL, alter the character set of all columns used to store email
addresses to UTF-8
* Ensure that invalid byte sequences that may have snuck into the
database previously (on earlier versions on MySQL, for instance) are
not blindly interpreted as UTF-8 when retrieved from the database.
As a result, invalid bytes will be returned from the API as the four
characters "\xHH", where HH is the hexadecimal encoding of the byte.
* Ensure that all data containing non-ASCII is quoted-printable encoded
for PostgreSQL, instead of merely all data not claiming to be
"text/plain"
* Additional warnings prevention on Oracle; tests now pass cleanly
* Allow fully-automated database upgrades using --upgrade-from and
--upgrade-to options to rt-setup-database
* Clean out any remaining traces of RTFM that lingered in custom fields
and custom field values that were disabled at the time of the
previous upgrade step.
* Bullet-proof a 3.8 -> 4.0 upgrade step for Scrips with no Condition
Serializer/importer
* Install rt-serializer and rt-importer into sbin/
* Ensure that incremental upgrade steps only run on incremental
serializations, not all exports
* Fix a runtime error in the incremental upgrade path to 4.2
* Ensure that inflated Users and Groups are created with the same id as
their Principal
* Disable in-memory record caching when serializing and importing to
improve performance
* Only search non-Disabled custom fields when looking up BasedOn in
initialdata files
* Set up logging properly; warnings are now displayed during
serialization and importing
Email
* Don't die if HTML -> text conversion throws an error, which would
silently prevent outgoing mail from being sent. Instead, fall back
to just sending text/html with no text/plain
* Replying to an HTML mail with the rich text editor will now quote the
HTML part, not the equivalent text version.
* Set a transfer encoding on outgoing dashboards; this resolves issues
with long lines when using the Sendmail MTA.
* Cope with mangled and overly-quoted recipient headers occasionally
generated by Outlook.
General user UI
* Stop localizing custom field names, for consistency
* Show a useful error on "show outgoing mail" if the user has no rights
to see the page, rather than displaying an empty page.
* Adjust UI to not block header on "show outgoing email" page
* Hide the Take and Steal menu items if you already own the ticket,
closing a regression in 4.2.0 and above.
* Autocompletion custom fields now properly autocomplete when placed in
custom field groupings
* Improve rendering on Internet Explorer 6
* Fix cascaded custom fields on Internet Explorer 8 and below.
* Fix third-level cascading custom fields, broken in 4.2.1
* Minor rendering bugs with Charts placed on homepages and dashboards
* Whitelist "show outgoing email" and chart results from CSRF
protection
* RT 4.0.7 introduced a performance regression when building ticket
searches that query Links; switch back to a much better-indexed
query.
* Fix "Clone ticket" functionality with Select-multiple custom fields.
* Show the queue ID for the current queue in the ticket edit page, even
if the user does not have SeeQueue; this prevents the user from
accidentally changing the queue.
* Respect custom field groupings on user preferences page
Query Builder
* Warnings avoidance for searches with more than 1000 results.
* Allow IS NULL to search for dates which are unset
* Properly quote CF names containing non-ASCII characters in query
builder, broken since 4.2.0
* Add "UpdatedBy" TicketSQL limit
Admin
* Correct a package load order problem which prevented the web
installer from working since 4.2.0
* Report the correct setting name in rt-validate-aliases
* Fix real-time updating of Theme CSS on Internet Explorer 8 and below
* Fix a minor display bug in the CF Admin pages, where the queue number
instead of queue name would be displayed in requests shortly after
server startup.
* Add "Extra Info" as a possible field for "More About \
Requestor"
REST
* Allow searching for users, queues, and groups in REST
* Prevent a server error when attempting to guess content-type in the
REST interface.
Development
* Allow running tests with an explicit set of plugins enabled.
* Custom Action and Condition packages (as supplied by extensions;
these are not the text entry boxes in the UI) are now loaded at
server startup time, to catch compile-time errors in such classes
early as well as reducing RT's memory footprint on mod_perl.
Previously, these errors would have logged errors only when their
Scrip failed to fire. This restores the behavior found in RT 3.8,
which was mistakenly removed in RT 4.0.0.
* Additional callbacks, including in charts, and on ticket reply pages
* Remove an unused Makefile target
Files: