pkgsrc changes:
- Add a LICENSE (isc, but there are also some third parties code used by entr
that are under a 2-clause-bsd)
- Do not disturb the provided configure script (that just copy the
Makefile.platform to Makefile) and just include the proper MAKE_FILE
depending on OPSYS. (thanks to jperkin@ and tnn@ for misc suggestions)
This will hopefully fix build problems for operating systems where entr
previously failed to build.
- Add a TEST_TARGET in order to run the unit test provided
- Delete patches/patch-Makefile.bsd, imported upstream
Changes:
== 3.4: December 12, 2015
- Terminate the child process before exiting when the reload option is combined
with the directory watch option
- Direct users to http://entrproject.org/limits.html if the maximum number of
open files is exceeded
== 3.3: October 23, 2015
- Substitute '/_' only with regular files when using the directory watch option
- Bugfix when tracking the first file to change
- Display release number along with usage
== 3.2: April 9, 2015
- Execute the utility immediately after registering watch events. Old behavior
is restored using new postpone option ('-p')
- Relocated 'reload-browser' to http://entrproject.org/scripts/reload-browser
- Drop FIFO support to further simply code and documentation. FIFO mode was
conceptually good, but EXEC mode is intelligent hand easily handles the vast
majority of use cases.
- Remove kFreeBSD as a target platform
== 3.1: March 4, 2015
- Return error code indicating exit reason after handling signals
- Restart mode sets process group to ensure that wrapper scripts do not prevent
signals from reaching child processes
- Removed DEBUG printf statements
== 3.0: December 19, 2014
- Man page highlights the flexibility of executing a commands using a shell
- 'reload-browser', a cross-platform script for reloading the current tab in
one or more browsers
- system_test.sh auto-upgrades to bash if the default shell does not support
the ERR trap
- Workaround implemented for Linux using fstat(2) to detect if a binary was
removed if inotify issues IN_ATTRIB but not IN_DELETE_SELF
- Use calloc(3) to take advantage of overflow detection
== 2.9: June 10, 2014
- RPM package by @funollet
- Moved alternate Makefiles to contrib/
- Trigger actions when a file is truncated on BSD
- Improved format of DEBUG messages
- Added missing extern for missing/fmemopen.c to avoid warning on MacOS 10.7+
- No longer register NOTE_EXTEND; this event is not always merged with
NOTE_WRITE on MacOS
- New directory-watch option ('-d'). In this mode a shell while-loop can be
used to track the addition of new files.
== 2.8: March 15, 2014
- Iteratively check for new file system events using a 1ms timeout after a file
has been renamed or removed in order to prevent the utility from being
executed before successive changes from a version control system have
completed.
- Regression tests are now system tests that depend on and use Vim and
Mercurial
- Timing on regression tests has been tightened to only support real hardware;
they are not expected to pass in emulated environments.
- More correctly identify the first file to trigger a file change notification
- Regression tests no longer require ksh
- Renamed regress.sh to system_test.sh
== 2.7: February 12, 2014
- Changed function pointer prefixes from '_' to 'x' to avoid runtime symbol
collisions in libc. Required to build on DragonFlyBSD
- Added this NEWS file to provide detailed release history for port maintainers
- Subsitute '/_' argument with the first file that changed
- Man page formatted with more semantically correct markup
- Multiple events on the same file are merged on Linux to prevent duplicate
writes to a named pipe
== 2.6: January 23, 2014
- Added -c option to clear the screen before calling execvp(3)
- Changed command line option '{}' to '/_'
- Renamed Makefile.linux-lbsd to Makefile.debian
- Include CPPFLAGS since some build systems (namely Debian) use it to specify
hardening options
- Raise ARG_MAX from 4K to 2MB on Linux, since _SC_ARG_MAX returns an incorrect
value on Linux
- Handle RENAME events that are not followed by DELETE. This enables us to cope
with the backup option in Vim.
== 2.5: December 30, 2013
- Restore full 50ms period for consolidating events on Linux. Required for the
Geany editor
- Remove use of setproctitle(3), no plans to implement this on Linux and MacOS.
This also eliminates use of the 3-clause license
- New feature: the first occurrence of '{}' on the command line will be
replaced with the name of the first file under watch
- Set PAGER to an absolute path (/bin/cat)
- Prevent interactive utilities from paging output
== 2.4: December 18, 2013
- Reintroduce ${DESTDIR} for STAGEDIR installation on FreeBSD and pkgsrc
- License file describes the copyright holders for the compatibility libraries
== 2.3: December 12, 2013
- Wait for processes to terminate in restart mode
- Set process title for blocking events
- Correct multiple bugs in the inotify->kqueue translation layer
- Print out detailed instructions if the user provides configure arguments
- Remove ${DESTDIR} from Makefile which appears to interfere with OpenBSD ports
- The handler for SIGSEGV prints file name and line number if a unit test fails
- Reduce the number of attempts to re-open files to 10 (total of 1 second)
- Define architecture in Makefile instead of testing for __linux or __APPLE__
== 2.2: August 07, 2013
- Process every delete or rename event to ensure files remain tracked
- Always process DELETE or RENAME events to prevent a files from escaping watch
- inotify(7) events are consolidated for a duration of 50ms as a workaround for
an apparent bug in glib/gio where a file is written and then removed
- Execute mode can run a file under watch by retrying if text file is busy
- Exit non-zero if list of regular files exceeds the hard limit set by the
current login class
- Ignore directories and special files; exit with error code 1 if no regular
files are provided as input.
== 2.1: July 01, 2013
- Zero-dependency build on Linux using built-in compatibility layer
- Add poll with optional timeout in order to prevent change events from
accumulating while running a command
- Invalidate file->fd after inotify event is closed. Do not respond to
IN_MOVE_SELF since this event only occurs on Linux NFS mounts
- Optional build on GNU/Linux using external compatibility libraries libkqueue
and libbsd
- Fix bug in finding the correct filename to write to a FIFO
- Correct build on MacOS
== 2.0: June 17, 2013
- Support for old architectures without C99 support
- More aggressively remove duplicate events
- install/uninstall uses DESTDIR to be compatible with pkgsrc
* Major changes in release 4.6.0, 2015-12-28
** Stable Release
This is the first stable release since findutils-4.4.2. The entries
below in this file detail the changes that have occurred since release
4.3.13 (which is the common ancestor of this release and
findutils-4.4.0). This release includes all the bug fixes
incorporated into the 4.4.x release series, since those bug fixes were
also applied to the 4.5.x release series.
** Summary of Changes
The most significant changes since the 4.4.2 release are:
1. Some backward-incompatible changes have been made to find:
- egrep regular expressions now work like GNU grep -E
- Minor changes to the way nanoseconds fields are printed
- find -perm +mode is now fully POSIX compliant (if you want the old
behaviour use -perm /mode).
- find -perm +numeric_mode is not supported any more. This syntax is
unspecified by POSIX. The prior functionality continues to be
available with -perm /numeric_mode. For more details see Savannah
bug #38474.
2. Some backward-incompatible changes have been made to xargs:
- if the child exits with status 126 or 127, xargs exits with status
123.
3. There are also a large number of bugfixes, performance enhancements
and documentation improvements, as detailed below.
4. The "oldfind" binary is no longer installed.
** Translations
Updated the Danish translation.
* Major changes in release 4.5.19, 2015-12-28
** Bug Fixes:
Applied patch #8688: Spelling fixes.
* Major changes in release 4.5.18, 2015-12-27
** Changes to find
Only the ftsfind binary will be installed, as "find". Installing
oldfind, under any name, is no longer supported. The configure option
--with-fts is still allowed, but trying to use it to enable the
installation of oldfind (for example by using --with-fts=no) results
in configure stopping with an error message.
** Translations
Updated the Slovenian translation.
* Major changes in release 4.5.17, 2015-12-24
** Future Changes to Release Signing Keys
Future findutils releases will be signed with a new GPG key, though
this release will be signed with the existing key. Here are the old
and new key fingerprints:
pub 1024R/64A95EE5 1996-04-04
Key fingerprint = 0C 1C D7 CA 66 33 D2 E9 14 E0 5F 16 D5 24 60 E9
uid James Youngman <jay@gnu.org>
uid James Youngman <JYoungman@vggas.com>
pub 4096R/C5DDACB9 2015-12-24
Key fingerprint = 0CF4 E8D8 7159 3224 8428 32B8 88DD 9E08 C5DD ACB9
uid James Youngman <james@youngman.org>
uid James Youngman <jay@gnu.org>
sub 4096R/771CE15D 2015-12-24
** Functional changes to find
When the POSIXLY_CORRECT environment variable is set, a warning is no
longer issued when '/' is found in the argument to -name. Use of
POSIXLY_CORRECT also turns off warnings about use of the deprecated
option -d and the use of global options in surprising positions.
** Documentation Changes
The EXPRESSION section of the find manpage is now organised somewhat
more clearly. The -regextype option is now correctly documented as
being positional.
** Bug Fixes:
When the -a option of xargs is used, xargs no longer leaks a file
descriptor (fixing a bug reported by Kyle Sallee).
** Translations
Updated the Brazilian Portuguese and Serbian translations.
* Major changes in release 4.5.16, 2015-12-23
** Functional Changes to find
Using -regextype egrep now has the same effect as -regextype
posix-egrep. This is the result of a change to gnulib to bring it
into line with GNU grep (see
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20974#22).
** Translations
Updated translations: Estonian, Swedish, Polish, Vietnamese, Ukranian,
Norwegian Bokmaal, Czech, Russian, French, Hungarian.
** Bug Fixes:
#46715: testsuite error with perl 5.22, gnulib outdated
#40146: gnulib revision doesn't support musl libc
* Major changes in release 4.5.15, 2015-12-18
** Bug Fixes
#45780: inode column is badly aligned when running 'find <dir> -ls'
#45585: unclear description of -newerXY in manual page.
#45505: give a more explicit error message when the argument to -regex
is not a valid regular expression.
#45090: oldfind incorrectly omits test/..test (or any file whose name
begins with ..).
#45065: find incorrectly prints a leading zero on the fractional part
of ctime timestamps
#45064: Use of [[ ... ]] in /bin/sh script is incorrect
#45062: Enabling CACHE_IDS causes segfaults (this bug affects many
historic releases, probably since release 3.0 in 1991). You
would not have been affected by this problem unless you used
the option --enable-id-cache when invoking confgure.
#42903: checklists.py now supports Python 3.
#40805: The locatedb manual page uses now troff symbols where
appropriate.
** Translations
Updated the German translation.
* Major changes in release 4.5.14, 2014-07-19
** Bug Fixes
#42793: "Failed to write output" with -ls (this bug affected only
release 4.5.13).
* Major changes in release 4.5.13, 2014-07-16
** Documentation Changes
Some minor documentation improvements are listed in "Bug Fixes" below.
** Bug Fixes
#40339: Fix leaked directory handle when listing mounted file
systems.
#40094: The xargs --help output has a small number of cosmetic
improvements.
#39197: Small fix to find's manual page to remove an unwanted
backslash, which made the troff incompatible with Eric
Raymond's doclifter software.
#39162: -printf reads beyond arguments terminated by \
#35753: Check the success/failure of material I/O operations where
these are important to the use of the output (i.e. check the
output for "find -ok" but not debugging output).
#31005: The find manual page and Texinfo manual now more clearly state
that -exec ... + always returns true.
** Translations
Updated translations: Estonian, Polish, Ukranian.
* Major changes in release 4.5.12, 2013-09-22
** Functional Changes to find
The GNU extension "find ... -perm /MODE" is no longer disabled when
the POSIXLY_CORRECT environment variable is set.
The obsolete GNU extension "find ... -perm +MODE", which was withdrawn
in release 4.2.21 in 2005 due to compatibility problems, has been
completely removed. Use "find ... -perm /MODE" instead.
** Documentation Changes
If you use -type or -xtype with a type letter corresponding to a file
type which is not supported by the system on which find was compiled,
find will now give a clearer error message (though the functionality
is unchanged). Type letters are affected are D, l and p (for Solaris
Doors, symbolic links and named pipes respectively).
The output of xargs --help has been slightly changed for greater
clarity.
The documentation for xargs now warns about parallel processes (xargs
-P) sharing stdout.
The documentation for find -execdir now describes correctly that the
command will be executed in the same directory as the file we were
considering at the time. The documentation previously (and
incorrectly) stated that the original working directory of find would
be used.
** Bug Fixes
Some bugs in 4.5.11 were fixed without adding them to the bug
database, though they are in the ChangeLog:
*** Use of [[ ... ]] in find/testsuite/sv-bug-32043.sh
*** Don't delete header files in "lib/" for "make clean".
*** xargs: wait for process before prompting in interactive mode (-p)
These following fixed bugs are recorded at
https://savannah.gnu.org/bugs/?group=findutils:
#40088: potential buffer overflow in -execdir and -okdir
#39324: exits without error on OOM
#38583: errno-buffer read failed in xargs_do_exec
#38474: Unintended (?) behaviour change of -perm +mode predicate
#36652: Better document that -0/-d turns off the effect of -E.
#34976: find -execdir leaks file descriptors for the working directory
* Major changes in release 4.5.11, 2013-02-02
** Documentation Changes
The Texinfo manual and the find manual pafe now explain why two find
binaries (either 'find' and 'oldfind', or 'find' and 'ftsfind') are
installed. A manual page for either ftsfind or oldfind is also
installed, whichever is appropriate.
** Bug Fixes
#34079: Apply gnulib ftw memory fix
#33384: If rm/chmod etc. are not in /bin or /usr/bin, updatedb fails
#18227: find -ls does not display device major/minor numbers.
#29698: Correct and clarify documentation of xargs -d option
#32887: Present xargs options alphabetically like in GNU cp(1) etc
#14386: updatedb relies on mktemp, which is not portable.
#32043: find -name [ doesn't obey posix
#37926: The -inum predicate previously gave wrong results in oldfind
(ftsfind, the default find binary, was unaffected).
** Functional Changes to xargs
If no utility is specified, xargs now calls "echo" (and searches on
$PATH to find it) rather than "/bin/echo". This may give rise to
subtle behaviour differences for some users. To avoid unexpected
surprises, just explicitly specify the utility you would like to run.
For example use "xargs /bin/echo < foo" rather than "xargs < foo".
A new option is provided, --process-slot-var. If you set this, xargs
will set the indicated environment variable in each child. The values
are re-used, but no executing child process will have the same value
as another executing child process. This wishlist item was Savannah
bug #29512.
** Functional Changes to find
For find -printf, the format specifiers %{, %[ and %( are all now
reserved for future use. Previously these would print {, [ and (
respectively, but in any case those characters can just be printed
literally like this: find -printf "{[(". Code changes intended to
explain that these are reserved went into findutils-4.5.5, but this
code had, before now, had no effect.
When expanding "-printf '%F'", find reads /etc/mtab. We now take the
last match found in this file, rather than the first, to better deal
with implementations which have duplicate entries (for example
/proc/mounts on systems running the Linux kernel).
Both oldfind and ftsfind now use less heap memory when processing
directories containing very many files. However, oldfind now uses one
file descriptor per recursive subdirectory level, which will further
limit the depth of directory trees it can search. If you need find to
be able to search deep directory trees, use ftsfind (this is, by
default the binary built and installed as 'find').
The behaviour of the "awk", "posix-awk" and "gnu-awk" regular
expression types selected by the -regextype option have slightly
changed, to bring them into line with the behaviour of the GNU C
library. For "awk", character classes (such as [[:digit:]]) are now
supported. For "gnu-awk" and "posix-awk", intervals are supported and
invalid interval specifcations are treated as literals (for example
'a{1' is treated as 'a\{1').
* Major changes in release 4.5.10, 2011-05-11
** Documentation Changes
The manual now includes a small number of references to further
reading on security.
** Bug Fixes
#30608: Automagic dependency on selinux. The configure script now
provides a --without-selinux option.
#29949: find -execdir does not change working directory
#31359: test-strstr unit test fails on alpha.
#30777: find -exec echo TURNIP{} \+ is accepted but TURNIP is eaten
#30180: error message from incorrect -size option is off
#29828: test suite deadlock on FreeBSD.
** Translations
Updated translations: Finnish, Italian, Danish, Slovenian, German,
Estonian, French, Japanese, Danish.
* Major changes in release 4.5.9, 2010-04-29
** Bug Fixes
#29593: Make import-gnulib.sh work under a POSIX shell.
#29511: fails to build on kfreebsd-*
#27563: -L breaks -execdir
#19593: -execdir .... {} + has suboptimal performance (see below)
** Translations
Updated translations: Chinese (simplified).
** Performance changes
The find program will once again build argument lists longer than 1
with "-execdir ...+". The upper limit of 1 argument for execdir was
introduced as a workaround in findutils-4.3.4. The limit is now
removed, but find still does not issue the maximum possible number of
arguments, since an exec will occur each time find encounters a
subdirectory (if at least one argument is pending).
** Functional enhancements to xargs
You can now increase the parallelism of xargs in mid-run by sending
it SIGUSR1, and decrease the parallelism with SIGUSR2.
* Major changes in release 4.5.8, 2010-04-07
** Bug Fixes
#29460: -printf %Y fails in $CWD-dependent way
#27974: Use gnulib's xreadlinkat support
#29435: fd_is_cloexec does not work on Fedora buildhosts
#27221: symlink_loop check broken by FTS_CWDFD
#27213: avoid failed assertions for non-executable directories.
** Translations
Updated Vietnamese, Czech, Dutch, Polish, Russian translations.
* Major changes in release 4.5.7, 2010-04-03
** Performance changes
If you use the -fstype FOO predicate and specify a filsystem type FOO
which is not known (e.g. present in /etc/mtab) at the time find
starts, that predicate is now equivalent to -false. This substitution
currently occurs at optimisation level 2 and above.
** Translations
Copyright headers in the translation files have been updated. Some
additional messages have been marked for translation. However, there
have not been any changes to translation text. The main purpose of
this release is to provide a base for updated translations.
* Major changes in release 4.5.6b, 2010-03-30
This is a replacement release for 4.5.6, which is not available by FTP
since it contains Makefiles which are vulnerable to CVE-2009-4029.
* Major changes in release 4.5.6, 2010-03-30
** Functional Enhancements to find
patch #4848: Patch - Support for SELinux
** Bug Fixes
#29089: SELinux --context and %Z options
#28872: Mistake in "#safer" example in "Problems with -exec and
filenames" section of the Texinfo manual.
#28824: Corrected error message for "-ctime x".
Likewise for -gid, -inum, -links, -mmin, -cmin, -amin,
-uid, -used, -atime, -mtime, -ctime.
#27975: Infinite loop for -exec [..] {} +.
#27846: Assertion failure in xargs.c on AIX.
#27375: Open file descriptors leak into child processes.
#27017: find -D opt / -fstype ext3 -print , -quit coredumps
#27328: segfault if the initial exec for "find -exec" fails.
#27017: find -D opt / -fstype ext3 -print , -quit coredumps.
#26868: compilation error in pred.c on Solaris x86_64
#24873: Duplicate fprint option corrupts output
#23920: warn about un-matchable -path arguments ending in /.
#19120: Patch to fix single quotes in man page find(1)
** Documentation Changes
#26327: xargs man page is vague about the number of times command is executed.
* Major changes in release 4.5.5, 2009-07-06
xargs now handles the case where the system's actual exec limits are
smaller than the value of ARG_MAX at compile time. Very few platforms
normally have this property, but it is possible to configure some Unix
systems this way.
** Bug Fixes
#25359: files/testsuite/find.gnu/posix-h.exp tests fail
#26587: Fix a typo in -execdir documentation (it says -exec by mistake
in the text).
#26537: find -prune now makes sure it has valid stat() information.
#22708: Exit status 126 and 127 from the utility invoked from xargs
now makes xargs return 123, meaning that exit status values 126 and
127 now unambigously mean that the utility could not be run or could
not be found, respectively.
** Documentation Changes
The -wholename option to find is no longer preferred over -ipath.
* Major changes in release 4.5.4, 2009-03-10
** Performance changes
The ftsfind executable (which is built by default as "find") now calls
fts() in such a way that it avoids calling stat() on directory
entries, if it doesn't need the information. This can produce a
significant speedup on filesystems which don't populate the d_type
element of struct dirent, for example reiserfs. Anecdotal evidence
suggests this can speed updatedb up from about 30 minutes to 3-4
minutes.
The ftsfind executable also now avoids calling stat() functions to
discover the inode number of a file, if we already read this
information from the directory. This does provide a speed-up, but
only for a restricted set of commands such as "find . -inum 4001".
This fix is listed below as bug #24342.
** Bug Fixes
#25764: remove duplicate entry for 'proc' in updatedb's $PRUNEFS.
#25359: find -H wrongly behaves like -L sometimes; this bug affects
only filesystems which populate d_type and affects -type and -printf
%y. This does not affect the default behaviour of find or find -P.
#25144: Misleading error message when argument to find -user is an
unknown user or is missing.
#25154: Allow compilation with C compilers that don't allow
declarations to follow statements.
#24342: -inum predicate shoud use dirent.d_ino instead of stat.st_ino
(this is a performance bug).
** Translations
Updated translations for Bulgarian, German, Irish, Hungarian,
Lithuanian, Dutch, Polish, Slovenian, Swedish, Turkish, Ukranian,
Vietnamese.
** Documentation Changes
The file README-CVS has been renamed to README-hacking and improved.
* Major changes in release 4.5.3, 2008-12-07
** Bug Fixes
#24283: find-4.5.2 -printf %TY causes NULL pointer dereference
** Performance changes
Changes to gnulib's fts code should provide performance improvements
in find when processing very large directories (for example
directories containing significantly more than 10000 filenames).
Performance imporvements may only exist for some find command lines
(performance testing was done for the fts implementation itself but
we haven't done the analogous performance tests in find).
File type information is also passed back from fts to find, saving
calls to the stat system call for find command lines which don't need
the stat information. This provides a performance improvement for
common cases like "find . -type d".
* Major changes in release 4.5.2, 2008-09-07
** Bug Fixes
#24169: find would segfault if the -newerXY test was not followed by
any argument.
#23996: integer overflow on some platforms when parsing "-used 3".
** Documentation Enhancements
#23070: Corrected manpage description of find -perm /000 (the change
was already made but the manpage indicated the change would happen
"soon").
** Translations
Updated translation: French, Indonesian.
New translation: Czech.
* Major changes in release 4.5.1, 2008-06-21
** Bug Fixes
#22662: find -printf %AX appends nanoseconds in the right place now.
#23663: crash in some locales for -printf %AX (this problem seems to
have affected only the CVS code, and not any public releases).
** Translations
New translation: Lithuanian.
Updated translations: Chinese (simplified).
** Documentation Enhancements
Added a worked example describing how to find the shallowest instances
of a given directory name (or names) in a directory hierarchy.
* Major changes in release 4.5.0, 2008-05-21
** Functional Enhancements to find
If the POSIXLY_CORRECT environment variable is set, the system's
definition of "yes" and "no" responses are used to interpret the
response to questions from -ok and -okdir. The default is still to
use information from the findutils message translations.
** Enhancements
If xargs find that exec fails because the argument size limit it
calculated is larger than the system's actual maximum, it now adapts
by passing fewer arguments (as opposed to failing).
** Performance changes
The default optimisation level for find is now -O2 instead of -O0,
meaning that a number of additional optimisations are performed by
default. Current optimisations at each level are:
0: Perform -name, -path, -iname, -ipath before other checks.
1: Expressions containing only cost-free tests are evaluated
before expressions which contain more costly tests.
2: Bring forward all tests that need to know the type of a file
but don't need to stat it.
3: All tests are ordered by their estimated cost.
Cost here is simply an estimate of how time consuming the I/O
operations needed to make a test are.
** Bug Fixes
#22662: nanoseconds wrongly appended after "PM" for find -printf %AX
in locale en_US.UTF-8.
#15472: Error messages that print ino_t values are no longer truncated
on platforms with 64-bit ino_t.
On some systems without support for a boolean type (for example some
versions of the AIX C compiler), find's regular expression
implementation fails to support case-insensitive regular expression
matching, causing -iregex to behave like -regex. This is now fixed.
** Documentation Changes
#20873: Indicate that * matches / and leading dot in filenames for
"find -path".
Both the Texinfo manual and the find manual page now include a more
precise description of how your locale configuration affects the
interpretation of regular expressions and how your response to prompts
from the -ok action are interpreted.
* Add pkg_alternatives support.
* Since ruby-io-console is included in ruby{200,21}-base, no need to depend
it.
* Utilize lang/ruby/json.mk.
Bump PKGREVISION.
Switch to libfastjson, which will become a requirement in the next release.
- KSI Lib: Updated code to run with libksi 3.4.0.5
- KSI utilities: Added option to ser publication url.
- KSI Lib: Fixed wrong TLV container for KSI signatures from 0905 to 0906.
- KSI/GT Lib: Fixed multiple issues found using static analyzer
- performance improvement for configs with heavy use of JSON variables
- added pmpanngfw: contributed module for translating Palo Alto Networks
logs.
- testbench: Changed valgrind option for imtcp-tls-basic-vg.sh
- pmciscoios: support for asterisk before timestamp added
- solr external output plugin much enhanced
- omrabbitmq: improvements
- add support for libfastjson (as a replacement for json-c)
- KSI utilities: somewhat improved error messages
- pmciscoios: support for some format variations
- support grok via new contributed module mmgrok
- omkafka: new statistics counter "maxoutqsize"
- improvments for 0mq modules:
- omczmq: suspend / Retry handling - the output plugin can now recover
from some error states due to issues with plugin startup or message
sending
- omczmq: refactored topic handling code for ZMQ_PUB output to be
a little more efficient
- omczmq: added ability to set a timeout for sends
- omczmq: set topics can be in separate frame (default) or part
of message frame (configurable)
- omcmzq: code cleanup
- imczmq: code cleanup
- imczmq: fixed a couple of cases where vars could be used uninitialized
- imczmq: ZMQ_ROUTER support
- imczmq: Fix small memory leak from not freeing sockets when done
with them
- allow creation of on demand ephemeral CurveZMQ certs for encryption.
- cleanup on code to unset a variable
- omelasticsearch: build on FreeBSD
- pmciscoios: fix some small issues clang static analyzer detected
- testbench: many improvements and some new tests
- overall code improvements thanks to clang static analyzer
- gnutls fix: Added possible fix for gnutls issue #575
- bugfix omkafka: restore ability to build on all platforms
- bugfix omkafka: fix potentially negative partition number
- bugfix: solve potential race in creation of additional action workers
- bugfix: potential memory leak in config parsing
- bugfix: small memory leak in loading template config
- bugfix: fix extra whitespace in property expansions
- bugfix: mmfields leaked memory if very large messages were processed
- bugfix: mmfields could add garbagge data to field
- bugfix: omhttpfs now also compiles with older json-c lib
- bugfix: memory leak in (contributed) module omhttpfs
- bugfix: parameter mismatch in error message for wrap() function
- bugfix: parameter mismatch in error message for random() function
- bugfix: divide by zero if max() function was provided zero
- bugfix: invalid mutex handling in omfile async write mode
- bugfix: fix inconsistent number processing
- bugfix: timezone() object: fix NULL pointer dereference
- bugfix omfile: memory addressing error if very long outchannel name used
Reduced to 50 the number of open file descriptors lsof
attempts to close while trying to protect itself from a
file descriptor exec() attack. This limits the overhead
lsof incurs on systems that have large file descriptor
limits, yet provides sufficient open descriptors for the
library functions lsof calls.
Updated for changes in FreeBSD 10 with advice from Eygene
Ryabinkin <rea@freebsd.org>. Taught Configure to recognize
FreeBSD 8.4.
Herein am noting that lsof for Solaris 10 or 11 is no longer
supported. I no longer have test systems. Some support is
still available from Casper Dik <Casper.Dik@oracle.com> and a
Solaris 11 patch he provided is included in this revision.
Initialized local variables in the Linux process_id() function.
Jia He <jiakernel@gmail.com> reported the problem.
Added support for FreeBSD 11.
Updated FreeBSD ZFS Configure stanza to supply a dummy
opt_kdtrace.h when needed.
Added tmpfs file system support for FreeBSD.
Since a test system is no longer available, dropped the
claim of FreeBSD 4.9 support.
Added the +|-E options for Linux. -E displays endpoint info;
+E displays endpoint info and endpopint files. Masatake YAMATO
<yamato@redhat.com> requested this support and suggested code
to implement it.
Fixed a Linux bug handling processes whose command includes a
non-printing character, particularly a NEWLINE character, and
clarified printing of single '\\' characters in command and
file names. Stephane Chazelas <stephane.chazelas@gmail.com>
reported the problem.
Added support for Linux RDMA and CRYPTO protocal names and UNIX
socket type with code from Masatake YAMATO <yamato@redhat.com>.
Fixed field output to insure that the field descriptor field is
always selected, since it identifies the file set. The bug was
reported by Gary Plewa <gary.m.plewa-1@lowes.com>.
Ok MAINTAINER bsiegert.
While doing that, update to current release, 0.29.0.
Changes since 0.24.0:
Version 0.29.0
--------------
Compatibility notes:
- when upgrading to 0.29.0 you need to upgrade client as well as server
installations due to the locking and commandline interface changes otherwise
you'll get an error msg about a RPC protocol mismatch or a wrong commandline
option.
if you run a server that needs to support both old and new clients, it is
suggested that you have a "borg-0.28.2" and a "borg-0.29.0" command.
clients then can choose via e.g. "borg --remote-path=borg-0.29.0 ...".
- the default waiting time for a lock changed from infinity to 1 second for a
better interactive user experience. if the repo you want to access is
currently locked, borg will now terminate after 1s with an error message.
if you have scripts that shall wait for the lock for a longer time, use
--lock-wait N (with N being the maximum wait time in seconds).
Bug fixes:
- hash table tuning (better chosen hashtable load factor 0.75 and prime initial
size of 1031 gave ~1000x speedup in some scenarios)
- avoid creation of an orphan lock for one case, #285
- --keep-tag-files: fix file mode and multiple tag files in one directory, #432
- fixes for "borg upgrade" (attic repo converter), #466
- remove --progress isatty magic (and also --no-progress option) again, #476
- borg init: display proper repo URL
- fix format of umask in help pages, #463
New features:
- implement --lock-wait, support timeout for UpgradableLock, #210
- implement borg break-lock command, #157
- include system info below traceback, #324
- sane remote logging, remote stderr, #461:
- remote log output: intercept it and log it via local logging system,
with "Remote: " prefixed to message. log remote tracebacks.
- remote stderr: output it to local stderr with "Remote: " prefixed.
- add --debug and --info (same as --verbose) to set the log level of the
builtin logging configuration (which otherwise defaults to warning), #426
note: there are few messages emitted at DEBUG level currently.
- optionally configure logging via env var BORG_LOGGING_CONF
- add --filter option for status characters: e.g. to show only the added
or modified files (and also errors), use "borg create -v --filter=AME ...".
- more progress indicators, #394
- use ISO-8601 date and time format, #375
- "borg check --prefix" to restrict archive checking to that name prefix, #206
Other changes:
- hashindex_add C implementation (speed up cache re-sync for new archives)
- increase FUSE read_size to 1024 (speed up metadata operations)
- check/delete/prune --save-space: free unused segments quickly, #239
- increase rpc protocol version to 2 (see also Compatibility notes), #458
- silence borg by default (via default log level WARNING)
- get rid of C compiler warnings, #391
- upgrade OS X FUSE to 3.0.9 on the OS X binary build system
- use python 3.5.1 to build binaries
- docs:
- new mailing list borgbackup@python.org, #468
- readthedocs: color and logo improvements
- load coverage icons over SSL (avoids mixed content)
- more precise binary installation steps
- update release procedure docs about OS X FUSE
- FAQ entry about unexpected 'A' status for unchanged file(s), #403
- add docs about 'E' file status
- add "borg upgrade" docs, #464
- add developer docs about output and logging
- clarify encryption, add note about client-side encryption
- add resources section, with videos, talks, presentations, #149
- Borg moved to Arch Linux [community]
- fix wrong installation instructions for archlinux
Version 0.28.2
--------------
New features:
- borg create --exclude-if-present TAGFILE - exclude directories that have the
given file from the backup. You can additionally give --keep-tag-files to
preserve just the directory roots and the tag-files (but not backup other
directory contents), #395, attic #128, attic #142
Other changes:
- do not create docs sources at build time (just have them in the repo),
completely remove have_cython() hack, do not use the "mock" library at build
time, #384
- avoid hidden import, make it easier for PyInstaller, easier fix for #218
- docs:
- add description of item flags / status output, fixes#402
- explain how to regenerate usage and API files (build_api or
build_usage) and when to commit usage files directly into git, #384
- minor install docs improvements
Version 0.28.1
--------------
Bug fixes:
- do not try to build api / usage docs for production install,
fixes unexpected "mock" build dependency, #384
Other changes:
- avoid using msgpack.packb at import time
- fix formatting issue in changes.rst
- fix build on readthedocs
Version 0.28.0
--------------
Compatibility notes:
- changed return codes (exit codes), see docs. in short:
old: 0 = ok, 1 = error. now: 0 = ok, 1 = warning, 2 = error
New features:
- refactor return codes (exit codes), fixes#61
- add --show-rc option enable "terminating with X status, rc N" output, fixes 58, #351
- borg create backups atime and ctime additionally to mtime, fixes#317
- extract: support atime additionally to mtime
- FUSE: support ctime and atime additionally to mtime
- support borg --version
- emit a warning if we have a slow msgpack installed
- borg list --prefix=thishostname- REPO, fixes#205
- Debug commands (do not use except if you know what you do: debug-get-obj,
debug-put-obj, debug-delete-obj, debug-dump-archive-items.
Bug fixes:
- setup.py: fix bug related to BORG_LZ4_PREFIX processing
- fix "check" for repos that have incomplete chunks, fixes#364
- borg mount: fix unlocking of repository at umount time, fixes#331
- fix reading files without touching their atime, #334
- non-ascii ACL fixes for Linux, FreeBSD and OS X, #277
- fix acl_use_local_uid_gid() and add a test for it, attic #359
- borg upgrade: do not upgrade repositories in place by default, #299
- fix cascading failure with the index conversion code, #269
- borg check: implement 'cmdline' archive metadata value decoding, #311
- fix RobustUnpacker, it missed some metadata keys (new atime and ctime keys
were missing, but also bsdflags). add check for unknown metadata keys.
- create from stdin: also save atime, ctime (cosmetic)
- use default_notty=False for confirmations, fixes#345
- vagrant: fix msgpack installation on centos, fixes#342
- deal with unicode errors for symlinks in same way as for regular files and
have a helpful warning message about how to fix wrong locale setup, fixes#382
- add ACL keys the RobustUnpacker must know about
Other changes:
- improve file size displays, more flexible size formatters
- explicitly commit to the units standard, #289
- archiver: add E status (means that an error occured when processing this
(single) item
- do binary releases via "github releases", closes#214
- create: use -x and --one-file-system (was: --do-not-cross-mountpoints), #296
- a lot of changes related to using "logging" module and screen output, #233
- show progress display if on a tty, output more progress information, #303
- factor out status output so it is consistent, fix surrogates removal,
maybe fixes#309
- move away from RawConfigParser to ConfigParser
- archive checker: better error logging, give chunk_id and sequence numbers
(can be used together with borg debug-dump-archive-items).
- do not mention the deprecated passphrase mode
- emit a deprecation warning for --compression N (giving a just a number)
- misc .coverragerc fixes (and coverage measurement improvements), fixes#319
- refactor confirmation code, reduce code duplication, add tests
- prettier error messages, fixes#307, #57
- tests:
- add a test to find disk-full issues, #327
- travis: also run tests on Python 3.5
- travis: use tox -r so it rebuilds the tox environments
- test the generated pyinstaller-based binary by archiver unit tests, #215
- vagrant: tests: announce whether fakeroot is used or not
- vagrant: add vagrant user to fuse group for debianoid systems also
- vagrant: llfuse install on darwin needs pkgconfig installed
- vagrant: use pyinstaller from develop branch, fixes#336
- benchmarks: test create, extract, list, delete, info, check, help, fixes#146
- benchmarks: test with both the binary and the python code
- archiver tests: test with both the binary and the python code, fixes#215
- make basic test more robust
- docs:
- moved docs to borgbackup.readthedocs.org, #155
- a lot of fixes and improvements, use mobile-friendly RTD standard theme
- use zlib,6 compression in some examples, fixes#275
- add missing rename usage to docs, closes#279
- include the help offered by borg help <topic> in the usage docs, fixes#293
- include a list of major changes compared to attic into README, fixes#224
- add OS X install instructions, #197
- more details about the release process, #260
- fix linux glibc requirement (binaries built on debian7 now)
- build: move usage and API generation to setup.py
- update docs about return codes, #61
- remove api docs (too much breakage on rtd)
- borgbackup install + basics presentation (asciinema)
- describe the current style guide in documentation
- add section about debug commands
- warn about not running out of space
- add example for rename
- improve chunker params docs, fixes#362
- minor development docs update
Version 0.27.0
--------------
New features:
- "borg upgrade" command - attic -> borg one time converter / migration, #21
- temporary hack to avoid using lots of disk space for chunks.archive.d, #235:
To use it: rm -rf chunks.archive.d ; touch chunks.archive.d
- respect XDG_CACHE_HOME, attic #181
- add support for arbitrary SSH commands, attic #99
- borg delete --cache-only REPO (only delete cache, not REPO), attic #123
Bug fixes:
- use Debian 7 (wheezy) to build pyinstaller borgbackup binaries, fixes slow
down observed when running the Centos6-built binary on Ubuntu, #222
- do not crash on empty lock.roster, fixes#232
- fix multiple issues with the cache config version check, #234
- fix segment entry header size check, attic #352
plus other error handling improvements / code deduplication there.
- always give segment and offset in repo IntegrityErrors
Other changes:
- stop producing binary wheels, remove docs about it, #147
- docs:
- add warning about prune
- generate usage include files only as needed
- development docs: add Vagrant section
- update / improve / reformat FAQ
- hint to single-file pyinstaller binaries from README
Version 0.26.1
--------------
This is a minor update, just docs and new pyinstaller binaries.
- docs update about python and binary requirements
- better docs for --read-special, fix#220
- re-built the binaries, fix#218 and #213 (glibc version issue)
- update web site about single-file pyinstaller binaries
Note: if you did a python-based installation, there is no need to upgrade.
Version 0.26.0
--------------
New features:
- Faster cache sync (do all in one pass, remove tar/compression stuff), #163
- BORG_REPO env var to specify the default repo, #168
- read special files as if they were regular files, #79
- implement borg create --dry-run, attic issue #267
- Normalize paths before pattern matching on OS X, #143
- support OpenBSD and NetBSD (except xattrs/ACLs)
- support / run tests on Python 3.5
Bug fixes:
- borg mount repo: use absolute path, attic #200, attic #137
- chunker: use off_t to get 64bit on 32bit platform, #178
- initialize chunker fd to -1, so it's not equal to STDIN_FILENO (0)
- fix reaction to "no" answer at delete repo prompt, #182
- setup.py: detect lz4.h header file location
- to support python < 3.2.4, add less buggy argparse lib from 3.2.6 (#194)
- fix for obtaining ``char *`` from temporary Python value (old code causes
a compile error on Mint 17.2)
- llfuse 0.41 install troubles on some platforms, require < 0.41
(UnicodeDecodeError exception due to non-ascii llfuse setup.py)
- cython code: add some int types to get rid of unspecific python add /
subtract operations (avoid ``undefined symbol FPE_``... error on some platforms)
- fix verbose mode display of stdin backup
- extract: warn if a include pattern never matched, fixes#209,
implement counters for Include/ExcludePatterns
- archive names with slashes are invalid, attic issue #180
- chunker: add a check whether the POSIX_FADV_DONTNEED constant is defined -
fixes building on OpenBSD.
Other changes:
- detect inconsistency / corruption / hash collision, #170
- replace versioneer with setuptools_scm, #106
- docs:
- pkg-config is needed for llfuse installation
- be more clear about pruning, attic issue #132
- unit tests:
- xattr: ignore security.selinux attribute showing up
- ext3 seems to need a bit more space for a sparse file
- do not test lzma level 9 compression (avoid MemoryError)
- work around strange mtime granularity issue on netbsd, fixes#204
- ignore st_rdev if file is not a block/char device, fixes#203
- stay away from the setgid and sticky mode bits
- use Vagrant to do easy cross-platform testing (#196), currently:
- Debian 7 "wheezy" 32bit, Debian 8 "jessie" 64bit
- Ubuntu 12.04 32bit, Ubuntu 14.04 64bit
- Centos 7 64bit
- FreeBSD 10.2 64bit
- OpenBSD 5.7 64bit
- NetBSD 6.1.5 64bit
- Darwin (OS X Yosemite)
Version 0.25.0
--------------
Compatibility notes:
- lz4 compression library (liblz4) is a new requirement (#156)
- the new compression code is very compatible: as long as you stay with zlib
compression, older borg releases will still be able to read data from a
repo/archive made with the new code (note: this is not the case for the
default "none" compression, use "zlib,0" if you want a "no compression" mode
that can be read by older borg). Also the new code is able to read repos and
archives made with older borg versions (for all zlib levels 0..9).
Deprecations:
- --compression N (with N being a number, as in 0.24) is deprecated.
We keep the --compression 0..9 for now to not break scripts, but it is
deprecated and will be removed later, so better fix your scripts now:
--compression 0 (as in 0.24) is the same as --compression zlib,0 (now).
BUT: if you do not want compression, you rather want --compression none
(which is the default).
--compression 1 (in 0.24) is the same as --compression zlib,1 (now)
--compression 9 (in 0.24) is the same as --compression zlib,9 (now)
New features:
- create --compression none (default, means: do not compress, just pass through
data "as is". this is more efficient than zlib level 0 as used in borg 0.24)
- create --compression lz4 (super-fast, but not very high compression)
- create --compression zlib,N (slower, higher compression, default for N is 6)
- create --compression lzma,N (slowest, highest compression, default N is 6)
- honor the nodump flag (UF_NODUMP) and do not backup such items
- list --short just outputs a simple list of the files/directories in an archive
Bug fixes:
- fixed --chunker-params parameter order confusion / malfunction, fixes#154
- close fds of segments we delete (during compaction)
- close files which fell out the lrucache
- fadvise DONTNEED now is only called for the byte range actually read, not for
the whole file, fixes#158.
- fix issue with negative "all archives" size, fixes#165
- restore_xattrs: ignore if setxattr fails with EACCES, fixes#162
Other changes:
- remove fakeroot requirement for tests, tests run faster without fakeroot
(test setup does not fail any more without fakeroot, so you can run with or
without fakeroot), fixes#151 and #91.
- more tests for archiver
- recover_segment(): don't assume we have an fd for segment
- lrucache refactoring / cleanup, add dispose function, py.test tests
- generalize hashindex code for any key length (less hardcoding)
- lock roster: catch file not found in remove() method and ignore it
- travis CI: use requirements file
- improved docs:
- replace hack for llfuse with proper solution (install libfuse-dev)
- update docs about compression
- update development docs about fakeroot
- internals: add some words about lock files / locking system
- support: mention BountySource and for what it can be used
- theme: use a lighter green
- add pypi, wheel, dist package based install docs
- split install docs into system-specific preparations and generic instructions
diffoscope will try to get to the bottom of what makes files or
directories different. It will recursively unpack archives of many kinds
and transform various binary formats into more human readable form to
compare them. It can compare two tarballs, ISO images, or PDF just as
easily.
It can be scripted through error codes, and a report can be produced
with the detected differences. The report can be text or HTML.
When no type of report has been selected, diffoscope defaults
to write a text report on the standard output.
diffoscope will exit with 0 if there's no differences and 1 if there
are. An HTML report can be produced with the detected differences.
diffoscope is developed as part of the "reproducible builds" Debian
project.
It is meant to be able to quickly understand why two builds of the same
package produce different outputs. diffoscope was previously named
debbindiff.
pkgsrc change: update HOMEPAGE.
0.5.8
* Merge pull request #94 from portertech/hotfix/windows-jobs
Fix Windows process job handle leak
* [windows-jobs] fix windows process job handle leak
this fixessensu/sensu#1057
0.5.7
* Fix posix_spawn bug when $stdout is overriden
* Add failing test case for $stdout = StringIO
* Fix header
* Add caveat for #89
v3.0.5
Bugfixes
* #359 - implement Adapter#stop to free resources on Linux
* #358 - rescan directory to avoid crashes when files deleted during scan
* #356 - fix error in exception handling (bad arguments passed when building
message)
v3.0.4
Bugfixes
* fix#351 - where OSX adapter couldn't listen to more than 2 given
directories
GdMap is a tool which allows you to visualize disk space in a novel way. Files
and directories are displayed in rectangular areas. The larger the file, the
larger the rectangle that represents it.
Patch via pkgsrc-wip/fdupes by Mateusz Poszwa
Changes from 1.50 to 1.51
- Added support for 64-bit file offsets on 32-bit systems.
- Using tty for interactive input instead of regular stdin. This is to
allow feeding filenames via stdin in future versions of fdupes without
breaking interactive deletion feature.
- Fixed some typos in --help.
- Turned C++ style comments into C style comments.
Changes from 1.40 to 1.50-PR2
- Fixed memory leak. [JB]
- Added "--summarize" option. [AL]
- Added "--recurse:" selective recursion option. [AL]
- Added "--noprompt" option for totally automated deletion of
duplicate files.
- Now sorts duplicates (old to new) for consistent order when
listing or deleteing duplicate files.
- Now tests for early matching of files, which should help speed up
the matching process when large files are involved.
- Added warning whenever a file cannot be deleted. [CHL, AL]
- Fixed bug where some files would not be closed after failure. [AL]
- Fixed bug where confirmmatch() function wouldn't always deal
properly with zero-length files. [AL]
- Fixed bug where progress indicator would not be cleared
when no files were found. [AL]
- Removed experimental red-black tree code (it was slower on
my system than the default code). [AL]
- Modified md5/md5.c to avoid compiler warning. [CHL]
- Changes to fdupes.c for compilation under platforms where
getopt_long is unavailable. [LR, AL]
- Changes to help text for clarity. [AL]
- Various changes and improvements to Makefile. [PB, AL]
Security Fix
CVE-2015-8034: Saving state.sls cache data to disk with insecure permissions
This affects users of the state.sls function. The state run cache
on the minion was being created with incorrect permissions. This
file could potentially contain sensitive data that was inserted
via jinja into the state SLS files. The permissions for this file
are now being set correctly. Thanks to @zmalone for bringing this
issue to our attention.
Patch based largely on a pull request by bahamat@:
https://github.com/joyent/pkgsrc/pull/307
3.7.2:
Bug fixes:
- readfile() and read*list() should print an error if they fail to read file.
(Redmine #7702)
- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
message on AIX.
- If there is an error saving a mustache template file
it is now logged with log-level error (was inform).
- Change: Clarify bootstrap/failsafe reports
- Fixed several bugs which prevented CFEngine from loading
libraries from the correct location. This affected several platforms.
(Redmine #6708)
- If file_select.file_types is set to symlink and there
are regular files in the scanned directory, CFEngine no longer
produces an unneccessary error message. (Redmine #6996)
- Fix: Solaris packages no longer contain duplicate library
files, but instead symlinks to them. (Redmine #7591)
- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
multiple -D, -N and -s arguments (Redmine #7191)
- Fix "@endif" keyword sometimes being improperly processed
by policy parser. (Redmine #7413)
- It is possible to edit the same value in multiple regions
of one file. (Redmine #7460)
- Fix select_class not setting class when used in common bundle with slist.
(Redmine #7482)
- Fix broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly
into files. (Redmine #6027)
- Include latest security updates for 3.7.
- Reduce malloc() thread contention on heavily loaded
cf-serverd, by not exiting early in the logging function, if no message
is to be printed. (Redmine #7624)
- Improve cf-serverd's lock contention because of getpwnam()
call. (Redmine #7643)
- action_policy "warn" now correctly produces warnings instead
of various other verbosity levels. (Redmine #7274)
- Change: Improve efficiency and debug reports (Redmine #7527)
- Change package modules permissions on hub package so that
hub can execute package promises. (Redmine #7602)
- No longer hang when changing permissions/ownership on fifos
(Redmine #7030)
- Fix exporting CSV reports through HTTPS. (Redmine #7267)
- failsafe.cf will be created when needed. (Redmine #7634)
- Mustache templates: Fix key when value is not a
primitive. The old behavior, when iterating across a map or array of
maps, was to abort if the key was requested with . The new
behavior is to always replace with either the key name or the
iteration position in the array. An error is printed if is used
outside of a Mustache iteration section.
- Legacy package promise: Result classes are now defined if
the package being promised is already up to date. (Redmine #7399)
- TTY detection should be more reliable. (Redmine #7606)
Masterfiles:
- Add: Path to svcprop in stdlib
- Add: New `results` classes body [] (Redmine #7418, #7481)
- Remove: Support for email settings from augments_file (Redmine #7682)
3.7.1:
Bug fixes:
- Fix daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
- Fix upgrade causing error message under systemd because of open ports.
- Fix build with musl libc. (Redmine #7455)
- Long promiser strings with multiple lines are now
abbreviated in logs. (Redmine #3964)
- Fixed a bug which could cause daemons to not to be killed
correctly when upgrading or manually running "service cfengine3 stop".
(Redmine #7193)
- Package promise: Fix inability to install certain packages
with numbers.
- Fix package promise not removing dependant packages. (Redmine #7424)
- Fix warning "Failed to parse csv file entry" with certain very long
commands promises. (Redmine #7400)
- Fix misaligned help output in cf-hub. (Redmine #7273)
- Augmenting inputs from the augments_file (Redmine #7420)
- Add support for failover to 3rd HA node located outside cluster.
- Upgrade all dependencies for patch release.
- Fix a bug which caused daemons not to be restarted on
upgrade. (Redmine #7528)
3.7.0:
New features:
- New package promise implementation.
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
* feature_yaml
* feature_xml
For the official CFEngine packages, these are always enabled, but
packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" argument, which
will cause it to return true ("any") if the calculated result is
non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
attributes.
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
alias.
- Ability to expand JSON variables directory in Mustache templates:
Prefix the name with '%' for multiline expansion, '$' for compact
expansion.
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
improvements from versions that don't understand them.
- compile time option (--with-statedir) to
override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
simplify the bootstrap process for clients that have different
sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
it defaults to the promiser string (canonified) with "service_" as a
prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
connections ("bwlimit" attribute in "body common control") . To
enforce it in both directions, make sure the attribute is set on both
sides of the connection.
- Secure bootstrap has been facilitated by use of
"cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
- body common control: tls_min_version
- body server control: allowtlsversion
- body common control: tls_ciphers
- body server control: allowciphers (preexisting)
Changes:
- Improved output format, less verbose, and messages are grouped.
- cf-execd: agent_expireafter default was changed to 120 minutes
(Redmine #7113)
- All embedded databases are now rooted in the state/ directory.
- TLS used as default for all outgoing connections.
- process promise now reports kept status instead of repaired if a
signal is not sent, even if the restart_class is set. The old
behavior was to set the repaired status whenever the process was not
running. (Redmine#7216).
- Bootstrapping requires keys to be generated in advance using cf-key.
- Disable class set on reverse lookup of interfaces IP addresses.
(Redmine #3993, Redmine #6870)
- Define a hard class with just the OS major version on FreeBSD.
- Abort cf-agent if OpenSSL's random number generator can't
be seeded securely.
- Masterfiles source tarball now installs using the usual commands
"./configure; make install".
- Updated Emacs syntax highlighting template to support the latest
syntax enhancements in 3.7.
Deprecations:
- Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
not acceptable any more. (Redmine #6978)
- 3.4 is no longer supported in masterfiles.
Bug fixes:
- Fix server common bundles evaluation order (Redmine#7211).
- Limit LMDB disk usage by preserving sparse areas in LMDB files
(Redmine#7242).
- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
- Fixed insert_lines failing to converge if preserve_block was used.
(Redmine #7094)
- Fixed init script failing to stop/restart daemons on openvz/lxc
hosts. (Redmine #3394)
- rm_rf_depth now deletes base directory as advertised. (Redmine #7009)
- Refactored cf-agent's connection cache to properly differentiate
hosts using all needed attributes like host and port.
(Redmine #4646)
- Refactored lastseen database handling to avoid inconsistencies.
(Redmine #6660)
- cf-key --trust-key now supports new syntax to also update the
lastseen database, so that clients using old protocol will trust
the server correctly.
- Fixed a bug which sometimes caused an agent or daemon to kill or stop
itself. (Redmine #7075, #7244)
- Fixed a bug which made it difficult to kill CFEngine daemons,
particularly cf-execd. (Redmine #6659, #7193)
- Fixed a bug causing systemd not to be detected correctly on Debian.
(Redmine #7297)
- "cf-promises -T" will now correctly report the checked out commit,
even if you haven't checked out a Git branch. (Redmine #7332)
- Reduce verbosity of harmless errors related to socket timeouts and
missing thermal zone files. (Redmine #6486 and #7238)
- Fix process_result logic to match the purpose of body process_select
days_older_than (Redmine #3009)
Masterfiles:
Added:
- Support for user specified overring of framework defaults without
modifying policy supplied by the framework itself (see
example_def.json)
- Support for def.json class augmentation in update policy
- Run vacuum operation on postgresql every night as a part of
maintenance.
- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
- New negative class guard `cfengine_internal_disable_agent_email` so
that agent email can be easily disabled by augmenting def.json
Changed:
- Relocate def.cf to controls/VER/
- Relocate update_def to controls/VER
- Relocate all controls to controls/VER
- Only load cf_hub and reports.cf on CFEngine Enterprise installs
- Relocate acls related to report collection from bundle server
access_rules to controls/VER/reports.cf into bundle server
report_access_rules
- Re-organize cfe_internal splitting core from enterprise specific
policies and loading the appropriate inputs only when necessary
- Moved update directory into cfe_internal as it is not generally
intended to be modified
- services/autorun.cf moved to lib/VER/ as it is not generally intended
to be modified
- To improve predictibility autorun bundles are activated in
lexicographical order
- Relocate services/file_change.cf to cfe_internal/enterprise. This
policy is most useful for a good OOTB experience with CFEngine
Enterprise Mission Portal.
- Relocate service_catalogue from promsies.cf to services/main.cf. It is
intended to be a user entry. This name change correlates with the main
bundle being activated by default if there is no bundlesequence
specified.
- Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found.
(Redmine: #7167)
- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
- Set postgresql_monitoring_maintenance only for versions 3.6.0 and
3.6.1
- Move hub specific bundles from lib/VER/cfe_internal.cf into
lib/VER/cfe_internal_hub.cf and load them only if policy_server policy
if set.
- Re-organize lib/VER/stdlib.cf from lists into classic array for use
with getvalues
Removed:
- Diff reporting on /etc/shadow (Enterprise)
- Update policy from promise.cf inputs. There is no reason to include
the update policy into promsies.cf, update.cf is the entry for the
update policy
- _not_repaired outcome from classes_generic and scoped_classes generic
(Redmine: # 7022)
Fixes:
- standard_services now restarts the service if it was not already
running when using service_policy => restart with chkconfig (Redmine
#7258)
