rt-3.8.10

This release of RT contains important bugfixes. You can download it
from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig

SHA1 sums

98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7  rt-3.8.10.tar.gz
8e228df450d0cdc255e3db725b5bdf302771c75d  rt-3.8.10.tar.gz.sig

This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-1685,
CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and
CVE-2011-1690.

• Cleanups identified by perlcritic.
• Clear the system attribute cache to avoid 'sticky' attributes like
  the queue subject tag.
• Fix our signature escaping so we better match FCKEditor and don't
  misidentify signatures during processing.
• Add the ability to create BasedOn Custom Fields from intiialdata
• Provide a callback to affect the display format in admin pages
• Fix id prefixing on Custom Fields to be RTIR compatible
• Fix #16656 - Requestors with OwnTicket could show up in the owner list
  in other Queues.
• Don't attach the original multipart mail to notifications that already
  contain one part of it.
• Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our
  utf-8 encoded javascript.

rt-3.6.11

This is a security release of RT. It resolves CVE-2011-1686,
CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and CVE-2011-1690.

You can download it here:

http://download.bestpractical.com/pub/rt/release/rt-3.6.11.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.11.tar.gz.sig

SHA1 sums

5cd0143cae8f1400e8c82370f2626f9989b02673  rt-3.6.11.tar.gz
126daf79864c1a48ee743b43ff70c5cb4dda5141  rt-3.6.11.tar.gz.sig

rt-3.8.9

We are happy to announce that RT 3.8.9 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.9.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.9.tar.gz.sig

This release of RT contains 9 months of small improvements and bug fixes. It
includes a fix for the security issue announced here:

http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html

If you have previously installed RT-Extension-SaltedPasswords, it will
automatically disable itself after the upgrade. You may then safely
remove it from @Plugins.

Important upgrade notes:

In addition to the normal /opt/rt3/sbin/rt-setup-database upgrade step,
there are a few standalone upgrade scripts you should run. You can find
full details in the "UPGRADING" file in the distribution. Please review
'UPGRADING FROM 3.8.8 and earlier' and ensure you follow each of the
steps.

A list of changes is below.

-kevin

SHA1 sums

4dc78880220ccc8bf7b49b2c4efca0eeb3372133  rt-3.8.9.tar.gz
95dc126acaba7b5069f83bf042c31e6857e7397f  rt-3.8.9.tar.gz.sig

SECURITY

• Move to a SHA-256 based password hashing scheme
• Redirect users to their desired pages after login.
  This prevents possible back button attacks after a user logs out.
• Clone Scrip's TicketObj since we change the CurrentUser and it can leak
  information (Custom field values, etc)

INSTALLATION

• Fixes to the RH Layout in config.layout

ACCESS CONTROL

• New AdminCustomFieldValues right that allows user to add/remove CF values, but not edit the CF

CONFIGURATION

• Add ResolveDefaultUpdateType to choose between Comment or Correspond on Resolve
• When using Set($MailCommand, 'testfile') log all mail to the same tmpfile
• Add a callback to allow extensions to redirect a user to an external auth logout URL using RT's logout button. This ensures that the user's RT session is cleared
• Add SuppressAutoOpenOnUpdate preference

DOCUMENTATION

• Clean up README
• Update UPGRADING.mysql documentation for users of older mysql
• Flag that "Let this user be granted rights" means "Privileged"
• Fix rt-crontool examples to use a real Condition
• Undocument SenderMustExistInExternalDatabase since the code was never merged
• Better document SetOutgoingMailFrom
• Better document shrink_cgm_table.pl

DATABASE

• Add support for Postgres 9
• No longer record transactions for ACL Equivalence Groups
• Don't delete all RT MySQL ACLs before invoke GRANT
• Quote database name for GRANT on MySQL
• Insert extensions' schema and acl files as the DBA
• Fix searches for empty Attachments on Oracle

EMAIL

• Better handling of mail generated by Outlook
• When RT's SendmailCommand fails, record it in ticket history
• New GPG tests and bugfixes for corner cases
• use EmailOutputEncoding for Content-Type.charset
• Handle failures in MIME Encoding better
• Small bugfixes for text/html templates
• Fix MIME decoding on ticket subjects
• Remove stray colons and whitespace in the default Admin Comment template

USER INTERFACE

• Fix an infinite loop when using the 3.4-compat theme
• Fixes to CollectionList sorting
• css positioning tweaks for page menus
• Fixes for Bulk Update when users click 'Add More Files'
• Skip all watchers when offering to add CCs as Watchers
• Fix ahah.js to handle more than one CF 'Include page' link
• Ensure that Nobody is always at the front of the Select Owner list
• Link Basics in SelfService to the Update page
• Fix toggling js to only run once
• Ensure signatures are included in Jumbo edits
• Better identify (in the UI) a misconfigured GPG setup
• GPG key management UI updates
• Add classes/ids to the Custom Field Editing pages
• CSS Fixes for preferences widgets
• Fix truncated top values on Charts
• Wording and layout changes for the 'update password' widget
• Ensure that we keep Anchor tags on redirects
• Fix loading a new search on the Chart/Graph pages
• Change Attachment size label from Bytes to Megabytes
• Respect timezones in timestamps in /Approvals/
• Charset fixes for Ticket Attachment downloads
• Bar graph fixes for large numbers of bars
• Allow a callback on QuickCreate to pass a default Status
• Fix Approvals to make one search for approval tickets that distincts and orders them
• Link from Group Membership lists to User admin pages
• New callbacks (autohandler, default queue, aborting ticket updates, after requestor on create)
• Fix non-local local links and add t: syntax
• Editing Transaction custom fields now shows errors inline
• Use the ShowUser element more consistently across the UI

TOOLS

• Improvements to extract-message-catalog (translation tool)
• Let shrink_cgm_table and shrink_transactions display "percent complete"
• Added a simple script to naively generate a RTAddressRegexp
• Install rt-attributes-viewer originally shipped with 3.8.8
• bin/rt now searches for global configs in LOCAL_ETC_PATH also

OTHER BUG FIXES

• No longer refuse to start if you upgraded from a version of RT that allowed you to have invalid Scrips
• Handle broken Reminders links when users change their Organization
• Trim whitespace from CustomFieldValues consistently
• RFC2616 dates are always in UTC
• Scrips can no longer have an empty Condition, Action or Template
• make multi-value REST fields separated with commas ignore spaces
• Localize ENV changes under mod_perl
• Don't page group memberships for a User
• Skip disabled Queues when a Simple Search term matches a Queue Name
• Add TransactionObj to CreateTickets templates to match the docs
• Fix the use of Tickets_Local.pm in rt-email-dashboards and rt-crontool
• Escape more characters in graphviz output
• Fix message when you fail to delete a saved search to tell you Permission Denied
• Include Rules with Scrips when previewing recipients
• Ensure that distribution upgrades that break Scalar::Util show up in apache logs
• Fix warnings on empty Collection List headers
• Log errors from safe_run_child
• Refuse to run if webmux.pl and RT.pm are mismatched
• Actually log the error that caused "Can't load a principal for id #"
• Switch to using $Approver->Name in templates since an AdminCc can approve
• Allow fastcgi_server to specify a port
• Guard against SavedSearches with no content
• Ensure our output is always flagged as utf-8
• Allow queries like "Priority > -2"
• Fixes to Private/Public key methods
• Return 'set private key' from SetPrivateKey, not 'unset private key'
• Protect STDOUT under mod_perl - among other things, this fixes Scrips that use system()
• Fix forwarding of messages without a top level textual part

rt-3.8.7

We are happy to announce that RT 3.8.7 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.7.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.7.tar.gz.sig

SHA1 sums

9de5860c5c58d40c5f6914cdde807ecc66a68f20  rt-3.8.7.tar.gz
3088fb66f6ecbf57f04cd5aba3684645406c120f  rt-3.8.7.tar.gz.sig

This is primarily a bugfix release of RT.
Some important fixes are listed here:

• Stop old DateTime or DateTime::Locales from exploding in Preferences
• Move all JS for hierarchical CFs onto derivative field; remove DerivativeCFs method
  Fix bug on Oracle when selecting against a CLOB
• Call the method on the object, not the username string (Reported by Philip Shore)
  Fix error when using WebExternalAuth and setting user info
• When using WebExternalAuth don't issue a new session cookie on each request
  Fix lost attachments when using WebExternalAuth. WebExternalAuthContinuous can be set back to 1
• Mention missing index that was only added to upgrade scripts
• fixes for PlainTextMono config option introduced in 3.8.6
• fixes for updating charts and dashboards
• delete links from Bulk Update

A more complete commit list is available below

-kevin

BUGFIXES AND CLEANUPS

• We want to capture the results
  When Bulk Updating, indicate that a comment or correspondence has been recorded
• adjust test level so failures reported in the right place
• clean cought emails on END
• move standalone related code into start_standalone_server
• Fix URL used for CF of type autocomplete.
• Remove dated comment
• * show_customize -> ShowCustomize
• detect browser lang in LocalizedDateTime in Date.pm too
• in error message we were using static value, when it's dynamic
• refactor StripContent: make it return empty string as long as the content does not have any real data, i.e. \S but without
  and  
• remove needless lines
• url path fix in /Admin/Elements/ToolTabs
• update Query str in Tabs in Chart.html
• do not show the old saved search in /Search/Build.html if one loaded a saved search in /Search/Chart.html
• use $ARGS{Query} instead of $Query because we may change $ARGS{Query} later in /Search/Chart.html
• my %o = keys %$changes; is indeed wrong
• refactor a little
• make sure $PrimaryGroupBy is not undef in /Search/Elements/Chart
• more saved chart search tests
• only when SaveSearchLoad, we can update Query,ChartType,PrimaryGroupBy,etc.
• we should save all the info when SavedSearchSave, not just Query
• test PrimaryGroupBy and ChartStyle too in saved_search_chart.t
• clean a bit: file input's value attr is useless
• show Update botton when a dashboard contains deleted searches
• tiny typo fix
• DisplayName is translated string
• better way to compare pane in @panes and @deleted in /Dashboards/Queries.html
• use get_ok() so we do not need to test the status stuff for new added tests
• erase the leading space in FormatType
• tweak BulkLinks a bit
• remove misleading comment
• remove "use bytes;" in CreateTickets
• Perltidy
• Only set time values on clone if they are non-zero
• check $container to see if $ARGS{'SavedSearchLoad'} can be loaded
• we can't use @actions to store query's parse results: we should use another variable to do this
• Feed ticket information to MakeClicky when we're clicky-fying attachments
  • Thanks to Salih Goenuellue at SWITCH
• Pluck Ticket and Transaction out of %args sooner
• Use spaces for indentation not tabs
• More cleanup
• Clean up some double-negative logic
• Tidy
• Fix warning message
• sort of typo, ContentType was passed twice
• Fix Postgres ACL script to work with usernames that need quoting
  (inspired by patch to RTFM)
• Skip the richtext editor for android and iphone devices
• we shouldn't escape selected="selected"
• We should be using the same index on 4.0 and 4.1+
  Originally added in 5c5dec3
• Fix URL thanks to Jason A. Smith [rt3.fsck.com #14000]
• there is no div around rtname anymore
• Code indent
• Remove a double negative to clarify logic slightly
• Don't include these files in tarballs
  (cherry picked from commit 6dfb39e)
• add monospace font to .plain-text-white-space: .mono is merged to it
• use err_headers_out instead of headers_out
• RT was accidentally injecting too many newlines when rendering plaintext messages without

  .

• Stop people with old DateTime or DateTime::Locales from exploding in Preferences
• Move all JS for hierarchical CFs onto derivative field; remove DerivativeCFs method
• Call the method on the object, not the username string (Reported by Philip Shore)
• When using WebExternalAuth don't issue a new session cookie on each request
• Mention missing index that was only added to upgrade scripts

DOCUMENTATION

• Fixes rt3.fsck.com#13490 - confusing instructions for the mysql 4.1->5 upgrade commands

  Also fixes Debian Bug #550278
  Thanks to Marcus Better.

• comment one confusing code

• Slightly more clear --all explanation for rt-email-dashboards

• Fix perldoc for Queue object

  • remove =testing that make perldoc stop just after it
  • add description like other RT objects

• Fix shredder documentation typo

• Documentation tweaks for new OutgoingMailFrom config

• Add doc about @Plugins configuration variable.

• We only have this index in the schema and upgrade scripts for mysql and oracle
  (cherry picked from commit 4f0d3e6)

FEATURES

• Add a MassageDashboards callback for the dashboard homepage

• Callback for massaging the dashboard tabs on the homepage and dashboards

• refactor validation of transactions CFs on ticket update

• Add a systemwide plugin directory at the request of the Debian RT maintainers

• Fold hardcoded SelfService search format into a config option

• make people can update saved chart search easily

• we should try to decode uploaded template for offline

• append plugin lib path to @inc if local lib path is not in @inc: see also ticket #13944

• implement "Current Links" section in bulk update

• If there is no ticket for outgoing mail, check a new configuration option for the From address

• Document the Default key

• Add CustomFieldValuesAsString method

  If you are using a multiple value custom field, FirstCustomFieldValue
  doesn't help because you actually want all the values. This is a simple
  wrapper function to save you writing the map.

• Add ability to skip QuickCreate ticket creation in the Initial callback
  (consistent with Ticket/Create.html and SelfService/Create.html)

• allow to change page title via callback on Create

• another place where title is used on Create

• pass QueueObj into callback, we already loaded object

• add simple search on Admin/Queues page

• a callback in Elements/Logout

• $SendTo argument in SimpleSearch widget

TESTS

• tiny url fix: we do not need 2 leading /
• Avoid redefine warnings
• Ignore t/tmp/
• Begin a new test file for testing dashboard permissions
• Refactor run_mailgate into run_and_capture
• add t/web/offline_messages_utf8.t
• minor changes in t/
• refactor tests: new tmp dir, Cfg->Set updates file and more
  • new central tmp dir under t/tmp
  • tmp dir is not deleted on failures
  • centrall %tmp hash in RT::Test to hold names
    of files
  • set_config_wrapper that wraps RT->Config->Set calls and
    append changes into the test config file, so we can
    catch them in UI by restarting server
• added t/web/ticket_update_without_content.t
• add t/web/saved_search_chart.t
• add t/web/command_line_with_unknown_field
• add t/web/offline_utf8.t
• add t/web/dashboard_with_deleted_saved_search.t
• added t/web/search_bulk_update_links.t
• add t/web/saved_search_permissions.t
• Split on the same string we actually join on
• refactor catching mails in tests

TRANSLATION

• fixed a typo in fr.po. thanks, JeanBenoit++
• [fsck.com #14092] Fixes a typo in the Norwegian Bokmal translation
• Danish translation fix from jonasbn. [fsck.com #14132]
• missing localization

rt-3.6.10

This is a security release of RT.
It includes a fix for the session fixation vulnerability detailed in the following announcements:
http://blog.bestpractical.com/2009/11/session-fixation-vulnerability.html
http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html

You can download it here:

http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.10.tar.gz.sig

SHA1 sums

145124d3ce7dcae76a935f9ce373825ca5fb6e7d  rt-3.6.10.tar.gz
4322f23057c14296ece60dc9f8e242ba5ea2a155  rt-3.6.10.tar.gz.sig

A complete list of changes since 3.6.9 is included below.

-kevin

commit 81f0759
Author: Alex Vandiver [email protected]
Date: Wed Sep 30 17:07:24 2009 -0400

Remove references to .svn

commit e28bfab
Author: Alex Vandiver [email protected]
Date: Wed Sep 30 17:08:29 2009 -0400

Remove old and incorrect releng.cnf

commit e82d5f9
Author: Alex Vandiver [email protected]
Date: Tue Oct 6 14:18:44 2009 -0400

Use spaces instead of tabs in commands, otherwise copy-and-paste in the terminal can fail

commit b157bae
Author: Alex Vandiver [email protected]
Date: Tue Oct 6 14:27:26 2009 -0400

Add .gitignore from 3.8-trunk

commit a8f7dcc
Author: Kevin Falcone [email protected]
Date: Mon Nov 30 13:45:26 2009 -0500

Apply patch for session fixation vulnerability (CVE-2009-3585)

rt-3.8.4

We are happy to announce that RT 3.8.4 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz.sig

SHA1 sums

c786eb78dd6c8374da3bc0dd10414e040d69864f  rt-3.8.4.tar.gz
7af1be26513b2b26390a456a3360e5cda7d63008  rt-3.8.4.tar.gz.sig

This is primarily a bugfix and security release of RT.

The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all previous 3.8
releases, the "ShowConfigTab" right unintentionally enabled this.

A more complete list of bugs and features can be found below.
Please note that there is a change to database content in this
release, see UPGRADING for more.

-kevin

FEATURES

• Clean up NotifyGroup action
  • obsolete old storable format in NotifyGroup action
  • add support for group name, user name, user's email address
    and just an email address in NotifyGroup action.
    This will make easier to use it in crontool
  • add upgrade script for RT 3.8.4
  • use new format and obsolete old format, we have upgrade script
    for conversion
• add support to rt-crontool for --template argument that allows
  you to specify the name of a template. Template overridings will
  work for names. Hide --template-id from help, but don't disable it.
• use RT::Plugin in RT->PluginDirs, so we can override only one place in our tests

FIXES AND CLEANUPS

• Force some widgets to fit at max parent box.
• Use true arrow (html entities) in button for SelectionBox Widget
  (closes: #13481).
• Add ability to change graph groupby and type once the graph is displayed.
  (closes: #13479)
• Add a link in search tickets tab to jump easily to Chart when a query exist.
• Be more consistent in Create/Save Changes buttons across objects.
• Be more consistent in Select/New links (most don't list the object name so
  do this everywhere).
• Fix overlapping of password file by login button on login page (closes: #13496).
• Show difference in Dashboard queries between saved searches and graphs (like in
  RT at a glance pref) (closes: #13497).
• Don't show empty value in ticket edit basics queue dropdown, as a ticket must
  be in a queue.
• in RT::Plugin->Path don't add trailing slash when requested
  subdir is not defined or empty
• Typo in IsCc|IsAdminCc documentations.
• Don't show "deleted" status in cerate ticket page as it doesn't make sense to
  create deleted tickets... (closes: #13500).
• use GET for firefox2 in ahah (fixes Bookmarks on FF2)
• allow the creation of tickets in disabled Queues
  This is how Approvals work
• Factor out the quickbar-personal div into its own template
• fix failing tests caused by wording changes
• Avoid undef warning if this is the first time a dashboard has been sent
• Pull out the value of Counter only once
• perl.org is a better canonical URL for Perl than .com (in README)
• pass more context into callbacks when editing custom fields
• localize custom field name on edit
• Don't update watcher in queue watcher edit page when we search for people and
  one or more current watchers are selected (closes: #13425).
• Require SuperUser for editing global RT at a Glance
• Add a ReadOnly mode for SelectionBox widgets
• Show the RT at a Glance selection boxes as ReadOnly if there's no
  permission to edit them

rt-3.6.8

We are happy to announce that RT 3.6.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz.sig

SHA1 sums

c7b4fac30b5b91a1c7f64bc05ecf63f40aaec50d  rt-3.6.8.tar.gz
cb80cca50254127362a8ff8d9af71ff66881f300  rt-3.6.8.tar.gz.sig

This is a bugfix and security release of RT.

The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all versions since
3.6.2, the "ShowConfigTab" right unintentionally enabled this.

A more complete list of fixes can be found below.

-kevin

FIXES AND CLEANUPS

• Updated italian translation from Nicola Murino
• validate CFs in SelfService
• Fix: On comment/correspond, attached files are not recorded if comment/response
  content is empty.
• add HasAttribute and HasNoAttribute to the tisql
• Allow only SuperUser to edit RT at a Glance
• copyright updates

rt-3.8.3

We are happy to announce that RT 3.8.3 is now available.

You can download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.8.3.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.3.tar.gz.sig

SHA1 sums

6fe0187408104e9a5a9f0832f1f11ed24b6df10a  rt-3.8.3.tar.gz
e87623b4a958b13d5ce1474ca6d8d4024fa13920  rt-3.8.3.tar.gz.sig

A longer changelog is available at the bottom of this announcement.
Some highlighted changes include:

• Bug fixes for IE support with the RichText editor
• Improvements in parsing and validating gpg-signed messages
• Improved config loading, errors and improved messages
  about where Config overrides originated.
• Fix for rewriting Ticket subjects when using Queue Subject tags
• Fixes to searching for NULL Custom Fields
• New User level config options for HomePage and Search Result Refresh
• Multiple new callbacks
• Updated Scrip descriptions to mention that a Notify All includes
  the Owner
• Dashboard improvements, including the ability to nest Dashboards,
  new access links for dashboards, callbacks and a new Mon-Fri
  subscription

Changelog for RT 3.8.3, generated 2009-05-27T19:42:52

FIXES AND CLEANUPS

• Indent cleanup.
• doc updates for mysql upgrades from jmoseley
• Tell explicitely that $DayBeforeMonth is only for parsing, not for displaying
  dates.
• Remove blank Values since the magic field will take care of this. Sometimes
  the browser gives you a blank value which causes CFs to be processed twice
  Thanks to Philip Kime
• better support situations when CF's LookupType is not complex,
  for example 'RT::Queue'. Thanks to Philip Kime and Emmanuel Lacour
• Factor out a ShowParents template
• Show the correct side of the link
• RT/Config.pm
  minor pod changes
  delete empty functions
• store extension name in META{Option}{Source}{Extension}
  instead of boolean value
• Fix incorrect Queue->SetDisabled introduced in r17674.
• Don't leave attachments in session after ProcessUpdateMessage to remove them
  from WebUI for next update.
• Formatting cleanup (thanks to Richard Hartmann, closes: #12457)
• Fix WebFallbackToInternalAuth (thanks to David Chandek-Stark, closes: #12478)
• RT::Test sets ENV{RT_SITE_CONFIG} to a tempfile that doesn't
  look like SiteConfig.pm so we need to force _LoadConfig to
  treat it as a SiteConfig, otherwise it won't let you override
  DatabaseName or MailCommand and running tests will drop your
  real database.
• use a little bit proper fix for site config thing
• Reduce list of owners from SelectOwner in Search to queues the current user can
  see (or see tickets in).
• Reduce the list of owners from SelectOwner in bulk update to queues where
  current user can create or modify tickets.
• update ru.po
  reuse some loc strings that we have already
• Revert commits that tried to fix the count of Owners displayed in Build.html/Bulk.html as it needs more discuss.
• in RT we use [_1] instead of %1
• use WebPath when invoking the Autocompleter
• upgrade scriptaculous from 1.8.0 to 1.8.2
  upgrade prototype from 1.6.0 to 1.6.0.3
  mainly bugfixes and browser compatibility nits
• local modification to avoid browser jumping when you try to use
  the keyboard to move up and down in an autocompleted list
• fix reporting by owner, created by and last updated by
• tiny html fix: an extra in Dashboards/Queries.html
• make words consistent in Install pages
• handle mails with nested inline signatures in old-style gpg format
• Correct test count for gnupg-reverification
• Rename schema.mysql to schema.mysql-4.0 to avoid confusion without reading
  Handle.pm (closes: #12665)
• Use friendly name for customfields in title of chart page (closes: #13144).
• add tests for validator
• schema.mysql was renamed
• use RT->Config instead of direct option variable access
• {Add,Del}Watcher references principals as a group can be added as watchers
• fix checking and recovering CGMs
• Grammar nit
• RT-Ticket: 13047
  Hide transaction custom fields from users who can't edit them
• quiet test warnings
• if you say JOIN you need to say ON or Pg will bail
• RT-Ticket: 13174
  There's a small typo in RT::Interface::Email that causes emails to be sent to
  the first To address only, ignoring the other recipients such as Cc.
  Requestors: [email protected]
• When we open a div, we should close a div, not a span
• Comboboxes weren't rendering properly on IE7. This appears to fix it
• LoadByValues returns detailed message on errors
• don't check right in GrantRight as ACE->Create does better job
• Pg 8.3 requires explicit casting of date types to text
  for substring and other functions
• Don't rewrite sub language name in preference if the variant is already
  enclosed by parenthesis.
• post check only when we're not in install mode
• localize $@ as we don't rethrow it
• on some systems gpg --version exits with code 2 even when it's 100% functional
• don't detect and decrypt blocks which contains GPG header
  in the middle of a string instead of the beginning
• use a local function to render attachments
  make difference between large text and not text
  show additional information when displaying named texts is disabled
  loc strings have been changed
• fix verifying of old style signed attachments: we must decode bodies first
• do better job at detecting attachments with signatures for them in another MIME part
• if we load all attachments then update %ARGS as we pass it through
• don't show GPG status for top most record, we'll handle it per attachment
• store status on the message by default on decrypt/verify and only on related parts
• we have status on all parts
• show gpg status per attachment
• adjust tests
• there is no $Config but RT->Config
• move WebDomain and WebPort above WebPath, these
  three are only options you usually need to setup paths
  calculate scheme in WebBaseURL using WebPort value
  don't add port to WebBaseURL if it's standard
• fix debug message
• add new option --skip-user
  use over/item/back for options in pod so usage actually outputs them
• Removed doc for a nonexistent option in testdeps
• RT-Ticket: 13125
  exit with positive code on errors, not all errors are handled,
  but this is beginning
• update es.po, thanks to Margarita Manterola
• not sure why, but on some systems without explicit status change mason doesn't
  set status to 302, but 200 instead and people see blank pages
• Set a default text color (closes: #13197)
• Add a test for the "On Reject" scrip condition (closes: #13181)
• add a bunch of tests, searches by CFs
• LoadByNameAndQueue should treat numbers the same way other methods do
• treat number specially in _CustomFieldDecipher, the way we treat it other places around
• wrap things we usually do with operations into a method
• fix searches by CFs
• Give verbose output when --debug is specified
• Log::Dispatch 2.22 began implicitly requiring Sys::Syslog 0.16
  If you're installing on a RH box, you probably only have Sys::Syslog 0.13
• Take care of RT-Attach-Message value so we don't add attachments if the value
  is "no" for example (closes: #13259).
  Thanks to Paul Vlaar.
• Add checks for user email address syntax, and cover bad syntaxes by tests
  (closes: #12726).
  Reported by Richard Hartmann.
• Don't assume that people were using "yes" for RT-Attach-Message until now,
  rather don't attach if it's set to n|no|0|off|false.
• Make syntax check of user email addresses configurable with a default of "no"
  to avoid breaking existing setups.
• Fix test so it uses our new 'ValidateUserEmailAddresses' option.
• make ExtractSubjectTag.pm aware of queue Subject Tags so it doesn't
  assume a Queue Subject Tag is a remote RT's subject tag
• Localize system groups
• Make approval passed rule close other approvals in the same level.
• remove an obsolete comment
• Test ticket creation with REST using non ascii subject.
• return 0 in a bunch of places so we exit with 0 rather than
  having warnings when we exit(undef)
• return 0 rather than undef to signal succesful completion
  to avoid warnings about calling exit(undef)
• clean up a warning when you have empty OCFVs
• use tmp dir as mason data_dir in rt-email-dashboards
• notify action with argument equal to 'All' sends notifications
  to owner as well, let's clear descriptions
• Linkify the dashboard portlet header
• Mason whines about getting an object argument; it won't stringify
• Set default DBA based on databvase type
• fix UseSQLForACLChecks: if user is direct watcher of a queue,
  however right is granted to global role then he didn't get that
  permission there is no global watchers, only queues and tickes, if at
  some point we will add global roles then it's gonna blow
  the idea here is that if the right is set globaly for a role
  and user plays this role for a queue directly not a ticket
  then we have to check in advance
• better recovery for corrupt owner groups on ticket owner change
• minor bin/rt doc fixes
• check ordering of custom fields
• we should not only check cache indicator, but also update it :)
• revert plural/single forms magic for rights, it's too unstable for 3.8
• Remove now-unneeded dependency on Lingua::EN::Inflect::Number
• cfs -> custom fields
• Make the path of the homepage index.html
• Factor out ListOfDashboards
• Add a callback for munging the list of dashboards
• Limit to seven dashboards
• Use the localized More instead of more
• Surround dashboard names with quotes
• Add a tab to go back to the homepage
• Factor out building a list of dashboard tabs
• Pass along $actions in Tools/Elements/Tabs
• Display other dashboards as tabs, basics/queries/subscription as actions
• Use the old interface for tempdir
• clean a bit
• t/shredder/utils.pl
• Fixing mistaken siteconfig commit, adding example of second item in list
• Fix failing dashboard tests
• Quieting an uninitialized warning
• Remove duplicate dependency in same group.
• error message typo fix
• Remove the quotes from dashboa...