newsSavane - News: Release 1.0.5: new features, bugfixes, cosmetics

Show feedback again
Latest News
Security fix: scp restricted shell bypass posted by beuc, Thu Feb 2 22:02:09 2017 - 0 replies
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed Dec 2 22:24:18 2009 - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon Dec 4 09:38:30 2006 - 2 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue Oct 3 08:06:29 2006 - 2 replies
We need packagers! posted by yeupou, Tue Sep 19 18:09:45 2006 - 2 replies
[Submit News]
[23 news in archive]

Release 1.0.5: new features, bugfixes, cosmetics

Item posted by Mathieu Roy <yeupou> on Mon Nov 29 09:01:50 2004.

I'm glad to announce 1.0.5 release. Thanks a lot to everybody involved in this release, in particular Alberto Aimar (CERN), Yves Perrin (CERN) and Michael Casadevall.

The release tracking has been made with the task #813

Obtaining it:

- GPG-signed tarball is available at <>
- It is downloadable via CVS, with the tag REL_1-0-5a

Installing it:

If you are running Savane < 1.0.5, you should run sql scripts included in savane/update/1.0.5, as described in savane/update/README.
These scripts will handle the trivial changes on the database needed.

Also, take care to the section [SITE SPECIFIC CONTENT] of the
ChangeLog below, it will tells you which files should be added in your site specific content directory.

Otherwise, just follow INSTALL, or INSTALL.verbose if it not enough. If you encounter undocumented troubles, please fill a support request at <>

Reporting bugs:

Same place as usual, go at <>

Changes Overview :

Several changes (not all of them) are listed at <>

ChangeLog :

Most changes are listed below. Please, forgive us typos and approximative wording.


  • Add a missing slash in the latest link provided in

my/request_for_inclusion.txt, missing after the sys_https_url
(bug #1780).

  • Files in cvs/* have been merged into cvs/index.txt.


  • i18n updates.
  • Canned Responses can now be deleted (task #734)
  • Increase opacity of feedback error background color.
  • Remove the string homepage from the top panel link, showed when

no logo is configured. It was estimated confusing at CERN
(task #1330-CERN).

  • In "Set tracker notifications", talk about "Global List" and not

Carbon-Copy list when it is appropriate -- all notification list
are Carbon-Copy list, but only the Global one affect all item
categories (task #1319-CERN).

  • Fix a bug making impossible to users to publicly show their

resume (bug #1783).

  • Reorganize the form submission in account main page. This change

fix several trivial bugs related to account information update (bug
#1785, bug #1784).

  • Remove email address from projects memberlist. This info is stored

elsewhere; it saves us extra tests that would be needed to handle
the case where user explicitely asked to avoid showing their
address (bug #1791). I understand this change could be objected and
I'm willing to revert it if someone is convincing we should not make
that change and willing to handle in the code the specific case of
users that want their address hidden.

  • Do not scramble email addresses showed to authenticated users

(task #1002).

  • Fix a bug that was causing several request for inclusion to be

inserted in the database for the same user if this one was
reloading the page with his browser (bug #1779).

  • Add missing feedback when registration is rejected because of

invalid username (task #1320-CERN).

  • Inactive accounts cannot see their password being changed via the

lost password procedure. The rationale is to let inactive account
being trashed by the backend, avoiding manual admin interference
(bug #1781).

  • Fix xhtml compliance issue causing news item pages (showing one

specific item) to be rendered strangely, depending on the browsers
(task #1317-CERN).

  • Rearrange trackers mail notifications to improve lisibility

(feel free to make proposals).

  • Mention file attachment in the "Latest Changes" section of trackers

mail notifications (task #1322-CERN).

  • Search by ID (numbers) is now possible (task #1326-CERN).
  • Fix issue in the form allowing site-admin to change by brute force

to change user email info stored in the database (bug #1827).

  • Users can now configured in which order item comments are printed

(task #1328-CERN).

  • Cosmetics: highlight more clearly admins in the project memberlist.
  • Mention group type on project home page (task #1026), clean up the


  • Wording issue: in other setting of trackers administration, Bug

was mentioned without regard of the tracker actually configured
(bug #1838)

  • Item ID is now mandatory in query forms, with rank 0 (first to be

shown (bug #1840).

  • Allow aliases creation for mailing-list: if a project admin was

allowed to create a list already in the database, we assume group
type restriction was correctly set and that he righfully did it.
So we accept to add the list in the database but we consider it as
an alias: we tag its status to 5, which means that the backend will
consider the list as already existing.
This is useful on installation like at CERN where several projects
can share lists -- in some way, it allows you to attach a list to
your project even if you are not admin of the project (task #1025).

  • Warn project admin that hidding field values already used in items

of the tracker may creates problems. In the list of field values,
occurences of field values is now printed and highlighted in case
of problem, like hidden field value while occurences of this field
value were found in items posted on the tracker (task #1327-CERN).

  • Right to read private item is now manager on a member-basis. Note

that Project Admins are always allowed to read private items.
This change implied cosmetics changes in the "Set Permissions" page
(task #1331-CERN).

  • All trackers: "Status" is renamed into "Open/Closed", "Resolution"

into "Status". For more details, read the archives of savane-dev,
specifically mails posted the 2004-11-08.

  • Add two new meny entries: clean reload and printer version.

Clean reload permits users to reload a page without risk of reposting
data. The name of the second entry should be self-explanatory
(task #1027).

  • Add help ballons for menu links, whenever it seems useful.
  • Return the label of fields, not their database field_name, whenever

possible in the item history.

  • Smaller size for item history.
  • Improvement of item history lisibility: add => to explain how

changes happened, keep the same background color for all changes
made by the same person at the same time.

  • Fix date searches in trackers/browse page: > was previously

treated like >= and = was broken. Now > is strictly understood and =
is fixed (bug #802).

  • Disallow commas in users Real Name (more details at bug #851).
  • Do not try to update pending members permissions (bug #1850).
  • Fix typo causing item id to be missing in strings "tracker #nnn

is dependant" added to item history when a dependancy is created
(bug #1851).

  • Field value transitions are now effective at item submission

(task #1038).

  • Fixed a bug preventing download area url to be updated by project

admin even when this changes was allowed by group type configuration
(bug #1858).

  • Extended "other field update" on field value transition: every

other used select box field can now be updated automatically. But
Savane always respect user choices: automatic update will be
disregarded if the user fill out a specific value.
It required the introduction of the "Unknown" field value, shown
only at item initially submission, to differenciate what the user
fill and what is did not touched.
A drawback remains: on update, it is not possible to override an
automatic update of a field to let this field untouched.
(task #1039).

  • Show Status (aka Resolution) in all default query form, show

priorities in Advanced query form (task #1042).

  • Set Status (aka Resolution) as "project" scope, allowing project

admins to add new values.

  • Add "Need Info" default field value for Status.
  • Add several default field value for Platform Version (common OSes).
  • Percent complete is no longer required on task trackers by


  • Forms have now a unique id allowing to avoid duplicates post

in a very efficient way. It must be noted that form must be posted
within two days after their creation -after the exact moment when
the page with the form was opened (task #1049, task #1321-CERN).
The approach is: create form + insert unique id into db ->
(approve form + remove unique id) from if unique id exists into db.
This approach means that we'll not keep as many unique id as
form submitted but as many as forms started an cancelled. We can
expect the second to be smaller than the first.

  • Rename newprojectmail.php into triggercreation.php.
  • Set Default Active Feature for a given group, at approval,

according to Group Type "can use" setup (task #1045).

  • Trackers Private items exclude list allows to set a list of

address which should never receive private item email notifications.
It should be specifically useful to avoid public mailing-list to
relay private items content (task #561).

  • Project approval is done via the task tracker (task #147).
  • Canned responses no longer override user submitted comment
  • It is now possible to use multiple canned responses for one

comment on all trackers (task #1053).

  • Fix a typo that was creating garbage before http header when

searching by item id with a project query form (bug #1864).

  • Enhance site-news approval process (bug #1865).
  • Item reassignation no longer contains HTML, for the sake of

clean email notifications (bug #214).

  • Site admins are no longer allowed to changer their own user

rights on a project they are member of. It creates issues (flags
erroneously set). They should use admin interface instead or
end superuser session.

  • Dependencies search are now in "with at least one of the words"


  • It is now possible to "Digest Item", to get a list of item

ready to be printed in a more complete way than in a table (that
would be the usual way, using "Browse Items").
This is still very basic; depending on user input, improvements
will be done later (task #110).

  • Project can now be in "Maintenance" status, which means that only

site admins can modify/configure them (task #1061).

  • Mails notifications now include References and In-Reply-To

headers so mail clients and archives can show messages in threads.

  • It is now possible for projects admin to copy the configuration

of trackers of others projects they are member (not even admin) of
(task #137).

  • Make sure mails message are no larger than 78 characters.

(usual terminal case = 80 characters)

  • Remove calls to number_format() when printing the installation

statistics (users and groups registered) as it is plainly, by the
book, a US-centric way of printing information. It is possible to
mimic other languages number formatting but it does not respect
l10n already handled by gettext. So we drop it.

  • Fix labels for textarea field usage configuration (bug #1862).
  • Add Site Statistics.


  • sv_users and sv_groups no longer create by default two unix group

for each groups. The one with the "web" prefix is no longer created
by default. The option --webgroup allow to recover the previous

  • sv_users now ignore all unix accounts that were not created by the

backend. In other words, it ignores all accounts that do not belongs
primarily to the group svusers.

  • sv_cleaner now takes care of old form_id (two days old).
  • sv_cleaner now takes care of old sessions (one year old).
  • sv_cleaner now takes care of Deleted project: it deletes them

irremediably, making sv_register_discard deprecated.

  • sv_register_still_pending removed: no longer useful since project

registration is now managed by the task tracker.

  • sv_dead_projects is now focused on Savane items. It is not doable

to deal with any kind of installation (as services other than
savane could be on different servers). It is no longer supposed
to run as cronjob.


*-CERN items were posted on the savcern project at CERN LCG Savannah


Running with pam authentication (posted by Mathieu Roy, Mon Nov 29 15:08:23 2004)

To use pam authentication, you need to activate it in the configuration file and install pam_auth.

- Pam_auth can be found at

- You need php-devel libraries to compile it.

- You need to activate the install module, for instance with

echo "; Enable pam extension module
" > /etc/php.d/pam.ini

assuming that /etc/php.d is the directory used for extra modules (otherwise, add it in php.ini).

- You need to add a pam php configuration, like the following (that applies to AFS accounts)

echo "#%PAM-1.0
# php PAM configuration file for use with the
# pam_auth extension
# (
# authenticate against AFS user db and passwords
auth sufficient /lib/security/
# the account entry always returns success.
account sufficient /lib/security/
" > /etc/pam.d/php

[ Reply ]

Running with Apache 2 (posted by Mathieu Roy, Mon Nov 29 15:04:51 2004)

With apache 2, you need the following in your configuration:

(assuming it is installed on the www root)

<Location /projects>
SetOutputFilter PHP
SetInputFilter PHP
AcceptPathInfo on

<Location /users>
SetOutputFilter PHP
SetInputFilter PHP
AcceptPathInfo on

php_admin_flag register_globals On
php_admin_flag file_uploads On

[ Reply ]



Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup