From 60f3ef4697a11662f493cae5674be6a1d228ca81 Mon Sep 17 00:00:00 2001
From: Tibor Simko <tibor.simko@cern.ch>
Date: Thu, 21 May 2015 17:39:03 +0200
Subject: [PATCH] Invenio v1.2.1

Signed-off-by: Tibor Simko <tibor.simko@cern.ch>
---
 INSTALL       | 30 +++++++++++-----------
 NEWS          | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++
 RELEASE-NOTES | 54 +++++++++++++++++++++++++++++++---------
 3 files changed, 126 insertions(+), 27 deletions(-)

diff --git a/INSTALL b/INSTALL
index 4ed9b4e700..f1ad87d6ea 100644
--- a/INSTALL
+++ b/INSTALL
@@ -5,7 +5,7 @@ About
 =====
 
 This document specifies how to build, customize, and install Invenio
-v1.2.0 for the first time.  See RELEASE-NOTES if you are upgrading
+v1.2.1 for the first time.  See RELEASE-NOTES if you are upgrading
 from a previous Invenio release.
 
 Contents
@@ -301,13 +301,13 @@ Contents
 ----------------
 
       $ cd $HOME/src/
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz.md5
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz.sig
-      $ md5sum -c invenio-1.2.0.tar.gz.md5
-      $ gpg --verify invenio-1.2.0.tar.gz.sig invenio-1.2.0.tar.gz
-      $ tar xvfz invenio-1.2.0.tar.gz
-      $ cd invenio-1.2.0
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz.md5
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz.sig
+      $ md5sum -c invenio-1.2.1.tar.gz.md5
+      $ gpg --verify invenio-1.2.1.tar.gz.sig invenio-1.2.1.tar.gz
+      $ tar xvfz invenio-1.2.1.tar.gz
+      $ cd invenio-1.2.1
       $ ./configure
       $ make
       $ make install
@@ -355,19 +355,19 @@ Contents
           sources.  (The built files will be installed into different
           "target" directories later.)
 
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz.md5
-      $ wget http://invenio-software.org/download/invenio-1.2.0.tar.gz.sig
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz.md5
+      $ wget http://invenio-software.org/download/invenio-1.2.1.tar.gz.sig
 
           Fetch Invenio source tarball from the distribution server,
           together with MD5 checksum and GnuPG cryptographic signature
           files useful for verifying the integrity of the tarball.
 
-      $ md5sum -c invenio-1.2.0.tar.gz.md5
+      $ md5sum -c invenio-1.2.1.tar.gz.md5
 
           Verify MD5 checksum.
 
-      $ gpg --verify invenio-1.2.0.tar.gz.sig invenio-1.2.0.tar.gz
+      $ gpg --verify invenio-1.2.1.tar.gz.sig invenio-1.2.1.tar.gz
 
           Verify GnuPG cryptographic signature.  Note that you may
           first have to import my public key into your keyring, if you
@@ -379,11 +379,11 @@ Contents
           warning that may follow after the signature has been
           successfully verified.
 
-      $ tar xvfz invenio-1.2.0.tar.gz
+      $ tar xvfz invenio-1.2.1.tar.gz
 
           Untar the distribution tarball.
 
-      $ cd invenio-1.2.0
+      $ cd invenio-1.2.1
 
           Go to the source directory.
 
diff --git a/NEWS b/NEWS
index 65782857b8..1b726649b2 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,75 @@ releases.  For more information about the current release, please
 consult RELEASE-NOTES.  For more information about changes, please
 consult ChangeLog.
 
+Invenio v1.2.1 -- released 2015-05-21
+-------------------------------------
+
+Security fixes
+~~~~~~~~~~~~~~
+
++ BibAuthorID:
+
+  - Improves URL redirecting by properly quoting all URL parts, in
+    order to better protect against possible XSS attacks.
+
++ WebStyle:
+
+  - Adds back the `HttpOnly` cookie attribute in order to better
+    protect against potential XSS vulnerabilities.  (#3064)
+
+Improved features
+~~~~~~~~~~~~~~~~~
+
++ installation:
+
+  - Apache virtual environments are now created with appropriate
+    `WSGIDaemonProcess` user value, taken from the configuration
+    variable `CFG_BIBSCHED_PROCESS_USER`, provided it is set.  This
+    change makes it easier to run Invenio under non-Apache user
+    identity.
+
+  - Apache virtual environments are now created with appropriate
+    `WSGIPythonHome` directive so that it would be easier to run
+    Invenio from within Python virtual environments.
+
+Bug fixes
+~~~~~~~~~
+
++ BibDocFile:
+
+  - Safer upgrade recipe for migrations from the old document storage
+    model (used in v1.1) to the new document storage model (used in
+    v1.2).
+
++ WebSearch:
+
+  - Removes special behaviour of the "subject" index that was hard-
+    coded based on the index name.  Installations should rather
+    specify wanted behaviour by means of configurable tokeniser
+    instead.
+
+  - Collection names containing slashes are now supported again.
+    However we recommend not to use slashes in collection names; if
+    slashes were wanted for aesthetic reasons, they can be added in
+    visible collection translations.  (#2902)
+
++ global:
+
+  - Replaces `invenio-demo.cern.ch` by `demo.invenio-software.org`
+    which is the new canonical URL of the demo site.  (#2867)
+
++ installation:
+
+  - Releases constraint on using an old version of `h5py` that was
+    anyway no longer available on PyPI.
+
++ testutils:
+
+  - Switches off SSL verification when running the test suite.  Useful
+    for Python-2.7.9 where self-signed SSL certificates (that are
+    usually used on development installations) would cause apparent
+    test failures.  (#2868)
+
 Invenio v1.1.6 -- released 2015-05-21
 -------------------------------------
 
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 93cc7042f4..2fd074b30f 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -1,8 +1,8 @@
 ============================
- Invenio v1.1.6 is released
+ Invenio v1.2.1 is released
 ============================
 
-Invenio v1.1.6 was released on May 21, 2015.
+Invenio v1.2.1 was released on May 21, 2015.
 
 About
 -----
@@ -10,12 +10,17 @@ About
 Invenio is a digital library framework enabling you to build your own
 digital library or document repository on the web.
 
-This old stable release update is recommended to all Invenio sites
-using v1.1.5 or previous releases.
+This stable release update is recommended to all Invenio sites using
+v1.2.0 or previous releases.
 
 Security fixes
 --------------
 
++ BibAuthorID:
+
+  - Improves URL redirecting by properly quoting all URL parts, in
+    order to better protect against possible XSS attacks.
+
 + WebStyle:
 
   - Adds back the `HttpOnly` cookie attribute in order to better
@@ -39,11 +44,34 @@ Improved features
 Bug fixes
 ---------
 
++ BibDocFile:
+
+  - Safer upgrade recipe for migrations from the old document storage
+    model (used in v1.1) to the new document storage model (used in
+    v1.2).
+
++ WebSearch:
+
+  - Removes special behaviour of the "subject" index that was hard-
+    coded based on the index name.  Installations should rather
+    specify wanted behaviour by means of configurable tokeniser
+    instead.
+
+  - Collection names containing slashes are now supported again.
+    However we recommend not to use slashes in collection names; if
+    slashes were wanted for aesthetic reasons, they can be added in
+    visible collection translations.  (#2902)
+
 + global:
 
   - Replaces `invenio-demo.cern.ch` by `demo.invenio-software.org`
     which is the new canonical URL of the demo site.  (#2867)
 
++ installation:
+
+  - Releases constraint on using an old version of `h5py` that was
+    anyway no longer available on PyPI.
+
 + testutils:
 
   - Switches off SSL verification when running the test suite.  Useful
@@ -54,9 +82,9 @@ Bug fixes
 Download
 --------
 
-- http://invenio-software.org/download/invenio-1.1.6.tar.gz
-- http://invenio-software.org/download/invenio-1.1.6.tar.gz.md5
-- http://invenio-software.org/download/invenio-1.1.6.tar.gz.sig
+- http://invenio-software.org/download/invenio-1.2.1.tar.gz
+- http://invenio-software.org/download/invenio-1.2.1.tar.gz.md5
+- http://invenio-software.org/download/invenio-1.2.1.tar.gz.sig
 
 Installation
 ------------
@@ -72,8 +100,8 @@ a) Stop your bibsched queue and your Apache server.
 
 b) Install the update::
 
-     $ tar xvfz invenio-1.1.6.tar.gz
-     $ cd invenio-1.1.6
+     $ tar xvfz invenio-1.2.1.tar.gz
+     $ cd invenio-1.2.1
      $ sudo rsync -a /opt/invenio/etc/ /opt/invenio/etc.OLD/
      $ sh /opt/invenio/etc/build/config.nice
      $ make
@@ -86,9 +114,11 @@ b) Install the update::
      $ sudo -u www-data /opt/invenio/bin/inveniocfg --upgrade
 
      (1) If you are upgrading from previous stable release series
-         (v0.99 or v1.0), please don't run this rsync command but
-         diff, in order to inspect changes and adapt your old
-         configuration to the new Invenio v1.1 release series.
+         (v0.99, v1.0 or v1.1), please don't run this rsync command
+         but diff, in order to inspect changes and adapt your old
+         configuration to the new Invenio v1.2 release series.  For
+         more information you may also want to consult release notes
+         coming with Invenio v1.2.0.
 
 c) Restart your Apache server and your bibsched queue.