diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-09-28 02:47:46 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-09-28 02:47:46 +0000 |
commit | 74404e4b81a68bdb8b1ebbc3d3c2ac13456d94bc (patch) | |
tree | c5f7b2774d58445647848b05f2ad762cbf0e04fd /devel/roundup | |
parent | 6915a1bed1f728f2e9af95e1f7adc19fb453203e (diff) | |
download | pkgsrc-74404e4b81a68bdb8b1ebbc3d3c2ac13456d94bc.tar.gz |
Upgrade roundup to version 1.4.6 in order to fix long-standing security
issues (CVE-2008-1474, CVE-2008-1475). Changes since 1.1.2:
- Make URL matching code less matchy.
- Try to clarify mail_domain config setting.
- Add use of username/password stored in ~/.netrc in mailgw.
- 'Make a Copy' failed with more than one person in nosy list.
- xml-rpc security checks and tests across all backends.
- Send a Precedence header in email so (well-written) autoresponders don't.
- Fix mailgw total failure bounce message generation (thanks Bradley Dean).
- Fix for postgres 8.3 compatibility (and bug).
- Fix for translations.
- Fire reactors after file storage is all done.
- Allow negative ids other than -1 for item generation.
- Better German translation for retiring users.
- More improvements to German translation.
- Add filter() to XML-RPC interface.
- Fix IndexError when there are no messages to an issue.
- Prevent broken pipe errors in csv export.
- New session API and cleanup thanks anatoly t.
- Make WSGI handler threadsafe.
- Improved URL matching RE.
- Allow binary file content submission via XML-RPC.
- Don't run old code on newer database.
- Fix HTML injection into page title
- Fix indexer handling of indexed Link properties.
- Security fixes (thanks Roland Meister).
- New config option in mail section: ignore_alternatives allows to
ignore alternatives besides the text/plain part used for the content
of a message in multipart/alternative attachments.
- Admin copy of error email from mailgw includes traceback (thanks Ulrik
Mikaelsson).
- Messages created through the web are now given an in-reply-to header
when email out to nosy (thanks Martin v. L�wis).
- Nosy messages now include more information about issues (all link
properties with a "name" attribute) (thanks Martin v. L�wis).
- Searching date range by supplying just a date as the filter spec.
- Handle no time.tzset under Windows.
- Fix race condition in file storage transaction commit.
- Make user utils JS work with firstname/lastname again.
- Fix ZRoundup to work with Zope 2.8.5.
- Fix race condition for key properties in rdbms backends.
- Handle Reject in mailgw final set/create.
- Removed some metakit references.
- Roundup has a new xmlrpc frontend that gives access to a tracker using
XMLRPC.
- Dates can now be in the year-range 1-9999.
- The metakit backend has been removed.
- Add simple anti-spam recipe to docs.
- Allow customisation of regular expressions used in email parsing, thanks
Bruno Damour.
- Italian translation by Marco Ghidinelli.
- Multilinks take any iterable.
- config option: specify port and local hostname for SMTP connections.
- Tracker index templating (i.e. when roundup_server is serving multiple
trackers).
- config option: Limit nosy attachments based on size (Philipp Gortan).
- roundup_server supports SSL via pyopenssl.
- templatable 404 not found messages.
- Unauthorized email includes a link to the registration page for
the tracker.
- config options: control whether author info/email is included in email
sent by roundup.
- support for receiving OpenPGP MIME messages (signed or encrypted).
- Handling of unset Link search in RDBMS backend.
- Journal export of anydbm didn't correctly export previously empty values.
- Fix handling of defaults for date fields.
- Fix <form> name in user editing to allow multilink popups to work.
- Fix form handling of editing existing hyperdb items from a new item page.
- Added new rdbms-indexes for full-text index which will speed up
reindexing.
- Turning off indexing for content properties of FileClass instance
(e.g., "file" and "msg") now works for SQL backends.
- Enabled over-riding of content-type in web interface (thanks
John Mitchell).
- Validate user timezones to filter bad entries.
- Classic template allows searching for issues with no topic set.
- xapian_indexer uses current API for stemming (Rick Benavidez).
- Ensure email addresses are unique.
- roundup_admin tracks uncommitted changes in interactive mode
for all backends.
- add template search path for easy_install (Marek Kubica).
- don't spam the roundup admin on client shutdowns (Ulrik Mikaelsson).
- respect umask on filestorage backends (Ulrik Mikaelsson).
- cope with spam robots posting multiple instances of the same form.
- include the author of property-only changes in generated messages.
- fuller email validation in templates.
- cope with bad cookies from other apps on same domain.
- updated Spanish translation from Ramiro Morales.
- clean up query display of "Private to you items".
- use local timezone for mail date header.
- allow CSV export of queries on selected issues.
- remove blobfiles on destroy.
- handle postgres exceptions during session cleanup.
- update Xapian indexer to use current API.
- handle export and import of old trackers that have data attached to
journal "create" events.
- fix a couple more old instances of "type" instead of "ENGINE" for mysql
backend.
- make LinkHTMLProperty handle non-existing keys.
- If-Modified-Since handling was broken.
- Updated documentation for customising hard-coded searches in page.html.
- Updated Windows installation docs (thanks Bo Berglund).
- Handle rounding of seconds generating invalid date values.
- Handle 8-bit untranslateable messages from database properties.
- Fix scripts/roundup-reminder date calculation.
- Improved due_date and timelog customisation docs.
- relax rules for required fields in form_parser.py.
- documentation cleanup from Luke Ross.
- updated Spanish translation from Ramiro Morales.
- handle 8-bit untranslateable messages in tracker templates.
- handling of required for boolean False and numeric 0.
- removed bogus args attr of ConfigurationError.
- implemented start_response in roundup.cgi.
- clarified windows service documentation.
- HTMLClass fixed to work with new item permissions check.
- support POP over SSL.
- clean up input field generation and quoting of values.
- allow use of roundup-server pidfile without forking.
- allow translation of status/priority menu options.
- setup.py had broken reference to roundup.cgi.
- full-text search wasn't coping with multiple multilinks to the same class.
- unicode / sqlite 3 problem.
- WSGI support via roundup.cgi.wsgi_handler.
- sqlite module detection was broken for python 2.5 compiled without sqlite
support.
- fixed support for pysqlite2 (version 2.1.0 is the minimum version
supported).
- roundup-server called setuid when run by non-root user.
- fix sort/group direction checkbox in issue.index.html.
- fix error detection for non-EN locales of postgres.
- fix email change note rendering of multiline properties.
- fix sidebar search links.
- nicer "permission required" messages.
- fix unstable ordering of detectors.
- E-mail subject line prefix delimiter configuration was being ignored.
- Password confirm field in user editing.
- supports Python 2.5, including the sqlite3 module.
- full timezone support.
- handle connection loss when responding to web requests.
- match incoming mail In-Reply-To against existing messages when no issue
id is specified in the Subject.
- added StringHTMLProperty wrapped() method to wrap long lines in issue
display.
- include the popcal in Date field editing and search fields by default.
- @required in forms may now specify properties of linked items.
- update for latest version of pysqlite.
- update for latest version of psycopg2.
- new "exporttables" command in roundup-admin.
- roundup-admin "export" may specify classes to exclude.
- sorting and grouping by multiple properties is now supported by the
backends *and* the classic template.
- sorting, grouping, and searching by transitive properties (e.g.,
messages.author.supervisor) is now supported in all backends.
- added filter_sql to SQL backends which takes an arbitrary SQL statement
and returns a list of item ids.
- Verbose option for import and export.
- -c option for roundup-mailgw won't accept parameter.
- '?' in rfc2822-encoded header isn't quoted.
- fix error message in form parser.
- updated ZRoundup for Zope 2.9.
- fix timelog example in customisation doc to mention permissions.
- nicer listing of Superseder links.
- include roundup-server.ini.example.
- dumb bug in cgi templating utils.
- handle unicode in query names.
- fix error during mailgw bouncing message.
- hyperdb handling of empty raw values for Multilink and Password.
- don't int() ids.
- fix importing into anydbm backend.
- fix help message for roundup-admin install.
- removed traceback with OTK is used multiple times.
- metakit backend was indexing FileClass content even when asked not to.
- anydbm backend will finally sort numerically by ID.
- problem with string sorting in anydbm backend fixed: If a string was
fully numeric it was sorted as a number.
- Multilink-sorting now sorts by orderprop not by ID and works for all
backends.
- Bug with name-collisions in sorted classes when sorting by Link
properties in metakit backend fixed.
- Postgres backend allows transaction collisions to be ignored when
committing cleanup in the sessions database.
- translate titles of "show all" and "unassigned" issue lists
in classic template.
- "as" is a keyword in Python 2.6.
- "from __future__" statments need to be first line of file in Python 2.6.
- better conflict retry in postgresql backend.
- fix time log example.
Diffstat (limited to 'devel/roundup')
-rw-r--r-- | devel/roundup/Makefile | 4 | ||||
-rw-r--r-- | devel/roundup/PLIST | 54 | ||||
-rw-r--r-- | devel/roundup/distinfo | 8 |
3 files changed, 55 insertions, 11 deletions
diff --git a/devel/roundup/Makefile b/devel/roundup/Makefile index 7a1ba05206f..87c0fdd32c4 100644 --- a/devel/roundup/Makefile +++ b/devel/roundup/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.32 2008/05/26 02:13:18 joerg Exp $ +# $NetBSD: Makefile,v 1.33 2008/09/28 02:47:46 tonnerre Exp $ -DISTNAME= roundup-1.1.2 +DISTNAME= roundup-1.4.6 CATEGORIES= devel MASTER_SITES= http://cheeseshop.python.org/packages/source/r/roundup/ diff --git a/devel/roundup/PLIST b/devel/roundup/PLIST index c4def21140e..d8520a6cca1 100644 --- a/devel/roundup/PLIST +++ b/devel/roundup/PLIST @@ -1,9 +1,10 @@ -@comment $NetBSD: PLIST,v 1.13 2006/07/15 11:39:17 recht Exp $ +@comment $NetBSD: PLIST,v 1.14 2008/09/28 02:47:46 tonnerre Exp $ bin/roundup-admin bin/roundup-demo bin/roundup-gettext bin/roundup-mailgw bin/roundup-server +bin/roundup-xmlrpc-server ${PYSITELIB}/roundup/__init__.py ${PYSITELIB}/roundup/__init__.pyc ${PYSITELIB}/roundup/__init__.pyo @@ -16,9 +17,6 @@ ${PYSITELIB}/roundup/backends/__init__.pyo ${PYSITELIB}/roundup/backends/back_anydbm.py ${PYSITELIB}/roundup/backends/back_anydbm.pyc ${PYSITELIB}/roundup/backends/back_anydbm.pyo -${PYSITELIB}/roundup/backends/back_metakit.py -${PYSITELIB}/roundup/backends/back_metakit.pyc -${PYSITELIB}/roundup/backends/back_metakit.pyo ${PYSITELIB}/roundup/backends/back_mysql.py ${PYSITELIB}/roundup/backends/back_mysql.pyc ${PYSITELIB}/roundup/backends/back_mysql.pyo @@ -166,6 +164,9 @@ ${PYSITELIB}/roundup/cgi/form_parser.pyo ${PYSITELIB}/roundup/cgi/templating.py ${PYSITELIB}/roundup/cgi/templating.pyc ${PYSITELIB}/roundup/cgi/templating.pyo +${PYSITELIB}/roundup/cgi/wsgi_handler.py +${PYSITELIB}/roundup/cgi/wsgi_handler.pyc +${PYSITELIB}/roundup/cgi/wsgi_handler.pyo ${PYSITELIB}/roundup/cgi/zLOG.py ${PYSITELIB}/roundup/cgi/zLOG.pyc ${PYSITELIB}/roundup/cgi/zLOG.pyo @@ -232,6 +233,9 @@ ${PYSITELIB}/roundup/scripts/roundup_mailgw.pyo ${PYSITELIB}/roundup/scripts/roundup_server.py ${PYSITELIB}/roundup/scripts/roundup_server.pyc ${PYSITELIB}/roundup/scripts/roundup_server.pyo +${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.py +${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.pyc +${PYSITELIB}/roundup/scripts/roundup_xmlrpc_server.pyo ${PYSITELIB}/roundup/security.py ${PYSITELIB}/roundup/security.pyc ${PYSITELIB}/roundup/security.pyo @@ -244,48 +248,78 @@ ${PYSITELIB}/roundup/token.pyo ${PYSITELIB}/roundup/version_check.py ${PYSITELIB}/roundup/version_check.pyc ${PYSITELIB}/roundup/version_check.pyo +${PYSITELIB}/roundup/xmlrpc.py +${PYSITELIB}/roundup/xmlrpc.pyc +${PYSITELIB}/roundup/xmlrpc.pyo man/man1/roundup-admin.1 man/man1/roundup-demo.1 man/man1/roundup-mailgw.1 man/man1/roundup-server.1 share/doc/roundup/CHANGES.txt share/doc/roundup/COPYING.txt +share/doc/roundup/FAQ.html share/doc/roundup/FAQ.txt share/doc/roundup/README.txt share/doc/roundup/ZPL.txt +share/doc/roundup/admin_guide.html share/doc/roundup/admin_guide.txt +share/doc/roundup/announcement.html share/doc/roundup/announcement.txt +share/doc/roundup/customizing.html share/doc/roundup/customizing.txt share/doc/roundup/debugging.txt share/doc/roundup/default.css +share/doc/roundup/design.html share/doc/roundup/design.txt +share/doc/roundup/developers.html share/doc/roundup/developers.txt +share/doc/roundup/features.html share/doc/roundup/features.txt +share/doc/roundup/glossary.html share/doc/roundup/glossary.txt +share/doc/roundup/images/edit_issue.png share/doc/roundup/images/edit.png share/doc/roundup/images/hyperdb.png +share/doc/roundup/images/index_logged_in.png +share/doc/roundup/images/index_logged_out.png share/doc/roundup/images/logo-acl-medium.png share/doc/roundup/images/logo-codesourcery-medium.png share/doc/roundup/images/logo-software-carpentry-standard.png +share/doc/roundup/images/my_details.png +share/doc/roundup/images/new_issue.png +share/doc/roundup/images/registration.png share/doc/roundup/images/roundup-1.png share/doc/roundup/images/roundup.png +share/doc/roundup/implementation.html share/doc/roundup/implementation.txt +share/doc/roundup/index.html share/doc/roundup/index.txt +share/doc/roundup/installation.html share/doc/roundup/installation.txt +share/doc/roundup/mysql.html share/doc/roundup/mysql.txt share/doc/roundup/original_overview.html share/doc/roundup/overview.txt +share/doc/roundup/postgresql.html share/doc/roundup/postgresql.txt +share/doc/roundup/roundup-server.ini.example share/doc/roundup/spec.html +share/doc/roundup/tracker_templates.html share/doc/roundup/tracker_templates.txt +share/doc/roundup/upgrading.html share/doc/roundup/upgrading.txt +share/doc/roundup/user_guide.html share/doc/roundup/user_guide.txt share/doc/roundup/whatsnew-0.7.txt share/doc/roundup/whatsnew-0.8.txt +share/doc/roundup/xmlrpc.html +share/doc/roundup/xmlrpc.txt share/locale/de/LC_MESSAGES/roundup.mo share/locale/en/LC_MESSAGES/roundup.mo -share/locale/es_AR/LC_MESSAGES/roundup.mo +share/locale/es/LC_MESSAGES/roundup.mo share/locale/fr/LC_MESSAGES/roundup.mo +share/locale/hu/LC_MESSAGES/roundup.mo +share/locale/it/LC_MESSAGES/roundup.mo share/locale/lt/LC_MESSAGES/roundup.mo share/locale/ru/LC_MESSAGES/roundup.mo share/locale/zh_CN/LC_MESSAGES/roundup.mo @@ -297,14 +331,20 @@ share/roundup/templates/classic/detectors/nosyreaction.py share/roundup/templates/classic/detectors/statusauditor.py share/roundup/templates/classic/detectors/userauditor.py share/roundup/templates/classic/extensions/README.txt +share/roundup/templates/classic/html/_generic.404.html share/roundup/templates/classic/html/_generic.calendar.html share/roundup/templates/classic/html/_generic.collision.html +share/roundup/templates/classic/html/_generic.help-empty.html +share/roundup/templates/classic/html/_generic.help-list.html +share/roundup/templates/classic/html/_generic.help-search.html +share/roundup/templates/classic/html/_generic.help-submit.html share/roundup/templates/classic/html/_generic.help.html share/roundup/templates/classic/html/_generic.index.html share/roundup/templates/classic/html/_generic.item.html share/roundup/templates/classic/html/file.index.html share/roundup/templates/classic/html/file.item.html share/roundup/templates/classic/html/help_controls.js +share/roundup/templates/classic/html/help.html share/roundup/templates/classic/html/home.classlist.html share/roundup/templates/classic/html/home.html share/roundup/templates/classic/html/issue.index.html @@ -318,15 +358,19 @@ share/roundup/templates/classic/html/query.edit.html share/roundup/templates/classic/html/query.item.html share/roundup/templates/classic/html/style.css share/roundup/templates/classic/html/user.forgotten.html +share/roundup/templates/classic/html/user.help-search.html +share/roundup/templates/classic/html/user.help.html share/roundup/templates/classic/html/user.index.html share/roundup/templates/classic/html/user.item.html share/roundup/templates/classic/html/user.register.html share/roundup/templates/classic/html/user.rego_progress.html +share/roundup/templates/classic/html/user_utils.js share/roundup/templates/classic/initial_data.py share/roundup/templates/classic/schema.py share/roundup/templates/minimal/TEMPLATE-INFO.txt share/roundup/templates/minimal/detectors/userauditor.py share/roundup/templates/minimal/extensions/README.txt +share/roundup/templates/minimal/html/_generic.404.html share/roundup/templates/minimal/html/_generic.calendar.html share/roundup/templates/minimal/html/_generic.collision.html share/roundup/templates/minimal/html/_generic.help.html diff --git a/devel/roundup/distinfo b/devel/roundup/distinfo index 818e6792109..2a923c5f646 100644 --- a/devel/roundup/distinfo +++ b/devel/roundup/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.23 2006/07/15 11:39:17 recht Exp $ +$NetBSD: distinfo,v 1.24 2008/09/28 02:47:46 tonnerre Exp $ -SHA1 (roundup-1.1.2.tar.gz) = d1b686fbb5553b8776b8a15db364fc362254be8b -RMD160 (roundup-1.1.2.tar.gz) = 9c68a7cc2d108eeffdbd9902b190ba32eaaac64c -Size (roundup-1.1.2.tar.gz) = 876455 bytes +SHA1 (roundup-1.4.6.tar.gz) = 5691718bc2454a11a39129518919da259fa4422b +RMD160 (roundup-1.4.6.tar.gz) = 3b15b8e6a85dd6346ddc4faee6a5387b44ffc377 +Size (roundup-1.4.6.tar.gz) = 1370687 bytes |