head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.8
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.6
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2011Q4:1.4.0.4
	pkgsrc-2011Q4-base:1.4
	pkgsrc-2011Q2:1.4.0.2
	pkgsrc-2011Q2-base:1.4
	pkgsrc-2010Q4:1.3.0.6
	pkgsrc-2010Q4-base:1.3
	pkgsrc-2010Q3:1.3.0.4
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.3.0.2
	pkgsrc-2010Q2-base:1.3
	pkgsrc-2009Q4:1.2.0.8
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.6
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.4
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.2
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.1.0.20
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.18
	pkgsrc-2008Q1:1.1.0.16
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.14
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.12
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.10
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.8
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.6
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.4
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.2
	pkgsrc-2006Q2-base:1.1;
locks; strict;
comment	@# @;


1.4
date	2011.02.26.20.58.15;	author spz;	state dead;
branches;
next	1.3;

1.3
date	2010.04.13.21.06.30;	author spz;	state Exp;
branches;
next	1.2;

1.2
date	2008.08.23.23.58.29;	author tonnerre;	state dead;
branches;
next	1.1;

1.1
date	2006.05.01.09.38.08;	author cube;	state Exp;
branches
	1.1.20.1;
next	;

1.1.20.1
date	2008.09.03.12.12.11;	author tron;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Update of rt3 to version 3.8.9

Changelog:

SECURITY

* Move to a SHA-256 based password hashing scheme
* Redirect users to their desired pages after login.
  This prevents possible back button attacks after a user logs out.
* Clone Scrip's TicketObj since we change the CurrentUser and it can
  leak information (Custom field values, etc)

INSTALLATION

* Fixes to the RH Layout in config.layout

ACCESS CONTROL

* New AdminCustomFieldValues right that allows user to add/remove
  CF values, but not edit the CF

CONFIGURATION

* Add ResolveDefaultUpdateType to choose between Comment or Correspond
  on Resolve
* When using Set($MailCommand, 'testfile') log all mail to the
  same tmpfile
* Add a callback to allow extensions to redirect a user to an external
  auth logout URL using RT's logout button. This ensures that the user's
  RT session is cleared
* Add SuppressAutoOpenOnUpdate preference

DOCUMENTATION

* Clean up README
* Update UPGRADING.mysql documentation for users of older mysql
* Flag that "Let this user be granted rights" means "Privileged"
* Fix rt-crontool examples to use a real Condition
* Undocument SenderMustExistInExternalDatabase since the code was
  never merged
* Better document SetOutgoingMailFrom
* Better document shrink_cgm_table.pl

DATABASE

* Add support for Postgres 9
* No longer record transactions for ACL Equivalence Groups
* Don't delete all RT MySQL ACLs before invoke GRANT
* Quote database name for GRANT on MySQL
* Insert extensions' schema and acl files as the DBA
* Fix searches for empty Attachments on Oracle

EMAIL

* Better handling of mail generated by Outlook
* When RT's SendmailCommand fails, record it in ticket history
* New GPG tests and bugfixes for corner cases
* use EmailOutputEncoding for Content-Type.charset
* Handle failures in MIME Encoding better
* Small bugfixes for text/html templates
* Fix MIME decoding on ticket subjects
* Remove stray colons and whitespace in the default Admin Comment
  template

USER INTERFACE

* Fix an infinite loop when using the 3.4-compat theme
* Fixes to CollectionList sorting
* css positioning tweaks for page menus
* Fixes for Bulk Update when users click 'Add More Files'
* Skip all watchers when offering to add CCs as Watchers
* Fix ahah.js to handle more than one CF 'Include page' link
* Ensure that Nobody is always at the front of the Select Owner list
* Link Basics in SelfService to the Update page
* Fix toggling js to only run once
* Ensure signatures are included in Jumbo edits
* Better identify (in the UI) a misconfigured GPG setup
* GPG key management UI updates
* Add classes/ids to the Custom Field Editing pages
* CSS Fixes for preferences widgets
* Fix truncated top values on Charts
* Wording and layout changes for the 'update password' widget
* Ensure that we keep Anchor tags on redirects
* Fix loading a new search on the Chart/Graph pages
* Change Attachment size label from Bytes to Megabytes
* Respect timezones in timestamps in /Approvals/
* Charset fixes for Ticket Attachment downloads
* Bar graph fixes for large numbers of bars
* Allow a callback on QuickCreate to pass a default Status
* Fix Approvals to make one search for approval tickets that distincts
  and orders them
* Link from Group Membership lists to User admin pages
* New callbacks (autohandler, default queue, aborting ticket updates,
  after requestor on create)
* Fix non-local local links and add t: syntax
* Editing Transaction custom fields now shows errors inline
* Use the ShowUser element more consistently across the UI

TOOLS

* Improvements to extract-message-catalog (translation tool)
* Let shrink_cgm_table and shrink_transactions display "percent complete"
* Added a simple script to naively generate a RTAddressRegexp
* Install rt-attributes-viewer originally shipped with 3.8.8
* bin/rt now searches for global configs in LOCAL_ETC_PATH also

OTHER BUG FIXES

* No longer refuse to start if you upgraded from a version of RT that
  allowed you to have invalid Scrips
* Handle broken Reminders links when users change their Organization
* Trim whitespace from CustomFieldValues consistently
* RFC2616 dates are always in UTC
* Scrips can no longer have an empty Condition, Action or Template
* make multi-value REST fields separated with commas ignore spaces
* Localize ENV changes under mod_perl
* Don't page group memberships for a User
* Skip disabled Queues when a Simple Search term matches a Queue Name
* Add TransactionObj to CreateTickets templates to match the docs
* Fix the use of Tickets_Local.pm in rt-email-dashboards and rt-crontool
* Escape more characters in graphviz output
* Fix message when you fail to delete a saved search to tell you
  Permission Denied
* Include Rules with Scrips when previewing recipients
* Ensure that distribution upgrades that break Scalar::Util show up in
  apache logs
* Fix warnings on empty Collection List headers
* Log errors from safe_run_child
* Refuse to run if webmux.pl and RT.pm are mismatched
* Actually log the error that caused "Can't load a principal for id #"
* Switch to using $Approver->Name in templates since an AdminCc can
  approve
* Allow fastcgi_server to specify a port
* Guard against SavedSearches with no content
* Ensure our output is always flagged as utf-8
* Allow queries like "Priority > -2"
* Fixes to Private/Public key methods
* Return 'set private key' from SetPrivateKey, not 'unset private key'
* Protect STDOUT under mod_perl - among other things, this fixes
  Scrips that use system()
* Fix forwarding of messages without a top level textual part
@
text
@$NetBSD: patch-ac,v 1.3 2010/04/13 21:06:30 spz Exp $

--- ./lib/RT/Interface/Web.pm.orig	2009-12-11 17:27:20.000000000 +0000
+++ ./lib/RT/Interface/Web.pm
@@@@ -88,6 +88,7 @@@@ sub EscapeUTF8 {
     $$ref =~ s/\)/&#41;/g;
     $$ref =~ s/"/&#34;/g;
     $$ref =~ s/'/&#39;/g;
+    $$ref = Encode::encode_utf8($$ref);
 }
 
 # }}}
@


1.3
log
@perl FCGI 0.69 onwards is more picky about the strings it gets.
Thus, if you feed it perl strings with utf-8 you get a complaint about
wide characters in the string.
The new patch-ac contains a fix.
@
text
@d1 1
a1 1
$NetBSD$
@


1.2
log
@Update rt3 to version 3.8.1 (from 3.6.6). Changes are:
 * New visual style (web2).
 * Rich text mails.
 * Email signatures and encryption.
 * User settings for:
   - Ticket history ordering.
   - Timezones.
   - Date and time format.
   - Username format.
   - Default queue.
   - Size of message text boxes.
 * Charts of ticket relationships.
 * Breeze through upgrades with new upgrade tools.
 * Subscribe to iCalendar feeds of ticket due dates.
 * Bookmark frequently-used tickets.
 * Turn off mail from RT when you go on vacation.
 * Get your mail from RT as a daily or weekly batch.
 * Delete historical or spam tickets with RT::Shredder (only as a superuser).
 * Set up more configurable business rules with new Scrip Conditions and
   Actions.
 * Forward tickets to third-parties from within RT.
 * Enable and Disable RT extensions with the new Plugins system.
 * Automatically log out inactive users with rt-clean-sessions.
 * Run faster with less memory, thanks to numerous  performance improvements
   and bug fixes.
 * Fixed a potential HTML injection attck via user's properties.
 * Better support for installation on Solaris and FreeBSD (non-GNU make).
 * Updates to documentation and scripts for upgrading from MySQL 4.0
 * Updated upgrade documentation for the new Queue Tag and bookmarks features.
 * Multiple bugs in iCal support fixed.
 * Backwards compatibility fixes for extensions developed against 3.6
 * Added support for external links in tabs and targets.
 * Addition of a new callback before ticket creation so you can implement
   custom validation or stop creation for another reason.
 * Missing documentation to external authentication configuration variable
   in bin/rt and make it possible to set it via ENV.
 * Merged method in RT::Ticket.
@
text
@d1 1
a1 1
$NetBSD: patch-ac,v 1.1 2006/05/01 09:38:08 cube Exp $
d3 8
a10 4
--- configure.orig	2006-04-19 19:37:22.000000000 +0200
+++ configure
@@@@ -2039,7 +2039,7 @@@@ if test "${with_my_user_group+set}" = se
 fi;
d12 1
a12 6
 # Test for valid database names
-if  test "$DB_TYPE" == "mysql" ; then
+if  test "$DB_TYPE" = "mysql" ; then
    echo "$as_me:$LINENO: checking if database name is valid" >&5
 echo $ECHO_N "checking if database name is valid... $ECHO_C" >&6
           if  echo $DB_DATABASE | $AWK '/-/ { exit 1 }' ; then
@


1.1
log
@Update rt3 to version 3.4.5.  This is _not_ an easy update, although the
changes are apparently minor to a end user (but not for the site
administrator).

It'd very hard and very long to provide a full list of changes.  The main
changes in RT 3.4 are a complete rework of how Custom Fields are handled,
which means there is a lot more flexibility in that area now (including
Custom Fields for users, per-queue, per-transaction).  RT 3.4 is also
supposed to be faster, which certainly is no bad news.

Another bonus of RT 3.4 are the availability of extensions, and I will
commit RTx::Shredder and RTx::RightsMatrix very soon.

Updating RT is not an easy task, be sure to backup your database, and don't
forget to grant the new rights to relevant people.

In pkgsrc, rt3 is also seeing a few changes.  The main one is the situation
of the "local" path, which is now set to /var/rt3, which seems less lame to
me than the previous value.  It could be debated, though.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.20.1
log
@Pullup ticket #2514 - requested by tonnerre
rt3: security update

Update the "rt3" package to version 3.6.7 to fix
Denial of Service vulnerability.

Files patched:
- devel/rt3/Makefile
- devel/rt3/PLIST
- devel/rt3/distinfo
- devel/rt3/patches/patch-ac
@
text
@d3 1
a3 1
--- configure.orig	2008-06-16 23:37:53.000000000 +0200
d5 2
a6 2
@@@@ -2514,7 +2514,7 @@@@ fi
 
d11 2
a12 2
    { echo "$as_me:$LINENO: checking if database name is valid" >&5
 echo $ECHO_N "checking if database name is valid... $ECHO_C" >&6; }
@