issues (CVE-2008-1474, CVE-2008-1475). Changes since 1.1.2:
- Make URL matching code less matchy.
- Try to clarify mail_domain config setting.
- Add use of username/password stored in ~/.netrc in mailgw.
- 'Make a Copy' failed with more than one person in nosy list.
- xml-rpc security checks and tests across all backends.
- Send a Precedence header in email so (well-written) autoresponders don't.
- Fix mailgw total failure bounce message generation (thanks Bradley Dean).
- Fix for postgres 8.3 compatibility (and bug).
- Fix for translations.
- Fire reactors after file storage is all done.
- Allow negative ids other than -1 for item generation.
- Better German translation for retiring users.
- More improvements to German translation.
- Add filter() to XML-RPC interface.
- Fix IndexError when there are no messages to an issue.
- Prevent broken pipe errors in csv export.
- New session API and cleanup thanks anatoly t.
- Make WSGI handler threadsafe.
- Improved URL matching RE.
- Allow binary file content submission via XML-RPC.
- Don't run old code on newer database.
- Fix HTML injection into page title
- Fix indexer handling of indexed Link properties.
- Security fixes (thanks Roland Meister).
- New config option in mail section: ignore_alternatives allows to
ignore alternatives besides the text/plain part used for the content
of a message in multipart/alternative attachments.
- Admin copy of error email from mailgw includes traceback (thanks Ulrik
Mikaelsson).
- Messages created through the web are now given an in-reply-to header
when email out to nosy (thanks Martin v. L�wis).
- Nosy messages now include more information about issues (all link
properties with a "name" attribute) (thanks Martin v. L�wis).
- Searching date range by supplying just a date as the filter spec.
- Handle no time.tzset under Windows.
- Fix race condition in file storage transaction commit.
- Make user utils JS work with firstname/lastname again.
- Fix ZRoundup to work with Zope 2.8.5.
- Fix race condition for key properties in rdbms backends.
- Handle Reject in mailgw final set/create.
- Removed some metakit references.
- Roundup has a new xmlrpc frontend that gives access to a tracker using
XMLRPC.
- Dates can now be in the year-range 1-9999.
- The metakit backend has been removed.
- Add simple anti-spam recipe to docs.
- Allow customisation of regular expressions used in email parsing, thanks
Bruno Damour.
- Italian translation by Marco Ghidinelli.
- Multilinks take any iterable.
- config option: specify port and local hostname for SMTP connections.
- Tracker index templating (i.e. when roundup_server is serving multiple
trackers).
- config option: Limit nosy attachments based on size (Philipp Gortan).
- roundup_server supports SSL via pyopenssl.
- templatable 404 not found messages.
- Unauthorized email includes a link to the registration page for
the tracker.
- config options: control whether author info/email is included in email
sent by roundup.
- support for receiving OpenPGP MIME messages (signed or encrypted).
- Handling of unset Link search in RDBMS backend.
- Journal export of anydbm didn't correctly export previously empty values.
- Fix handling of defaults for date fields.
- Fix <form> name in user editing to allow multilink popups to work.
- Fix form handling of editing existing hyperdb items from a new item page.
- Added new rdbms-indexes for full-text index which will speed up
reindexing.
- Turning off indexing for content properties of FileClass instance
(e.g., "file" and "msg") now works for SQL backends.
- Enabled over-riding of content-type in web interface (thanks
John Mitchell).
- Validate user timezones to filter bad entries.
- Classic template allows searching for issues with no topic set.
- xapian_indexer uses current API for stemming (Rick Benavidez).
- Ensure email addresses are unique.
- roundup_admin tracks uncommitted changes in interactive mode
for all backends.
- add template search path for easy_install (Marek Kubica).
- don't spam the roundup admin on client shutdowns (Ulrik Mikaelsson).
- respect umask on filestorage backends (Ulrik Mikaelsson).
- cope with spam robots posting multiple instances of the same form.
- include the author of property-only changes in generated messages.
- fuller email validation in templates.
- cope with bad cookies from other apps on same domain.
- updated Spanish translation from Ramiro Morales.
- clean up query display of "Private to you items".
- use local timezone for mail date header.
- allow CSV export of queries on selected issues.
- remove blobfiles on destroy.
- handle postgres exceptions during session cleanup.
- update Xapian indexer to use current API.
- handle export and import of old trackers that have data attached to
journal "create" events.
- fix a couple more old instances of "type" instead of "ENGINE" for mysql
backend.
- make LinkHTMLProperty handle non-existing keys.
- If-Modified-Since handling was broken.
- Updated documentation for customising hard-coded searches in page.html.
- Updated Windows installation docs (thanks Bo Berglund).
- Handle rounding of seconds generating invalid date values.
- Handle 8-bit untranslateable messages from database properties.
- Fix scripts/roundup-reminder date calculation.
- Improved due_date and timelog customisation docs.
- relax rules for required fields in form_parser.py.
- documentation cleanup from Luke Ross.
- updated Spanish translation from Ramiro Morales.
- handle 8-bit untranslateable messages in tracker templates.
- handling of required for boolean False and numeric 0.
- removed bogus args attr of ConfigurationError.
- implemented start_response in roundup.cgi.
- clarified windows service documentation.
- HTMLClass fixed to work with new item permissions check.
- support POP over SSL.
- clean up input field generation and quoting of values.
- allow use of roundup-server pidfile without forking.
- allow translation of status/priority menu options.
- setup.py had broken reference to roundup.cgi.
- full-text search wasn't coping with multiple multilinks to the same class.
- unicode / sqlite 3 problem.
- WSGI support via roundup.cgi.wsgi_handler.
- sqlite module detection was broken for python 2.5 compiled without sqlite
support.
- fixed support for pysqlite2 (version 2.1.0 is the minimum version
supported).
- roundup-server called setuid when run by non-root user.
- fix sort/group direction checkbox in issue.index.html.
- fix error detection for non-EN locales of postgres.
- fix email change note rendering of multiline properties.
- fix sidebar search links.
- nicer "permission required" messages.
- fix unstable ordering of detectors.
- E-mail subject line prefix delimiter configuration was being ignored.
- Password confirm field in user editing.
- supports Python 2.5, including the sqlite3 module.
- full timezone support.
- handle connection loss when responding to web requests.
- match incoming mail In-Reply-To against existing messages when no issue
id is specified in the Subject.
- added StringHTMLProperty wrapped() method to wrap long lines in issue
display.
- include the popcal in Date field editing and search fields by default.
- @required in forms may now specify properties of linked items.
- update for latest version of pysqlite.
- update for latest version of psycopg2.
- new "exporttables" command in roundup-admin.
- roundup-admin "export" may specify classes to exclude.
- sorting and grouping by multiple properties is now supported by the
backends *and* the classic template.
- sorting, grouping, and searching by transitive properties (e.g.,
messages.author.supervisor) is now supported in all backends.
- added filter_sql to SQL backends which takes an arbitrary SQL statement
and returns a list of item ids.
- Verbose option for import and export.
- -c option for roundup-mailgw won't accept parameter.
- '?' in rfc2822-encoded header isn't quoted.
- fix error message in form parser.
- updated ZRoundup for Zope 2.9.
- fix timelog example in customisation doc to mention permissions.
- nicer listing of Superseder links.
- include roundup-server.ini.example.
- dumb bug in cgi templating utils.
- handle unicode in query names.
- fix error during mailgw bouncing message.
- hyperdb handling of empty raw values for Multilink and Password.
- don't int() ids.
- fix importing into anydbm backend.
- fix help message for roundup-admin install.
- removed traceback with OTK is used multiple times.
- metakit backend was indexing FileClass content even when asked not to.
- anydbm backend will finally sort numerically by ID.
- problem with string sorting in anydbm backend fixed: If a string was
fully numeric it was sorted as a number.
- Multilink-sorting now sorts by orderprop not by ID and works for all
backends.
- Bug with name-collisions in sorted classes when sorting by Link
properties in metakit backend fixed.
- Postgres backend allows transaction collisions to be ignored when
committing cleanup in the sessions database.
- translate titles of "show all" and "unassigned" issue lists
in classic template.
- "as" is a keyword in Python 2.6.
- "from __future__" statments need to be first line of file in Python 2.6.
- better conflict retry in postgresql backend.
- fix time log example.
Only minor bugfixes, no detailed list in the changelog.
Add gnome option for gnome-vfs, not enabled by default.
Add support for V4L2. This is only enabled for Linux now.
Build needs to be fixed for NetBSD and tested for others.
-Add missing fsync() in updatefile close method to ensure data actually
hits disk before the rename takes place, to make writing of the oldmail
file more resilient to system crashes. Thanks: Domen Puncer.
support for creating empty files as CONF_FILES.
The usual way is to add
CONF_FILES= /dev/null /some/file
However, some parts of the infrastructure check if the "source" is a
file -- this fails for /dev/null obviously (other parts accept
character devices already).
Fix this. Will follow up with PKGREVISION bumps for affected packages.
Ok during freeze: agc@
Fixes build of pkgsrc/archivers/bsdtar on some systems, no functional change
intended on systems that already successfully built.
Ok'd during freeze by joerg@ and agc@
Changes:
* Fixed several security issues.
* Fixed several stability issues.
* Fixed a number of minor issues with the layout of certain web pages.
* Fixed several theme issues that affected right-to-left locales.
* Fixed issue that caused some users with customized toolbars to have their
Back and Forward buttons go missing (bug 426026)
* Add new Extended Validation (EV) roots to Firefox 3.0.2.
* On certain IDN sites, the password manager would not fill in username
and password details properly.
* Fixed several hangs and crashes that occurred when using screen readers.
