-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNEWS
1715 lines (1457 loc) · 74.3 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Clean-up branch - v.3.1-cleanup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CONFIGURATION]
* .mo (translation files) will be installed in /usr/local/share/locale
by default, and the $sys_localedir configuration variable should be
set accordingly.
* $sys_appdatadir (default "/var/lib/savane") and
$sys_trackers_attachments_dir (default
"$sys_appdatadir/trackers_attachments")
* The behavior of SCP changed somewhere between OpenSSH 5.2 and 5.5
(inclusive). It now passes an extra '--' argument before the copy
destination. You may need to adapt your '$regexp_scp' in
'/etc/membersh-conf.pl'.
[SITE SPECIFIC CONTENT]
* git/index.txt added: displayed in /git/index.php
* hg/index.txt added: displayed in /hg/index.php
* bzr/index.txt added: displayed in /bzr/index.php
* account/login.txt added: displayed in /account/login.php
[FRONTEND]
* New TextCHA antispam in the user registration process.
[BACKEND]
* Git, Mercurial and Bazaar support.
[DATABASE STRUCTURE]
* Store trackers attachments on the filesystem. On large sites such as
Savannah, there are now ~17000 files totalling >400MB, which becomes
inconvient to handle (huge dumpfiles, etc.). The migration script
stores files in /var/lib/savane/trackers_attachments by
default. Files are named after their file_id, to avoid naming issues
(duplicates, security, simplicity, etc.)
[DEVELOPER NOTES]
* Code compatible with PHP5
* Cleaner PHP code (less warnings, allowing to look for real issues)
* More secure input validation (prevents SQL injections and CSRF);
works with register_globals=off and magic_quotes=off.
* Test Savane on http://localhost:50080/ with single line:
make -C tests/minimal_configs/
* Build system based on autoconf & automake, plus MakeMaker for the
Perl library
* Full UTF-8 database (including declarations and ordering)
Unreleased, Changes from 2.0 to 3.0:
[SITE SPECIFIC CONTENT]
* dnsbl.txt added: allow the define the DNS Blacklist to use.
[CONFIGURATION]
* If you intend to run SpamAssassin to filter spams posted on
trackers, you must rebuild your conffile by running:
`sv_update_conf --recreate`
[FRONTEND]
* Now includes a Markup language to enable users to format text
without allowing them to type in HTML for security reasons. It means
that in places where HTML was allowed before (project description,
users resume, trackers item posting preamble), the HTML must be
removed (task #2874).
* Access to files attached to private items is now restricted as the
items.
* Added Markup to allows users to format text (task #2874).
* Added a preview of news content when approving new items
(bug #2121).
* Display jobs by project type.
* Fix a bug causing the result bar, when browsing items, to show
as number of results the number of "item to show per page", when using
a "modified since" additional constraint, if the number of result was
superior to the number of "item to show per page". As result, the
links to items not shown on the page due to the number of "item to
show per page limit" were missing (bug #7566).
* In statistics page, fields are now listed in their configured order
(task #3775).
* Fix a bug that was making impossible to post comment on a
private item to the person that submitted the item (unless he has
rights on the relevant tracker due to group membership), while we
actually wants to allow him to do so (bug #7524).
* Fix a bug causing the user profile to show the user as member of
groups on which is only requesting for inclusion, not yet approved.
* Now projects can create Squads: Squads are meta-users that enable
to share permissions, items assignation and notifications among several
project members (task #3665).
* User Carbon-Copy notification settings simplified and items
Carbon-Copy list improved.
Now users can always remove themselves from Carbon-Copy list of
a given item (in the past, if you posted a comment on an item
you could not remove you from the notification of this item in
particular).
Instead of determining from users actions on the items the
notification, now users are simply added to the CC list of the
item when they act on it.
They can configure some notification to always ignore, for instance
they can decide to skip all notifications of their own changes made
on items, to skip all notifications unless the item is closed or its
status changed (useful for someone that just want to know if item
get closed but do not want to follow developers discussions).
They can also configure the system not to add them in the Carbon-Copy
list automatically, when they post a comment or when they update an
item.
Finally, they can configure the system to remove them from the
Carbon-Copy list when an item assigned to them is reassigned to
someone else (useful for people in charge of handle item submission
sorting, that would not care about the item destiny once the item
properly reassigned) (task #4080, task #3776).
* Fix a bug causing email obsfucation to work anormally in item
history (bug #7303).
* Fix a bug causing "Member since info" to be missing from an user
profile if he is member of a private group (bug #7644).
* Make sure new project notification setup is not ignored when an
item is reassigned to it.
* Item pages heavily reorganized (task #3787, task #2887).
* Fix a bug making impossible to change posting restriction if the
news tracker was deactivated (bug #7653).
* Remove, in fields usage configuration, inconsistant reference
to transitions in the case of non selectbox field (bug #7654).
* Allow multiple file upload at once. What was the file upload
limit is not the total upload limit. Users can upload more files
but the same amount of data (task #2392).
* Detect MSIE 7 and deactivate MSIE 5/6 specific dirty hacks
(bug #7688).
* Make sure mailing-list reconfiguration process is not done
before the mailing-list was actually created on the system
(mailman-specific, bug #7689).
* Fix a bug causing new CC to be lost if a mandatory field was
not filled (bug #5658).
* Very long links are cut to avoid them to break the page layout.
* It is now possible to lock discussions: manager can decide to
restrict items updates to managers and technicians (stop flamewars).
It is a good idea on trackers that accept anonymous comment post to
add this as automated transition on item closing, so spammers robots
will have less items available to spam (task #4129).
* Account name is no longer mention in the mail sent on account
creation to prevent too easy account creation by robots
(please read task #2876).
* Shows only groups registered during the last trimester in the
front page features boxes (bug #7743).
* Add DNS blacklist checks (task #4127).
* Log permissions denied and DNSbl rejections.
* Allow an user to remove himself from all Carbon-Copy lists of
a given group - useful when someone quit a group (task #4137).
* Ban IPs of anonymous spammers for 6 hours (task #4141).
* "Contributors Wanted" site menu entry moved from "Site Help" to
"Hosted Project submenu: it does not actually provide help to users
but is interesting info about the groups hosted.
* Fix a bug causing in My Items > Assigned to me groups to be missing
after a click on (-) (bug #7760).
* Rename "$sys_name Help" and "$sys_name Administration" in
"Site Help" and "Site Administration". Looks less clumsy (to be
consistent we should have repeated $sys_name in every menu title,
like $sys_name hosted projects, etc), enlight that it is site wide.
* Fix problems accessing attached files that contains a # in their
name (bug #7796).
* Put an invisible trap to spambots, a field unused that will be
considered as bogus if filled (task #4151). This will not prevent
tailored spambots to post, but this will definitely block the
others. And it is common knowledge that even old spambots are still
used nowadays, no matter how easy it is to catch them.
[BACKEND]
* sv_extra_merge_projects is now able, when moving items from the
source group, to assign items to a given category of the destination
project (task #3830).
* sv_extra_svn_postcommit_brigde added. Activated from SVN
post-commit hooks, it will add a special comment if to items if
there reference is included in commit message (task #2594).
* Use chmod user:group syntax, more portable than user.group
(bug #7729).
* sv_update_conf now automatically try to find out the Apache
group (www-data, apache, etc) to use to set conffile ownership
(bug #7758).
* Fix a bug causing weekly export to fail to update the export
timestamp at the end of the month (bug #7508).
[LIB]
* User.pm: remove .authorized_keys when the key number is null.
* Provide backward compatibility symlinks like
Savannah.pm -> Savane.pm (bug #5664).
[DATABASE STRUCTURE]
* Numerous spamcheck related changes (spamscore and IP fields added
in trackers tables, spamscore, spamban tables added, etc).
------------------------------------------------------------------------------
2006-10-03, Changes from 1.4 to 2.0:
[SITE SPECIFIC CONTENT]
* Added forbidden_mail_domains.txt that allows to forbid users to
associate users account with emails from arbitrarily defined domains
(used at project registration and during email change, task #2917).
* my/items.txt, my/groups.txt, account/index_intro.txt:
default text moved to the interface.
It is standard text that should not be changed. But additional text
can still be added.
* people/editprofile.txt deleted.
* people/editresume.txt added, empty by default.
[CONFIGURATION]
* You must re-run sv_update_conf to regenerate a conffile in all
cases, as the configuration file name and the default location
changed. Now, the default is /etc/savane/savane.conf.pl instead
of deprecated /etc/savannah/savannah.conf.pl (task #3020).
* You must update your apache configuration to follow the
conffile location change, if you use the default location.
You should then have like:
SetEnv SAVANE_CONF /etc/savane
If you do not use the default location but a custom one (something
different than /etc/savannah and /etc/savane), there is nothing to
change (task #3020).
* You must update your apache configuration to add:
<Files file>
ForceType application/x-httpd-php
</Files>
just after the similar configuration bits regarding "Files projects"
and "Files users" (task #2888).
[FRONTEND]
* Code cleanups, interface cosmetics.
* Water theme rewritten from scratch.
* New field in group_type.php: mailing list virtual host
* Fixed list name verification against existing user names
* Support British locale (with d/m/y date format)
* Fix typo (bug #5975).
* Now feedback can be removed from the page by clicking on it, without
reloading the page (bug #5202).
* Feedback fixed-positionning is optional, users can select
relative positionning, loosing the ability to always have the
feedback accessible in one click without scrolling up and down.
Some users apparently have browsers that slow down when there is
such fixed box on their page (even if fixed positionning is not
something especially unusual).
* Now boxoptions (like 'display criteria' are shown minimized by
default and are maximized by a simple click on (+) (task #2919).
* Does feedback transparency only using the standard CSS3 'opacity',
no longer relying on non-standard browser specific things (Gecko
now supports opacity).
* Shortcut links for items are now provided. You can for instance
type domain.org/task/?564 to get to task #564 (task #2804).
* Now, when downloading a file attached to an item, users are
redirected to a meta-directory that make their web browser think they
are actually opening a real file named as the attached file was named
before being inserted into the database.
For instance, if you attach a file name "myfile.txt", from now on,
the final url where you will download it will be
domain/file/myfile.txt?file_id=nnn
Whatever web browser you are using, he will surely propose you
"myfile.txt" as filename, while with the previous
domain/tracker/download.php?file_if=nnn many web browser would
propose you "download.php" (task #2888).
* KDE nuvola icon theme now used for emeraud and gna themes.
* Anonymous users have no longer any access to users email address
(task #2938).
* Users now can delete their account - this process cannot be undone
(task #2208).
* Fix a bug allowing by mistake users to associate more than one
account to an email address (bug #5314).
* When adding a dependency to an item, the parameters of the last
search (restrict search to tracker or project) are now remembered
in the result page (bug #5341).
* Fix a bug causing mail added in originator email field to be
missing in CC list (bug #5309).
* It is now possible to keep only one session opened at a time,
useful for that open many sessions on many computers without
closing them properly and not wanting these sessions to be kept
alive.
* Fix a bug causing the logout page to destroy only an half of
the session information (which is enough to destroy the session
but unclean).
* It is now possible to kill all sessions apart from the current
one (bug #5258).
* Every <font>, <b>, and <i> HTML tag has been replaced by an
appropriate <span>, <strong>, or <em> tag. Moreover, there has
been some effort to make Savane even more compliant with
XHTML output (task #2882).
* Order mailing-list by alphabetical order, more logical than
list creation chronological order (bug #5379).
* Fix a bug causing the recipes "Last Update" info to be
sometimes erroneous (bug #5396).
* Allow capitalization of theme names. It changes only the CSS file
name and what is printer in "My Admin", nothing else (task #3015).
* Now the top menu is a drop down menu (task #3021). There is
however an menu in the old fashion available as option, for people
using browser impossible to support properly for this (like
konqueror < 3.1, etc). This option can be set in My Account Conf
(task #3719).
* Savane is now fully translated to Swedish. Many thanks to
Daniel Nylander for his work!
* Korean translation has been removed because it not maintained
(only 37 translated messages remained).
* Fixed a bug in item digest causing the announced latest comment to
be actually the first one.
* Mention who is the author of the latest comment shown in digest.
* Now "originator email" text field is moved in item reassignment.
* Fix a bug that occasionally caused a global notification to be
missed.
* Warn of MSIE related layout problem, recommends to use another
browser in case of issues - 3 more MSIE specifics hacks were
necessary for this release. As these hacks force Savane to
make non-standard usage of CSS, results would be highly unpredictable
to any web browser that interpret CSS correctly (bug #6904).
* Remove "$InstallationName: " from the site-scope pages, useless
as it is always mentioned at the end of the title between [ ] *
(bug #6884).
* Remove full description of the error from the pages titles
when exiting on error: this is too noisy and does not really
matters, as people wont bookmarks such links.
It is cleaner not to put invite them to read the feedback
(bug #6919).
* Statistics bars now have fixed line height (bug #6907).
* Fixed a bug causing sometimes the mailing-list names to be
enforced in a way different that the one configured for the group
type (%PROJECT- was added while it was not configured that way)
(bug #6962).
* It is now possible to ask for mailing list admin password to
be reset (task #3661).
* Logged-in users are redirected to /my when accessing pages
like account/register which has no purpose for a logged in user
(bug #6972).
* Fix a bug making impossible to project admins to configure
their Arch or SVN viewcvs link (bug #5774).
* Fix a bug causing the page Set Active Feature to show outdated
info after update (was fixed in the past, the bugfix no longer
works for an unknown reason).
* Closed items because they were reassigned to another tracker
are now marked as such in a very clear way: item title, original
submission and comments (bug #4446).
* Propose sensible default for rank on output values when creating
query forms (bug #2867).
* Do not mention in feedback the internal automatic transition for
the system 'closed on' field happening when an automatic transition
close an item (bug #7004).
* Fix a bug causing severals words included in a CC list, as one
CC, to be concatened in a single word. It is cleaner, however, it
does not change the fact that if someone put "thisguy thislogin" as
CC, no one will get notified as it not a valid address. For this
to work, "thisguy <thislogin>" should be entered instead
(bug #6889).
* Now the system does plenty of checks to make sure the same
notification is not sent twice. Now, for instance, he will be
able not to add twice in To: an email that shows up because it was
in CC in full text + referred as a username of the submitter
(bug #7034).
* Warns in item pages if CC addresses look suspicious (bug #7036).
* Reminds exactly where was an anonymous and bring him back after
login even if had posted an item - on POST, variables where missing
from the URI and the redirection was leading to "No Group Missing
Parameters" error (bug #6984).
* Print a warning, when printing twice a form because of a forgotten
mandatory field, mentioning that uploaded file must be one more time
added - this is limitation of HTML, we cannot prefill these input
like we do for any other inputs (bug #7007).
* Fix a bug causing an item update to be sent if someone was clicking
one more time on "Submit Changes & Return to this Item" (button only
shown if you have privileges on the tracker) after closing the item
(bug #7113).
* In the menu, if there are external docs (extra link), consider them
prior to the cookbook: if the users use two doc tool (allowed to do
this by the site admin via Group Type settings), there is no reason
to consider the external less important than the Savane one, at the
contrary, we can assume that they made the choice to use another one
for good reasons and we do not have to enforce anything at this
point.
* Now recipes that are for everybody are grouped when browsing
the Cookbook (task #2658).
* Browse item pages no longer allows to more than 150 items
to be showned at once, unless in printer version or while
doing digest (bug #7134).
* Add default recipes when the local admin group is created
(usually when installing Savane, bug #7136).
* Attached files size limit is now configurable, still at 512 kB by
default. (bug #5693).
Note: for higher values, MySQL and PHP default setup will probably
not work.
* Use the noreply address as originator for news item (this change
may be discussed).
* Items are now mixed in dependancies list. It means that now
only the chronological order count, there is no longer first the
bugs, then the tasks etc (task #3736).
* My Incoming Items & My Items pages optimized (should load faster).
Unfortunately, My Incoming Items no longer list old items recently
assigned but only recent items: this was too heavy (bug #7200).
* Hide Homepage links if pointing to nowhere.
[MAIL EXTRA FRONTEND]
* Fix a bug causing access to private list archives to be denied
when the latest slash is missing in the url (bug #2228).
[BACKEND]
* sv_mailman can send virtual host information to Mailman.
* sv_mailman can now reconfigure and delete lists (bug #5389,
task #366).
- Note that you need to call it with --keep-archives
if you want it not to ask mailman to remove its archives.
- Note also that the list will be removed from both the system
and the database.
- Finally, note that password changes requires Mailman
version >= 2.1.x
* Locking is now performed via flock(2) instead of touch(1).
* Locks will all go into /var/lock/savane (bug #6880).
* sv_mailman_and_mailarchivedotcom added, a script that register
public mailing list to mail-archive.com.
* Rely on Date::Calc instead of GNU date -d option, more portable
(bug #5390).
* sv_update_conf now warn if a setting is mandatory and refuse to
proceed further if the user does not enter a setting. Output has
been polished.
* sv_update_conf now checks if filesystem path are valid (bug #6927).
* Fix a bug causing sv_gpgcheckfiles to sometimes dies prematurely
(bug #6878).
* sv_gpgcheckfiles now refers to the Cookbook, and no longer to the
dead-and-buried FAQ.
* sv_gpgcheckfiles cache now avoids possible flaws of md5 collisions
(bug #4421);
* Fix a bug in history content of XML exports.
* Added dependancies in XML exports.
* Fix a bug causing --big-cleanup option of sv_cleaner to fails in
some cases (bug #5489).
* sv_mailman_checkqueue as been removed, as it is not compatible
with Mailman =< 2.1.x which is now required by Savane (bug #2858).
* sv_extra_export/sv_export_import removed (now longer updated,
probably broken).
* sv_extra_merge_projects added, a tool to merge several projects
into one (task #3785).
[LIB]
* Add GetDBHash that returns a clean hash. Useful to grab data
which may contain ',', in which case GetDB should not be used.
* Now depends also on Text::Wrap
[DATABASE STRUCTURE]
* Add mailing_list_virtual_host field in group_type
* Remove buggy (old leftover) "Revision Tag" field from patch
field database (bug #7154)
------------------------------------------------------------------------------
2006-02-04, Changes from 1.3 to 1.4:
[SITE SPECIFIC CONTENT]
* Added new status 'Orphaned/Unmaintained' in hashes.txt
(bug #4811).
[FRONTEND]
* Cosmetics, typos (bug #4842, bug #4864, bug #5068, bug #5074)
* The comparison between $HTTP_HOST and the project's base host
is now case-insensitive to avoid infinite redirection loops
(bug #4947).
* Fixed a security issue with cross site scripting (XSS) during
the submission of a new tracker item (bug #5011)
* Fixed a bug causing attached files to be ignored during item
reassignation (bug #4844).
* Fixed a bug causing wrong email addresses to be used when
notifying admins after request for membership (bug without effect
if /etc/aliases was updated by sv_aliases, bug #4744).
* Fixed notification to submitter if assignee changed and
submitter is neither new nor old assignee.
* License Other filled during submission is now printed as License
if "License" is equal to "Other".
[BACKEND]
* The was a typo in the name of the default theme "emeraud" in
sv_update_conf (bug #4975).
[INTERNAL]
* The PHP frontend can now use unit testing. A few tests
are already included. This will be improved with more
tests as development goes on.
------------------------------------------------------------------------------
2005-12-06, Changes from 1.2 to 1.3:
[CONFIGURATION]
Note that in the following, you must replace
/usr/share/savane-frontend-php/ by the path to the root of your
savane frontend installation (where index.php is).
* To improve security, you should add the following in your
apache configuration file:
# Restrict access into include/
<Directory /usr/share/savane-frontend-php/include>
Order Allow,Deny
Deny from all
</Directory>
In the main section <Directory /usr/share/savane-frontend-php>
you should also add:
# PHP conf
# to improve security
php_admin_flag allow_url_fopen off
php_admin_flag display_errors off
* Still for security improvement, you should add in your php.ini, if
you are sure that no PHP installation on your server require these:
disable_functions = exec, passthru, popen, shell_exec, system
This would greatly improve the overal security, making potential flaws
in Savane unexploitable.
* $sys_datefmt syntax is now exactly the one of strftime(), see
http://php.benscom.com/manual/en/function.strftime.php
This is a deprecated option, you should use it only if you want to
enforce a specific syntax for dates.
[FRONTEND]
* Cosmetics:
- review icons position (bug #4577).
- review Gna! theme: lighter colors to help the eye to
accomodate.
- add emeraud theme (based on Gna! theme and KDE "emerald"
color theme) propose it as default during install.
- new CSS guidelines, version 1.12 + 1.13.
- use "blocks" css element in several places to make it
easier to follow links.
* Fix some XHTML errors (bug #4692).
* The selected theme is now honoured when logging in while no cookie
exists but a database setting (bug #4449)
* Show only user modifiable fields in the "additional constraint"
form, as it makes only sense to check whether this field have changed
since a date if they can be changed (bug #4452).
* Order alphabetically "additional constraint" fields names. Using
the order configured for the whole form does not make sense inside
a select box, it's not user friendly.
* For conveniency, CanUse() now interpret both "bugs" and "bug"
as valid argument (bug #4571).
* Make possible to set automatic transition caused by the field
Open/Closed on item creation (bug #4517).
* Avoid swarming backslashes to appears in items reports when a form
is reposted several times due to mandatory field not filled
(bug #4618).
* Users GPG keys are now provided as download, not included in an
HTML page, so it easier to load the key. This way, modern desktop
environment like KDE are able to automatically import the key,
without requiring excessive user interaction (bug #4414).
* Improve testconfig.php tests: fix a typo in the name of the
variable register_long_arrays, mention that an unset variable may as
well be set to off, add a Securing PHP config section (bug #4538,
bug #4537).
* When a project is approved, the patch tracker is not activated
by default: this tracker is deprecated.
* User permissions page, when project admins set users rights, no
longer shows unused features (bug #2205).
* Makes text area for item details or comments bigger.
* Links will now be build when the string "file #nnn" appears in
comments/text, like for "bug #nnn".
* Feature a new tracker: the cookbook manager (task #2369,
bug #4690, bug #2256).
* FAQ tool was removed, the Cookbook should be used instead.
* "Status" field is now shown by default to project members when
posting new item for most trackers (bug #4689).
* Various code cleanups.
* Cleanup date formatting (bug #4570, task #2614).
* Internal changes: Add a context guess library that will come
handy for the coobook to know whatis appropriate to suggest to users.
Using the old hand-filled top-tab was implying to many issues,
especially because we would have to fill by hand subcontext info
(main context : which tracker for example ; subcontext : what action
is being done, posting new item for instance).
This implementation deprecates a lot of old things. Most notably,
in all *_header() calls will remains context parameters, aka toptabs,
that will actually never be used any longer).
The new library provide context_title() and context_icon() that should
be used to know which title and icon is appropriate for a given page
(if a parameter title is provided in a *_header() call, it will still
be appended to the icon). Also CONTEXT and SUBCONTEXT constant are
defined and available.
* Reorganize project administration pages so they look alike other
pages, (mimic My Account Conf, for example), avoid using h3 to put
links but only to put real titles.
* Remove admin/groupedit-add.php, deprecated function to create
groups. Groups should always be registered in the usual way, even
by site admins, it is cleaner and easier to debug.
* Show attached files mimetype (ie: image/png) along with size
infos.
* Fix a bug causing "Same a new item" comment post restriction to
always refer to the restriction for new item post of the group type,
instead of the group one if any (bug #4794).
* Fix a bug causing items in "My Items" and "My Incoming Items" to
look unpredictably ordered and making the page layout slow to be
printed on screen (bug #4808).
* Incorporate Savane User Guide as "In Depth Guide" into Savane
(task #2598).
* By default, all items corresponding to the query form are
selected for the Digest.
* While browsing item, use Item Id in reverse order, from the
latest to the older, as default sorting criteria (bug #4447).
* Implement interface to select items to export in xml files,
put in a queue handled by the backend (task #2564).
[BACKEND]
* Implement export to xml files according to queue generated
via the frontend (task #2565).
[LIB]
* Add GetDBHash that returns a clean hash. Useful to grab data
which may contain ',', in which case GetDB should not be used.
[DATABASE STRUCTURE]
* Add tables necessary to make the cookbook manager running.
* Fusion content of trackers tables *_file into trackers_file.
------------------------------------------------------------------------------
2005-09-29, Changes from 1.1 to 1.2:
[NOTE]
* You should configure the task tracker of the Site Administration
project to accept comment post from logged-in users.
This is necessary because now comment post are restricted like
item post, an by default, the restriction effective for item post
is used for comment post (bug #4437).
[SITE SPECIFIC CONTENT]
* Fix a typo in my/request_for_inclusion.txt causing the link
provided to admins to be erroneous, $group_name being used instead
of $unix_group_name (bug #2694).
[FRONTEND]
* Cosmetics:
- display options are now shown in a specific box, with
a specific design;
- submenu entries are now printed in smaller size, so it is
easier to distinguish them from main menu entries;
- make sure "* Mandatory Field" shows up on all pages
(bug #2859);
- use help mouse icon when help is available;
- use alternative colors when presenting fields in trackers.
- item output now in clean column also for non-logged in
users.
- sort themes by alphabetical order
* Fixed bug preventing the global notification list to be used for
new submissions in some peculiar cases (task #2179).
* Trackers forms are now redisplayed when a mandatory field is not
filled, instead of asking users to use their browser back button
(task #2181).
* Mention that private projects are not shown in search results
(task #2184).
* Fix a bug with order set in digest that were breaking browsing
items afterwards (task #2185).
* Fix a bug causing manual changes to a field to be overriden by
automatic transition even if no real transition was made
(task #2186).
* Fixed a bug which prevented the newly selected theme to be shown
right away (bug #1987)
* It's now possible to restricts comment post, in the same way it
is possible for new item -- by default, comment restriction are the
same as new item posting restriction (task #2195, bug #2396).
* If an item should be finished on a certain date, it will be
highlighted after that date has passed. This is mainly used for the
task tracker (bug #2204)
* It is now possible to make a field mandatory only if it was shown
to the original submitter. It is the default for mandatory field, but
it is also possible to make a field "mandatory whenever possible",
which mean mandatory for anyone that is able to modify the field
(task #2194).
* Fix a bug causing the setting "show X items at once" to be ignored
on browse items pages (bug #2860).
* Items page titles now mentions the id of item + it's summary
(truncated if too long).
* Allows to edit all approved items (to news manager), not only the
that were approved during the last two weeks (bug #2720).
* Remove erroneous Group information when searching items, belonging
to the same group only, while adding dependancies to an item
(bug #691).
* It is now possible to use as criteria, while browsing items, the
fact that an item was, or wasn't, modified since a specific date
(task #2188, task #2190).
* When, while browsing items, both fields Summary and Original
Submission are search criteria, it is possible to select whether
a logical OR or a logical AND should be used between the two --
the default and traditional behavior is an AND (task #2187).
* Site query forms are shown before Project query forms (if any
defined) in lists.
* Fix xhtml error causing "My New Items" output to be quite strange,
shown only with some specific version of some specific browser
(bug #2846).
* Fix erroneous comment numbering, in items comments, when a user
selected the chronological order (non default) for comments
printout (bug #2875).
* Now, only 1 lost password mail per hour (and per user) can be sent
per hour, to avoid very theoretically risk of flood or similar
malicious usage of the lost password feature (bug #2530).
* Fix a bug causing erroneous locale to be used in the mail sent
to notify a user requesting group membership that his request has been
approved (bug #635).
* Add testconfig.php, a script useful during installation to check
whether Apache setup is correct.
* Provide more complete apache/apache2 conffiles.
* Fixed numerous XHTML validation errors.
* Fix MSIE rendering problems, still using of dirty hacks like
nobody should put in the code if he doesnt want headaches. Nothing
marvellous but now it behaves with MSIE like it does with CSS
compliant browsers like Mozilla, Konqueror etc, with a tiny exception:
the footer (copyright bla bla, powered by savane) is part of the main
entity of the page (task #2182).
* Cleanup input of item_id (bug #2913).
* Provide help balloons in Display Criteria forms (bug #2914).
* Fix harmless error message shown when a request for inclusion in
two groups at the same time is sent (bug #2893).
* When a project is approved, during while the "trigger creation"
step (initiated by site admins), default notification for trackers
are configured so project admins get notifications. So by default,
new items dont get unnotified (bug #2882).
* Show to the superuser the Site Administration part of the left
menu, even if he is actually logged in as simple user. Allow to read
local docs to superuser even he is actually logged in as simple user.
* Fix a bug causing extra slashes to be added in text fields (if
they were containing specific characters) while adding dependancies
(bug #2864, bug #4406).
* Theme updates: new themes "light2" and "softgreen" added,
"startrek" removed (funny but not really usable).
* Mention popular themes in site statistics.
* Add help ballon to icons associated to users names, in item
comments, that describe user role regarding the project or the item
(bug #4415).
* Disallow originator email field to be shown to anyone but anonymous
users (required by the code, bug #4428).
* Restrict the search box on the left menu to do only site specific
searches, add the necessary counter-part in group areas to do group
specific searches (bug #4429).
[BACKEND]
* Fix a bug causing GPG group keyrings not be correctly updated, if
a new member of the project has his keys registered in another group
keyring a while ago (bug #2838).
You may have to clean up all registered keyrings by running
rm -f `find /home -name "ascii-public-key"`
assuming that your users account are in /home.
* Use File::Temp to make temporary file, instead of poorly
reinventing the wheel (bug #2852).
* Added --big-cleanup option to sv_cleaner, to do a massive cleanup
that, for instance, remove items of deleted groups. It is recommended
to do a database backup the first time you use this option.
This should run once per week, or per month (bug #1863).
* Scripts useful only when use with another service (like a cvs
server) that is not part of Savane have now the prefix sv_extra,
instead of simply sv_.
* sv_nurse_ramfs removed, way too specific, not Savane related.
* sys_miscdir configuration option was removed, so sv_extra_backup.pl
now takes --dumpdir as argument to replace that setting.
* sv_reminder: cleanups that should avoid mails to be sent if no
recipient has been determined.
[DATABASE STRUCTURE]
* Dates have been removed from the "Advanced" query form (too
inconvenient in several cases), but they are now in the "By Date"
default query form.
* Summary and Original Submission are now part of the criteria of
the "Advanced" query form.
------------------------------------------------------------------------------
2005-09-13, Changes from 1.0.8 to 1.1:
[FRONTEND]
* Fix a bug causing html content to be sent as html in items
comments and original submission (bug #2874). This bug was only
found in Savane 1.0.8, not in previous version.
[DATABASE STRUCTURE]
* Fix a typo that would create confusing between status "In Progress"
and "Need Info" (bug #2857).
------------------------------------------------------------------------------
2005-09-02, Changes from 1.0.7 to 1.0.8:
[OVERALL]
* The postal address of the Free Software Foundation has been
changed in the source files
[FRONTEND]
* The function utils_make_links() was rewritten to better cope
with unusual hyperlinks and e-mail addresses (bug #2689)
* The error message for posted files which exceed the maximum
allowed size is much clearer now (bug #2053)
* The list of user sessions is ordered by date, from youngest
to oldest (bug #2561)
* Improve the project administration interface: more details in the
task details guiding the site administrator; shortcuts added in the
group edit page.
* Encoding in UTF-8 non-ASCII strings contained in From: and To:
fields of sent mails, encoding only non-ASCII strings in the Subject:
field, not the whole sentence (bug #2487).
* Hide forms item remaining in the printable version (bug #2075)
* In my items and my incomings items, there are now anchors on groups
links, so when you click on a group name to show or hide the list of
items related to it, you directly get on the page at the same place
(bug #2206).
* It's now possible to show followup comments in a quoted mode that
should copy/paste-friendly. This would allow users to quote each
others comments more easily.
Since it alters drastically the content of the followup comments,
it is only accessible via a submit button, it is not a general
setting (bug #2291).
It was imagined to apply also to the original content but it may
cause several issues I'd (yeupou--gna) prefer to avoid right now.
This feature should be considered as a draft, this topic is open
to constructive suggestions!
* It's now possible to vote for items. Each user can use 100 votes
(task #1407).
* Registration confirmation mentions the username (bug #2430).
[DATABASE STRUCTURE]
* The missing column "privacy_flags" was added to table
"user_groups" (bug #2771)
------------------------------------------------------------------------------
2005-07-01, Changes from 1.0.7 to 1.0.7-2:
[LIB]
* Fix a stupid typo causing sv_reminder to confuse CC: and Message
content when sending mails.
------------------------------------------------------------------------------
2005-06-30, Changes from 1.0.6 to 1.0.7:
[CONFIGURATION]
The configuration setting sys_top_dir has been replaced by
sys_www_top_dir.
While sys_top_dir was the path to the Savane package top directory,
sys_www_top_dir is the path to the www frontend. Which means in most
case sys_www_top_dir = sys_top_dir/frontend/php.
This change has been made necessary for packaging purpose where there's
no longer any relevant "top directory".
It means that you have to recreate/update your configuration file
using sv_update_conf.
[OVERALL]
The purpose of this release is to switch to encoding UTF-8.
Why doing that? Simply to avoid clashes when users are writing
different languages that require encoding different from the
usual iso 8859-15 (bug #2251, bug #2257, bug #2307, bug #2440).
This implies:
- update of site specific content to UTF-8
- update of the database content to UTF-8
Every aspects of the upgrade process are, supposedly, covered by
the README file in update/1.0.7
Read carefully this file.
Even if you do not expect your users to speak anything apart iso
8859-15 encoded language, you are strongly encourage to perform the
upgrade, since future releases will anyway be fully in UTF-8.
[FRONTEND]
* During the project registration, no group type is selected by
default any longer. Users are now asked to select a group type.
This change was wanted by GNU Savannah in order to avoid having
plenty of groups selecting GNU Type just because it was the
default (bug #2289).
* CC-list is now show after item dependancies, in item details
(bug #2169).
* Visually mention users role related to an item: latest comment
of the assignee is highlighted, show specifics icons for each comment
depending on the fact that the comment author is member or admin of
the project (bug #2170).
* Cleanups of the default query reports. Among several changes, note
that the "bug id" form has been removed. It was added as workaround
back in the days when search forms where unable to find items given
their number. This is no longer true and since it would require
non-trivial change to have this form item behaving cleverly
(for instance being able to find more than one item at a time), it is
best to recommend usage of the search feature, when people are looking
for an item given their number (bug #2194, bug #2195).
* Add default status value "Confirmed" for support and bug trackers.
* Properly guess archives name with numeric characters (perl
frontend).
* New page that list GPG keys registered in the group keyring, if any,
and that allows to download this keyring.
[BACKEND]
* Removal of admin/sv_registerx_discard.pl (bug #2230).
* Fix a bug causing urls sent by sv_reminder to be broken if
$sys_url_topdir is different from "/" (bug #2516).
* sv_users now creates group gpg keyrings, if started with the option
--gpg-group-keyring
This option has not been heavily tested. We noticed some unexplained
yet failure, if you need to use this option, it could be useful in
cronjobs to add a another call to sv_users, but without this option,
first (task #1926).
* sv_gpgcheckfiles added, a script that could make GPG checks
on download area content. See --help for more details.
This script is provided as it is, has not been heavily tested
(task #1926).
[LIB]