RPM Search

Changelog for request-tracker-db-sqlite-4.4.2-1.1.noarch.rpm :
Mon Sep 25 14:00:00 2017 larsAATTlinux-schulserver.de
- update to 4.4.2
Security

* RT 4.0.0 and above are vulnerable to an information leak of cross-site
request forgery (CSRF) verification tokens if a user visits a specific
URL crafted by an attacker. This vulnerability is assigned
CVE-2017-5943. It was discovered by a third-party security researcher.

* RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack
if an attacker uploads a malicious file with a certain content type.
Installations which use the AlwaysDownloadAttachments config setting are
unaffected. This fix addresses all existant and future uploaded
attachments. This vulnerability is assigned CVE-2016-6127. This was
responsibly disclosed to us first by Scott Russo and the GE Application
Security Assessment Team.

* One of RT\'s dependencies, a Perl module named Email::Address, has a
denial of service vulnerability which could induce a denial of service
of RT itself. We recommend administrators install Email::Address version
1.908 or above, though we additionally provide a new workaround within
RT. The Email::Address vulnerability was assigned CVE-2015-7686. This
vulnerability\'s application to RT was brought to our attention by Pali
Rohár.

* RT 4.0.0 and above are vulnerable to timing side-channel attacks for
user passwords. By carefully measuring millions or billions of login
attempts, an attacker could crack a user\'s password even over the
internet. RT now uses a constant-time comparison algorithm for secrets
to thwart such attacks. This vulnerability is assigned CVE-2017-5361.
This was responsibly disclosed to us by Aaron Kondziela.

* RT\'s ExternalAuth feature is vulnerable to a similar timing side-channel
attack. Both RT 4.0/4.2 with the widely-deployed RT::Authen::ExternalAuth
extension, as well as the core ExternalAuth feature in RT 4.4 are
vulnerable. Installations which don\'t use ExternalAuth, or which use
ExternalAuth for LDAP/ActiveDirectory authentication, or which use
ExternalAuth for cookie-based authentication, are unaffected. Only
ExternalAuth in DBI (database) mode is vulnerable.

* RT 4.0.0 and above are potentially vulnerable to a remote code execution
attack in the dashboard subscription interface. A privileged attacker
can cause unexpected code to be executed through carefully-crafted saved
search names. Though we have not been able to demonstrate an actual
attack owing to other defenses in place, it could be possible. This fix
addresses all existant and future saved searches. This vulnerability is
assigned CVE-2017-5944. It was discovered by an internal security audit.

* RT 4.0.0 and above have misleading documentation which could reduce
system security. The RestrictLoginReferrer config setting (which has
security implications) was inconsistent with its implementation, which
checked for a slightly different variable name. RT will now check for the
incorrect name and produce an error message. This was responsibly
disclosed to us by Alex Vandiver.
New features

* Custom fields now have a \"New values must be unique\" option.

* Custom fields now support value canonicalization (for example,
automatically changing input values to be all uppercase). See the
AATTCustomFieldValuesCanonicalizers config option.

* Ticket timers provide a comment box for quickly adding ticket comments
to describe your time worked.

* You can now set up default values for assets on a catalog level.

* You can choose to display result counts on ticket search portlets using
the new $ShowSearchResultCount config setting.

* There is now a \"Load all history\" link for the \"as you scroll\" history
loading mode, to allow you to use browser-based text search.

* We now display a list of recently-viewed tickets in the
Search -> Tickets -> Recently Viewed menu.

* We have made RT::Extension::AdminConditionsAndActions part of core
RT, so you can now easily configure the conditions and actions of
your scrips right within the admin UI.
General user UI

* Avoid breaking sorting of non-ticket searches in dashboards

* Avoid duplicate one-time recipients (I#31938, I#31939)

* Suppress ticket Ccs and AdminCcs from one-time recipients

* Allow ordering assets with \"CustomField.Foo\" syntax

* Avoid divide-by-zero in charts with no data (I#32143)

* Add ability to link multiple assets to a new ticket from asset bulk
update

* Add quick asset create portlet for user summary

* Add encrypt/sign controls to ticket forward page

* Fix browser-based search navigation link generation (I#32197)

* Remove self-service password change form under ExternalAuth

* Respect SetInitialCustomField right in self-service (I#32233)

* Declare page as being in user\'s language for browser spellcheck (I#32082)

* Fix error with merge tickets being used on bulk update (I#32237)

* Avoid overaggressively generating external attachment links

* Add $HideOneTimeSuggestions config to hide one-time recipient
addresses behind a click

* Add \"All recipients\" checkboxes to modify people page and one-time
recipients on update

* Dashboards are now displayed in alphabetically-sorted order

* Remove dashboard from menu if it can\'t be loaded (I#29719)

* Avoid wrapping one-time recipient checkbox separately from its
label (I#32117)

* Use only top-level attachments for generating one-time recipient lists
to avoid e.g. phishing addresses

* Fix accidental usage of server timezone for end users (I#32315)

* Add user preference for browser context menu instead of
CKEditor\'s, for native spellcheck (#32274)

* QuickCreate on a dashboard no longer sends you to the homepage (I#25573)

* Respect HideTimeFieldsFromUnprivilegedUsers in correspond
transactions with time worked

* Fix occasionally-missing background-color for comments

* Add a Timer column to search results for launching ticket timer

* Fix error preventing merging tickets with lazily-created watcher
groups (I#32490)

* Add a __CurrentUserName__ TicketSQL placeholder

* You can now search tickets using Queue LIKE \'…\' and Queue NOT LIKE \'…\'

* Make \"Show all\" link for attachment lists more prominent (I#32459)

* Respect SetInitialCustomField for multi-valued CFs (I#32491)

* Fix bulk update for asset custom fields (I#32509)

* Add support for CF grouping in asset bulk update (#32198)

* Add \"reattach\" as an attachment warning keyword

* Sort one-time recipient addresses (I#31879)

* Fix article quicksearch degrading the article menu (#31591)

* Avoid noisy \"CF changed from 0 to 0\" messages (I#32440)

* Avoid showing a truncated list of articles due to permissions (I#31989)

* Avoid double-encoded text attachments loaded from ExternalStorage

* You can now chart tickets by SLA (I#31824)

* Add \"Show all\" button for attachments on ticket forward page

* Relabel \"Password\" portlet on user page to \"Access control\" (I#31379)

* Fix UI for bulk update of \"List\"-type select-multiple CFs (I#32562)

* Avoid discarding checkbox changes in Recipients panel (I#32290)

* Clean up article custom fields display (I#32641)

* Add SLA field to bulk update if any queues have SLA enabled

* Include the new Request Tracker logo

* Fix overly-large bookmark star on mobile UI (I#32727)

* Stop double-escaping HTML which is made into links (I#31169)

* Fix keyboard shortcut UI for selecting tickets on old themes (I#32748)

* Add Reports menu with several predefined reports
Command-line

* Fix rt-ldapimporter --debug logging output (I#32196)

* Improve rt-ldapimporter documentation

* Produce output from etc/upgrade/upgrade-assets
Email

* Avoid overaggressively trimming whitespace from MIME encoded-words

* Add config option $OverrideMailPrecedence to help avoid out-of-office
autoreplies

* Fix issues with encrypted attachments being unreadable/absent
Database

* Skip DBA password prompt on SQLite

* Avoid warnings when upgrading old saved searches (I#32235)

* … and fix up those old saved searches (I#16856)

* Restart asset and catalog ID sequences for Pg and Oracle in
etc/upgrade/upgrade-assets

* Add index on Attachments table column Filename (I#32033)

* Replace deprecated NOCREATEUSER with NOSUPERUSER for
Postgres 9.6 (I#32511)

* Avoid deadlock in SetOwner race condition which we believe affected
only MySQL (I#32381)

* The previous may have caused inconsistent ticket ownership, and so
the 4.4.2 upgrade step will find and fix such issues

* Add rt-validator rules for possible issues around ticket owner
rt-serializer/rt-importer

* Fix several incorrect references in output (I#31803, I#31804, I#31805,
I#31808)

* Add --exclude-organization option (I#31812, I#31813)

* Add --limit-queues and --limit-cfs options

* Suppress semi-unmigrated link relationships by default

* Add --hyperlink-unmigrated option

* Fix queue change transactions to mention unmigrated queues by name

* Support for dashboards in menu preference (I#31810)

* Support for RT at a Glance preference (I#31809)

* Don\'t skip RT->System searches

* Avoid breaking rights granted to users (I#31806)
Web Administration

* Add checkbox for selecting all custom field values in admin UI

* Log a history entry when adjusting whether a user is Privileged

* Log history entries when adding/removing a group member both to
the group and to the member

* Hide disabled scrips by default, adding a \"include disabled scrips\"
checkbox (I#30131)

* Add missing timezone field on user create/modify (I#29977)

* Add RT extension names and versions to System Configuration page (I#31482)

* Add a \"SetCustomFieldToNow\" scrip action whose Argument is CF name

* Fix default values config when CustomFieldGroupings introduces
duplicate CFs (I#32441)

* Fix ExternalAuth failure after viewing System Configuration
page (I#32469)

* Support custom field groupings for groups

* User searches can now be sorted by user CF
For more, please have a look at:
https://github.com/bestpractical/rt/compare/rt-4.4.1...rt-4.4.2
- refreshed patches

Wed May 17 14:00:00 2017 mcajAATTsuse.com
- Added two more packages to Requires: perl(CSS::Minifier::XS) and
perl(JavaScript::Minifier::XS)

Fri May 5 14:00:00 2017 mcajAATTsuse.com
- update to 4.4.1:
New features:

* Administrators and users can now choose to place signatures above
the quoted message in replies (RT_Config setting
\"SignatureAboveQuote\" and the similarly named user preference). This
also improves the specific spacing between quotes and signatures in
all configurations. (I#31877)

* Users may now choose to suppress dashboard email when all of its
searches have no results. This is controlled by the new \"Suppress if
empty\" checkbox on the subscription page. (I#30078)

* The Dashboard subscription recipient options have been greatly
expanded from a single text field (which happened to support multiple
email address separated with a comma) to a robust user/group search.

* Users may now select a specific language for each dashboard email
subscription. Administrators can customize the method by which
dashboard email language is chosen (including specifying an ultimate
fallback other than English) with the AATTEmailDashboardLanguageOrder
RT_Config option.

* The \"hide unset fields\" preference now also hides unset custom
fields, obsoleting RT::Extension::CustomField::HideEmptyValues.
Additionally there is now a toggle button at the top right of the
ticket display page for quickly toggling whether unset fields are
hidden or shown. (I#31523)

* There is a new SetInitialCustomField right that permits setting
custom field values on records (tickets, assets, articles) while you
are creating them. It does not permit modifying custom field values
of existing records. Users with SetInitialCustomField but without
ShowCustomField will still be able to specify a custom field value
at create time but not see it afterwards. (I#14974)

* Administrators and users can now choose to display queue dropdowns
as an autocomplete field (RT_Config setting \"AutocompleteQueues\"),
much like is available for Owners. If your RT instance has many
queues this option improves performance and usability. (I#31291)

* New config for hiding time worked, time estimated, and time left
from unprivileged users in the self-service interface (RT_Config
setting \"HideTimeWorkedForUnprivilegedUsers\"). This also adds a hook
point RT::Ticket::CurrentUserCanSeeTime for further
customization. (I#31302)

* Long attachment lists can now be truncated to show only the X newest
attachments, with an AJAX \"Show all\" link, (RT_Config setting
\"AttachmentListCount\"). This should improve the performance and
usability of both ticket display and ticket reply pages.
General user UI:

* Eliminate console errors from Preview Scrip Recipients panel when there
are no recipients

* Avoid URL length errors from Preview Scrip Recipients panel when the
messagebox has lots of content (I#31874)

* Include MessageBoxRichText in JavaScript config to fix compatibility
for RT::Extension::QuoteSelection

* Support autocomplete custom fields in bulk update (I#15259)

* Hint to the user that not all CF types are supported by bulk update,
instead of silently excluding them (I#15259)

* Exclude One-Time Cc and One-Time Bcc addresses from
squelching (I#31386)

* Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)

* Improve \"reuse existing attachments\" UI to match existing
attachments UI (I#31709)

* Improve ticket timer text-overflow styling (I#31713)

* Switch from generating an explicit list of statuses to Status =
\'__Active__\' and Status = \'__Inactive__\' throughout the UI, both
improving performance and simplifying TicketSQL queries (I#31695 etc)

* Switch queue search from queue ID to queue name for better usability

* Fix keyboard shortcut ? command in self-service UI (I#31535)

* Support / keyboard shortcut in self-service UI

* Add ticket SLA to display columns for search results (I#31831)

* Modernize UI of Articles display and modify

* Display creator, created, and updated metadata on Articles pages

* Fix searching for people associated with Assets (I#31546)

* Support 4.4 attachment uploader in self-service UI (I#31845)

* Fix bulk update check/clear all checkboxes (I#31667)

* Fix poor rendering of \"create [relationship] ticket in [queue]\" when
there are no existant links (I#31871)

* Fix a regression with time zones in datetime custom fields (I#31674)

* Ticket timers no longer pause when JavaScript stops running (I#31707)

* Show the \"include attachments\" label on ticket reply only if there
are attachments to include

* Avoid showing an empty custom fields panel on ticket edit pages when
user can see custom fields but cannot edit them

* Fix new and existing charts that fail to render on dashboards (I#31557)

* Fix certain attachment links containing HTML metacharacters from
double escaping (I#31751)

* Avoid failure to create tickets due to custom role rights (I#32069)

* Avoid SQL errors when using article quicksearch (I#31987)
Command-line:

* Add new sbin/rt-search-attributes script for searching for
attributes matching criteria specified as Perl code (I#31294)

* Fix issues around incorrect recipients in rt-crontool invocations
with multiple actions
Database:

* Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning
no limit) for tuning how very large attachments are included in the
full-text index

* Avoid indexing EmailRecord transactions as they duplicate content
already available in the original Create, Correspond, and Comment
transactions. This improves both indexing time and index size
considerably.

* Avoid creating transactions for, and bumping Last Updated of,
tickets when migrating RT::Extension::SLA custom field values to
the core SLA field (I#31924)

* Add the new RT 4.4 Queue SortOrder column sooner in the 4.4 upgrade
process to improve extension compatibility

* Avoid errors during `make initdb` when ExternalAuth is enabled (I#32009)
Web Administration:

* Add EscapeURI and EscapeHTML functions for use in email
templates (I#31442)

* Add RT::Action::AddPriority action for use with rt-crontool which
simply increments the priority by $Argument every invocation
Server Administration:

* Avoid DateTime::Locale version 1.01
https://rt.cpan.org/Public/Bug/Display.html?id=110244

* Have ./configure test whether to use GNU-style syntax or BSD-style
syntax for `find -perm`

* Several fixes around 4.0 and 4.2 upgrade scripts running under 4.4

* Fix migration of \"SLA Disabled\" for queues in the upgrade-sla
script (I#31703)

* Avoid overloading error caused by certain versions of Email::Address
on Preview Scrips Recipients (I#31712)

* Add explicit Pod::Select dependency since it was removed from Perl
5.18 (I#31873)

* Add documentation for the now-core ExternalAuth and LDAPImport options
in RT_Config (I#31464)

* Automatically enable ExternalAuth when the ExternalSettings config
option is declared, obviating the need for an explicit
`Set($ExternalAuth, 1);` (I#31689)

* Remove unnecessary dependencies on FCGI::ProcManager and
Net::LDAP::Server::Test (I#31872)

* Many cleanups in and improvements to our CPAN dependency install
toolchain
Developer:

* Remove unused RT::Shredder::Record

* Add RT::Date->Strftime method (I#31435)

* If content_like (or similar) tests fail, output the page content
to a tmp file for debugging (I#31408)

* Make autocomplete infrastructure more generic and extensible

* Add missing %ARGS to ShowHistoryPage call in ShowHistory, improving
RTIR compatibility

* Fix missing CurrentUser parameter in RT::Interface::Email::Gateway
to improve RT::Extension::CommandByMail compatibility

* Fix Queue SLADisabled _CoreAccessible metadata to match schema\'s default
value of 1 (I#31822)

* Switch \"hide unset fields\" to be implemented with CSS for additional
flexibility

* Add CSS classes (for example `.admincc`) for many basic fields on
ticket display

* Allow setting SLA in RT::Queue->Create, which can be used in
initialdata files (I#31823)

* Improve ShowHistory compatibility with RTIR

* Add stubs for the fields that had been removed from queues in 4.4 to
improve compatibility with extensions and customizations (I#32019)

* Fix tests to enable ExternalAuth

* Added infrastructure for deprecating specific callbacks, as we
consider them to be part of our stable API
(RT::Interface::Web::Request %deprecated)

* Deprecated callbacks:
/Admin/CustomFields/Modify.html AfterUpdateCustomFieldValue

* New callbacks:
/Ticket/Update.html RightColumnBottom
/Admin/CustomFields/Modify.html EndOfPage
/Elements/CollectionAsTable/Row EachField
/Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields,
and MassageSubscriptionFields
/Elements/SelectOwnerDropdown ModifyOwnerListRaw and ModifyOwnerListSorted
/Helpers/Autocomplete/Owners ModifyOwnerAutocompleteSearch
/Elements/ShowTransactionAttachments BeforeAttachment

* Improved callbacks:
/Admin/CustomFields/Modify.html Initial adds $Results
/Elements/MessageBox Default adds $DefaultRef and $MessageRef

* Adjust TicketHistoryPage to reuse existing callbacks for TicketHistory
Documentation:

* Add documentation for 4.4\'s $ShowHistory scroll option in
RT_Config (I#31705)

* Fix UPGRADING-4.2\'s description of PostgreSQL full-text search using
GiST; it uses GIN indexes (I#31844)

* Link to RT::Authen::ExternalAuth as a local document like the rest
of RT\'s core modules, rather than as an external link to metacpan
like we do for extensions (I#31957)

* Update docs/authentication.pod to reflect RT::Authen::ExternalAuth
and RT::LDAPImport (previously RT::Extension::LDAPImport) becoming
part of core RT (I#31861)

* Fix broken link in SLA documentation

* Improve the upgrading documentation around migrating from
RT::Extension::SLA to core SLA

* Third-party source code packaging improvements (I#31900)

* Link to our new RT wiki at https://rt-wiki.bestpractical.com
Internationalization:

* Fix broken attachment upload UI for Catalan language (I#31864)

* Fix JS compile errors for translations with apostrophes (specifically
French) under infinite scroll (I#32090)

* Update translations for: Finnish, Hungarian, Latvian, Lithuanian,
Russian, Turkish, and UK English.

Fri May 5 14:00:00 2017 mcajAATTsuse.com
- make a man page rt-mysql2pg-contrib a bit nice

Fri May 5 14:00:00 2017 mcajAATTsuse.com
- Added missing man page for rt-mysql2pg-contrib

Fri May 5 14:00:00 2017 mcajAATTsuse.com
- Added missing man page
- clean up duplicate files

Fri May 5 14:00:00 2017 mcajAATTsuse.com
- the first a bit working version in my branche. Its not good for MR
yet.

Mon Jan 9 13:00:00 2017 larsAATTlinux-schulserver.de
- update to 4.2.13:
General User UI

* Avoid race condition where a ticket\'s Started timestamp could be
before its Created timestamp

* Users without ability to update a saved search are no longer shown
an Update button

* IP custom field textboxes now wide enough for full IPv6 addresses (I#24565)

* Self-service Cc field now allows for autocompleting multiple users

* When possible sort charts numerically rather than ascii-betically

* QuickCreate now respects DefaultQueue and RememberDefaultQueue (I#30913)

* Make user preferences use label tags for better clickiness (I#30953)

* Hide \"Transaction has no content\" from Extract Article (I#31027)

* Improve CSRF detection by whitelisting more specific parameters (I#31090)

* Empty selection boxes no longer render 1px wide (I#31316)

* Show queue ID if the user can\'t see the queue name

* Search builder display format now properly supports \"large\" sizing

* Fix SMIME encoding issue (I#31155)

* Improve messaging and logging around reminders that users can\'t see

* Queue name on ticket display is now a link to a search for all active
tickets in that queue

* Support autocomplete custom fields in bulk update (I#15259)

* Hint to the user that not all CF types are supported by bulk update,
instead of silently excluding them (I#15259)

* Improve compliance with RFC4480 for GPG armor lines (I#30372)

* Restore behavior of $EditCustomFieldsSingleColumn config (I#18555)

* Fix a regression with time zones in datetime custom fields (I#31674)

* Fix certain attachment links containing HTML metacharacters from
double escaping (I#31751)

* Fix custom attachment URLs for self-service users (I#30960)
Database

* \"schema\" upgrade files no longer issue CREATE INDEX statements, instead
there are now \"indexes\" upgrade files that describe the end state of the
indexes RT requires. This better handles indexes that may have been
deployed by hand or otherwise already exist.

* We now correctly shred ObjectCustomFields records when shredding a
CustomField

* Add $MaxFulltextAttachmentSize RT_Config option (default: 0 meaning
no limit) for tuning how very large attachments are included in the
full-text index

* Improve 4.0 upgrade scripts running under 4.2
Web Administration

* We now record transactions for changes to queues

* Improve visual design of Shredder forms
Server Administration

* Add missing dependency on Encode 2.64

* New RT_SiteConfig.pm files now get a \"use utf8;\" by default to allow
config options to use Unicode

* bcrypt cost has been doubled on schedule to improve password hashing
security

* Allow multiple --action and --action-arg options in rt-crontool

* Fix \"use of localtime without parentheses\" warning

* rt-email-dashboards now has a --log parameter for setting log level

* Add config %ReferrerComponents to provide fine-grained control over
referrer checking behavior

* Clarify web config validation log messages (I#31117)

* Add a no_ticket_transactions option to user shredder

* Remove now-unnecessary dependency on Apache::DBI (I#31210)

* Avoid DateTime::Locale versions 1.00 and 1.01
https://rt.cpan.org/Public/Bug/Display.html?id=110244

* Have ./configure test whether to use GNU-style syntax or BSD-style
syntax for `find -perm` (I#31308)
Developer

* Improve test compatibility with File::Which 1.17

* Improve test compatibility with HTML::FormatText::WithLinks::AndTables

* Remove unused RT::Shredder::Record

* Transactions now have a ColumnMap

* New callbacks:
/Ticket/Create.html MassageCloneArgs
/Admin/Queues/Modify.html FormStart
/Ticket/Elements/ShowBasics AfterTimeLeft, AfterPriority, AfterQueue,
and AfterTable
/Ticket/Elements/ShowSummary AfterBasics, AfterPeople, AfterReminders,
and AfterDates
/Ticket/Graphs/index.html BeforeActionList, FormStart, AfterForm, and
Default
/Ticket/Update.html RightColumnBottom
/Admin/CustomFields/Modify.html EndOfPage
/Elements/CollectionAsTable/Row EachField
/Dashboards/Subscription.html SubscriptionFormEnd, SubscriptionFields,
and MassageSubscriptionFields
/Elements/ShowTransactionAttachments BeforeAttachment

* Improved callbacks:
/Admin/CustomFields/Modify.html Initial adds $Results
Documentation

* New documentation on format strings (docs/format-strings.pod) for
controlling how search results are displayed

* Update documentation to expect that most installations will deploy
fulltext search

* Also remind users that they should set up backups in the README

* Fix UPGRADING-4.2\'s description of PostgreSQL full-text search using
GiST; it uses GIN indexes (I#31844)
Internationalization

* Adjust the string \"CustomFields\" to instead use the existing
\"Custom Fields\" to ease translation

* We now display translated ticket properties and statuses on graphs

* Update translations for: Brazilian Portuguese, Czech, Finnish, French,
German, Greek, Hungarian, Japanese, Latvian, Lithuanian, Occitan, Polish,
Russian, Spanish, Swedish, and Turkish
- fix logrotate file: add closing braket and \'su\' option
- fix capitalization of README.SUSE

Sat Jan 23 13:00:00 2016 larsAATTlinux-schulserver.de
- adapt apache configuration to be able to run with mod_authz_core
(apache 2.4) and the old apache < 2.4 auth module
- also allow IPv6 addresses

Mon Aug 17 14:00:00 2015 larsAATTlinux-schulserver.de
- update to 4.2.12:
+ This release is a security release which addresses the following
vulnerabilities:
++ RT 4.0.0 and above are vulnerable to a cross-site scripting
(XSS) attack via the user and group rights management pages.
This vulnerability is assigned CVE-2015-5475 (bnc #941912)
It was discovered and reported by Marcin Kopeć at Data Reliance
Shared Service Center.
++ RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS)
attack via the cryptography interface. This vulnerability could
allow an attacker with a carefully-crafted key to inject JavaScript
into RT\'s user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.
From 4.2.11:
+ improves indexing time for full-text search
+ improving support for Apache 2.4 and MySQL 5.5
+ Interactive command-line tools (including upgrade tools) will
now also default to displaying warnings to STDERR, to aid in
awareness of potential errors.
- refreshed request-tracker-use_local_lib.patch

Mon Mar 30 14:00:00 2015 darinAATTdarins.net
- Add requires for Data::UUID, required by rt-server

Thu Feb 26 13:00:00 2015 darinAATTdarins.net
- update to 4.2.10
This release is primarily a security release; it addresses CVE-014-9472,
a denial-of-service via RT\'s email gateway, as well as CVE-2015-1165 and
CVE-2015-1464, which allow for information disclosure and session
hijacking via RT\'s RSS feeds.
+ General user UI

* Speed up the default simple search on all FTS-enabled installs by not
OR\'ing it with a Subject match. This returns equivalent results for
almost all tickets, and allows the database to make full use of the
FTS index.

* Pressing enter in user preference form fields no longer instead
resets the auth token (#19431)

* Pressing enter in ticket create and modify form fields now creates or
updates the ticket, instead being equivalent to \"add more
attachments\", or the \"search\" on People pages (#19431)

* Properly encode headers in forwarded emails that contain non-ASCII
text (#29753)

* Allow users to customize visibility of chart/table/TicketSQL in saved
charts

* Allow groups to be added as requestors on tickets

* Perform group searches case-insensitively on People page (#27835)

* Ticket create transactions for tickets created via the web UI now
contain mocked-up From, To, and Date headers; this causes them to
render more correctly when forwarded

* Update wording of error message for saved searches without a
description (#30435)

* Flush TSV download every 10 rows, for responsiveness

* Retain values in Quick Create on homepage if it fails (#19431)

* Limit the custom field value autocomplete to 10 values, like other
autocompletes (#30190)

* Fix a regression in 4.0.20/4.2.4 which caused some users to have
blank homepages (#30106)

* Fix styling on \"unread messages\" box on Ballard and Web2 themes

* Fix format of Date headers in RSS feeds (#29712)

* Adjust width of transaction date to accommodate all date formats
(#30176)

* Allow searching for tickets by queue lifecycle
+ Command-line

* Fix server name displayed at password prompt when RT is deployed at
a non-root path like /rt (#22708)
+ Admin

* If the optional HTML::FormatExternal module is installed, use w3m,
elinks, links, html2text, or lynx to format HTML to text. This
addresses problems with the pure-Perl HTML-to-text converted which
resulted in blank outgoing emails. (#30176)

* Add support for native (non-Sphinx) indexed full-text search on
MySQL. This uses the InnoDB fulltext engine on MySQL 5.6, and an
additional MyISAM table on prior versions of MySQL.

* Support MySQL database names with dashes in them (#7568)

* Properly escape quotes and backslashes in config options in web
installer (#29990)

* Increase length of template title form input

* Clarify wording on updating old Organization values by rt-validator

* Resolve a runtime error for SMIME without secret keys (#30436)

* Empty email addresses are no longer caught as being \"an RT address\"
if there exist queues without Correspond addresses set (#18380)

* Allow Parents/Children/Members/MemberOf in CreateTickets action

* Allow RT-Originator to be overridden in templates

* Ensure that HTML-encoded entities are indexed in FTS

* Fix uninitialized value warnings from charts grouped by date

* Remove no-op $CanonicalizeOnCreate configuration variable;
RT::User->CanonicalizeUserInfo is always called

* Make NotifyGroup action respect AlwaysNotifyActor argument

* Fix X-RT-Interface header on incoming email on existent tickets

* Warn on startup if queues have invalid lifecycles set (#28352)
+ Developer

* Add AfterHeaders callback to ShowMessageHeaders

* Update all upgrade steps to use .in files (#18856)

* Add policy tests to enforce the new upgrade step standards

* Remove +x bit from multiple non-executable files

* Make Obfuscate callback in configuration options be passed the
current user, as was documented

* Remove obsolete _CacheConfig parameters

* Preferentially use IN rather than multiple OR clauses

* Respect RowsPerPage for external custom field values

* Localize default statuses from RT_Config.pm, instead of hardcoding

* Add callbacks within Dates box after each type of Date

* Pass the CustomFieldObj down to CustomFieldValue objects intact, so
its ContextObj can be inspected; this is particularly useful for
external custom fields.

* Allow more than one right per AATTACL in initialdata

* Don\'t hardcode share/html in tests, for non-default layouts

* Base detection of new themes on presence of main.css file, not
base.css file (#30554)

* Allow for relative \"lib\" in AATTINC when running tests

* Allow EditComponentName customfield callback to alter Rows/Cols
values
+ Serializer/importer

* Memory usage improvements in both serialization and import

* Templates, Scrips, and ObjectScrips now serialize correctly
when not cloning
+ Documentation

* Document how to enable un-indexed full-text-search, and its drawbacks

* Note that after restoring from backups, PostgreSQL may need to have
statistics updated

* New documentation on writing portlets

* Add an =pod directive so the first paragraph of UPGRADING is not
skipped

* Clarify when UPGRADING-x.y steps should be run

* Better document known bugs with Sphinx FTS

* Add missing semicolon on Shredder suggested indexes
A complete changelog is available from git by running:
git log rt-4.2.9..rt-4.2.10
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.9...rt-4.2.10

Sat Nov 29 13:00:00 2014 darinAATTdarins.net
- Use mod_perl instead of mod_fcgid as default apache2 module, which
isn\'t available on SLE_12

Thu Oct 30 13:00:00 2014 darinAATTdarins.net
- update to 4.2.9
+ General user UI

* Fix Subject header during ticket printing (#30362)

* Comparisons of long text Custom Fields were erroneously reporting
updates (#30378)

* Broken logo link for the mobile UI when used with $WebPath

* No longer leak base64 data to non-english users who change a Dashboard
subscription and futureproof for other Attribute updates (#24665)

* Previous column selection is remembered when updating search formats (#16972)

* Charts could return quadrupled data for aggregate data (such as Time
Worked) depending on your rights configuration.

* Charts can now be grouped by Priority

* Ticket Creation form now leaves Requestor blank on page reload if you
cleared it out.
+ Localizations

* \"check to delete all values\" is now localized
+ Command-line

* BeforeDue action now accepts 2D as well as 2d (#30449)

* bin/rt no longer shows a default Due date unless one is configured
on the Queue. Additionally, Starts and Due are served in your time
zone (#20334)
+ Admin

* Improvements to the layout of the Group Members page
+ Developer

* Fix tests that used send_via_mailgate to properly check returns (#19156)

* Improvements to rt-static-docs for generating online documentation

* Proper warnings testing for cf_date tests

* Remove unused code to render Rules during replies/comments

* Undo a regression that meant Custom Fields passed to Ticket->Create
needed to be readable by the user creating the ticket.
+ Documentation

* Add a mention of SelfService to the documentation of $AllowUserAutocompleteForUnprivileged

* Update our backups documentation to cover restoring from the suggested
backups.
A complete changelog is available from git by running:
git log rt-4.2.8..rt-4.2.9
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.8...rt-4.2.9

Fri Oct 3 14:00:00 2014 darinAATTdarins.net
- update to 4.2.8
This release is primarily a security release; it addresses
CVE-2014-7227, a vulnerability in RT\'s SMIME integration enabled by
CVE-2015-6271 and related vulnerabilities, known as \"Shellshock.\"
Systems which have patched bash are not vulnerable to CVE-2014-7227.
+ General user UI

* Properly hide ticket list when MoreAboutRequestorTicketList is set to
\"None\"
+ Localizations

* Allow text in Squelch box on ModifyPeople page to be translatable.

* Updated German, Basque, French, Hungarian, and Russian translations.
+ Admin

* Allow $OverrideOutgoingMailFrom to key by queue id, as an alternative
to name

* Stop calling the deprecated _SQLLimit method when limiting by
transaction date

* Stop hiding the value of the AllowLoginPasswordAutoComplete setting
in System Configuration (#30417)

* Resolve CVE-2014-7227, arbitrary execution of code by privileged
users via SMIME by way of CVE-2015-6271.
+ Developer

* Add a ModifyMaxResults callback for Autocomplete endpoints

* Properly pass collection class to ColumnMap in /Elements/TSVExport
+ Documentation

* Update POD for AddRoleMember/DeleteRoleMember being in
RT::Record::Role::Roles now, not RT::Record.
A complete changelog is available from git by running:
git log rt-4.2.7..rt-4.2.8
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.7...rt-4.2.8

Thu Sep 11 14:00:00 2014 darinAATTdarins.net
- update to 4.2.7
+ General user UI

* Fix algorithm for determining which links to display in ticket
relationship graphs with a MaxDepth

* Use \"Correspondence added\" or \"Comment added\" rather than the general
\"Message recorded\"

* Loading saved charts should load all of their settings (#29015)

* Stop fixing the width of \"New ticket in\" button (#27649)

* Record transactions in ticket history when attachments were dropped
or truncated due to $MaxAttachmentSize

* Still delay transaction loading when \"full headers\" have been
requested

* Add an \"overdue\" class on Due columns, to match DueRelative columns.

* Only show \"overdue\" class if the ticket status is still active

* Fix styling of \"There are unread messages\" box in aileron

* Keep date and datetime custom field inputs during failed ticket
creation

* Silence warnings from emails without Content-Transfer-Encoding
headers

* Silence warnings on user modify pages for disabled users

* Let custom field grouping boxes link on Display pages link to the
appropriate anchor on editing pages (#30195)
+ Localizations

* Localize \"Recursive\" column title in group memberships page

* Additional missing locstrings for numerous titleboxes

* Stop translating titles piecemeal in SelfService (#14736)

* Updated Catalan, German, Basque, Italian, Japanese, Dutch, Brazilian
Portuguese, and Russian translations
+ Command-line

* Reduce values queried using \"rt ls\" to only those displayed; this
speeds request time significantly when a large number of custom
fields are applied

* Add -s option to \"rt comment\", to set status when adding a comment or
correspondence (#30375)
+ Admin

* Add %AdminSearchResultRows configuration for altering the number of
rows per page of object types in the administrative interface

* Add an additional suggested index on Attachments\' Creator for
deleting users with Shredder

* Fix rt-dump-metadata, by removing PrivateKey from _Accessible
(#22465)

* Rework internals dealing with characters/bytes, for better internal
consistency, and su support DBD::Pg 3.3.0 and above.

* Provide rt-mailgate version in User-Agent string (#18420)

* Reword errors given for rt-crontool when no valid user is found
(#18621)

* Show the right error message when rt-crontool fails to load a module
(#22991)

* Properly detect when rt-server is called without --listen

* Detect auto-generated mail in the presence of multiple Precedence:
headers

* Strip non-word characters from custom field variable names in Simple
templates; this allows use of custom fields with spaces (#18446)

* Streamline 3.8 -> 4.0 and 4.0 -> 4.2 upgrade steps by reducing the
number of ALTER TABLE calls that are run, adding/dropping multiple
columns at once (#21309)

* Remove LogoImageHeight and LogoImageWidth configuration varables,
which had no effect (#26827)
+ Developer

* Add a callback to manipulate which link types are displayed on
tickets

* Allow Object to be a subref in AATTAttributes in initialdata, to allow
for attributes on arbitrary objects

* Ignore vim swap files when testing

* Allow the SuccessfulLogin callback to alter where RT redirects to

* Add a callback to alter arguments to Showhistory

* Consistently use ->_GroupingClass when determining record class for
grouping lookup.

* Allow ->Deprecated to take a loglevel

* Switch from MIME::Head->set(), deprecated for the last 16 years, to
- >replace() (#18417)
+ Documentation

* Correct documentation on where Shredder places sqldump files (#19167)

* Consistently use say 1/0 instead of true/false in RT_Config.pm
documentation

* Document how ordering in lifecycle transitions controls ordering in
the status drop-down
A complete changelog is available from git by running:
git log rt-4.2.6..rt-4.2.7
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.6...rt-4.2.7

Thu Aug 14 14:00:00 2014 darinAATTdarins.net
- update to 4.2.6
+ General web UI

* Fix a regression introduced in 4.2.4, which caused lack of formatting
of plain text when responding via the rich text editor.

* Allow tables in HTML mail if the optional HTML::Gumbo dependency is
installed

* Fix a regression in 4.2.5 which prevented core date fields (Due,
Starts, etc) from being unset (#30180)

* Hide empty transaction custom fields when they have no value; this
fixes a regression in 4.2.1 where transaction custom fields began
displaying on all transactions. (#29757)

* Allow searching on requestor city, state, zip, and country in query
builder (#26960)

* Don\'t attempt to parse IP/Date(time) CFs if the value is NULL; this
prevents warnings.

* Remove border-radius: 0 to allow Firefox to use native text entry
widgets (#28233)

* Allow Firefox to reflow the data table below the chart on rudder

* Whitelist user search from CSRF restrictions

* Only include closing paren in MakeClicky link if it included an open
paren (#29064)

* Canonicalize CF values (including dates, IP addresses, and IP ranges)
before comparing to the database value; this prevents spurious
\"changed from a to a\" messages.

* Allow downloading 0-length files if they have a filename (#9050)

* Quick Create now defaults to the lifecycle\'s default create status,
instead of hardcoding \"new\"

* Show Wikitext CFs in bulk update

* Add autocompletion to link boxes on bulk update
+ Internationalization

* Add localization strings for Articles admin pages

* Add localization strings for user \"Create Ticket\" user summary portlet

* Add new #loc{key} form, to allow for more concise Lifecyles in config

* Updated German translation
+ Web administration

* Provide a default Category on External custom fields, for performance

* Provide a new \"Notify Owner or AdminCCs\" action

* Move search widgets for custom field admin interface to the top of
the page, to match other admin pages

* Use \"LIKE\" as the default search operator in the queue admin interface

* Enable searching by Lifecycle and SubjectTag in the queue admin
interface

* Add SubjectTag to the default AdminSearchResultFormat for queues

* Move Disabled to the last column of the default Queue admin search
result format, to match Scrips

* Add Disabled column to AdminSearchResultFormat for Classes,
CustomFields, Groups, and Users

* Add Disabled ColumnMap entry for Classes, Groups, and Users

* Prevent RT from locking up if a too-large image was uploaded for the
logo (#29929)

* Fix bugs in cascaded CFs of radio buttons and checkboxes when
categories contained spaces or periods.

* Quiet \"No valid Type specified\" warnings from queue watcher page for
user search results that were left blank (#29993)
+ Server administration

* DBD::Pg 3.3.0 conflicts with RT\'s UTF-8 handling; for this release,
it has been blacklisted. If you are using PostgreSQL as your
database and have DBD::Pg 3.3.0 installed, you will need to download
and install DBD::Pg 3.2.1 from CPAN.

* Allow the validator to fix incorrect values for Owner (#28403)

* Fix a regression in 4.2.5 which caused errors when calling
rt-crontool with a numeric --template argument.

* Quiet warnings in the 4.2.2 upgrade step for users upgrading from
4.0.x

* Add not_member_of restriction for User shredder plugin

* Warnings avoidance for RT::Attachments->Address when run as the
System User

* Update logo attribute as the current user, to allow auditing of who
changed it last

* Alter Links table on MySQL to support Unicode URLs (#19338)

* Warn on non-ASCII right names (#19339)

* Support Sphinx builds compiled with --enable-id64

* For compatibility with RT::Extension::MergeUsers, ensure that
Shredder checks that a user (possibly resolved from a merged user) is
valid before attempting to shred them

* Correctly detect presence of graphviz binary (`dot`), instead of
libgraph.so, for perl dependency calculation

* When merging instances with identical $Organization values, do not
qualify groups and queues
+ Developer

* Move AboutThisUser callback back to /Ticket/Elements/ShowGroupMembers
where it appears to originate, from where RT 4.2.0 accidentally moved
it, /Elements/ShowPrincipal/AboutThisUser

* Move all runtime module loading to UNIVERSAL::require

* Correct error message from RT::Date->Timezone

* Simplify code to assume Postgres 8.4, as RT 4.2 requires

* Add more class and id attributes to user admin pages and preferences

* Pass right number of arguments to sprintf, for Perl 5.22
compatibility

* Move sbin/rt-message-catalog into devel/tools and streamline to unify
with Launchpad import format

* Adjust more tests for RT_TEST_WEB_HANDLER=inline

* Remove dependency checks in t/, as they are covered by required
developer dependencies
+ Documentation

* Improved documentation for RT::Date

* Link POD, URLs, and emails in HTML generated from README

* Document \"Satisfy any\" technique for allowing rt-mailgate to post to
RT when $WebRemoteUserAuth and Apache authentication is used

* Document explicit steps for adding a new status to a lifecycle
A complete changelog is available from git by running:
git log rt-4.2.5..rt-4.2.6
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.5...rt-4.2.6

Thu Jul 10 14:00:00 2014 darinAATTdarins.net
- update to 4.2.5
+ Updated dependencies

* Updated Email::Address::List dependency, to resolve CVE-2014-1474,
as was previously announced in
http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html

* Bump CGI dependency (under perl 5.20 and above, only) to quash
warnings about CGI.pm\'s deprecation in core (#29053)
+ Serializer/Importer

* Serialize binary data as binary, not as UTF-8 codepoints; this fixes
a regression introduced in 4.2.3 which corrupted all binary data in
serialized data.

* Serialize ObjectScrips when cloning, which had been mistakenly
omitted; this only partially resolves #29949, as it does not address
serialization of ObjectScrips when not cloning.
+ General web UI

* Force CKEDITOR_BASEPATH; this fixes errors during pasting into the
Rich Text editor (#29780, #29987)

* Ticket autocompletion (for links) is more predictable when completing
on strings containing numbers (#25755)

* Fix \"Show Outgoing Email\" and Reply/Comment/Forward links in
Approvals (#29800)

* Correctly decode text/html parts of old (RT 3.6.5 and prior) emails
+ Internationalization

* Updated localizations (German, Greek, Slovak, Lithuanian)
+ Web administration

* Display clean Stage name in ColumnMaps (#28739)

* Add Scrips Select/Create menu, and maintain context on which list of
Scrips the Select page should link to (#28787)

* Granting rights to new groups no longer requires clicking in textbox
twice in Firefox (#29911)
+ Server administration

* Log when Encode::HanExtra would be useful in decoding emails, and
make use of it if it is available.

* Squash warnings in 4.1.17 upgrade step (#29595)

* Reorder DROP IF EXISTS on 4.1.1 Postgres upgrade step to drop
sequence after dropping the table; avoids bugs on upgrading in a
previously-upgraded database

* Stop hardcoding the list of available themes, instead auto-detecting
new themes as they are added (#14667)

* Explicitly point to $AutocompleteOwners setting in warning that RT is
switching to the autocompleter due to too many owners.

* Remove caching of template object in rt-crontool; this fixes a bug
where the same content would be sent on all tickets (#29454)

* rt-fulltext-indexer now locks, to prevent more than one instance from
running at once (#17423)
+ Developer

* Add BeforeMessageBox callback in ModifyAll.html for parity with
Create.html and Update.html

* BeforeCustomFields callback in ShowCustomFields now takes $Table parameter

* Default callback in ShowTransaction can now modify $ShowBody

* Add a RT::Date->IsSet method

* Fix invalid ContextObject on RT::CustomField->LoadByName when passed
Queue => 0; this led to invalid LookupType limits on later calls to
- >LoadByName.

* Generalize RT::CustomField->LoadByName to work with non-Queue context
objects, and to optionally return globally-applied CFs and not
Disabled CFs.

* Tests now pass again using RT_TEST_WEB_HANDLER=inline

* ->AddCustomFieldValues no longer allows adding repeated values (#4553)
+ Documentation

* Drop references to MySQL 4.1, as RT 4.2 requires MySQL 5.1

* Updated example plugins used in documentation, and suggest Plugin()
over Set(AATTPlugins, ...) (#29978)

* Documentation for ColumnMap
A complete changelog is available from git by running:
git log rt-4.2.3..rt-4.2.5
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.3...rt-4.2.5
- update request-tracker-use_local_lib.patch

Thu Feb 20 13:00:00 2014 darinAATTdarins.net
- update to 4.2.3
+ Administrator tasks

* Avoid starting a FastCGI process manager in the common case of the
FastCGI process being started by the webserver, and communicating
over STDIN. This restores the behavior from 4.0, where the process
name is the full path to rt-server.fcgi, and not the static string
\"perl-fcgi-pm\" or \"perl-fcgi\".

* Automatically clean out Mason cache when updated HTML is installed
during upgrades; this should prevent a common class of errors.

* Fix paths in rt-importer when importing from a serialized dump which
was written to an absolute path.

* Additional optional upgrade script for users upgrading from RT 3.8
who previously used RT::Extension::CustomField::Checkbox.

* Pass characters, not bytes, to _EncodeLOB during de-serialization;
this prevents invalid UTF-8 from a serialized dump from entering the
new database.

* Catch and warn of additional common misconfigurations of GPG/SMIME
integration.

* Prevent a possible infinite loop in rt-validator --resolve if
Principal records were missing; default to forcing their creation.
+ Localization

* Localization updates from Launchpad.
+ General user UI

* Date and DateTime customfields now pass \"mandatory\" validation if
unchanged.

* \"1970-01-01\" is now treated as \"unset\" for purposes of Date and
DateTime validation.

* Add Date and DateTime fields to bulk update.

* Don\'t conduct a user search if no string was entered.

* Signal if a user is disabled at the top of User Summary pages.

* Resolve regression in 4.2, which caused warnings during ticket
creation when transaction custom fields were applied.

* Respect transaction squelching during GPG/SMIME signing and
encryption. Lack of public key for a squelched user will no longer
trigger errors, for instance.

* Resolve regression in 4.2, where the recipient squelching
checkboxes did not properly synchronize state between users who
appeared multiple times.

* Adjust the bottom edge of rolled-up tabs in ticket pages.

* Sort data groupings in charts numerically, not ASCIIbetically, if
they all appear to be numbers.

* Ensure that Sidebar / Body panes in dashboard configuration display
in a consistent order on perl 5.18 and above.

* For strict DOM compliance, move a \"name\" attribute on

to
\"data-name\".

* Prevent \"Can\'t call method \"DependsOn\" on an undefined value\" error
in bulk update if tickets were deleted.

* Show links to tickets which are not readable by the user as numbers,
not as blank titles.

* Add a \"ticket-active\" class, as well as the current status as a
class, to ticket links on ticket display page.

* Fix a regression in 4.2 which caused an error when a user with
only limited rights (Watch or WatchAsAdminCc) removed themselves as a
watcher from a ticket or queue.

* Allow SeeCustomField on a single queue to show its custom fields
during search if the search is limited to that queue.
+ Documentation

* Remove obsolete wording mentioning CPAN 1.84, which we guaranteed to
already have a more recent version of, by way of perl 5.10.1.

* Correct reminders documentation to suggest RT::Action::Notify, not
RT::Action::SendEmail.

* Documentation on writing extensions for RT.
Admin interface

* Fix \"Queue\" and \"QueueId\" columns in admin Scrips listing to emulate
their display in 4.0.

* Additional ModifyDropdownLimit in SelectOwnerDropdown to allow sites
to increase the previously-hardcoded limit of 50 users in the
drop-down before it switched to autocompletion.

* Correctly style warnings about Articles needing configuration.

* Resolve regression in 4.2 in admin interface, where the current group
and rights tab is not preserved across rights submission.

* Show static content roots in System Configuration, alongside Mason
content roots.

* Catch and warn of template compilation errors, such as unbalanced
braces.
+ Database

* Improve right-checking query plan (at least on PostgreSQL 9.3) by
de-duplicating ACL equivalence objects, and using the RT::System\'s
id.

* Upgrade steps from RT 4.0 -> 4.2 now DROP IF EXISTS tables and
sequences before attempting to create them, except on Oracle. This
resolves the common case of testing an upgrade before re-importing a
backup atop it for the final upgrade, leaving the new tables still in
place.

* Fix a regression in 4.2 which caused rt-server to hold extra database
handles open. For FastCGI processes, this was one extra per FastCGI
process; for standalone servers, only one overall.
+ Callbacks

* MassageDisplayHeaders callback in ShowTransactionAttachments is now
passed $ShowHeaders.

* Callbacks in EditTransactionCustomFields are now passed $InTable.

* MassageCustomFields callback in EditCustomField is now correctly
passed $CustomFields.

* Correct a typo in the documentation for MakeClicky callbacks.
Developer

* Provide and use a GetCustomFieldInputName() function to
programmatically determine form field names from custom field
objects.

* Resolve a bug when associating unknown users with single-user roles;
this primarily only affects Assets.

* Allow consumers of /Elements/SimpleSearch to provide the placeholder
text.

* Default Stage for Scrips to be TransactionCreate; primarily for
initialdata, but affects all callers of RT::Scrip->AddToObject.

* Adjust etc/upgrade/shrink_transactions_table.pl to avoid new
deprecation warnings.

* Fix precedence errors of \"return ... or ...\" found by perl 5.19.

* Allow consumers of EditCustomField to specify undef $Rows or $Cols to
omit the respective attributes during form element rendering.

* Prevent warnings on perl 5.19 and above.

* Allow members to be added to groups during group creation in
initialdata.

* Prevent race conditions in 99-policy.t by skipping t/tmp/ and other
volatile directories.

* Pass Ticket object to ShowAttachments on Ticket/Forward.html, to
allow for greater extensibility by providing more context.
A complete changelog is available from git by running:
git log rt-4.2.2..rt-4.2.3
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.2...rt-4.2.3
- update rt-4.2.0-enable-build-as-non-root.patch for 4.2.3

Tue Nov 19 13:00:00 2013 darinAATTdarins.net
- update to 4.2.1
+ Oracle:

* Resolve numerous issues with the 4.0 -> 4.2 upgrade steps on Oracle

* In-database sessions on Oracle are no longer truncated at 8k,
leading to spurious logouts
+ Internet Explorer:

* Fix submission issues under Internet Explorer
+ Rich text editor:

* If returning to a reply/correspond page with the back button, the
rich text editor will no longer double-escape previously written
content.
+ REST:

* Fix an empty \'text/plain\' part when tickets are created using the
REST interface.
+ Other bugfixes:

* Optimize transaction display code to speed up long ticket displays
by short-circuiting transaction custom field checking.

* Supply a default $PATH for SMIME and GnuPG under FastCGI

* Support index upgrade steps on Pg when in a custom schema

* Close a memory leak in ColumnMap
A complete changelog is available from git by running:
git log rt-4.2.0..rt-4.2.1
or visiting
https://github.com/bestpractical/rt/compare/rt-4.2.0...rt-4.2.1

Mon Nov 4 13:00:00 2013 darinAATTdarins.net
- use usermod to modify groups entries
- create unique UID

Mon Nov 4 13:00:00 2013 darinAATTdarins.net
- update %pre so groupadd/useradd are always called

Tue Oct 29 13:00:00 2013 darinAATTdarins.net
- fix so rt_localstatedir is not a %ghost

Mon Oct 28 13:00:00 2013 darinAATTdarins.net
- fix pod2man build failure on opensuse 13.1

Tue Oct 8 14:00:00 2013 darinAATTdarins.net
- Set rt_localstatedir to %{_var}/lib/%{name}, as /var/run is now
tmpfs and will disappear after reboot and this data needs to be
persistant.

Thu Oct 3 14:00:00 2013 darinAATTdarins.net
- updated to 4.2.0

* Much improved reporting via search result charting
- Multiple group by and statistic calculations in a table
- Time statistics such as average, minimum, and maximum durations
between Created and Resolved, Created and Started, Started and
Resolved, and more.
- More robust layout of charts

* Increased performance for searches and ticket pages
- Faster searches on all databases (especially Pg)
- Ticket pages load quicker
- Menus load before the rest of the page is loaded
- History is loaded asynchronously
- Faster serving of static assets

* Scrips per queue
- Apply scrips globally or ad-hoc to individual queues, a la custom
fields
- Less duplication of scrips and/or need for empty templates

* Custom field groupings
- Display CFs in configurable groupings (boxes) on the ticket
display/edit pages
- Includes arbitrary grouping names as well as standard ticket
groupings (Basics, Dates, People, Links, etc.)

* User summary pages
- Display information about users such as tickets, history, groups,
etc.
- An extended \"More about requestors\" page for any user
- Easy to get to via links and user search

* HTML templates enabled by default for new installs, available for
upgrades too

* History improvements
- Rich text/HTML messages are preferred for display by default
- Images are inlined with text in ticket history display instead of
presented at bottom
- Clickable users, tickets, articles, and other items

* Many interface improvements, such as:
- Per-user preferences for the dashboards which appear in the Home
menu
- Floating page menu for quicker access to ticket actions, subpages,
etc.
- Autocomplete for ticket links, including when merging
- Autocomplete available to self service users
- Improved CF and links display in search results
- Sticky simple search for quick search refinements
- Attachments on reply can no longer be mixed up when replying to
multiple tickets at once
- ReassignTicket right to assign tickets without stealing first;
useful for managers

* S/MIME support integrated with GnuPG support
- Decrypt and verify incoming GPG and SMIME messages
- Send all outgoing messages as either GPG or SMIME

* Migration tools
- Migrate from one database type to another (MySQL, Pg, Oracle)
- Merge multiple RT instances together

* Thousands of bug fixes; nearly 2000 commits totaling more than
250,000 lines of code changed.

Wed Oct 2 14:00:00 2013 darinAATTdarins.net
- update to 4.2.0rc5

* Major upgrade, a complete changelog is available by visiting:
https://github.com/bestpractical/rt/compare/rt-4.0.17...rt-4.2.0rc5
- update openSUSE directory layout
- update patches for RT-4.2

* rt-4.2.0-enable-build-as-non-root.patch

* request-tracker-use_local_lib.patch
- add missing/new dependencies

Mon Aug 5 14:00:00 2013 darinAATTdarins.net
- update to 4.0.17

* fixes an important regression in the upgrade script
included in 4.0.14, 4.0.15, and 4.0.16
A complete changelog is available from git by running:
git log rt-4.0.15..rt-4.0.17
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.15...rt-4.0.17

Fri Jul 26 14:00:00 2013 darinAATTdarins.net
- update to 4.0.15
Features

* Ticket watcher searches that involve a large number of ORs will now
use a much-improved SQL query, instead of the old many-join solution.

* Do a better job wrapping text before quoting it in a reply.

* Simple search now supports AATTexample.com to search for tickets
requested by users with email addresses ending in AATTexample.com.

* If our display parsing of an HTML attachment fails for known reasons,
a better error message is provided, directing admins to contact us with
a sample.
Bugfixes

* Resolve several corner cases where RT\'s database handle can be
disconnected unexpectedly.

* When a TicketSQL query fails, report that failure to the user rather
than silently displaying an empty ticket list.

* Display and add attachments to tickets in alphabetical rather than
random order.

* Ensure that LifeCycle statuses are compared case-insensitively.
Developer

* CleanSlate on collections more thoroughly resets the collection.

* A new callback and better support for JS/CSS tweaking of our
Autocompleter display formats.

* New warning when an RT::URI::
* resolver object cannot be created.

* Extensions may use rt-setup-database --action upgrade --package
extension to provide RT\'s friendlier upgrade infrastructure.
A complete changelog is available from git by running:
git log rt-4.0.13..rt-4.0.15
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.13...rt-4.0.15

Mon Jul 1 14:00:00 2013 larsAATTlinux-schulserver.de
- add su call to logrotate script for newer openSUSE versions

Thu Jun 6 14:00:00 2013 larsAATTlinux-schulserver.de
- add hint to read the README.SuSE first before the README in case
of an upgrade

Wed May 22 14:00:00 2013 darinAATTdarins.net
- update to 4.0.13
This release of RT resolves a number of security vulnerabilities:
CVE-2012-4733
CVE-2013-3368
CVE-2013-3369
CVE-2013-3370
CVE-2013-3371
CVE-2013-3372
CVE-2013-3373
CVE-2013-3374
Details about the above CVEs are available at:
http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html
A complete changelog is available from git by running:
git log rt-4.0.12..rt-4.0.13
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13

Thu May 2 14:00:00 2013 darinAATTdarins.net
- Update 40 4.0.12
Features

* Date and DateTime Custom Fields now have the same \'smart\' date parsing
that core RT date fields have.

* Improved logging when the sending of a Correspond or Comment fails.

* The Quick Search preferences page now has Select/Clear All buttons.

* Unprivileged users can now change Language and Time Zone.

* Warn MySQL users if their max_allowed_packet is dangerously low.
Bugfixes

* Repair 4.0.11 regression where red background on Reply with the
RichText Editor was lost.

* Quiet warnings in the verbose user format.

* Allow changing the case of a Group\'s name (prevented by earlier code
stopping you from having two groups with the same name).

* Allow changing the case of a Class\'s name.

* Avoid warnings when using empty Templates.

* Update our InnoDB checks for MySQL 5.6 compatibility.

* Clarification of when SetOutgoingMailFrom and OverrideOutgoingMailFrom
are available.

* Improve layout of collection lists in IE.

* Fix Attach more files button in Self Service.

* Set caching headers on autocomplete endpoints.

* Restore and improve prematurely deleted documentation for
DontSearchFileAttachments.

* Correct the encoding of Dashboard email Subject headers.

* Fix the default roles on User->WatchedQueues.

* Document the need to grant SeeCustomField in UPGRADING-3.4.

* Nudge menus below the shadows in aileron.

* Fix missing headers and a syntax error in the
/REST/1.0/attachment/NN endpoint.
A complete changelog is available from git by running:
git log rt-4.0.11..rt-4.0.12
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.11...rt-4.0.12
- fix rt-4.0.0-enable-build-as-non-root.patch for 4.0.12

Tue Apr 9 14:00:00 2013 darinAATTdarins.net
- Update to 4.0.11
Bugfixes

* Fix description of the ModifyACL right on Classes.

* Allow sorting by a Queue\'s SubjectTag (in the admin UI).

* Reminders attached to tickets in the deleted status now no longer
throw errors.

* Custom Fields containing & were not being displayed properly in search
results.

* Validate usernames properly on rename as well as during creation.

* Remove user preference for \'Number of search results\' since it was
unused and conflicted with the option on the My RT at a Glance
configuration page.

* Clean up temp files left behind by the REST interface.

* Recipients and Scrips box on Ticket reply/comment pages retain
checkbox state when uploading attachments or including articles or
otherwise reloading the page.

* Charts are no longer hidden by the print css.

* Date Custom Fields should ignore time zones.

* rt-crontool no longer throws an error on --help or other error
conditions.

* When choosing the Shredder link from search results, correctly select
the Tickets plugin.

* Bring back an Article quick search missing since before 4.0.0.

* The default $ExtractSubjectTagMatch no longer removes [comment] from
mail with subjects like [comment] [rtname #1].

* In the Class PageMenus, load a Class not a CustomField to validate the id.

* Date Custom Fields now parse strings like \'today\' in the user\'s
timezone.

* Username and Password are now the same length on IE8/9.

* External Custom Fields can now be changed back to internal
Custom Fields in the CF Admin UI.

* Inline text attachments now obey PlainTextPre or PlainTextMono if
they are set.

* Once a Group contained more than one User or Group, current members of
the Group were not being excluded from the autocomplete results.

* Reloading pages with results= will no longer trigger the CSRF warning.
A complete changelog is available from git by running:
git log rt-4.0.10..rt-4.0.11
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.10...rt-4.0.11

Wed Feb 27 13:00:00 2013 darinAATTdarins.net
- Install README.SuSE

Mon Feb 25 13:00:00 2013 darinAATTdarins.net
- Added Source for README.SuSE

Tue Feb 19 13:00:00 2013 darinAATTdarins.net
- Added README.SuSE to %doc

Wed Jan 30 13:00:00 2013 darinAATTdarins.net
- update to 4.0.10
Bugfixes

* CF values are no longer possibly lost during ticket creation; see
above for a complete description

* Updated localizations, including a new Slovak translation

* Error titleboxes now render properly when they have collapse icons

* Restore a missing tag on the mobile login

* Allow non-uris in Link transactions

* Bulk Update maintains the previous value of the \"Told\" box on page
reload

* Simple Search no triggers queue-searching behavior when passed a
disabled Queue names

* We now find localizations expressed as ( qw(a b c))

* Only attempt to update Told if the correspond succeeded
git log rt-4.0.9..rt-4.0.10
or visiting
https://github.com/bestpractical/rt/compare/rt-4.0.9...rt-4.0.10

Thu Jan 17 13:00:00 2013 darinAATTdarins.net
- Updated request-tracker-use_local_lib.patch

Thu Jan 17 13:00:00 2013 darinAATTdarins.net
- update to 4.0.9
Bugfixes

* IE8/9 are encouraged never to use compatibility mode.

* User autocompletes on Oracle now work.

* Disabled personal groups hiding out from 3.8 are cleaned out.

* When upgrading from 3.8 to 4.0 the article upgrade points to the
correct upgrading documentation.
Features

* The Rights Editor now keeps track of the user/group and tab selected
when submitting and switching between states.

* Allow bookmarking tickets from the mobile interface.

* Warn less when your RT is behind a proxy.

* New CheckMoreMSMailHeaders config option that tries harder to detect
outlook and repair weird linespacing issues in text parts.
Documentation

* Lifecycle documentation separate from the RT_Config.pm docs.

* Document how to use the Style Editor and how to add your own CSS.

* Document basic approvals configuration.

* Improve documentation and examples for CreateTickets action
Development

* Improve SQL logging on record creation and the autocompleter.

* Improve the debugging mason errors to include a stack trace.

* Ensure tests never run in the local locale (which can cause
interesting failures).

* Catch and error if we throw warnings in tests.
See https://github.com/bestpractical/rt/compare/rt-4.0.8...rt-4.0.9
for full list of Bugfixes, Features, Documentation, and Development
changes.
- renamed rt-mysql2pg to rt-mysql2pg-contrib per Thomas Sibley
http://lists.bestpractical.com/pipermail/rt-users/2012-December/078698.html

Sat Nov 24 13:00:00 2012 larsAATTlinux-schulserver.de
- update to 4.0.8:
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2012-4730,
CVE-2012-4731, CVE-2012-4732, CVE-2012-4734, CVE-2012-4735, and
CVE-2012-4884.
Bugfixes

* Custom Fields BasedOn can be set from intialdata again.

* Fix the 3.8.4 NotifyGroup upgrade script to properly join notification
groups with a comma.

* Correct the use of the \'approved\' state from Lifecycles. It is now
used only when all approvals are completed.

* Use database-level row locking to ensure that scrips do not suffer
from race conditions with scrips from other processes.

* Remove multiple slashes so that page menus display and the active item
is correctly highlighted.

* Improve MaxAttachmentSize documentation.

* Ensure that ticket links in the iCal feed are CSRF whitelisted.
Features

* New alias validator sbin/rt-validate-aliases which helps keep RT and
/etc/aliases in sync.

* Add support for GPG mails in inline format (PGP partitioned encoding)
that are also encoded for transfer with Base64 or quoted printable.

* Add a BeforeLocalization callback to message headers.

* If you have DBIx::SearchBuilder 1.62 or higher and are using full
text indexing on Pg or Oracle, rt-fulltext-indexer uses a faster query
to find unindexed attachments.

Fri Sep 14 14:00:00 2012 darinAATTdarins.net
- update to 4.0.7
+ A complete changelog is available at
https://github.com/bestpractical/rt/compare/rt-4.0.6...rt-4.0.7
- Added LWP::Protocol::https requirement

Wed May 23 14:00:00 2012 darinAATTdarins.net
- update to 4.0.6:
+ This resolves the following security vulnerabilities:
CVE-2011-2082, CVE-2011-2083, CVE-2011-2084, CVE-2011-2085,
CVE-2011-4458, CVE-2011-4459, and CVE-2011-4460.
+ Remove CSS3PIE, which simply added rounded corners on IE7 and IE8, as
it was causing numerous crashes of IE.
+ Show the current status in the status dropdown during ticket update,
to allow forced setting of the status. This functionality was
available in RT 3.8, and is now being reinstated.
+ Use SearchBuilder queue limits to restrict what statuses and owners
are displayed in drop-downs.
+ Make \"New Ticket\" a top-level SelfService menu item.
+ Display Lifecycle column correctly in queue admin lists.
+ Allow >64k attributes on MySQL; this is particularly useful for
logos uploaded via the theming editor.
+ Remove two dependencies from the RT mailgate.
+ Adding new arbitrary links to tickets now works as expected in the
REST interface.
+ Subject: lines in Forward Ticket templates are now respected.
+ Sort ticket link numbers numerically, not alphabetically.
+ Ticket reminders are no longer copied when creating a linked ticket;
article and http:// links now are, however.
+ Use relative links (with no hostname) more consistently.
+ Correctly deal with non-ASCII attachment filenames which make use of
MIME parameter value continuations.
+ Find queue-level CFs first in REST interface when there are
duplicates by name.
+ Fix graphing of searches which reference Updated and other
transaction-based limits.
+ Reminder statuses on open and resolve are now configurable
per-lifecycle.
+ Fix quoting of CF names containing dashes and the like in the
SearchBuilder.
+ Bump URI dependency to ensure utf8 URLs are correclty generated in
Dashboard emails.
+ Permit and language attributes when scrubbing HTML.
- Added missing mason_data directories

Tue Mar 13 13:00:00 2012 larsAATTlinux-schulserver.de
- update to 4.0.5:
+ Greatly improved print CSS
+ New Config option - HideResolveActionsWithDependencies removes
actions such as Resolve from the action menu on tickets with
outstanding dependencies
+ New Config option - AutocompleteOwnersForSearch allows admins
to force an Owner autocompleter in the Query Builder
+ New Config option - NoTicketInterfaceForApprovals redirects
users to the Approvals interface if they visit an Approval ticket
in the regular RT UI
+ Improved Simple Search documentation and new \'any\' keyword for any status
+ Improved case insensitivity in the User and Custom Field Autocompleters
+ new --enable-ssl-mailgate configure option and rt-mailgate options
to assist with setting rt-mailgate up to talk to your ssl
enabled RT server
+ More improvements to email quote detection to handle Outlook quoting
+ The CreateTickets action now supports adding Groups as Watchers
+ httpurl_overwrite no longer inserts spaces into your URLs
+ Added NBSP as a search column in the Query Builder
+ Maintain Approved/Denied state in the radio button on past Approvals
+ Fixes for Bookmarked ticket searches
+ Bugfixes for OverrideOutgoingMailFrom and sending bounces
+ More consistent ordering of Articles
+ Improvements to menu internals, including fixes for Search
collections and localization of key names
+ Preserve Content-Disposition when redistributing mail
+ Improved PGP handling for .asc attachments with misleading content-types
+ By default, RT\'s session cookie will not be available to javascript
+ Allow Charts to be grouped by Told.
+ Test and localization cleanups.

Mon Mar 12 13:00:00 2012 larsAATTlinux-schulserver.de
- create %{rt_localstatedir}/data/RT-Shredder during init, so the
shredder can work per default
- fix license to be in spdx format
- added a more descriptive message in the database backend
README files.

Fri Dec 30 13:00:00 2011 larsAATTlinux-schulserver.de
- update to 4.0.4:
This release contains a number of bugfixes and small improvements
since the 4.0.2 release; a few of the more notable ones include:
+ Due to a change in RT 3.8.9, which also affected RT 4.0.0 and higher,
TransactionBatch scrips were run twice; this has now been fixed.
+ A new toggle has been added to expand all quote folding in a
ticket\'s transaction history.
+ New \"On Forward\", \"On Forward Transaction\" and \"On Forward Ticket\"
conditions have been added.
+ Ticket searches no longer forget which saved search they were
loaded from when being updated.
+ A new \"make jsmin\" target has been added to aid in downloading,
compiling, and installing jsmin.
+ Improved threading for automatically generated emails
concerning a ticket.
+ Improved detection of Outlook-style message fowarding headers.
+ No longer error when a user has supplied a non-existant RT style;
instead, fall back to the default.
This is particularly relevant for users coming RT 3.8 with the
3.6 stylesheet applied, which no longer exists in 4.0.
+ Improved handling of files named \"0\", and Unicode filenames,
in file uploads.
+ Tickets can no longer be linked to deleted tickets.
+ Restore missing menus on simple search result pages.
+ Fix support for perl 5.12 and later by removing a deprecated
use of \"defined %hash\".
- install rcrequest-tracker symlink
- fix FSF address in init script
- ignore the init-script-without-%restart_on_update-postun warning
from rpmlint: the init script just creates missing directories
on start - so no \"restart\" needed

Tue Nov 1 13:00:00 2011 larsAATTlinux-schulserver.de
- provide perl(RT)

Sun Oct 30 13:00:00 2011 larsAATTlinux-schulserver.de
- added rt-mysql2pg as suggested by Darin Perusich (bnc#722777)
- move schema and acl files to database subpackages
- split out
*db-oracle subpackage

Fri Oct 7 14:00:00 2011 larsAATTlinux-schulserver.de
- implement cleanup script for mason cache suggested by Darin
Perusich (bnc#722582)

Thu Oct 6 14:00:00 2011 larsAATTlinux-schulserver.de
- fix bnc#722528: config file ownership not properly set

Thu Oct 6 14:00:00 2011 larsAATTlinux-schulserver.de
- fix bnc#722143: webserver user can\'t write to log directory
(thanks to Darin Perusich)

Fri Sep 2 14:00:00 2011 larsAATTlinux-schulserver.de
- update to 4.0.2:
+ Notable changes include:
++ Ability to reference global CFs by Name in RT::Action::CreateTickets
++ Installation of the docs/ directory into /usr/share/request-tracker/docs
++ Removal of the incomplete --binary flag option for the full-text search indexer
++ Fixes for a regression that caused group dashboards to vanish after
creation and not appear in the list of dashboards
++ Rewritten forward functionality to generate mail that better
represents the original messages received by RT
++ Removal of the pure Perl Javascript::Minifier module which slowed
down the first request to new webserver children. jsmin or another
external minifier is now required to minify RT\'s javascript.
Refer to the section about $JSMinPath in perldoc
/opt/rt4/etc/RT_Config.pm for how to configure jsmin.
- enhancements and fixes in cronjobs
- use more macros to define directories only once

Fri Aug 19 14:00:00 2011 larsAATTlinux-schulserver.de
- fix build on older distributions by using the perl_vendorlib
directory where we install newer perl modules
( request-tracker-use_local_lib.patch )

Sat Aug 13 14:00:00 2011 larsAATTlinux-schulserver.de
- update to 4.0.1
- fix (build)requires
- build as/for user and group rt
- provide a small init script that creates /var/run/rt on demand
- split up subpackages (client, db-mysql, db-postgres, db-sqlite)
- install logrotate config

Sat Dec 26 13:00:00 2009 larsAATTlinux-schulserver.de
- initial version 3.8.7