pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel/roundup Upgrade roundup to version 1.4.6 in orde...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e7433c658ff6
branches: trunk
changeset: 547696:e7433c658ff6
user: tonnerre <tonnerre%pkgsrc.org@localhost>
date: Sun Sep 28 02:47:46 2008 +0000
description:
Upgrade roundup to version 1.4.6 in order to fix long-standing security
issues (CVE-2008-1474, CVE-2008-1475). Changes since 1.1.2:
- Make URL matching code less matchy.
- Try to clarify mail_domain config setting.
- Add use of username/password stored in ~/.netrc in mailgw.
- 'Make a Copy' failed with more than one person in nosy list.
- xml-rpc security checks and tests across all backends.
- Send a Precedence header in email so (well-written) autoresponders don't.
- Fix mailgw total failure bounce message generation (thanks Bradley Dean).
- Fix for postgres 8.3 compatibility (and bug).
- Fix for translations.
- Fire reactors after file storage is all done.
- Allow negative ids other than -1 for item generation.
- Better German translation for retiring users.
- More improvements to German translation.
- Add filter() to XML-RPC interface.
- Fix IndexError when there are no messages to an issue.
- Prevent broken pipe errors in csv export.
- New session API and cleanup thanks anatoly t.
- Make WSGI handler threadsafe.
- Improved URL matching RE.
- Allow binary file content submission via XML-RPC.
- Don't run old code on newer database.
- Fix HTML injection into page title
- Fix indexer handling of indexed Link properties.
- Security fixes (thanks Roland Meister).
- New config option in mail section: ignore_alternatives allows to
ignore alternatives besides the text/plain part used for the content
of a message in multipart/alternative attachments.
- Admin copy of error email from mailgw includes traceback (thanks Ulrik
Mikaelsson).
- Messages created through the web are now given an in-reply-to header
when email out to nosy (thanks Martin v. L�wis).
- Nosy messages now include more information about issues (all link
properties with a "name" attribute) (thanks Martin v. L�wis).
- Searching date range by supplying just a date as the filter spec.
- Handle no time.tzset under Windows.
- Fix race condition in file storage transaction commit.
- Make user utils JS work with firstname/lastname again.
- Fix ZRoundup to work with Zope 2.8.5.
- Fix race condition for key properties in rdbms backends.
- Handle Reject in mailgw final set/create.
- Removed some metakit references.
- Roundup has a new xmlrpc frontend that gives access to a tracker using
XMLRPC.
- Dates can now be in the year-range 1-9999.
- The metakit backend has been removed.
- Add simple anti-spam recipe to docs.
- Allow customisation of regular expressions used in email parsing, thanks
Bruno Damour.
- Italian translation by Marco Ghidinelli.
- Multilinks take any iterable.
- config option: specify port and local hostname for SMTP connections.
- Tracker index templating (i.e. when roundup_server is serving multiple
trackers).
- config option: Limit nosy attachments based on size (Philipp Gortan).
- roundup_server supports SSL via pyopenssl.
- templatable 404 not found messages.
- Unauthorized email includes a link to the registration page for
the tracker.
- config options: control whether author info/email is included in email
sent by roundup.
- support for receiving OpenPGP MIME messages (signed or encrypted).
- Handling of unset Link search in RDBMS backend.
- Journal export of anydbm didn't correctly export previously empty values.
- Fix handling of defaults for date fields.
- Fix <form> name in user editing to allow multilink popups to work.
- Fix form handling of editing existing hyperdb items from a new item page.
- Added new rdbms-indexes for full-text index which will speed up
reindexing.
- Turning off indexing for content properties of FileClass instance
(e.g., "file" and "msg") now works for SQL backends.
- Enabled over-riding of content-type in web interface (thanks
John Mitchell).
- Validate user timezones to filter bad entries.
- Classic template allows searching for issues with no topic set.
- xapian_indexer uses current API for stemming (Rick Benavidez).
- Ensure email addresses are unique.
- roundup_admin tracks uncommitted changes in interactive mode
for all backends.
- add template search path for easy_install (Marek Kubica).
- don't spam the roundup admin on client shutdowns (Ulrik Mikaelsson).
- respect umask on filestorage backends (Ulrik Mikaelsson).
- cope with spam robots posting multiple instances of the same form.
- include the author of property-only changes in generated messages.
- fuller email validation in templates.
- cope with bad cookies from other apps on same domain.
- updated Spanish translation from Ramiro Morales.
- clean up query display of "Private to you items".
- use local timezone for mail date header.
- allow CSV export of queries on selected issues.
- remove blobfiles on destroy.
- handle postgres exceptions during session cleanup.
- update Xapian indexer to use current API.
- handle export and import of old trackers that have data attached to
journal "create" events.
- fix a couple more old instances of "type" instead of "ENGINE" for mysql
backend.
- make LinkHTMLProperty handle non-existing keys.
- If-Modified-Since handling was broken.
- Updated documentation for customising hard-coded searches in page.html.
- Updated Windows installation docs (thanks Bo Berglund).
- Handle rounding of seconds generating invalid date values.
- Handle 8-bit untranslateable messages from database properties.
- Fix scripts/roundup-reminder date calculation.
- Improved due_date and timelog customisation docs.
- relax rules for required fields in form_parser.py.
- documentation cleanup from Luke Ross.
- updated Spanish translation from Ramiro Morales.
- handle 8-bit untranslateable messages in tracker templates.
- handling of required for boolean False and numeric 0.
- removed bogus args attr of ConfigurationError.
- implemented start_response in roundup.cgi.
- clarified windows service documentation.
- HTMLClass fixed to work with new item permissions check.
- support POP over SSL.
- clean up input field generation and quoting of values.
- allow use of roundup-server pidfile without forking.
- allow translation of status/priority menu options.
- setup.py had broken reference to roundup.cgi.
- full-text search wasn't coping with multiple multilinks to the same class.
- unicode / sqlite 3 problem.
- WSGI support via roundup.cgi.wsgi_handler.
- sqlite module detection was broken for python 2.5 compiled without sqlite
support.
- fixed support for pysqlite2 (version 2.1.0 is the minimum version
supported).
- roundup-server called setuid when run by non-root user.
- fix sort/group direction checkbox in issue.index.html.
- fix error detection for non-EN locales of postgres.
- fix email change note rendering of multiline properties.
- fix sidebar search links.
- nicer "permission required" messages.
- fix unstable ordering of detectors.
- E-mail subject line prefix delimiter configuration was being ignored.
- Password confirm field in user editing.
- supports Python 2.5, including the sqlite3 module.
- full timezone support.
- handle connection loss when responding to web requests.
- match incoming mail In-Reply-To against existing messages when no issue
id is specified in the Subject.
- added StringHTMLProperty wrapped() method to wrap long lines in issue
display.
- include the popcal in Date field editing and search fields by default.
- @required in forms may now specify properties of linked items.
- update for latest version of pysqlite.
- update for latest version of psycopg2.
- new "exporttables" command in roundup-admin.
- roundup-admin "export" may specify classes to exclude.
- sorting and grouping by multiple properties is now supported by the
backends *and* the classic template.
- sorting, grouping, and searching by transitive properties (e.g.,
messages.author.supervisor) is now supported in all backends.
- added filter_sql to SQL backends which takes an arbitrary SQL statement
and returns a list of item ids.
- Verbose option for import and export.
- -c option for roundup-mailgw won't accept parameter.
- '?' in rfc2822-encoded header isn't quoted.
- fix error message in form parser.
- updated ZRoundup for Zope 2.9.
- fix timelog example in customisation doc to mention permissions.
- nicer listing of Superseder links.
- include roundup-server.ini.example.
- dumb bug in cgi templating utils.
- handle unicode in query names.
- fix error during mailgw bouncing message.
- hyperdb handling of empty raw values for Multilink and Password.
- don't int() ids.
- fix importing into anydbm backend.
- fix help message for roundup-admin install.
- removed traceback with OTK is used multiple times.
- metakit backend was indexing FileClass content even when asked not to.
- anydbm backend will finally sort numerically by ID.
- problem with string sorting in anydbm backend fixed: If a string was
fully numeric it was sorted as a number.
- Multilink-sorting now sorts by orderprop not by ID and works for all
backends.
- Bug with name-collisions in sorted classes when sorting by Link
properties in metakit backend fixed.
- Postgres backend allows transaction collisions to be ignored when
committing cleanup in the sessions database.
- translate titles of "show all" and "unassigned" issue lists
in classic template.
- "as" is a keyword in Python 2.6.
- "from __future__" statments need to be first line of file in Python 2.6.
- better conflict retry in postgresql backend.
- fix time log example.
diffstat:
devel/roundup/Makefile | 4 +-
devel/roundup/PLIST | 54 +++++++++++++++++++++++++++++++++++++++++++++----
devel/roundup/distinfo | 8 +++---
3 files changed, 55 insertions(+), 11 deletions(-)
diffs (191 lines):
diff -r 1a949ff72956 -r e7433c658ff6 devel/roundup/Makefile
--- a/devel/roundup/Makefile Sun Sep 28 02:27:17 2008 +0000
+++ b/devel/roundup/Makefile Sun Sep 28 02:47:46 2008 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.32 2008/05/26 02:13:18 joerg Exp $
+# $NetBSD: Makefile,v 1.33 2008/09/28 02:47:46 tonnerre Exp $
-DISTNAME= roundup-1.1.2
+DISTNAME= roundup-1.4.6
CATEGORIES= devel
MASTER_SITES= http://cheeseshop.python.org/packages/source/r/roundup/
diff -r 1a949ff72956 -r e7433c658ff6 devel/roundup/PLIST
--- a/devel/roundup/PLIST Sun Sep 28 02:27:17 2008 +0000
+++ b/devel/roundup/PLIST Sun Sep 28 02:47:46 2008 +0000
@@ -1,9 +1,10 @@
-@comment $NetBSD: PLIST,v 1.13 2006/07/15 11:39:17 recht Exp $
+@comment $NetBSD: PLIST,v 1.14 2008/09/28 02:47:46 tonnerre Exp $
bin/roundup-admin
bin/roundup-demo
bin/roundup-gettext
bin/roundup-mailgw
bin/roundup-server
+bin/roundup-xmlrpc-server
${PYSITELIB}/roundup/__init__.py
${PYSITELIB}/roundup/__init__.pyc
${PYSITELIB}/roundup/__init__.pyo
@@ -16,9 +17,6 @@
${PYSITELIB}/roundup/backends/back_anydbm.py
${PYSITELIB}/roundup/backends/back_anydbm.pyc
${PYSITELIB}/roundup/backends/back_anydbm.pyo
-${PYSITELIB}/roundup/backends/back_metakit.py
-${PYSITELIB}/roundup/backends/back_metakit.pyc
-${PYSITELIB}/roundup/backends/back_metakit.pyo
${PYSITELIB}/roundup/backends/back_mysql.py
${PYSITELIB}/roundup/backends/back_mysql.pyc
${PYSITELIB}/roundup/backends/back_mysql.pyo
@@ -166,6 +164,9 @@
${PYSITELIB}/roundup/cgi/templating.py
${PYSITELIB}/roundup/cgi/templating.pyc
${PYSITELIB}/roundup/cgi/templating.pyo
+${PYSITELIB}/roundup/cgi/wsgi_handler.py
+${PYSITELIB}/roundup/cgi/wsgi_handler.pyc
+${PYSITELIB}/roundup/cgi/wsgi_handler.pyo
${PYSITELIB}/roundup/cgi/zLOG.py
${PYSITELIB}/roundup/cgi/zLOG.pyc
${PYSITELIB}/roundup/cgi/zLOG.pyo
@@ -232,6 +233,9 @@
${PYSITELIB}/roundup/scripts/roundup_server.py
${PYSITELIB}/roundup/scripts/roundup_server.pyc
${PYSITELIB}/roundup/scripts/roundup_server.pyo
+${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.py
+${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.pyc
+${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.pyo
${PYSITELIB}/roundup/security.py
${PYSITELIB}/roundup/security.pyc
${PYSITELIB}/roundup/security.pyo
@@ -244,48 +248,78 @@
${PYSITELIB}/roundup/version_check.py
${PYSITELIB}/roundup/version_check.pyc
${PYSITELIB}/roundup/version_check.pyo
+${PYSITELIB}/roundup/xmlrpc.py
+${PYSITELIB}/roundup/xmlrpc.pyc
+${PYSITELIB}/roundup/xmlrpc.pyo
man/man1/roundup-admin.1
man/man1/roundup-demo.1
man/man1/roundup-mailgw.1
man/man1/roundup-server.1
share/doc/roundup/CHANGES.txt
share/doc/roundup/COPYING.txt
+share/doc/roundup/FAQ.html
share/doc/roundup/FAQ.txt
share/doc/roundup/README.txt
share/doc/roundup/ZPL.txt
+share/doc/roundup/admin_guide.html
share/doc/roundup/admin_guide.txt
+share/doc/roundup/announcement.html
share/doc/roundup/announcement.txt
+share/doc/roundup/customizing.html
share/doc/roundup/customizing.txt
share/doc/roundup/debugging.txt
share/doc/roundup/default.css
+share/doc/roundup/design.html
share/doc/roundup/design.txt
+share/doc/roundup/developers.html
share/doc/roundup/developers.txt
+share/doc/roundup/features.html
share/doc/roundup/features.txt
+share/doc/roundup/glossary.html
share/doc/roundup/glossary.txt
+share/doc/roundup/images/edit_issue.png
share/doc/roundup/images/edit.png
share/doc/roundup/images/hyperdb.png
+share/doc/roundup/images/index_logged_in.png
+share/doc/roundup/images/index_logged_out.png
share/doc/roundup/images/logo-acl-medium.png
share/doc/roundup/images/logo-codesourcery-medium.png
share/doc/roundup/images/logo-software-carpentry-standard.png
+share/doc/roundup/images/my_details.png
+share/doc/roundup/images/new_issue.png
+share/doc/roundup/images/registration.png
share/doc/roundup/images/roundup-1.png
share/doc/roundup/images/roundup.png
+share/doc/roundup/implementation.html
share/doc/roundup/implementation.txt
+share/doc/roundup/index.html
share/doc/roundup/index.txt
+share/doc/roundup/installation.html
share/doc/roundup/installation.txt
+share/doc/roundup/mysql.html
share/doc/roundup/mysql.txt
share/doc/roundup/original_overview.html
share/doc/roundup/overview.txt
+share/doc/roundup/postgresql.html
share/doc/roundup/postgresql.txt
+share/doc/roundup/roundup-server.ini.example
share/doc/roundup/spec.html
+share/doc/roundup/tracker_templates.html
share/doc/roundup/tracker_templates.txt
+share/doc/roundup/upgrading.html
share/doc/roundup/upgrading.txt
+share/doc/roundup/user_guide.html
share/doc/roundup/user_guide.txt
share/doc/roundup/whatsnew-0.7.txt
share/doc/roundup/whatsnew-0.8.txt
+share/doc/roundup/xmlrpc.html
+share/doc/roundup/xmlrpc.txt
share/locale/de/LC_MESSAGES/roundup.mo
share/locale/en/LC_MESSAGES/roundup.mo
-share/locale/es_AR/LC_MESSAGES/roundup.mo
+share/locale/es/LC_MESSAGES/roundup.mo
share/locale/fr/LC_MESSAGES/roundup.mo
+share/locale/hu/LC_MESSAGES/roundup.mo
+share/locale/it/LC_MESSAGES/roundup.mo
share/locale/lt/LC_MESSAGES/roundup.mo
share/locale/ru/LC_MESSAGES/roundup.mo
share/locale/zh_CN/LC_MESSAGES/roundup.mo
@@ -297,14 +331,20 @@
share/roundup/templates/classic/detectors/statusauditor.py
share/roundup/templates/classic/detectors/userauditor.py
share/roundup/templates/classic/extensions/README.txt
+share/roundup/templates/classic/html/_generic.404.html
share/roundup/templates/classic/html/_generic.calendar.html
share/roundup/templates/classic/html/_generic.collision.html
+share/roundup/templates/classic/html/_generic.help-empty.html
+share/roundup/templates/classic/html/_generic.help-list.html
+share/roundup/templates/classic/html/_generic.help-search.html
+share/roundup/templates/classic/html/_generic.help-submit.html
share/roundup/templates/classic/html/_generic.help.html
share/roundup/templates/classic/html/_generic.index.html
share/roundup/templates/classic/html/_generic.item.html
share/roundup/templates/classic/html/file.index.html
share/roundup/templates/classic/html/file.item.html
share/roundup/templates/classic/html/help_controls.js
+share/roundup/templates/classic/html/help.html
share/roundup/templates/classic/html/home.classlist.html
share/roundup/templates/classic/html/home.html
share/roundup/templates/classic/html/issue.index.html
@@ -318,15 +358,19 @@
share/roundup/templates/classic/html/query.item.html
share/roundup/templates/classic/html/style.css
share/roundup/templates/classic/html/user.forgotten.html
+share/roundup/templates/classic/html/user.help-search.html
+share/roundup/templates/classic/html/user.help.html
share/roundup/templates/classic/html/user.index.html
share/roundup/templates/classic/html/user.item.html
share/roundup/templates/classic/html/user.register.html
share/roundup/templates/classic/html/user.rego_progress.html
+share/roundup/templates/classic/html/user_utils.js
share/roundup/templates/classic/initial_data.py
share/roundup/templates/classic/schema.py
share/roundup/templates/minimal/TEMPLATE-INFO.txt
share/roundup/templates/minimal/detectors/userauditor.py
share/roundup/templates/minimal/extensions/README.txt
+share/roundup/templates/minimal/html/_generic.404.html
share/roundup/templates/minimal/html/_generic.calendar.html
share/roundup/templates/minimal/html/_generic.collision.html
share/roundup/templates/minimal/html/_generic.help.html
diff -r 1a949ff72956 -r e7433c658ff6 devel/roundup/distinfo
--- a/devel/roundup/distinfo Sun Sep 28 02:27:17 2008 +0000
+++ b/devel/roundup/distinfo Sun Sep 28 02:47:46 2008 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.23 2006/07/15 11:39:17 recht Exp $
+$NetBSD: distinfo,v 1.24 2008/09/28 02:47:46 tonnerre Exp $
-SHA1 (roundup-1.1.2.tar.gz) = d1b686fbb5553b8776b8a15db364fc362254be8b
-RMD160 (roundup-1.1.2.tar.gz) = 9c68a7cc2d108eeffdbd9902b190ba32eaaac64c
-Size (roundup-1.1.2.tar.gz) = 876455 bytes
+SHA1 (roundup-1.4.6.tar.gz) = 5691718bc2454a11a39129518919da259fa4422b
+RMD160 (roundup-1.4.6.tar.gz) = 3b15b8e6a85dd6346ddc4faee6a5387b44ffc377
+Size (roundup-1.4.6.tar.gz) = 1370687 bytes
Home |
Main Index |
Thread Index |
Old Index