Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
devel:languages:perl
request-tracker
request-tracker.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File request-tracker.changes of Package request-tracker
------------------------------------------------------------------- Fri Mar 8 00:33:02 UTC 2024 - Tina Müller <tina.mueller@suse.com> - Use %autosetup instead of deprecated %patchN ------------------------------------------------------------------- Mon Oct 11 10:17:55 UTC 2021 - lars@linux-schulserver.de - 5.0.2 - update to 5.0.2 Security * In previous versions, RT's native login system is vulnerable to user enumeration through a timing side-channel attack. This means an external entity could try to find valid usernames by attempting logins and comparing the time to evaluate each login attempt for valid and invalid usernames. This vulnerability does not allow any access to the RT system. This vulnerability is assigned CVE-2021-38562 and is fixed in this release. * RT uses the chart.js package and the previous version has vulnerabilities described here: https://snyk.io/test/npm/chart.js/2.8.0 This RT release updates chart.js to version 2.9.4 as recommended in that advisory. General features and fixes * Update Starts on SLA changes even if Starts was already set * Accept usernames for email input fields on ticket create/update * Support group:NAME and group:ID in non-single role input fields * Create an autocompleter for Principals (works with both users and groups) * Support more characters for user/group names in non-single role input fields * Normalize and validate time inputs * Support to generate different dashboard content for each recipient * Use user timezone for date "=" queries in ticket search * Add "Create Via Email" and "Create Via Web" conditions * Fix table wrapping error in Ticket/Update.html * Don't escape queue name in title generation stage as it'll be escaped later * Allow to squelch recipients that also exist in one time inputs * Show all valid statuses on Asset bulk update page * In the datepicker, reset the time part after date input is cleared * Support columns as values in ticket search (ticket values on right-hand side in searches) * Support a friendly syntax for custom field columns as values in ticket search * Allow to specify CF Content/LargeContent columns in the keyword part of SQL * Support role searches like Owner = CF.cid or Owner = Creator * Improve UI of unread messages notification * Sync one time inputs back to checkboxes on ticket update page * Automatically load more txns to fill browser window on scroll history mode * Fix duplicated closing tag for attachment delete links * Remove search string including numbers in ticket autocomplete search on select * Fix RecentlyViewedTickets to deal with shredded/merged tickets * Fix bug that kept 11 tickets in the "recently visited" list instead of 10 * Show dependencies (like dashboards) and confirm before deleting saved searches * Fill up cells of record's last row in search results * Add support of "Lifecycle =" and "Queue LIKE" to GetReferencedQueues for more search options * Support copying saved charts like searches * Fix wrongly duplicated one-time addresses on ticket update page * Add various missing ColumnMap entries * Fix error when removing multiple holders of an asset * Add basic stacked bar chart support * Remove extra closing div on Login/Logout pages * Add option to disable ticket linking in articles by class * Add entry hint as custom field tooltip * Disable submit on enter when input's autocomplete list shows up * Support quoted custom fields as values * Exclude end time when limiting txn date to a day * Trigger UpdateCc/UpdateBcc input change only once when clicking "All recipients" * Sync one-time checkboxes to text inputs in a consistent way * Translate selfservice articles search button (thanks, elacour!) * Support shallow searches for ticket roles * Support to search user defined group names in watcher limit * Support order by watcher's custom fields for ticket search * Support more watcher fields including user cfs in search result format * Add more watcher fields including user cfs to OrderBy/Columns in search builder * Upgrade OrderBy "Owner" to new version "Owner.Name" in saved searchs * Create a standard RT Time Worked report * Add grouping by custom roles for ticket search charts * Reduce space used by Current search on Query Builder to avoid saved search overlap * Group by direct members of role groups for ticket search charts * Use Name as the default watcher field in search results * Allow clearing roles on bulk updates page * Remove unexpected leading spaces in user signature input * Add label text to old-attach form for accessibility * Add the missing "form-control" class to autocomplete cf inputs in query builder * Fix EditSearches title after submission on Query Builder page * Let article summary take the whole width in article list * Pass all request arguments to /SelfService/Open.html * Disable inline edit for related tickets in "Assets" widget of ticket display * Transactions on History.html page should link to transaction display page * Clear "Add Columns" select after change on Query Builder * Translate selfservice articles search button * Render a label for both cases when displaying shredder objects, making checkbox available to select objects to shred * Align label/value columns for Assets widget in ticket display * Use checkbox class for multi select list input * Remove blue background on dropdown-item active * Explicitly exclude "deleted" status from queue list portlet * Require Name field when creating or editing Article * Add QueueListAllStatuses portlet to show tickets info of all statuses * In Self Service, don't explicitly call PageLayout as it's included already * Remove extra closing div on Login/Logout pages * Use 2/10 col layout for custom fields only in transaction display * Use an independent col for each asset custom field grouping * Add the missing from-control css class for queue autocomplete input * Move asset field-specific css classes up to the row instead of just label * Add autocomplete for assets input * Don't change background color on click of dropdown items * Load user-level search preferences for ticket searches only, fixing errors with custom search formats and transaction search results * Add more ticket info to transaction display page * Register the missing autocomplete handler for refreshed inline-edited row * Add webpath to RelatedData href (thanks, jtlarson!) * Update principal input labels to reference groups * Always default to no value for select type CFs on bulk update * Fix context quoting on ticket update with top-quoted signatures in rich text editor * On the query builder, restore OR accidentally changed in bootstrap updates Administration * Generalize Owner logic in Shredder to any Single role group * In shredder, remove SetWatcher rows in transaction history as well * Add setting $AssetMultipleOwner to allow many owners on assets * Default --libs-group value from "bin" to "root" * Add --dry-run option to rt-crontool * In validator, ensure tickets and queues have all of their default role groups, individually * In validator, prompt to create missing default role groups * Skip merged tickets in role groups validation * Allow to create missing queue-level custom role groups when needed * For external auth, support cf mappings like CF.foo and UserCF.foo * Support array and code in attr_map of external auth * Don't quote table names in shredder SQL output * Avoid "Wide character in print" warnings when generating shredder SQL output * Add QuoteWrapWidth option for text quoted during reply/comment * Set the $AttachmentListCount config's default value to 5 * Clarify external auth logging when users are not found * Fix removal of scrips when shredding queues * Avoid errors in shredder when Organization has a hyphen * Avoid errors in shredder when username has a hyphen * Avoid errors in shredder when queue name have a hyphen * Log number of records returned from LDAP search * Support searching NULL(unset) values on user/group admin pages * Only show hints for user CFs configured in external settings on create * Fix removal of custom fields when shredding queues * Add transaction records for dashboard/savedsearch changes * For articles, do not encode HTML if skip Escape HTML option selected * In rt-crontool, add reload-ticket option to refresh metadata before processing * Avoid a known problem version of Mojo::DOM::CSS * Update DBIx::SearchBuilder to 1.68 to avoid segfaults on MariaDB 10.2+ * Add parallel support for crontool * Add Parallel::ForkManager to dependency for parallel crontool * Log the object that exceeds DependenciesLimit in shredder * Remove SetOwner rows in transaction history on user shred * Add ExternalAuth to the exceptions for requiring a password * Reset ObjectCustomField sort order when re-enabling a Custom Field * Update ObjectCustomField sort order only if necessary on re-enable * Pass SavedChartSearchId from chart portlet * Skip rights check when setting default object custom field values * Add support to clear mason cache via web interface * Add LDAP email authentication to External Auth * Don't shred subgroups' member relationships when shredding ticket role groups * Provide a way to select privileged and unprivileged users in admin * Remember IncludeSystemGroups value on page navigation * Add statement-log option to render statement logs in CLI * Support to set sort order of applied custom roles * Show custom roles in correct order on queue watcher and ticket pages * Add no-sqldump option to rt-shredder to avoid generating backups * Add paging support for group Members page * Tweak css for page links to not overflow in Firefox * Add $ShowSearchNavigation option to skip building search navigation links * Add ability to search for disabled users * Restore Ticket object to arguments passed to Preformatted, making ArticleTemplates work again * Reload scrubber rules when web config changes are made * Make statuses having upper cased chars work on lifecycle mappings page * Multiple updates to set proper inputs on RT web configuration page * Restyle admin user select page with a bare titlebox * Upgrade Chart.js to 2.9.4 * In rt-dump-initialdata, add config for "no" variant of the disabled option * In rt-dump-initialdata, skip attributes of attributes in serializeration as it's unsupported yet * Log database config overrides via PreInitLoggerMessages * Add support for deleting configs in database from web UI * On user admin page, remember IncludeSystemGroups value on page navigation * Create new config option for home page support email * Support deleting custom field values on form submit in CF config * In CreateTickets action, allow skipping of create ticket blocks through passing arg * Add support for custom fields on article classes * Disable inline editing for dashboard emails as clients don't support it (thanks J.P.Knight!) * No need to fix up attribute contents in clone mode Email Encryption/Signing * Support separate certificates for SMIME encryption and signing * Add encryption and signing options for digest email * Provide an option to skip GnuPG tests * Handle encrypted outgoing emails in digest email * Add OtherCertificatesToSend option for SMIME * Set path to GnuPG binary in GnuPG::Interface constructor (thanks, aruthven!) * Fix uninitialized warnings of $latest_user_main_key for gpg 2.2 * Handle FAILURE keyword for gpg 2.2 * Add gpg.conf for gpg 2.2 so we can specify passphrase in command line * Update warning message tests for gpg 2.2 * Don't override fingerprint if it exists already * Make t/mail/crypt-gnupg.t pass with gpg 2.2 * Quit gpg-agent after tests for gpg 2.2 * Move signed_old_style_with_attachment.eml to emails directory * Always use temp gpg homedir to get a cleaner env * Add extra ignored keywords for gnupg 2.2.x * Fix unit test to cope with variations in how different versions of OpenSSL print certificates * Default cert-digest-algo from SHA1 to SHA256 * Bump GnuPG::Interface to 1.00 to support gpg 2.2 * Report the cert authority in an "assured by ..." clause * Report the S/MIME signer correctly when there is no EmailAddress * Fix a bug in the logic that suppresses the "email is unsigned" warning * Add AgorithmName to info returned by ParseKeysInfo * For GnuPG, add a tooltip with additional info about the signature * Add ability to download GnuPG public keys * Store and display additional info about S/MIME signatures * Extract email addresses from S/MIME certificates as specified in RFC 5750 * Support SMIME certificate revocation using OCSP/CRL * Add deprecation warnings to RT::Test::GnuPG and RT::Test::SMIME. * Allow specification of outbound signing/encryption protocol on a per-queue basis * In Admin/Users/Keys.html, do not call "UseForOutgoing" when we have no $Queue object * Explain conversion of legacy list args to a hash in CheckRecipients * Add RT::Attachment->CryptStatus method * Fix error if a CA certificate does not define CRLDistributionPoints * Keep entire GnuPG fingerprint; don't truncate to 8 characters * Include S/MIME certificate serial number in tooltip * Add ability to download S/MIME certificates * Switch from key to fingerprint for user PrivateKey * Add admin page to manage GnuPG keys * Show "Preferred GnuPG key" input only if GnuPG is enabled * Migrate remaining RT::Test::SMIME in tests to RT::Test::Crypt * Bump GnuPG::Interface to 1.02 to fix secret key deletion issue for gnupg 2.2 * Disable using WKD on GnuPG tests that might attempt to use the network (thanks, puck!) ... An even more complete changelog is available by visiting: https://github.com/bestpractical/rt/compare/rt-5.0.1...rt-5.0.2 - add full url for source download - add source signing signature - new CORE dependency: Parallel::ForkManager ------------------------------------------------------------------- Tue Apr 20 08:09:24 UTC 2021 - lars@linux-schulserver.de - 5.0.1 - add missing runtime dependencies: + perl(Apache::DBI) + perl(Module::Pluggable) + perl(Pod::Select) + perl(Business::Hours) + perl(CSS::Minifier::XS) + perl(Data::Page::Pageset) + perl(JavaScript::Minifier::XS) + perl(Net::IP) + perl(Scope::Upper) - sort the layout file to match the current RT5 path layout - install GnuPG, RT-Shredder and SMIME work directories - recommend w3m, because of: "Running with the internal HTML converter can result in performance issues with some HTML. Install one of the following utilities with your package manager to improve performance with an external tool: w3m, elinks, links, html2text, lynx" - enhance README.SUSE ------------------------------------------------------------------- Tue Apr 13 15:36:42 UTC 2021 - lars@linux-schulserver.de - 5.0.1 - update to 5.0.1: Database Changes + For MySQL and MariaDB, the default character set has been updated to utf8mb4 to accommodate more unicode characters including emojis. See README.MySQL and README.MariaDB for details. + The Id field in some tables is changed from INT to BIGINT to accommodate large RT systems that may hit the maximum number of ids. Because this change touches large RT tables like Transactions and Attachments, this upgrade step may take a while to run. + You also will need free disk space equal to the size of these tables while running because MySQL, MariaDB, and Postgres will create a temporary copy of the table while running. If you don't have sufficient space, it can cause this step to fail. Notable Changes + System configuration options can now be changed by SuperUsers via the web UI. File-based configuration options are still loaded. Changes made via the web UI take precedence over file-based options if both are set. + If you prefer to keep all configuration in files and disable editing in the web UI, set this option to 0: Set($ShowEditSystemConfig, 0); + The variables which alter the set of HTML elements allowed in HTML scrubbing have moved; they have been renamed, and are now found under RT::Interface::Web::Scrubber. + The articles interface on tickets has been simplified, now showing only a dropdown for selecting articles. This dropdown converts to an autocomplete box when the dropdown contains more than $DropdownMenuLimit items. + With this simplified interface, the "hotlist" feature is no longer needed as all articles in classes applied to a given queue are available in the dropdown/autocomplete field. To prevent articles in a class from appearing for a queue, you can unapply the class from that queue. + The upgrade steps remove the hotlist configuration from your RT database by removing that column from the Articles table. Since the article class must be applied to a queue for the hotlist items to appear, all articles should continue to appear in the new interface. + The updated rich text editor now shows the browser context menu (right-click menu) by default, so the MessageBoxUseSystemContextMenu configuration option is no longer needed and has been removed. + Dashboards previously in the Home menu have been moved to the Reports menu. The reports previously in the Reports menu are still there, but you can now edit the Reports menu like the previous Home menu, so you can remove the default reports if you like. + All other dashboard menu functionality should be the same including editing your own menu, the global settings, and setting a user's menu from the user admin page for that user. + Accessing RT from a mobile device no longer defaults to the mobile-optimized interface. RT 5.0 is fully responsive so the full UI can be used on mobile devices. Set the configuration option $ShowMobileSite to true to restore the previous behavior. + RT can now run with GnuPG 2.2. On install or upgrade, it requires the updated version of GnuPG::Interface. make testdeps will test for the correct version. RT should also still run with GnuPG 1.4.x. It is not supported for GnuPG versions 2.0 or 2.1. + RT search results now allow inline editing of ticket metadata, greatly improving usability and convenience. Editable fields are now the default for most ticket fields in search results. + The ticket Owner field sometimes requires extra work to build and can result in slower page load times, so the default Owner format is read-only. To enable inline edit for Owner, update your search to use the format OwnerNameEdit. + If you experience slower page loads with OwnerNameEdit, you can display Owner as an autocomplete box rather than a dropdown using the AutocompleteOwners configuration option. This may also help other areas of RT in addition to searches. + We are investigating options to improve the underlying queries. Some users have reported improved performance with the following indexes, at least on Postgres: CREATE INDEX ACL2 ON acl (objecttype, objectid); CREATE INDEX ACL3 ON acl (principalid, rightname, principaltype); We are performing testing and looking for additional feedback before adding these to default RT. Extensions Integrated into RT 5 The following extensions are now part of RT 5. If you previously used any as an extension, you no longer need the extension after upgrading and can remove the Plugin line from your RT configuration. Changes you may need to apply if you previously used the extension are described below. RT::Extension::QuoteSelection RT::Extension::RightsInspector RT::Extension::ConfigInDatabase If you previously used RT::Extension::ConfigInDatabase as an extension, run the upgrade-configurations utility after completing all the other upgrade steps from the README. This will migrate your existing configuration to the new core RT tables. RT::Extension::CustomRole::Visibility RT::Extension::PriorityAsString If you previously used numbers for priority and would like to continue to do so, you can set the new $EnablePriorityAsString option to false. That will disable the new string-based display. If you would like to now use strings for priority like Low, Medium, High, check the new %PriorityAsString configuration option. RT provides a simple default setting that may be sufficient. Set new values if you would like to customize your priority options. If you were previously using the PriorityAsString extension, you no longer need the extension installed. The %PriorityAsString> configuration is simplified and consolidated, so check the documentation for details on updating your previous configuration. RT::Extension::AssetSQL The configuration option $AssetSQL_HideSimpleSearch is now $AssetHideSimpleSearch. The configuration option $AssetSearchFormat is now $AssetSimpleSearchFormat. See the configuration documentation in RT_Config.pm for new configuration options added for AssetSQL and the new asset query builder. RT::Extension::LifecycleUI RT::Extension::REST2 RT::Authen::Token If you previously used RT::Authen::Token as an extension, run the etc/upgrade/upgrade-authtokens utility after completing all the other upgrade steps from the README. This will migrate your existing tokens to the new core RT tables. - refreshed patches: + enable-build-as-non-root.patch + request-tracker-use_local_lib.patch - New CORE CORE dependencies: + perl(Encode::Detect::Detector) + perl(Encode::HanExtra) + perl(GnuPG::Interface) + perl(HTML::FormatExternal) + perl(HTML::Gumbo) + perl(Module::Path) + perl(Moose) + perl(MooseX::NonMoose) + perl(MooseX::Role::Parameterized) + perl(Path::Dispatcher) >= 1.07 + perl(Text::WordDiff) + perl(Web::Machine) >= 0.12 - New EXTERNALAUTH dependencies + perl(Net::LDAP) - removed deprecated configure option "with-apachectl" - added new configure options: enable-smime, enable-externalauth and defined bin/libs-owner (root) libs-group (root) and rt-group (rt) - new sub-packages (including README'S for the initial setup): + request-tracker-attachment-storage-S3 + request-tracker-attachment-storage-Dropbox ------------------------------------------------------------------- Wed Oct 28 16:24:34 UTC 2020 - Dirk Stoecker <opensuse@dstoecker.de> - 4.4.4 - fix build with perl 5.32 ------------------------------------------------------------------- Mon May 4 19:06:12 UTC 2020 - lars@linux-schulserver.de - 4.4.4 - replace cron scripts with systemd timer scripts on systems using systemd (boo#1115430) - enhanced README.SUSE with a section about the new timers ------------------------------------------------------------------- Thu Mar 14 09:26:53 UTC 2019 - lars@linux-schulserver.de - 4.4.4 - update to 4.4.4: Security Updates + One of RT's dependencies, the Perl module Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend updating to Email::Address version 1.912 or later. The Email::Address vulnerabilities are assigned CVE-2015-7686 and CVE-2015-12558. CVE-2015-7686 was addressed in RT with a previous update. Email::Address version 1.912 addresses both of these CVEs with updates directly in the source module. + One of RT's dependencies, the Perl module Email::Address::List, relies on and operates similarly to Email::Address and therefore also has potential denial of service vulnerabilities. These vulnerabilities are assigned CVE-2018-18898. We recommend administrators install Email::Address::List version 0.06 or later. + An optional RT dependency, HTML::Gumbo, incorrectly escaped HTML in some cases. Since RT relies on this module to escape HTML content, it's possible this issue could allow malicious HTML to be displayed in RT. For RT's using this optional module, we recommend administrators install HTML::Gumbo version 0.18 or later. * The version of jQuery used in RT 4.2 and 4.4 has a Cross-site Scripting (XSS) vulnerability when using cross-domain Ajax requests. This vulnerability is assigned CVE-2015-9251. RT does not use this jQuery feature so it is not directly vulnerable. jQuery version 1.12 no longer receives official updates, however a fix was posted with recommendations for applications to patch locally, so RT will follow this recommendation and ship with a patched version. EU General Data Protection Regulation (GDPR) Several new features were added to support GDPR compliance and are summarized here. See the new GDPR documentation for details on the new features. * Provide ways to download user data to format-neutral tsv files. * Provide ways to anonymize or remove users. * Provide a tool to remove PII from transaction history. * Allow self service users to optionally view and edit their personal data. General user UI * Don't skip sending mail if there are attached tickets. * Handle legacy PGP Partitioned format for Outlook-style messages. * Improve visuals of self service "Go to Ticket" box (I#31794). * Add SLA to query builder options. * Improve message when applying/removing custom roles from queues (I#32695). * Wipe out related transactions on custom field shred. * Add option to disable escaping HTML in articles (I#32374). * Add keyboard shortcuts for reply and comment on ticket display page. * Improve message for adding/deleting a new custom field value (I#32695). * Make each transaction in history display below previous transactions (CSS bug fix). * Avoid overflowing ticket subject in "Recently Viewed" menu on ballard theme. * Better align input boxes and login button. * Omit disabled users and groups from dashboard subscription page. * Don't return search results for disabled custom fields (I#33972). * Add some style to web UI shredder pages. * Render charts properly when searching with queue custom fields (#I32564). * On user prefs page, show system default values for Timezone and Lang when unset. Administration * Templatize and install rt-search-attributes utility. * Allow rt-setup-fulltext-index to prompt for dba password. * Allow rt-validator to delete txns of reminder changes if reminders don't exist. * Allow rt-validator to delete txns of custom field changes if CFs don't exist. * Let rt-validator check more owner change txns. * Add default CSS in theme editor for heading font colors. * Pass UTF-8 decoded data to Create method for rt-importer on Pg. * Check SeeGroup on individual group admin pages. * Standardize error message for failed dashboard load. * Clarify email recipients in dryrun debug message for dashboard email. * Skip disabled users when sending dashboard subscriptions. Internals * Include only ticket lifecycles for Status = '__Active__'. * Update article postfix loops from using $_ to a named variable. * Avoid duplicated items in index.html when generating online docs. * Don't endlessly try to terminate apache processes in tests. * Provide a results array to pass messages to ListActions for asset create. * Copy lifecycle array before iterating and possibly modifying. * Load RT::ObjectCustomFieldValues to prevent web installer errors. * Add a class based on custom field name to allow for easier custom styling. * Test lifecycle rights with optional context object to allow for role rights. * Remove signature feature from SelfService prefs since self service users can't have a sig. * Don't search empty attribute values in CanonicalizeUserInfoFromExternalAuth. * Add column to transaction column map for content. * Update AddTicket to force multipart/mixed email when attaching tickets to email. * Require Encode::HanExtra in RT::Attachment::EncodedHeaders when necessary. * Add caching to the queue list portlet to improve performance on RT at a glance. * Update session testing method when testing on Oracle to avoid hanging tests Developer * Add callbacks for modifying custom role lists. * Add ARGSRef parameter to the IncludeArticle callback. * Add callback 'BeforeTitle' to change history titlebox. * Add BeforeCreate callback for user admin page. * Apply dynamic tr classes on NEWLINE in Row callback (thanks to Michael Friedrich). * Add BeforeDeleteLink callback for AddAttachments. Documentation * Add GDPR documentation. * Add custom roles documentation. * Update query builder docs to explain NOT NULL in CF searches. * Update database version notes in README. * Add and display a Synopsis for the user shredder plugin. * Clarify failed resolver error message for user shredder plugin. - refreshed the following patches: + enable-build-as-non-root.patch + request-tracker-use_local_lib.patch - enhanced request-tracker-rpmlintrc to be a bit more generic - enhanced /etc/sysconfig/request-tracker to contain all the default directories and users/groups used by RT per default - separated the preparation done in the old init script into /usr/sbin/request-tracker-prepare.sh which uses the variables from /etc/sysconfig/request-tracker. This allows to call the script either via systemd or sysvinit file - modified /etc/init.d/request-tracker to also use the /usr/sbin/request-tracker-prepare.sh script during startup - added request-tracker.service file to fully support systemd - recommend perl(HTML::Gumbo), as this is an optional dependency for showing a broader set of rich text (HTML) message features - recommend perl(HTML::FormatExternal) to allow RT to use external programms to render HTML to plain text (optional feature) ------------------------------------------------------------------- Wed Sep 12 21:44:31 UTC 2018 - lars@linux-schulserver.de - 4.4.3 - update to 4.4.3 General user UI * Show the Ticket's Subject when modifying the ticket. * Re-format RT/Config.pm so the `# loc` comment parses correctly. * Sort saved searches alphabetically by name rather than by id. * In Self Service, provide a path to remove attachments from the session when they are deleted from dropzone by the user (I#32663). * Fix evaluation of set vs. unset custom fields on display for correct hiding. * Set dropzone attachment size based on RT's MaxAttachmentSize configuration. * Add a configuration option TreatAttachedEmailAsFiles to treat attached email as a file attachment instead of parsing as regular email. * Restore email header parsing for items like email addresses when TreatAttachedEmailAsFiles is not set. This was disabled in a previous version. * Respect default queue settings in Create linked ticket dropdown (I#32884). * More fixes for recipient checkboxes on update. This version removes previous problematic fixes and gives a visual indication (shading) when RT is updating recipients in the background and checkboxes should not be changed (I#33027). * Provide a way to reset personal search preferences back to the RT system default (I#32854). * Add an Untake action to the Actions tab. * Add active and inactive status to query builder. * Re-add Queue to 'Order by' dropdown in Search Builder. * Make admin searches for queue and group case insensitive making it easier to find groups. * When editing ticket basics, always add valid default value to queue selection, taking into account SeeQueue rights. * Set dropzone parallelUploads to 1 to avoid losing attachments. Also set parallelUploads when the dropzone object is created. * Correct error messages on user rights for CF admin UI. * In ticket history, respect ShowHeaders option from request for ScrollShowHistory (I#32699). * Fix ExtraArgs of callback ExtraShowHistoryArguments in ScrollShowHistory. * In the ticket history with scroll set, continue to get transactions until all have been shown, even if a block has been hidden for some reason (rights, etc.). * Add PreferDropzone config/pref option for users. Dropzone is not accessible to screen readers and this enables the previous attachments interface which is accessible. * In the query builder, set operator to "IS" or "IS NOT" for NULL values. This fixes a regression from pre-4.4 RT behavior. * Don't create ticket if user clicks "Go" buttons of "Include Article". * Fix CF name escape for asset search's spreadsheet download. * Show the user in single member custom roles even if the user is disabled (I#32949). Administration * Stop wrapping ShowUser in <a> tags to avoid unnecessary nested links. * When listing group members, sort by text-only representation of the user, not HTML (I#30771) * In the group admin page, stop pre-computing ShowUser. * In shredder, check for both id and name mismatches when loading objects. * Add a new rt-passwd command to make it easy to reset passwords on the command-line. * Support custom roles in RT serializer/importer tools. * Support catalogs and assets in RT serializer/importer tools. * Update RT's module dependencies for SSL (https) to align with updates to the CPAN module ecosystem. * Add age, batchsize, and dry-run options to rt-externalize-attachments. * Set proper HTTP Status codes on Abort. * The value for converting the owner dropdown to an autocomplete textbox can now be updated in configuration with DropdownMenuLimit. * Switch to Clone::clone to copy config structures in Obfuscate callbacks. This restores support for REGEXP and CODE configuration on the System Configuration page. * Provide a way to pass more options to Net::LDAP from LDAPImport configuration. * Provide more debug output on connection failures in LDAPImport. * Store log messages until RT::Logger is initialized. This means messages logged before the logger is available, like "Change of config option..." can now respect the configured log level. * In shredder, check for both id and name mismatches when loading objects * Retain scrip sort order in pagination links more on https://docs.bestpractical.com/release-notes/rt/4.4.3 - use/define _fillupdir - use systemd macros, where possible ------------------------------------------------------------------- Mon Sep 25 09:23:37 UTC 2017 - lars@linux-schulserver.de - update to 4.4.2 Security * RT 4.0.0 and above are vulnerable to an information leak of cross-site request forgery (CSRF) verification tokens if a user visits a specific URL crafted by an attacker. This vulnerability is assigned CVE-2017-5943. It was discovered by a third-party security researcher. * RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack if an attacker uploads a malicious file with a certain content type. Installations which use the AlwaysDownloadAttachments config setting are unaffected. This fix addresses all existant and future uploaded attachments. This vulnerability is assigned CVE-2016-6127. This was responsibly disclosed to us first by Scott Russo and the GE Application Security Assessment Team. * One of RT's dependencies, a Perl module named Email::Address, has a denial of service vulnerability which could induce a denial of service of RT itself. We recommend administrators install Email::Address version 1.908 or above, though we additionally provide a new workaround within RT. The Email::Address vulnerability was assigned CVE-2015-7686. This vulnerability's application to RT was brought to our attention by Pali Rohár. * RT 4.0.0 and above are vulnerable to timing side-channel attacks for user passwords. By carefully measuring millions or billions of login attempts, an attacker could crack a user's password even over the internet. RT now uses a constant-time comparison algorithm for secrets to thwart such attacks. This vulnerability is assigned CVE-2017-5361. This was responsibly disclosed to us by Aaron Kondziela. * RT's ExternalAuth feature is vulnerable to a similar timing side-channel attack. Both RT 4.0/4.2 with the widely-deployed RT::Authen::ExternalAuth extension, as well as the core ExternalAuth feature in RT 4.4 are vulnerable. Installations which don't use ExternalAuth, or which use ExternalAuth for LDAP/ActiveDirectory authentication, or which use ExternalAuth for cookie-based authentication, are unaffected. Only ExternalAuth in DBI (database) mode is vulnerable. * RT 4.0.0 and above are potentially vulnerable to a remote code execution attack in the dashboard subscription interface. A privileged attacker can cause unexpected code to be executed through carefully-crafted saved search names. Though we have not been able to demonstrate an actual attack owing to other defenses in place, it could be possible. This fix addresses all existant and future saved searches. This vulnerability is assigned CVE-2017-5944. It was discovered by an internal security audit. * RT 4.0.0 and above have misleading documentation which could reduce system security. The RestrictLoginReferrer config setting (which has security implications) was inconsistent with its implementation, which checked for a slightly different variable name. RT will now check for the incorrect name and produce an error message. This was responsibly disclosed to us by Alex Vandiver. New features * Custom fields now have a "New values must be unique" option. * Custom fields now support value canonicalization (for example, automatically changing input values to be all uppercase). See the @CustomFieldValuesCanonicalizers config option. * Ticket timers provide a comment box for quickly adding ticket comments to describe your time worked. * You can now set up default values for assets on a catalog level. * You can choose to display result counts on ticket search portlets using the new $ShowSearchResultCount config setting. * There is now a "Load all history" link for the "as you scroll" history loading mode, to allow you to use browser-based text search. * We now display a list of recently-viewed tickets in the Search -> Tickets -> Recently Viewed menu. * We have made RT::Extension::AdminConditionsAndActions part of core RT, so you can now easily configure the conditions and actions of your scrips right within the admin UI. General user UI * Avoid breaking sorting of non-ticket searches in dashboards * Avoid duplicate one-time recipients (I#31938, I#31939) * Suppress ticket Ccs and AdminCcs from one-time recipients * Allow ordering assets with "CustomField.Foo" syntax * Avoid divide-by-zero in charts with no data (I#32143) * Add ability to link multiple assets to a new ticket from asset bulk update * Add quick asset create portlet for user summary * Add encrypt/sign controls to ticket forward page * Fix browser-based search navigation link generation (I#32197) * Remove self-service password change form under ExternalAuth * Respect SetInitialCustomField right in self-service (I#32233) * Declare page as being in user's language for browser spellcheck (I#32082) * Fix error with merge tickets being used on bulk update (I#32237) * Avoid overaggressively generating external attachment links * Add $HideOneTimeSuggestions config to hide one-time recipient addresses behind a click * Add "All recipients" checkboxes to modify people page and one-time recipients on update * Dashboards are now displayed in alphabetically-sorted order * Remove dashboard from menu if it can't be loaded (I#29719) * Avoid wrapping one-time recipient checkbox separately from its label (I#32117) * Use only top-level attachments for generating one-time recipient lists to avoid e.g. phishing addresses * Fix accidental usage of server timezone for end users (I#32315) * Add user preference for browser context menu instead of CKEditor's, for native spellcheck (#32274) * QuickCreate on a dashboard no longer sends you to the homepage (I#25573) * Respect HideTimeFieldsFromUnprivilegedUsers in correspond transactions with time worked * Fix occasionally-missing background-color for comments * Add a Timer column to search results for launching ticket timer * Fix error preventing merging tickets with lazily-created watcher groups (I#32490) * Add a __CurrentUserName__ TicketSQL placeholder * You can now search tickets using Queue LIKE '…' and Queue NOT LIKE '…' * Make "Show all" link for attachment lists more prominent (I#32459) * Respect SetInitialCustomField for multi-valued CFs (I#32491) * Fix bulk update for asset custom fields (I#32509) * Add support for CF grouping in asset bulk update (#32198) * Add "reattach" as an attachment warning keyword * Sort one-time recipient addresses (I#31879) * Fix article quicksearch degrading the article menu (#31591) * Avoid noisy "CF changed from 0 to 0" messages (I#32440) * Avoid showing a truncated list of articles due to permissions (I#31989) * Avoid double-encoded text attachments loaded from ExternalStorage * You can now chart tickets by SLA (I#31824) * Add "Show all" button for attachments on ticket forward page * Relabel "Password" portlet on user page to "Access control" (I#31379) * Fix UI for bulk update of "List"-type select-multiple CFs (I#32562) * Avoid discarding checkbox changes in Recipients panel (I#32290) * Clean up article custom fields display (I#32641) * Add SLA field to bulk update if any queues have SLA enabled * Include the new Request Tracker logo * Fix overly-large bookmark star on mobile UI (I#32727) * Stop double-escaping HTML which is made into links (I#31169) * Fix keyboard shortcut UI for selecting tickets on old themes (I#32748) * Add Reports menu with several predefined reports Command-line * Fix rt-ldapimporter --debug logging output (I#32196) * Improve rt-ldapimporter documentation * Produce output from etc/upgrade/upgrade-assets Email * Avoid overaggressively trimming whitespace from MIME encoded-words * Add config option $OverrideMailPrecedence to help avoid out-of-office autoreplies * Fix issues with encrypted attachments being unreadable/absent Database * Skip DBA password prompt on SQLite * Avoid warnings when upgrading old saved searches (I#32235) * … and fix up those old saved searches (I#16856) * Restart asset and catalog ID sequences for Pg and Oracle in etc/upgrade/upgrade-assets * Add index on Attachments table column Filename (I#32033) * Replace deprecated NOCREATEUSER with NOSUPERUSER for Postgres 9.6 (I#32511) * Avoid deadlock in SetOwner race condition which we believe affected only MySQL (I#32381) * The previous may have caused inconsistent ticket ownership, and so the 4.4.2 upgrade step will find and fix such issues * Add rt-validator rules for possible issues around ticket owner rt-serializer/rt-importer * Fix several incorrect references in output (I#31803, I#31804, I#31805, I#31808) * Add --exclude-organization option (I#31812, I#31813) * Add --limit-queues and --limit-cfs options * Suppress semi-unmigrated link relationships by default * Add --hyperlink-unmigrated option * Fix queue change transactions to mention unmigrated queues by name * Support for dashboards in menu preference (I#31810) * Support for RT at a Glance preference (I#31809) * Don't skip RT->System searches * Avoid breaking rights granted to users (I#31806) Web Administration * Add checkbox for selecting all custom field values in admin UI * Log a history entry when adjusting whether a user is Privileged * Log history entries when adding/removing a group member both to the group and to the member * Hide disabled scrips by default, adding a "include disabled scrips" checkbox (I#30131) * Add missing timezone field on user create/modify (I#29977) * Add RT extension names and versions to System Configuration page (I#31482) * Add a "SetCustomFieldToNow" scrip action whose Argument is CF name * Fix default values config when CustomFieldGroupings introduces duplicate CFs (I#32441) * Fix ExternalAuth failure after viewing System Configuration page (I#32469) * Support custom field groupings for groups * User searches can now be sorted by user CF For more, please have a look at: https://github.com/bestpractical/rt/compare/rt-4.4.1...rt-4.4.2 - refreshed patches ------------------------------------------------------------------- Wed May 17 14:53:20 UTC 2017 - mcaj@suse.com - Added two more packages to Requires: perl(CSS::Minifier::XS) and perl(JavaScript::Minifier::XS) ------------------------------------------------------------------- Fri May 5 22:12:55 UTC 2017 - mcaj@suse.com - update to 4.4.1: New features: * Administrators and users can now choose to place signatures above the quoted message in replies (RT_Config setting "SignatureAboveQuote" and the similarly named user preference). This also improves the specific spacing between quotes and signatures in all configurations. (I#31877) * Users may now choose to suppress dashboard email when all of its searches have no results. This is controlled by the new "Suppress if empty" checkbox on the subscription page. (I#30078) * The Dashboard subscription recipient options have been greatly expanded from a single text field (which happened to support multiple email address separated with a comma) to a robust user/group search. * Users may now select a specific language for each dashboard email subscription. Administrators can customize the method by which dashboard email language is chosen (including specifying an ultimate fallback other than English) with the @EmailDashboardLanguageOrder RT_Config option. * The "hide unset fields" preference now also hides unset custom fields, obsoleting RT::Extension::CustomField::HideEmptyValues. Additionally there is now a toggle button at the top right of the ticket display page for quickly toggling whether unset fields are hidden or shown. (I#31523) * There is a new SetInitialCustomField right that permits setting custom field values on records (tickets, assets, articles) while you are creating them. It does not permit modifying custom field values of existing records. Users with SetInitialCustomField but without ShowCustomField will still be able to specify a custom field value at create time but not see it afterwards. (I#14974) * Administrators and users can now choose to display queue dropdowns as an autocomplete field (RT_Config setting "AutocompleteQueues"), much like is available for Owners. If your RT instance has many queues this option improves performance and usability. (I#31291) * New config for hiding time worked, time estimated, and time left from unprivileged users in the self-service interface (RT_Config setting "HideTimeWorkedForUnprivilegedUsers"). This also adds a hook point RT::Ticket::CurrentUserCanSeeTime for further customization. (I#31302) * Long attachment lists can now be truncated to show only the X newest attachments, with an AJAX "Show all" link, (RT_Config setting "AttachmentListCount"). This should improve the performance and usability of both ticket display and ticket reply pages. General user UI: * Eliminate console errors from Preview Scrip Recipients panel when there are no recipients * Avoid URL length errors from Preview Scrip Recipients panel when the messagebox has lots of content (I#31874) * Include MessageBoxRichText in JavaScript config to fix compatibility for RT::Extension::QuoteSelection * Support autocomplete custom fields in bulk update (I#15259) * Hint to the user that not all CF types are supported by bulk update, instead of silently excluding them (I#15259) * Exclude One-Time Cc and One-Time Bcc addresses from squelching (I#31386) * Restore behavior of $EditCustomFieldsSingleColumn config (I#18555) * Improve "reuse existing attachments" UI to match existing attachments UI (I#31709) * Improve ticket timer text-overflow styling (I#31713) * Switch from generating an explicit list of statuses to Status = '__Active__' and Status = '__Inactive__' throughout the UI, both improving performance and simplifying TicketSQL queries (I#31695 etc) * Switch queue search from queue ID to queue name for better usability * Fix keyboard shortcut ? command in self-service UI (I#31535) * Support / keyboard shortcut in self-service UI * Add ticket SLA to display columns for search results (I#31831) * Modernize UI of Articles display and modify * Display creator, created, and updated metadata on Articles pages * Fix searching for people associated with Assets (I#31546) * Support 4.4 attachment uploader in self-service UI (I#31845) * Fix bulk update check/clear all checkboxes (I#31667) * Fix poor rendering of "create [relationship] ticket in [queue]" when there are no existant links (I#31871) * Fix a regression with time zones in datetime custom fields (I#31674) * Ticket timers no longer pause when JavaScript stops running (I#31707) * Show the "include attachments" label on ticket reply only if there are attachments to include * Avoid showing an empty custom fields panel on ticket edit pages when user can see custom fields but cannot edit them * Fix new and existing charts that fail to render on dashboards (I#31557) * Fix certain attachment links containing HTML metacharacters from double escaping (I#31751) * Avoid failure to create tickets due to custom role rights (I#32069) * Avoid SQL errors when using article quicksearch (I#31987) Command-line: * Add new sbin/rt-search-attributes script for searching for attributes matching criteria specified as Perl code (I#31294) * Fix issues around incorrect recipients in rt-crontool invocations with multiple actions Database: * Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning no limit) for tuning how very large attachments are included in the full-text index * Avoid indexing EmailRecord transactions as they duplicate content already available in the original Create, Correspond, and Comment transactions. This improves both indexing time and index size considerably. * Avoid creating transactions for, and bumping Last Updated of, tickets when migrating RT::Extension::SLA custom field values to the core SLA field (I#31924) * Add the new RT 4.4 Queue SortOrder column sooner in the 4.4 upgrade process to improve extension compatibility * Avoid errors during `make initdb` when ExternalAuth is enabled (I#32009) Web Administration: * Add EscapeURI and EscapeHTML functions for use in email templates (I#31442) * Add RT::Action::AddPriority action for use with rt-crontool which simply increments the priority by $Argument every invocation Server Administration: * Avoid DateTime::Locale version 1.01 https://rt.cpan.org/Public/Bug/Display.html?id=110244 * Have ./configure test whether to use GNU-style syntax or BSD-style syntax for `find -perm` * Several fixes around 4.0 and 4.2 upgrade scripts running under 4.4 * Fix migration of "SLA Disabled" for queues in the upgrade-sla script (I#31703) * Avoid overloading error caused by certain versions of Email::Address on Preview Scrips Recipients (I#31712) * Add explicit Pod::Select dependency since it was removed from Perl 5.18 (I#31873) * Add documentation for the now-core ExternalAuth and LDAPImport options in RT_Config (I#31464) * Automatically enable ExternalAuth when the ExternalSettings config option is declared, obviating the need for an explicit `Set($ExternalAuth, 1);` (I#31689) * Remove unnecessary dependencies on FCGI::ProcManager and Net::LDAP::Server::Test (I#31872) * Many cleanups in and improvements to our CPAN dependency install toolchain Developer: * Remove unused RT::Shredder::Record * Add RT::Date->Strftime method (I#31435) * If content_like (or similar) tests fail, output the page content to a tmp file for debugging (I#31408) * Make autocomplete infrastructure more generic and extensible * Add missing %ARGS to ShowHistoryPage call in ShowHistory, improving RTIR compatibility * Fix missing CurrentUser parameter in RT::Interface::Email::Gateway to improve RT::Extension::CommandByMail compatibility * Fix Queue SLADisabled _CoreAccessible metadata to match schema's default value of 1 (I#31822) * Switch "hide unset fields" to be implemented with CSS for additional flexibility * Add CSS classes (for example `.admincc`) for many basic fields on ticket display * Allow setting SLA in RT::Queue->Create, which can be used in initialdata files (I#31823) * Improve ShowHistory compatibility with RTIR * Add stubs for the fields that had been removed from queues in 4.4 to improve compatibility with extensions and customizations (I#32019) * Fix tests to enable ExternalAuth * Added infrastructure for deprecating specific callbacks, as we consider them to be part of our stable API (RT::Interface::Web::Request %deprecated) * Deprecated callbacks: /Admin/CustomFields/Modify.html AfterUpdateCustomFieldValue * New callbacks: /Ticket/Update.html RightColumnBottom /Admin/CustomFields/Modify.html EndOfPage /Elements/CollectionAsTable/Row EachField /Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields, and MassageSubscriptionFields /Elements/SelectOwnerDropdown ModifyOwnerListRaw and ModifyOwnerListSorted /Helpers/Autocomplete/Owners ModifyOwnerAutocompleteSearch /Elements/ShowTransactionAttachments BeforeAttachment * Improved callbacks: /Admin/CustomFields/Modify.html Initial adds $Results /Elements/MessageBox Default adds $DefaultRef and $MessageRef * Adjust TicketHistoryPage to reuse existing callbacks for TicketHistory Documentation: * Add documentation for 4.4's $ShowHistory scroll option in RT_Config (I#31705) * Fix UPGRADING-4.2's description of PostgreSQL full-text search using GiST; it uses GIN indexes (I#31844) * Link to RT::Authen::ExternalAuth as a local document like the rest of RT's core modules, rather than as an external link to metacpan like we do for extensions (I#31957) * Update docs/authentication.pod to reflect RT::Authen::ExternalAuth and RT::LDAPImport (previously RT::Extension::LDAPImport) becoming part of core RT (I#31861) * Fix broken link in SLA documentation * Improve the upgrading documentation around migrating from RT::Extension::SLA to core SLA * Third-party source code packaging improvements (I#31900) * Link to our new RT wiki at https://rt-wiki.bestpractical.com Internationalization: * Fix broken attachment upload UI for Catalan language (I#31864) * Fix JS compile errors for translations with apostrophes (specifically French) under infinite scroll (I#32090) * Update translations for: Finnish, Hungarian, Latvian, Lithuanian, Russian, Turkish, and UK English. ------------------------------------------------------------------- Fri May 5 22:08:22 UTC 2017 - mcaj@suse.com - make a man page rt-mysql2pg-contrib a bit nice ------------------------------------------------------------------- Fri May 5 22:04:56 UTC 2017 - mcaj@suse.com - Added missing man page for rt-mysql2pg-contrib ------------------------------------------------------------------- Fri May 5 21:27:02 UTC 2017 - mcaj@suse.com - Added missing man page - clean up duplicate files ------------------------------------------------------------------- Fri May 5 20:22:48 UTC 2017 - mcaj@suse.com - the first a bit working version in my branche. Its not good for MR yet. ------------------------------------------------------------------- Mon Jan 9 12:46:22 UTC 2017 - lars@linux-schulserver.de - update to 4.2.13: General User UI * Avoid race condition where a ticket's Started timestamp could be before its Created timestamp * Users without ability to update a saved search are no longer shown an Update button * IP custom field textboxes now wide enough for full IPv6 addresses (I#24565) * Self-service Cc field now allows for autocompleting multiple users * When possible sort charts numerically rather than ascii-betically * QuickCreate now respects DefaultQueue and RememberDefaultQueue (I#30913) * Make user preferences use label tags for better clickiness (I#30953) * Hide "Transaction has no content" from Extract Article (I#31027) * Improve CSRF detection by whitelisting more specific parameters (I#31090) * Empty selection boxes no longer render 1px wide (I#31316) * Show queue ID if the user can't see the queue name * Search builder display format now properly supports "large" sizing * Fix SMIME encoding issue (I#31155) * Improve messaging and logging around reminders that users can't see * Queue name on ticket display is now a link to a search for all active tickets in that queue * Support autocomplete custom fields in bulk update (I#15259) * Hint to the user that not all CF types are supported by bulk update, instead of silently excluding them (I#15259) * Improve compliance with RFC4480 for GPG armor lines (I#30372) * Restore behavior of $EditCustomFieldsSingleColumn config (I#18555) * Fix a regression with time zones in datetime custom fields (I#31674) * Fix certain attachment links containing HTML metacharacters from double escaping (I#31751) * Fix custom attachment URLs for self-service users (I#30960) Database * "schema" upgrade files no longer issue CREATE INDEX statements, instead there are now "indexes" upgrade files that describe the end state of the indexes RT requires. This better handles indexes that may have been deployed by hand or otherwise already exist. * We now correctly shred ObjectCustomFields records when shredding a CustomField * Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning no limit) for tuning how very large attachments are included in the full-text index * Improve 4.0 upgrade scripts running under 4.2 Web Administration * We now record transactions for changes to queues * Improve visual design of Shredder forms Server Administration * Add missing dependency on Encode 2.64 * New RT_SiteConfig.pm files now get a "use utf8;" by default to allow config options to use Unicode * bcrypt cost has been doubled on schedule to improve password hashing security * Allow multiple --action and --action-arg options in rt-crontool * Fix "use of localtime without parentheses" warning * rt-email-dashboards now has a --log parameter for setting log level * Add config %ReferrerComponents to provide fine-grained control over referrer checking behavior * Clarify web config validation log messages (I#31117) * Add a no_ticket_transactions option to user shredder * Remove now-unnecessary dependency on Apache::DBI (I#31210) * Avoid DateTime::Locale versions 1.00 and 1.01 https://rt.cpan.org/Public/Bug/Display.html?id=110244 * Have ./configure test whether to use GNU-style syntax or BSD-style syntax for `find -perm` (I#31308) Developer * Improve test compatibility with File::Which 1.17 * Improve test compatibility with HTML::FormatText::WithLinks::AndTables * Remove unused RT::Shredder::Record * Transactions now have a ColumnMap * New callbacks: /Ticket/Create.html MassageCloneArgs /Admin/Queues/Modify.html FormStart /Ticket/Elements/ShowBasics AfterTimeLeft, AfterPriority, AfterQueue, and AfterTable /Ticket/Elements/ShowSummary AfterBasics, AfterPeople, AfterReminders, and AfterDates /Ticket/Graphs/index.html BeforeActionList, FormStart, AfterForm, and Default /Ticket/Update.html RightColumnBottom /Admin/CustomFields/Modify.html EndOfPage /Elements/CollectionAsTable/Row EachField /Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields, and MassageSubscriptionFields /Elements/ShowTransactionAttachments BeforeAttachment * Improved callbacks: /Admin/CustomFields/Modify.html Initial adds $Results Documentation * New documentation on format strings (docs/format-strings.pod) for controlling how search results are displayed * Update documentation to expect that most installations will deploy fulltext search * Also remind users that they should set up backups in the README * Fix UPGRADING-4.2's description of PostgreSQL full-text search using GiST; it uses GIN indexes (I#31844) Internationalization * Adjust the string "CustomFields" to instead use the existing "Custom Fields" to ease translation * We now display translated ticket properties and statuses on graphs * Update translations for: Brazilian Portuguese, Czech, Finnish, French, German, Greek, Hungarian, Japanese, Latvian, Lithuanian, Occitan, Polish, Russian, Spanish, Swedish, and Turkish - fix logrotate file: add closing braket and 'su' option - fix capitalization of README.SUSE ------------------------------------------------------------------- Sat Jan 23 11:51:18 UTC 2016 - lars@linux-schulserver.de - adapt apache configuration to be able to run with mod_authz_core (apache 2.4) and the old apache < 2.4 auth module - also allow IPv6 addresses ------------------------------------------------------------------- Mon Aug 17 09:25:13 UTC 2015 - lars@linux-schulserver.de - update to 4.2.12: + This release is a security release which addresses the following vulnerabilities: ++ RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475 (bnc #941912) It was discovered and reported by Marcin Kopeć at Data Reliance Shared Service Center. ++ RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via the cryptography interface. This vulnerability could allow an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected. From 4.2.11: + improves indexing time for full-text search + improving support for Apache 2.4 and MySQL 5.5 + Interactive command-line tools (including upgrade tools) will now also default to displaying warnings to STDERR, to aid in awareness of potential errors. - refreshed request-tracker-use_local_lib.patch ------------------------------------------------------------------- Mon Mar 30 15:03:07 UTC 2015 - darin@darins.net - Add requires for Data::UUID, required by rt-server ------------------------------------------------------------------- Thu Feb 26 16:50:09 UTC 2015 - darin@darins.net - update to 4.2.10 This release is primarily a security release; it addresses CVE-014-9472, a denial-of-service via RT's email gateway, as well as CVE-2015-1165 and CVE-2015-1464, which allow for information disclosure and session hijacking via RT's RSS feeds. + General user UI * Speed up the default simple search on all FTS-enabled installs by not OR'ing it with a Subject match. This returns equivalent results for almost all tickets, and allows the database to make full use of the FTS index. * Pressing enter in user preference form fields no longer instead resets the auth token (#19431) * Pressing enter in ticket create and modify form fields now creates or updates the ticket, instead being equivalent to "add more attachments", or the "search" on People pages (#19431) * Properly encode headers in forwarded emails that contain non-ASCII text (#29753) * Allow users to customize visibility of chart/table/TicketSQL in saved charts * Allow groups to be added as requestors on tickets * Perform group searches case-insensitively on People page (#27835) * Ticket create transactions for tickets created via the web UI now contain mocked-up From, To, and Date headers; this causes them to render more correctly when forwarded * Update wording of error message for saved searches without a description (#30435) * Flush TSV download every 10 rows, for responsiveness * Retain values in Quick Create on homepage if it fails (#19431) * Limit the custom field value autocomplete to 10 values, like other autocompletes (#30190) * Fix a regression in 4.0.20/4.2.4 which caused some users to have blank homepages (#30106) * Fix styling on "unread messages" box on Ballard and Web2 themes * Fix format of Date headers in RSS feeds (#29712) * Adjust width of transaction date to accommodate all date formats (#30176) * Allow searching for tickets by queue lifecycle + Command-line * Fix server name displayed at password prompt when RT is deployed at a non-root path like /rt (#22708) + Admin * If the optional HTML::FormatExternal module is installed, use w3m, elinks, links, html2text, or lynx to format HTML to text. This addresses problems with the pure-Perl HTML-to-text converted which resulted in blank outgoing emails. (#30176) * Add support for native (non-Sphinx) indexed full-text search on MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an additional MyISAM table on prior versions of MySQL. * Support MySQL database names with dashes in them (#7568) * Properly escape quotes and backslashes in config options in web installer (#29990) * Increase length of template title form input * Clarify wording on updating old Organization values by rt-validator * Resolve a runtime error for SMIME without secret keys (#30436) * Empty email addresses are no longer caught as being "an RT address" if there exist queues without Correspond addresses set (#18380) * Allow Parents/Children/Members/MemberOf in CreateTickets action * Allow RT-Originator to be overridden in templates * Ensure that HTML-encoded entities are indexed in FTS * Fix uninitialized value warnings from charts grouped by date * Remove no-op $CanonicalizeOnCreate configuration variable; RT::User->CanonicalizeUserInfo is always called * Make NotifyGroup action respect AlwaysNotifyActor argument * Fix X-RT-Interface header on incoming email on existent tickets * Warn on startup if queues have invalid lifecycles set (#28352) + Developer * Add AfterHeaders callback to ShowMessageHeaders * Update all upgrade steps to use .in files (#18856) * Add policy tests to enforce the new upgrade step standards * Remove +x bit from multiple non-executable files * Make Obfuscate callback in configuration options be passed the current user, as was documented * Remove obsolete _CacheConfig parameters * Preferentially use IN rather than multiple OR clauses * Respect RowsPerPage for external custom field values * Localize default statuses from RT_Config.pm, instead of hardcoding * Add callbacks within Dates box after each type of Date * Pass the CustomFieldObj down to CustomFieldValue objects intact, so its ContextObj can be inspected; this is particularly useful for external custom fields. * Allow more than one right per @ACL in initialdata * Don't hardcode share/html in tests, for non-default layouts * Base detection of new themes on presence of main.css file, not base.css file (#30554) * Allow for relative "lib" in @INC when running tests * Allow EditComponentName customfield callback to alter Rows/Cols values + Serializer/importer * Memory usage improvements in both serialization and import * Templates, Scrips, and ObjectScrips now serialize correctly when not cloning + Documentation * Document how to enable un-indexed full-text-search, and its drawbacks * Note that after restoring from backups, PostgreSQL may need to have statistics updated * New documentation on writing portlets * Add an =pod directive so the first paragraph of UPGRADING is not skipped * Clarify when UPGRADING-x.y steps should be run * Better document known bugs with Sphinx FTS * Add missing semicolon on Shredder suggested indexes A complete changelog is available from git by running: git log rt-4.2.9..rt-4.2.10 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.9...rt-4.2.10 ------------------------------------------------------------------- Sat Nov 29 10:13:33 UTC 2014 - darin@darins.net - Use mod_perl instead of mod_fcgid as default apache2 module, which isn't available on SLE_12 ------------------------------------------------------------------- Thu Oct 30 12:28:19 UTC 2014 - darin@darins.net - update to 4.2.9 + General user UI * Fix Subject header during ticket printing (#30362) * Comparisons of long text Custom Fields were erroneously reporting updates (#30378) * Broken logo link for the mobile UI when used with $WebPath * No longer leak base64 data to non-english users who change a Dashboard subscription and futureproof for other Attribute updates (#24665) * Previous column selection is remembered when updating search formats (#16972) * Charts could return quadrupled data for aggregate data (such as Time Worked) depending on your rights configuration. * Charts can now be grouped by Priority * Ticket Creation form now leaves Requestor blank on page reload if you cleared it out. + Localizations * "check to delete all values" is now localized + Command-line * BeforeDue action now accepts 2D as well as 2d (#30449) * bin/rt no longer shows a default Due date unless one is configured on the Queue. Additionally, Starts and Due are served in your time zone (#20334) + Admin * Improvements to the layout of the Group Members page + Developer * Fix tests that used send_via_mailgate to properly check returns (#19156) * Improvements to rt-static-docs for generating online documentation * Proper warnings testing for cf_date tests * Remove unused code to render Rules during replies/comments * Undo a regression that meant Custom Fields passed to Ticket->Create needed to be readable by the user creating the ticket. + Documentation * Add a mention of SelfService to the documentation of $AllowUserAutocompleteForUnprivileged * Update our backups documentation to cover restoring from the suggested backups. A complete changelog is available from git by running: git log rt-4.2.8..rt-4.2.9 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.8...rt-4.2.9 ------------------------------------------------------------------- Fri Oct 3 13:10:51 UTC 2014 - darin@darins.net - update to 4.2.8 This release is primarily a security release; it addresses CVE-2014-7227, a vulnerability in RT's SMIME integration enabled by CVE-2015-6271 and related vulnerabilities, known as "Shellshock." Systems which have patched bash are not vulnerable to CVE-2014-7227. + General user UI * Properly hide ticket list when MoreAboutRequestorTicketList is set to "None" + Localizations * Allow text in Squelch box on ModifyPeople page to be translatable. * Updated German, Basque, French, Hungarian, and Russian translations. + Admin * Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative to name * Stop calling the deprecated _SQLLimit method when limiting by transaction date * Stop hiding the value of the AllowLoginPasswordAutoComplete setting in System Configuration (#30417) * Resolve CVE-2014-7227, arbitrary execution of code by privileged users via SMIME by way of CVE-2015-6271. + Developer * Add a ModifyMaxResults callback for Autocomplete endpoints * Properly pass collection class to ColumnMap in /Elements/TSVExport + Documentation * Update POD for AddRoleMember/DeleteRoleMember being in RT::Record::Role::Roles now, not RT::Record. A complete changelog is available from git by running: git log rt-4.2.7..rt-4.2.8 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.7...rt-4.2.8 ------------------------------------------------------------------- Thu Sep 11 19:41:31 UTC 2014 - darin@darins.net - update to 4.2.7 + General user UI * Fix algorithm for determining which links to display in ticket relationship graphs with a MaxDepth * Use "Correspondence added" or "Comment added" rather than the general "Message recorded" * Loading saved charts should load all of their settings (#29015) * Stop fixing the width of "New ticket in" button (#27649) * Record transactions in ticket history when attachments were dropped or truncated due to $MaxAttachmentSize * Still delay transaction loading when "full headers" have been requested * Add an "overdue" class on Due columns, to match DueRelative columns. * Only show "overdue" class if the ticket status is still active * Fix styling of "There are unread messages" box in aileron * Keep date and datetime custom field inputs during failed ticket creation * Silence warnings from emails without Content-Transfer-Encoding headers * Silence warnings on user modify pages for disabled users * Let custom field grouping boxes link on Display pages link to the appropriate anchor on editing pages (#30195) + Localizations * Localize "Recursive" column title in group memberships page * Additional missing locstrings for numerous titleboxes * Stop translating titles piecemeal in SelfService (#14736) * Updated Catalan, German, Basque, Italian, Japanese, Dutch, Brazilian Portuguese, and Russian translations + Command-line * Reduce values queried using "rt ls" to only those displayed; this speeds request time significantly when a large number of custom fields are applied * Add -s option to "rt comment", to set status when adding a comment or correspondence (#30375) + Admin * Add %AdminSearchResultRows configuration for altering the number of rows per page of object types in the administrative interface * Add an additional suggested index on Attachments' Creator for deleting users with Shredder * Fix rt-dump-metadata, by removing PrivateKey from _Accessible (#22465) * Rework internals dealing with characters/bytes, for better internal consistency, and su support DBD::Pg 3.3.0 and above. * Provide rt-mailgate version in User-Agent string (#18420) * Reword errors given for rt-crontool when no valid user is found (#18621) * Show the right error message when rt-crontool fails to load a module (#22991) * Properly detect when rt-server is called without --listen * Detect auto-generated mail in the presence of multiple Precedence: headers * Strip non-word characters from custom field variable names in Simple templates; this allows use of custom fields with spaces (#18446) * Streamline 3.8 -> 4.0 and 4.0 -> 4.2 upgrade steps by reducing the number of ALTER TABLE calls that are run, adding/dropping multiple columns at once (#21309) * Remove LogoImageHeight and LogoImageWidth configuration varables, which had no effect (#26827) + Developer * Add a callback to manipulate which link types are displayed on tickets * Allow Object to be a subref in @Attributes in initialdata, to allow for attributes on arbitrary objects * Ignore vim swap files when testing * Allow the SuccessfulLogin callback to alter where RT redirects to * Add a callback to alter arguments to Showhistory * Consistently use ->_GroupingClass when determining record class for grouping lookup. * Allow ->Deprecated to take a loglevel * Switch from MIME::Head->set(), deprecated for the last 16 years, to ->replace() (#18417) + Documentation * Correct documentation on where Shredder places sqldump files (#19167) * Consistently use say 1/0 instead of true/false in RT_Config.pm documentation * Document how ordering in lifecycle transitions controls ordering in the status drop-down A complete changelog is available from git by running: git log rt-4.2.6..rt-4.2.7 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.6...rt-4.2.7 ------------------------------------------------------------------- Thu Aug 14 20:44:02 UTC 2014 - darin@darins.net - update to 4.2.6 + General web UI * Fix a regression introduced in 4.2.4, which caused lack of formatting of plain text when responding via the rich text editor. * Allow tables in HTML mail if the optional HTML::Gumbo dependency is installed * Fix a regression in 4.2.5 which prevented core date fields (Due, Starts, etc) from being unset (#30180) * Hide empty transaction custom fields when they have no value; this fixes a regression in 4.2.1 where transaction custom fields began displaying on all transactions. (#29757) * Allow searching on requestor city, state, zip, and country in query builder (#26960) * Don't attempt to parse IP/Date(time) CFs if the value is NULL; this prevents warnings. * Remove border-radius: 0 to allow Firefox to use native text entry widgets (#28233) * Allow Firefox to reflow the data table below the chart on rudder * Whitelist user search from CSRF restrictions * Only include closing paren in MakeClicky link if it included an open paren (#29064) * Canonicalize CF values (including dates, IP addresses, and IP ranges) before comparing to the database value; this prevents spurious "changed from a to a" messages. * Allow downloading 0-length files if they have a filename (#9050) * Quick Create now defaults to the lifecycle's default create status, instead of hardcoding "new" * Show Wikitext CFs in bulk update * Add autocompletion to link boxes on bulk update + Internationalization * Add localization strings for Articles admin pages * Add localization strings for user "Create Ticket" user summary portlet * Add new #loc{key} form, to allow for more concise Lifecyles in config * Updated German translation + Web administration * Provide a default Category on External custom fields, for performance * Provide a new "Notify Owner or AdminCCs" action * Move search widgets for custom field admin interface to the top of the page, to match other admin pages * Use "LIKE" as the default search operator in the queue admin interface * Enable searching by Lifecycle and SubjectTag in the queue admin interface * Add SubjectTag to the default AdminSearchResultFormat for queues * Move Disabled to the last column of the default Queue admin search result format, to match Scrips * Add Disabled column to AdminSearchResultFormat for Classes, CustomFields, Groups, and Users * Add Disabled ColumnMap entry for Classes, Groups, and Users * Prevent RT from locking up if a too-large image was uploaded for the logo (#29929) * Fix bugs in cascaded CFs of radio buttons and checkboxes when categories contained spaces or periods. * Quiet "No valid Type specified" warnings from queue watcher page for user search results that were left blank (#29993) + Server administration * DBD::Pg 3.3.0 conflicts with RT's UTF-8 handling; for this release, it has been blacklisted. If you are using PostgreSQL as your database and have DBD::Pg 3.3.0 installed, you will need to download and install DBD::Pg 3.2.1 from CPAN. * Allow the validator to fix incorrect values for Owner (#28403) * Fix a regression in 4.2.5 which caused errors when calling rt-crontool with a numeric --template argument. * Quiet warnings in the 4.2.2 upgrade step for users upgrading from 4.0.x * Add not_member_of restriction for User shredder plugin * Warnings avoidance for RT::Attachments->Address when run as the System User * Update logo attribute as the current user, to allow auditing of who changed it last * Alter Links table on MySQL to support Unicode URLs (#19338) * Warn on non-ASCII right names (#19339) * Support Sphinx builds compiled with --enable-id64 * For compatibility with RT::Extension::MergeUsers, ensure that Shredder checks that a user (possibly resolved from a merged user) is valid before attempting to shred them * Correctly detect presence of graphviz binary (`dot`), instead of libgraph.so, for perl dependency calculation * When merging instances with identical $Organization values, do not qualify groups and queues + Developer * Move AboutThisUser callback back to /Ticket/Elements/ShowGroupMembers where it appears to originate, from where RT 4.2.0 accidentally moved it, /Elements/ShowPrincipal/AboutThisUser * Move all runtime module loading to UNIVERSAL::require * Correct error message from RT::Date->Timezone * Simplify code to assume Postgres 8.4, as RT 4.2 requires * Add more class and id attributes to user admin pages and preferences * Pass right number of arguments to sprintf, for Perl 5.22 compatibility * Move sbin/rt-message-catalog into devel/tools and streamline to unify with Launchpad import format * Adjust more tests for RT_TEST_WEB_HANDLER=inline * Remove dependency checks in t/, as they are covered by required developer dependencies + Documentation * Improved documentation for RT::Date * Link POD, URLs, and emails in HTML generated from README * Document "Satisfy any" technique for allowing rt-mailgate to post to RT when $WebRemoteUserAuth and Apache authentication is used * Document explicit steps for adding a new status to a lifecycle A complete changelog is available from git by running: git log rt-4.2.5..rt-4.2.6 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.5...rt-4.2.6 ------------------------------------------------------------------- Thu Jul 10 12:40:03 UTC 2014 - darin@darins.net - update to 4.2.5 + Updated dependencies * Updated Email::Address::List dependency, to resolve CVE-2014-1474, as was previously announced in http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html * Bump CGI dependency (under perl 5.20 and above, only) to quash warnings about CGI.pm's deprecation in core (#29053) + Serializer/Importer * Serialize binary data as binary, not as UTF-8 codepoints; this fixes a regression introduced in 4.2.3 which corrupted all binary data in serialized data. * Serialize ObjectScrips when cloning, which had been mistakenly omitted; this only partially resolves #29949, as it does not address serialization of ObjectScrips when not cloning. + General web UI * Force CKEDITOR_BASEPATH; this fixes errors during pasting into the Rich Text editor (#29780, #29987) * Ticket autocompletion (for links) is more predictable when completing on strings containing numbers (#25755) * Fix "Show Outgoing Email" and Reply/Comment/Forward links in Approvals (#29800) * Correctly decode text/html parts of old (RT 3.6.5 and prior) emails + Internationalization * Updated localizations (German, Greek, Slovak, Lithuanian) + Web administration * Display clean Stage name in ColumnMaps (#28739) * Add Scrips Select/Create menu, and maintain context on which list of Scrips the Select page should link to (#28787) * Granting rights to new groups no longer requires clicking in textbox twice in Firefox (#29911) + Server administration * Log when Encode::HanExtra would be useful in decoding emails, and make use of it if it is available. * Squash warnings in 4.1.17 upgrade step (#29595) * Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop sequence after dropping the table; avoids bugs on upgrading in a previously-upgraded database * Stop hardcoding the list of available themes, instead auto-detecting new themes as they are added (#14667) * Explicitly point to $AutocompleteOwners setting in warning that RT is switching to the autocompleter due to too many owners. * Remove caching of template object in rt-crontool; this fixes a bug where the same content would be sent on all tickets (#29454) * rt-fulltext-indexer now locks, to prevent more than one instance from running at once (#17423) + Developer * Add BeforeMessageBox callback in ModifyAll.html for parity with Create.html and Update.html * BeforeCustomFields callback in ShowCustomFields now takes $Table parameter * Default callback in ShowTransaction can now modify $ShowBody * Add a RT::Date->IsSet method * Fix invalid ContextObject on RT::CustomField->LoadByName when passed Queue => 0; this led to invalid LookupType limits on later calls to ->LoadByName. * Generalize RT::CustomField->LoadByName to work with non-Queue context objects, and to optionally return globally-applied CFs and not Disabled CFs. * Tests now pass again using RT_TEST_WEB_HANDLER=inline * ->AddCustomFieldValues no longer allows adding repeated values (#4553) + Documentation * Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1 * Updated example plugins used in documentation, and suggest Plugin() over Set(@Plugins, ...) (#29978) * Documentation for ColumnMap A complete changelog is available from git by running: git log rt-4.2.3..rt-4.2.5 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.3...rt-4.2.5 - update request-tracker-use_local_lib.patch ------------------------------------------------------------------- Thu Feb 20 18:01:28 UTC 2014 - darin@darins.net - update to 4.2.3 + Administrator tasks * Avoid starting a FastCGI process manager in the common case of the FastCGI process being started by the webserver, and communicating over STDIN. This restores the behavior from 4.0, where the process name is the full path to rt-server.fcgi, and not the static string "perl-fcgi-pm" or "perl-fcgi". * Automatically clean out Mason cache when updated HTML is installed during upgrades; this should prevent a common class of errors. * Fix paths in rt-importer when importing from a serialized dump which was written to an absolute path. * Additional optional upgrade script for users upgrading from RT 3.8 who previously used RT::Extension::CustomField::Checkbox. * Pass characters, not bytes, to _EncodeLOB during de-serialization; this prevents invalid UTF-8 from a serialized dump from entering the new database. * Catch and warn of additional common misconfigurations of GPG/SMIME integration. * Prevent a possible infinite loop in rt-validator --resolve if Principal records were missing; default to forcing their creation. + Localization * Localization updates from Launchpad. + General user UI * Date and DateTime customfields now pass "mandatory" validation if unchanged. * "1970-01-01" is now treated as "unset" for purposes of Date and DateTime validation. * Add Date and DateTime fields to bulk update. * Don't conduct a user search if no string was entered. * Signal if a user is disabled at the top of User Summary pages. * Resolve regression in 4.2, which caused warnings during ticket creation when transaction custom fields were applied. * Respect transaction squelching during GPG/SMIME signing and encryption. Lack of public key for a squelched user will no longer trigger errors, for instance. * Resolve regression in 4.2, where the recipient squelching checkboxes did not properly synchronize state between users who appeared multiple times. * Adjust the bottom edge of rolled-up tabs in ticket pages. * Sort data groupings in charts numerically, not ASCIIbetically, if they all appear to be numbers. * Ensure that Sidebar / Body panes in dashboard configuration display in a consistent order on perl 5.18 and above. * For strict DOM compliance, move a "name" attribute on <div> to "data-name". * Prevent "Can't call method "DependsOn" on an undefined value" error in bulk update if tickets were deleted. * Show links to tickets which are not readable by the user as numbers, not as blank titles. * Add a "ticket-active" class, as well as the current status as a class, to ticket links on ticket display page. * Fix a regression in 4.2 which caused an error when a user with only limited rights (Watch or WatchAsAdminCc) removed themselves as a watcher from a ticket or queue. * Allow SeeCustomField on a single queue to show its custom fields during search if the search is limited to that queue. + Documentation * Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to already have a more recent version of, by way of perl 5.10.1. * Correct reminders documentation to suggest RT::Action::Notify, not RT::Action::SendEmail. * Documentation on writing extensions for RT. Admin interface * Fix "Queue" and "QueueId" columns in admin Scrips listing to emulate their display in 4.0. * Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites to increase the previously-hardcoded limit of 50 users in the drop-down before it switched to autocompletion. * Correctly style warnings about Articles needing configuration. * Resolve regression in 4.2 in admin interface, where the current group and rights tab is not preserved across rights submission. * Show static content roots in System Configuration, alongside Mason content roots. * Catch and warn of template compilation errors, such as unbalanced braces. + Database * Improve right-checking query plan (at least on PostgreSQL 9.3) by de-duplicating ACL equivalence objects, and using the RT::System's id. * Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and sequences before attempting to create them, except on Oracle. This resolves the common case of testing an upgrade before re-importing a backup atop it for the final upgrade, leaving the new tables still in place. * Fix a regression in 4.2 which caused rt-server to hold extra database handles open. For FastCGI processes, this was one extra per FastCGI process; for standalone servers, only one overall. + Callbacks * MassageDisplayHeaders callback in ShowTransactionAttachments is now passed $ShowHeaders. * Callbacks in EditTransactionCustomFields are now passed $InTable. * MassageCustomFields callback in EditCustomField is now correctly passed $CustomFields. * Correct a typo in the documentation for MakeClicky callbacks. Developer * Provide and use a GetCustomFieldInputName() function to programmatically determine form field names from custom field objects. * Resolve a bug when associating unknown users with single-user roles; this primarily only affects Assets. * Allow consumers of /Elements/SimpleSearch to provide the placeholder text. * Default Stage for Scrips to be TransactionCreate; primarily for initialdata, but affects all callers of RT::Scrip->AddToObject. * Adjust etc/upgrade/shrink_transactions_table.pl to avoid new deprecation warnings. * Fix precedence errors of "return ... or ..." found by perl 5.19. * Allow consumers of EditCustomField to specify undef $Rows or $Cols to omit the respective attributes during form element rendering. * Prevent warnings on perl 5.19 and above. * Allow members to be added to groups during group creation in initialdata. * Prevent race conditions in 99-policy.t by skipping t/tmp/ and other volatile directories. * Pass Ticket object to ShowAttachments on Ticket/Forward.html, to allow for greater extensibility by providing more context. A complete changelog is available from git by running: git log rt-4.2.2..rt-4.2.3 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.2...rt-4.2.3 - update rt-4.2.0-enable-build-as-non-root.patch for 4.2.3 ------------------------------------------------------------------- Tue Nov 19 13:32:02 UTC 2013 - darin@darins.net - update to 4.2.1 + Oracle: * Resolve numerous issues with the 4.0 -> 4.2 upgrade steps on Oracle * In-database sessions on Oracle are no longer truncated at 8k, leading to spurious logouts + Internet Explorer: * Fix submission issues under Internet Explorer + Rich text editor: * If returning to a reply/correspond page with the back button, the rich text editor will no longer double-escape previously written content. + REST: * Fix an empty 'text/plain' part when tickets are created using the REST interface. + Other bugfixes: * Optimize transaction display code to speed up long ticket displays by short-circuiting transaction custom field checking. * Supply a default $PATH for SMIME and GnuPG under FastCGI * Support index upgrade steps on Pg when in a custom schema * Close a memory leak in ColumnMap A complete changelog is available from git by running: git log rt-4.2.0..rt-4.2.1 or visiting https://github.com/bestpractical/rt/compare/rt-4.2.0...rt-4.2.1 ------------------------------------------------------------------- Mon Nov 4 17:49:19 UTC 2013 - darin@darins.net - use usermod to modify groups entries - create unique UID ------------------------------------------------------------------- Mon Nov 4 16:50:51 UTC 2013 - darin@darins.net - update %pre so groupadd/useradd are always called ------------------------------------------------------------------- Tue Oct 29 15:12:29 UTC 2013 - darin@darins.net - fix so rt_localstatedir is not a %ghost ------------------------------------------------------------------- Mon Oct 28 15:58:07 UTC 2013 - darin@darins.net - fix pod2man build failure on opensuse 13.1 ------------------------------------------------------------------- Tue Oct 8 17:59:29 UTC 2013 - darin@darins.net - Set rt_localstatedir to %{_var}/lib/%{name}, as /var/run is now tmpfs and will disappear after reboot and this data needs to be persistant. ------------------------------------------------------------------- Thu Oct 3 18:52:12 UTC 2013 - darin@darins.net - updated to 4.2.0 * Much improved reporting via search result charting - Multiple group by and statistic calculations in a table - Time statistics such as average, minimum, and maximum durations between Created and Resolved, Created and Started, Started and Resolved, and more. - More robust layout of charts * Increased performance for searches and ticket pages - Faster searches on all databases (especially Pg) - Ticket pages load quicker - Menus load before the rest of the page is loaded - History is loaded asynchronously - Faster serving of static assets * Scrips per queue - Apply scrips globally or ad-hoc to individual queues, a la custom fields - Less duplication of scrips and/or need for empty templates * Custom field groupings - Display CFs in configurable groupings (boxes) on the ticket display/edit pages - Includes arbitrary grouping names as well as standard ticket groupings (Basics, Dates, People, Links, etc.) * User summary pages - Display information about users such as tickets, history, groups, etc. - An extended "More about requestors" page for any user - Easy to get to via links and user search * HTML templates enabled by default for new installs, available for upgrades too * History improvements - Rich text/HTML messages are preferred for display by default - Images are inlined with text in ticket history display instead of presented at bottom - Clickable users, tickets, articles, and other items * Many interface improvements, such as: - Per-user preferences for the dashboards which appear in the Home menu - Floating page menu for quicker access to ticket actions, subpages, etc. - Autocomplete for ticket links, including when merging - Autocomplete available to self service users - Improved CF and links display in search results - Sticky simple search for quick search refinements - Attachments on reply can no longer be mixed up when replying to multiple tickets at once - ReassignTicket right to assign tickets without stealing first; useful for managers * S/MIME support integrated with GnuPG support - Decrypt and verify incoming GPG and SMIME messages - Send all outgoing messages as either GPG or SMIME * Migration tools - Migrate from one database type to another (MySQL, Pg, Oracle) - Merge multiple RT instances together * Thousands of bug fixes; nearly 2000 commits totaling more than 250,000 lines of code changed. ------------------------------------------------------------------- Wed Oct 2 18:54:05 UTC 2013 - darin@darins.net - update to 4.2.0rc5 * Major upgrade, a complete changelog is available by visiting: https://github.com/bestpractical/rt/compare/rt-4.0.17...rt-4.2.0rc5 - update openSUSE directory layout - update patches for RT-4.2 * rt-4.2.0-enable-build-as-non-root.patch * request-tracker-use_local_lib.patch - add missing/new dependencies ------------------------------------------------------------------- Mon Aug 5 11:13:38 UTC 2013 - darin@darins.net - update to 4.0.17 * fixes an important regression in the upgrade script included in 4.0.14, 4.0.15, and 4.0.16 A complete changelog is available from git by running: git log rt-4.0.15..rt-4.0.17 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.15...rt-4.0.17 ------------------------------------------------------------------- Fri Jul 26 11:11:13 UTC 2013 - darin@darins.net - update to 4.0.15 Features * Ticket watcher searches that involve a large number of ORs will now use a much-improved SQL query, instead of the old many-join solution. * Do a better job wrapping text before quoting it in a reply. * Simple search now supports @example.com to search for tickets requested by users with email addresses ending in @example.com. * If our display parsing of an HTML attachment fails for known reasons, a better error message is provided, directing admins to contact us with a sample. Bugfixes * Resolve several corner cases where RT's database handle can be disconnected unexpectedly. * When a TicketSQL query fails, report that failure to the user rather than silently displaying an empty ticket list. * Display and add attachments to tickets in alphabetical rather than random order. * Ensure that LifeCycle statuses are compared case-insensitively. Developer * CleanSlate on collections more thoroughly resets the collection. * A new callback and better support for JS/CSS tweaking of our Autocompleter display formats. * New warning when an RT::URI::* resolver object cannot be created. * Extensions may use rt-setup-database --action upgrade --package extension to provide RT's friendlier upgrade infrastructure. A complete changelog is available from git by running: git log rt-4.0.13..rt-4.0.15 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.13...rt-4.0.15 ------------------------------------------------------------------- Mon Jul 1 00:24:37 UTC 2013 - lars@linux-schulserver.de - add su call to logrotate script for newer openSUSE versions ------------------------------------------------------------------- Thu Jun 6 07:04:01 UTC 2013 - lars@linux-schulserver.de - add hint to read the README.SuSE first before the README in case of an upgrade ------------------------------------------------------------------- Wed May 22 18:43:07 UTC 2013 - darin@darins.net - update to 4.0.13 This release of RT resolves a number of security vulnerabilities: CVE-2012-4733 CVE-2013-3368 CVE-2013-3369 CVE-2013-3370 CVE-2013-3371 CVE-2013-3372 CVE-2013-3373 CVE-2013-3374 Details about the above CVEs are available at: http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html A complete changelog is available from git by running: git log rt-4.0.12..rt-4.0.13 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13 ------------------------------------------------------------------- Thu May 2 11:54:49 UTC 2013 - darin@darins.net - Update 40 4.0.12 Features * Date and DateTime Custom Fields now have the same 'smart' date parsing that core RT date fields have. * Improved logging when the sending of a Correspond or Comment fails. * The Quick Search preferences page now has Select/Clear All buttons. * Unprivileged users can now change Language and Time Zone. * Warn MySQL users if their max_allowed_packet is dangerously low. Bugfixes * Repair 4.0.11 regression where red background on Reply with the RichText Editor was lost. * Quiet warnings in the verbose user format. * Allow changing the case of a Group's name (prevented by earlier code stopping you from having two groups with the same name). * Allow changing the case of a Class's name. * Avoid warnings when using empty Templates. * Update our InnoDB checks for MySQL 5.6 compatibility. * Clarification of when SetOutgoingMailFrom and OverrideOutgoingMailFrom are available. * Improve layout of collection lists in IE. * Fix Attach more files button in Self Service. * Set caching headers on autocomplete endpoints. * Restore and improve prematurely deleted documentation for DontSearchFileAttachments. * Correct the encoding of Dashboard email Subject headers. * Fix the default roles on User->WatchedQueues. * Document the need to grant SeeCustomField in UPGRADING-3.4. * Nudge menus below the shadows in aileron. * Fix missing headers and a syntax error in the /REST/1.0/attachment/NN endpoint. A complete changelog is available from git by running: git log rt-4.0.11..rt-4.0.12 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.11...rt-4.0.12 - fix rt-4.0.0-enable-build-as-non-root.patch for 4.0.12 ------------------------------------------------------------------- Tue Apr 9 20:35:44 UTC 2013 - darin@darins.net - Update to 4.0.11 Bugfixes * Fix description of the ModifyACL right on Classes. * Allow sorting by a Queue's SubjectTag (in the admin UI). * Reminders attached to tickets in the deleted status now no longer throw errors. * Custom Fields containing & were not being displayed properly in search results. * Validate usernames properly on rename as well as during creation. * Remove user preference for 'Number of search results' since it was unused and conflicted with the option on the My RT at a Glance configuration page. * Clean up temp files left behind by the REST interface. * Recipients and Scrips box on Ticket reply/comment pages retain checkbox state when uploading attachments or including articles or otherwise reloading the page. * Charts are no longer hidden by the print css. * Date Custom Fields should ignore time zones. * rt-crontool no longer throws an error on --help or other error conditions. * When choosing the Shredder link from search results, correctly select the Tickets plugin. * Bring back an Article quick search missing since before 4.0.0. * The default $ExtractSubjectTagMatch no longer removes [comment] from mail with subjects like [comment] [rtname #1]. * In the Class PageMenus, load a Class not a CustomField to validate the id. * Date Custom Fields now parse strings like 'today' in the user's timezone. * Username and Password are now the same length on IE8/9. * External Custom Fields can now be changed back to internal Custom Fields in the CF Admin UI. * Inline text attachments now obey PlainTextPre or PlainTextMono if they are set. * Once a Group contained more than one User or Group, current members of the Group were not being excluded from the autocomplete results. * Reloading pages with results= will no longer trigger the CSRF warning. A complete changelog is available from git by running: git log rt-4.0.10..rt-4.0.11 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.10...rt-4.0.11 ------------------------------------------------------------------- Wed Feb 27 15:45:51 UTC 2013 - darin@darins.net - Install README.SuSE ------------------------------------------------------------------- Mon Feb 25 17:07:54 UTC 2013 - darin@darins.net - Added Source for README.SuSE ------------------------------------------------------------------- Tue Feb 19 13:58:06 UTC 2013 - darin@darins.net - Added README.SuSE to %doc ------------------------------------------------------------------- Wed Jan 30 13:35:07 UTC 2013 - darin@darins.net - update to 4.0.10 Bugfixes * CF values are no longer possibly lost during ticket creation; see above for a complete description * Updated localizations, including a new Slovak translation * Error titleboxes now render properly when they have collapse icons * Restore a missing </form> tag on the mobile login * Allow non-uris in Link transactions * Bulk Update maintains the previous value of the "Told" box on page reload * Simple Search no triggers queue-searching behavior when passed a disabled Queue names * We now find localizations expressed as ( qw(a b c)) * Only attempt to update Told if the correspond succeeded git log rt-4.0.9..rt-4.0.10 or visiting https://github.com/bestpractical/rt/compare/rt-4.0.9...rt-4.0.10 ------------------------------------------------------------------- Thu Jan 17 17:33:46 UTC 2013 - darin@darins.net - Updated request-tracker-use_local_lib.patch ------------------------------------------------------------------- Thu Jan 17 13:10:25 UTC 2013 - darin@darins.net - update to 4.0.9 Bugfixes * IE8/9 are encouraged never to use compatibility mode. * User autocompletes on Oracle now work. * Disabled personal groups hiding out from 3.8 are cleaned out. * When upgrading from 3.8 to 4.0 the article upgrade points to the correct upgrading documentation. Features * The Rights Editor now keeps track of the user/group and tab selected when submitting and switching between states. * Allow bookmarking tickets from the mobile interface. * Warn less when your RT is behind a proxy. * New CheckMoreMSMailHeaders config option that tries harder to detect outlook and repair weird linespacing issues in text parts. Documentation * Lifecycle documentation separate from the RT_Config.pm docs. * Document how to use the Style Editor and how to add your own CSS. * Document basic approvals configuration. * Improve documentation and examples for CreateTickets action Development * Improve SQL logging on record creation and the autocompleter. * Improve the debugging mason errors to include a stack trace. * Ensure tests never run in the local locale (which can cause interesting failures). * Catch and error if we throw warnings in tests. See https://github.com/bestpractical/rt/compare/rt-4.0.8...rt-4.0.9 for full list of Bugfixes, Features, Documentation, and Development changes. - renamed rt-mysql2pg to rt-mysql2pg-contrib per Thomas Sibley http://lists.bestpractical.com/pipermail/rt-users/2012-December/078698.html ------------------------------------------------------------------- Sat Nov 24 14:08:30 UTC 2012 - lars@linux-schulserver.de - update to 4.0.8: This release, in addition to being a bugfix release, also resolves a number of security vulnerabilities. It resolves CVE-2012-4730, CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, and CVE-2012-4884. Bugfixes * Custom Fields BasedOn can be set from intialdata again. * Fix the 3.8.4 NotifyGroup upgrade script to properly join notification groups with a comma. * Correct the use of the 'approved' state from Lifecycles. It is now used only when all approvals are completed. * Use database-level row locking to ensure that scrips do not suffer from race conditions with scrips from other processes. * Remove multiple slashes so that page menus display and the active item is correctly highlighted. * Improve MaxAttachmentSize documentation. * Ensure that ticket links in the iCal feed are CSRF whitelisted. Features * New alias validator sbin/rt-validate-aliases which helps keep RT and /etc/aliases in sync. * Add support for GPG mails in inline format (PGP partitioned encoding) that are also encoded for transfer with Base64 or quoted printable. * Add a BeforeLocalization callback to message headers. * If you have DBIx::SearchBuilder 1.62 or higher and are using full text indexing on Pg or Oracle, rt-fulltext-indexer uses a faster query to find unindexed attachments. ------------------------------------------------------------------- Fri Sep 14 18:29:25 UTC 2012 - darin@darins.net - update to 4.0.7 + A complete changelog is available at https://github.com/bestpractical/rt/compare/rt-4.0.6...rt-4.0.7 - Added LWP::Protocol::https requirement ------------------------------------------------------------------- Wed May 23 12:36:54 UTC 2012 - darin@darins.net - update to 4.0.6: + This resolves the following security vulnerabilities: CVE-2011-2082, CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458, CVE-2011-4459, and CVE-2011-4460. + Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as it was causing numerous crashes of IE. + Show the current status in the status dropdown during ticket update, to allow forced setting of the status. This functionality was available in RT 3.8, and is now being reinstated. + Use SearchBuilder queue limits to restrict what statuses and owners are displayed in drop-downs. + Make "New Ticket" a top-level SelfService menu item. + Display Lifecycle column correctly in queue admin lists. + Allow >64k attributes on MySQL; this is particularly useful for logos uploaded via the theming editor. + Remove two dependencies from the RT mailgate. + Adding new arbitrary links to tickets now works as expected in the REST interface. + Subject: lines in Forward Ticket templates are now respected. + Sort ticket link numbers numerically, not alphabetically. + Ticket reminders are no longer copied when creating a linked ticket; article and http:// links now are, however. + Use relative links (with no hostname) more consistently. + Correctly deal with non-ASCII attachment filenames which make use of MIME parameter value continuations. + Find queue-level CFs first in REST interface when there are duplicates by name. + Fix graphing of searches which reference Updated and other transaction-based limits. + Reminder statuses on open and resolve are now configurable per-lifecycle. + Fix quoting of CF names containing dashes and the like in the SearchBuilder. + Bump URI dependency to ensure utf8 URLs are correclty generated in Dashboard emails. + Permit <bdo> and language attributes when scrubbing HTML. - Added missing mason_data directories ------------------------------------------------------------------- Tue Mar 13 21:18:51 UTC 2012 - lars@linux-schulserver.de - update to 4.0.5: + Greatly improved print CSS + New Config option - HideResolveActionsWithDependencies removes actions such as Resolve from the action menu on tickets with outstanding dependencies + New Config option - AutocompleteOwnersForSearch allows admins to force an Owner autocompleter in the Query Builder + New Config option - NoTicketInterfaceForApprovals redirects users to the Approvals interface if they visit an Approval ticket in the regular RT UI + Improved Simple Search documentation and new 'any' keyword for any status + Improved case insensitivity in the User and Custom Field Autocompleters + new --enable-ssl-mailgate configure option and rt-mailgate options to assist with setting rt-mailgate up to talk to your ssl enabled RT server + More improvements to email quote detection to handle Outlook quoting + The CreateTickets action now supports adding Groups as Watchers + httpurl_overwrite no longer inserts spaces into your URLs + Added NBSP as a search column in the Query Builder + Maintain Approved/Denied state in the radio button on past Approvals + Fixes for Bookmarked ticket searches + Bugfixes for OverrideOutgoingMailFrom and sending bounces + More consistent ordering of Articles + Improvements to menu internals, including fixes for Search collections and localization of key names + Preserve Content-Disposition when redistributing mail + Improved PGP handling for .asc attachments with misleading content-types + By default, RT's session cookie will not be available to javascript + Allow Charts to be grouped by Told. + Test and localization cleanups. ------------------------------------------------------------------- Mon Mar 12 18:47:20 UTC 2012 - lars@linux-schulserver.de - create %{rt_localstatedir}/data/RT-Shredder during init, so the shredder can work per default - fix license to be in spdx format - added a more descriptive message in the database backend README files. ------------------------------------------------------------------- Fri Dec 30 10:50:46 UTC 2011 - lars@linux-schulserver.de - update to 4.0.4: This release contains a number of bugfixes and small improvements since the 4.0.2 release; a few of the more notable ones include: + Due to a change in RT 3.8.9, which also affected RT 4.0.0 and higher, TransactionBatch scrips were run twice; this has now been fixed. + A new toggle has been added to expand all quote folding in a ticket's transaction history. + New "On Forward", "On Forward Transaction" and "On Forward Ticket" conditions have been added. + Ticket searches no longer forget which saved search they were loaded from when being updated. + A new "make jsmin" target has been added to aid in downloading, compiling, and installing jsmin. + Improved threading for automatically generated emails concerning a ticket. + Improved detection of Outlook-style message fowarding headers. + No longer error when a user has supplied a non-existant RT style; instead, fall back to the default. This is particularly relevant for users coming RT 3.8 with the 3.6 stylesheet applied, which no longer exists in 4.0. + Improved handling of files named "0", and Unicode filenames, in file uploads. + Tickets can no longer be linked to deleted tickets. + Restore missing menus on simple search result pages. + Fix support for perl 5.12 and later by removing a deprecated use of "defined %hash". - install rcrequest-tracker symlink - fix FSF address in init script - ignore the init-script-without-%restart_on_update-postun warning from rpmlint: the init script just creates missing directories on start - so no "restart" needed ------------------------------------------------------------------- Tue Nov 1 13:09:45 UTC 2011 - lars@linux-schulserver.de - provide perl(RT) ------------------------------------------------------------------- Sun Oct 30 07:40:41 UTC 2011 - lars@linux-schulserver.de - added rt-mysql2pg as suggested by Darin Perusich (bnc#722777) - move schema and acl files to database subpackages - split out *db-oracle subpackage ------------------------------------------------------------------- Fri Oct 7 14:15:32 UTC 2011 - lars@linux-schulserver.de - implement cleanup script for mason cache suggested by Darin Perusich (bnc#722582) ------------------------------------------------------------------- Thu Oct 6 18:26:02 UTC 2011 - lars@linux-schulserver.de - fix bnc#722528: config file ownership not properly set ------------------------------------------------------------------- Thu Oct 6 07:53:51 UTC 2011 - lars@linux-schulserver.de - fix bnc#722143: webserver user can't write to log directory (thanks to Darin Perusich) ------------------------------------------------------------------- Fri Sep 2 12:10:33 UTC 2011 - lars@linux-schulserver.de - update to 4.0.2: + Notable changes include: ++ Ability to reference global CFs by Name in RT::Action::CreateTickets ++ Installation of the docs/ directory into /usr/share/request-tracker/docs ++ Removal of the incomplete --binary flag option for the full-text search indexer ++ Fixes for a regression that caused group dashboards to vanish after creation and not appear in the list of dashboards ++ Rewritten forward functionality to generate mail that better represents the original messages received by RT ++ Removal of the pure Perl Javascript::Minifier module which slowed down the first request to new webserver children. jsmin or another external minifier is now required to minify RT's javascript. Refer to the section about $JSMinPath in perldoc /opt/rt4/etc/RT_Config.pm for how to configure jsmin. - enhancements and fixes in cronjobs - use more macros to define directories only once ------------------------------------------------------------------- Fri Aug 19 07:34:36 UTC 2011 - lars@linux-schulserver.de - fix build on older distributions by using the perl_vendorlib directory where we install newer perl modules ( request-tracker-use_local_lib.patch ) ------------------------------------------------------------------- Sat Aug 13 15:44:19 UTC 2011 - lars@linux-schulserver.de - update to 4.0.1 - fix (build)requires - build as/for user and group rt - provide a small init script that creates /var/run/rt on demand - split up subpackages (client, db-mysql, db-postgres, db-sqlite) - install logrotate config ------------------------------------------------------------------- Sat Dec 26 23:41:36 UTC 2009 - lars@linux-schulserver.de - initial version 3.8.7
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor