Provided in PR pkg/22816 by Michael Santos <mike at ethmoid dot org>.
Changes since last packaged version:
2.0.8 - released this far as a 2.0.x patch
Check for illegal characters in classes.
Able to bind to a specific IP addressed interface in cfservd.
BindToInterface = ( 10.10.43.6 )
Security fix to transaction lengths in remote copying.
Suspicious names now applies only to regular files
Versions 2.0.7p1, 2.0.7p2 and 2.0.7p3 are patch releases.
Changes in version 2.0.7:
Resolv.conf search directive removed from code. This was wrong, in spite
of pressure to put it in.
EditBackup -> Backup corrected in manual
Check for class definitions that are not installable
SMTP client handling patch in cfexecd - must wait for reply
AppendIfNoLineMatching replaced with regex, not Setline value
ChecksumPurge = ( on ) causes cfagent to purge its checksum database of
files that no longer exist.
Forgotten built in function RandomInt(a,b) - returns a random number in variable
assignments. Actually introduced in 2.0.6. Forgot this control:
rand = ( RandomInt(4,7) )
Major rewrite of parser
- code simplifications
- Allowed escaping of quotes in strings and newlines e.g.
var1 = ( "a b c\"substring\" d e" )
var2 = ( "a b
c" )
Tidy code tidied and bug fixed for new scheduler
Moduledirectory defaults to /var/cfengine/modules
Package changes
Vicf moved from $PREFIX/sbin to $PREFIX/share/examples/cfengine
as it can really be used as is: site tuning is required.
Both packages now share the same distinfo file.
Changes in version 2.0.6
SKIPVERIFY removed from AccessControl checks. This was
wrongly allowing access to files if they only had an accepted
encryption key.
SetLine added to AppendIfNoLineMatching to allow current
line to be added.
ForEachLineIn "/tmp/in"
AppendIfNoLineMatching "ThisLine"
EndLoop
Changed /etc/services reference to port 5308 in ipv6
compatible calls.
Efficiency, removed getpwnam from GetFile(). Was unnecessarily
looking up the uid multiple times, which delays copying
speed. Copy rates improved by five to ten times!!
Single copy uses too much cache memory. Optimize by only
caching copies that use the singlecopy keyword.
Message status change: %s is a link which points to %s,
but that file doesn't seem to exist Verbose only
Patches to editfiles to check empty files. DefineinGroup
added.
Changes in version 2.0.5
Cfrun ipv6 patch
Syslog messages name patch
mountables, binservers variable usage fix
backup=timestamp added in copy so that multiple backups
can coexist. Other backups use this by default.
Cfenvd records loadaverage - and av.db renamed to cf_averages.db
since records in av.db no longer compatible.
Iteration added to disk paths
Typo in filters.c UID -> USER meant that Owner field in
filters would not always work for processes. Bug in removal
of spaces in process-filter matches could cause some criteria
to fail to match.
Netstat changed entry in solaris 2.9
Hard class hpux10 -> hpux and the old hpux is deprecated
tidy //tmp would start tidying / due to error in
ExpandWildcardsAndDo. FIxed
Cfenvd netstat state recorded in separate files now in
WORKDIR, by protocol and incoming/outgoing. This allows
accurate record of the state to which classes refer.
excludes and ignores would not appended in a tidy command
if a path already existed in another previous command.
Fixed so that all excludes and ignores are concatenated
for all related paths.
Local AF_LOCAL addresses not handled by sockaddr in IPv6
compatible functions. Now returns 127.0.0.1 (why not ::1??)
Typo in tidy.c prevented tidy old links from working.
Documentation patches.
Checksums no longer performed on dry run (-n) in files,
but still in copy.
No errors written to syslog in dryrun mode.
Umask patch in editfiles - umask was not properly installed
New copy options / variables singlecopy= and autodefine
added.
Alerts added as own section alerts: allow users to define
a custom message triggered by a class activation. Alerts
can also quote state information from cfenvd and the process
table.
tidy define= does not set class if file could not be tidied.
debian detect patch (Andy Stribblehill)
cfservd descriptor leak (Andy Stribblehill)
cfservd daemonize modification
Provided in PR pkg/19456 by Michael Santos <mike at ethmoid dot org>, slighty
edited by me.
Cfengine, or the "configuration engine" is a very high level language
for building expert systems which administrate and configure large
computer networks. Cfengine uses the idea of classes and a primitive
form of intelligence to define and automate the configuration of
large systems in the most economical way possible. Cfengine is
designed to be a part of computer immune system