* Security fixes including CVE-2011-1583 CVE-2011-1898
* Enhancements to guest introspection (VM single stepping support for very
fine-grained access control)
* Many stability improvements, such as: PV-on-HVM stability fixes (fixing
some IRQ issues), XSAVE cpu feature support for PV guests (allows safe use of
latest multimedia instructions), RAS fixes for high availability, fixes for
offlining bad pages and changes to libxc, mainly of benefit to libvirt
* Compatibility fixes for newer Linux guests, newer compilers, some old
guest savefiles, newer Python, grub2, some hardware/BIOS bugs.
* Security fixes including CVE-2011-1583 CVE-2011-1898
* Enhancements to guest introspection (VM single stepping support for very fine-grained access control)
* Many stability improvements, such as: PV-on-HVM stability fixes (fixing some IRQ issues), XSAVE cpu feature support for PV guests (allows safe use of latest multimedia instructions), RAS fixes for high availability, fixes for offlining bad pages and changes to libxc, mainly of benefit to libvirt
* Compatibility fixes for newer Linux guests, newer compilers, some old guest savefiles, newer Python, grub2, some hardware/BIOS bugs.
Its signature is changed at libpcap-1.0, not DragonFly specific,
and it should be defined by include of pcap.h, no need to define here.
fixes PR#45035.
Changes since 4.10:
Added failsafe mode (press F1 at startup)
Added support for Intel "Sandy Bridge" CPU
Added support for AMD "fusion" CPU
Added Coreboot "table forward" support
Corrected some memory brands not detected properly
Various bug fixes
least minimal comments to all patches and tidy up some (but by no
means all) pkglint.
I have no idea if this works. It spews warnings about "packed", which
lead me to suspect it may not run correctly, but I don't have the
facilities to test it. It does, however, now build ok on LP64 and if
someone can test it may be reasonable to remove the restriction on that.
- use the correct way to get the size of a disk device or partition (from
haad@NetBSD.org)
- if given a block device, use the character device instead (the block device
is already in use by the backend driver).
With this I could succeffully boot a HVMPV FreeBSD kernel using a phy:
virtual disk.
bup is a program that backs things up. bup has a few advantages
over other backup software:
It uses a rolling checksum algorithm (similar to rsync) to split
large files into chunks. The most useful result of this is you can
backup huge virtual machine (VM) disk images, databases, and XML
files incrementally, even though they're typically all in one huge
file, and not use tons of disk space for multiple versions.
It uses the packfile format from git (the open source version
control system), so you can access the stored data even if you
don't like bup's user interface.
Unlike git, it writes packfiles directly (instead of having a
separate garbage collection / repacking stage) so it's fast even
with gratuitously huge amounts of data. bup's improved index formats
also allow you to track far more filenames than git (millions) and
keep track of far more objects (hundreds or thousands of gigabytes).
Data is "automagically" shared between incremental backups without
having to know which backup is based on which other one - even if
the backups are made from two different computers that don't even
know about each other. You just tell bup to back stuff up, and it
saves only the minimum amount of data needed.
You can back up directly to a remote bup server, without needing
tons of temporary disk space on the computer being backed up. And
if your backup is interrupted halfway through, the next run will
pick up where you left off. And it's easy to set up a bup server:
just install bup on any machine where you have ssh access.
Bup can use "par2" redundancy to recover corrupted backups even if
your disk has undetected bad sectors.
Even when a backup is incremental, you don't have to worry about
restoring the full backup, then each of the incrementals in turn;
an incremental backup acts as if it's a full backup, it just takes
less disk space.
You can mount your bup repository as a FUSE filesystem and access
the content that way, and even export it over Samba.
Upstream changes:
## 2.6.0 / May 3 2011
A rather large release, feature-version bump because of the new
multiple-gateways feature as implemented by Ryan Duryea (way to go!)
Please also note from this release that if you use Git submodules, the
Git-version requirement for the new implementation is now >= 1.5.6, from
previously un-documented. (1.5.6 is new-enough that I think this is
acceptable)
* Upgrade Net::SSH-gateway dependency to 1.1 (fixes a thread-deadlocking bug on
MRI 1.9)
* Respect "dry-run" on transfer methods (Florian Frank)
* Add support for multiple gateways: (Ryan Duryea)
set :gateway, {
'gate1.example.com' => 'server1.example.com',
[ 'gate2.example.com', 'gate3.example.com' ] =>
[ 'server5.example.com', 'server6.example.com' ]
}
* Properly support nested Git submodules, moves Git requirement to >= 1.5.6 [if
you rely upon submodules] (Ken Miller)
* Fetch tags into the remote cache, allows deploying a tag when using Git, with
the remote_cache strategy (Florian Frank)
* Various fixes to path handling bugs in the copt strategy. (Philippe Rathé)
ocsinventory-agent creates inventory data. This agent is the
successor of the former linux_agent which was released with OCS
1.01 and prior. It also replaces the Solaris/AIX/BSD unofficial
agents. The detailed list of supported Operating System is available
in the OCS Inventory Wiki.
Based on PR#44884 by YAMAMOTO Takeshi.
Additionaly, some improvements by me.
Active Management Technology (AMT) tools
descriptions from man pages:
amttool - remotely control Intel AMT managed machines.
amtterm - Intel AMT serial-over-lan (sol) client.
from amt-howto(7):
What is AMT and why I should care?
AMT stands for "Active Management Technology". It provides some remote
management facilities. They are handled by the hardware and firmware,
thus they work independant from the operation system. Means: It works
before Linux bootet up to the point where it activated the network
interface. It works even when your most recent test kernel deadlocked
the machine. Which makes it quite useful for development machines ...
Intel AMT is part of the vPro Platform. Recent intel-chipset based
business machines should have it. My fairly new Intel SDV machine has
it too.
It uses -nostdinc and tries to use #include <stdarg.h> through
a local copy of stdarg.h, which can't work.
Fixed this by putting the relevant builtin stdarg definitions for
NetBSD in the local copy.
NetBSD installation ISO.
Further information can be found here:
http://genericzero.wordpress.com/2009/08/01/install-netbsd-from-a-usb-memory-stick-the-easy-way/
memory stick the easy way
I got tired of having to jump through hoops to install NetBSD on my
Eee PC, so I wrote a simple script to take a NetBSD release ISO and
convert it to an image that can be written to a USB memory stick.
To use the script, simply feed it an ISO and tell it where to write
the resulting image:
$ sh mkmemstick.sh i386cd-5.0.1.iso i386memstick-5.0.1.img
The resulting image can be written to a memory stick using dd(1):
$ dd if=i386memstick-5.0.1.img of=/dev/sd0d
Please note that this script depends on the sysutils/cdrtools package
for extracting the contents of the release ISO.
Hopefully this will be integrated with the build process so these
images are available for those who cannot prepare an image due to lack
of access to a NetBSD machine.
New in Version 0.2 (released 2011-04-15):
* Bug fixes:
+ extract-account:
- account extraction left temp files if authorized_keys had
the uchg flag set
- if the user didn't actually exist, a bogus tarball would be
created anyway
+ install-account:
- the home directory was assumed to be /home/${USER}, which
meant that root's files weren't installed properly
- If the user already existed, the order of entries in the
passwd database wasn't preserved. This caused problems with
root accounts because getpwuid(0) started returning the
passwd entry for the 'toor' user (breaking "are you root?"
tests in various scripts).
+ sudo-add:
- if sudo-add couldn't find the sudoers file or couldn't read
it, it didn't remove existing entries when adding or
removing a user (adding duplicate entries if adding a user
that was already there, and silently failing when removing a
user)
- if sudo-add could find and read the sudoers file:
* it would remove the wrong existing entry if the username
of the user being added/removed started with the same
characters as another user higher in the sudoers file
(e.g., adding or removing foo would remove user foobar if
foobar was higher in the sudoers file)
* 'sudo-add -r' would only remove the first instance of a
user from sudoers (a particular problem given the above
bug)
- sudo-add wasn't preserving order if the user was already in
sudoers (order can be significant in sudoers)
* Less verbose output.
Libfind:
- New flag WALK_STRIPLDOT to strip leading "./" like star does
Cdrecord:
- cdrecord now warns about the correct max. CD-Text size
for a single language that is permitted by the standard.
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- Fixed several typos in the mkisofs man page and in mkisofs
Upstream changes:
Bugfixes
* #301: Fixed a bug in local?s behavior when capture=False and output.stdout
(or .stderr) was also False. Thanks to Chris Rose for the catch.
* #310: Update edge case in put where using the mode kwarg alongside
use_sudo=True runs a hidden sudo command. The mode kwarg needs to be octal but
was being interpolated in the sudo call as a string/integer. Thanks to Adam
Ernst for the catch and suggested fix.
* #311: append was supposed to have its partial kwarg's default flipped from
True to False. However, only the documentation was altered. This has been fixed.
Thanks to Adam Ernst for bringing it to our attention.
* #312: Tweak internal I/O related loops to prevent high CPU usage and poor
screen-printing behavior on some systems. Thanks to Kirill Pinchuk for the
initial patch.
* #320: Some users reported problems with dropped input, particularly while
entering sudo passwords. This was fixed via the same change as for #312.
Documentation
* Added a missing entry for env.path in the usage documentation.
Upstream changes:
## 2.5.21 / April 6 2011
* Fixed to follow best-practice guidelines from Bundler (Ben Langfeld)
* No longer force a gemset for Capistrano development. (Ben Langfeld)
## 2.5.20 / March 16 2011
* `deploy:migrations` will now always operate on the latest_release, not
current_release (Mike Vincent)
* Adds a check for the presence of `rsync` when using the copy strategy with
`rsync`. (Chris Griego)
* Do not try to look up the `:release_path` on servers which are defined
`:no_release` (Chris Griego)
* Tiny patch to the `CVS` SCM code to be Ruby 1.9 compatible (Martin Carpenter)
* Changed the default `Git` submodule behaviour to use `--recursive`
Lighthouse Issue #176. (Lee Hambley)
* `:public_children` can now be `set()`, the default is unchanged, thanks
(Chris Griego)
* Fixing the load path in the default `Capfile` to search vendored/unpacked
Gems. Lighthouse Issue #174 (Mari Carmen/Rafael García)
* Adds a `maintenance_basename` variable (default value is `maintenance`) to
allow you to set the maintenance page name (Celestino Gomes)
* Spelling fixes in inline-documentation (Tom Copeland)
* Make `zip` and `tar` handle symlinks the same way (zip follows symlinks by
default, tar needs the option `-h`) (Ross Cooperman)
on a single physical machine. The xentools41 package contains the
tools to create, destroy and control the virtual machines.
This package contains the tools for Xen 4.1.x
Release notes:
The Xen team is pleased to announce the release of Xen 4.1.
The result of nearly 12 months of development, new features include:
* A re-architected and improved XL toolstack replacing XM/XEND
* Prototype credit2 scheduler designed for latency-sensitive workloads and
very large systems.
* CPU Pools for advanced partitioning.
* Support for large systems (>255 processors)
* Support for x86 Advanced Vector eXtension (AVX).
* New Memory Access API enabling integration of 3rd party security
solutions into Xen virtualized environments.
* Many IOMMU fixes (both Intel VT-d IOMMU and AMD IOMMU).
* Many toolstack and buildsystem fixes for Linux and NetBSD hosts.
* Thirdparty libs: libvirt driver for libxl has been merged to upstream
libvirt.
* HVM guest PXE boot enhancements, replacing gPXE with iPXE.
* Even better stability through our new automated regression tests.
Detailed release notes, including a more extensive feature list:
http://wiki.xen.org/xenwiki/Xen4.1
To download tarballs:
http://xen.org/products/xen_source.html
Or the Mercurial source repository (tag 'RELEASE-4.1.0'):
http://xenbits.xen.org/xen-unstable.hg
And the announcement on the Xen blog:
http://blog.xen.org/index.php/2011/03/25/xen-4-1-releases/
Thanks to the many people who have contributed to this release!
Regards,
The Xen Team
guests operating systems on a single machine. Guest OSes (also called "domains"
)
require a modified kernel which supports Xen hypercalls in replacement
to access to the physical hardware. At boot, the xen kernel is loaded
along with the guest kernel for the first domain (called domain0).
domain0 has privileges to access the physical hardware (PCI
and ISA devices), administrate other domains and provide virtual
devices (disks and network) to other domains.
This package contains the Xen4 kernel itself.
Release notes:
The Xen team is pleased to announce the release of Xen 4.1.
The result of nearly 12 months of development, new features include:
* A re-architected and improved XL toolstack replacing XM/XEND
* Prototype credit2 scheduler designed for latency-sensitive workloads and
very large systems.
* CPU Pools for advanced partitioning.
* Support for large systems (>255 processors)
* Support for x86 Advanced Vector eXtension (AVX).
* New Memory Access API enabling integration of 3rd party security
solutions into Xen virtualized environments.
* Many IOMMU fixes (both Intel VT-d IOMMU and AMD IOMMU).
* Many toolstack and buildsystem fixes for Linux and NetBSD hosts.
* Thirdparty libs: libvirt driver for libxl has been merged to upstream
libvirt.
* HVM guest PXE boot enhancements, replacing gPXE with iPXE.
* Even better stability through our new automated regression tests.
Detailed release notes, including a more extensive feature list:
http://wiki.xen.org/xenwiki/Xen4.1
To download tarballs:
http://xen.org/products/xen_source.html
Or the Mercurial source repository (tag 'RELEASE-4.1.0'):
http://xenbits.xen.org/xen-unstable.hg
And the announcement on the Xen blog:
http://blog.xen.org/index.php/2011/03/25/xen-4-1-releases/
Thanks to the many people who have contributed to this release!
Regards,
The Xen Team
must be propagated in its bl3.mk file.
Do that, and depend on that version; recursive PKGREVISION bump
since a few dependencies might link against jpeg now.
Set LICENSE.
Major changes in upstream
Temporary file names now include digits in addition to letters.
mktemp will now terminate after 2*N^62 attempts, where N
is the number of Xs in the template. Previously it would try
forever.
Fixed UTF8 formatting of the grave accent character in the manual.
an array of pointer (in struct fdtab) rather than a pointer of pointers.
Sadly for us, no, arrays and pointers are not equivalent from a memory
perspective: while pointers from/to another address space can
be consumed by kvm(3) to query for data in kernel space, arrays
are more tricky, especially when their content is copied in userland:
they are part of the copied struct.
Address of array members are only valid in their own address space,
in our case userland, which is (fortunately?) different from kernel space.
This breaks the various kvm_read() calls that query for file descriptor
information. Consequence: lsof(1) cannot print filedescriptor information
(starting from 5.99.14), and silently ignores the errors, as using
the userland fdtab (``dt'' variable) is not valid for kernel.
Fix that by using the ``fd_dt'' member of struct filedes, which stores
the address of the fdtab struct in kernel address space. Took a few hours
to understand what was going on with lsof(1), hmmm.
Luckily, fstat(1) uses the proper model (checked about 5min ago). Why
lsof(1) decided not to log an error on kvm_read() is... a good question.
Bump rev.
Libscg:
- libscg/scsi-bsd.c tries to better support the SCSI sense data
length in the recently upgrades in FreeBSDs ATAPI/CAM module.
- try to keep SCSI status and error codes when doing a manual GET SENSE
on AIX, UnixWare, VMS, Linux Parallel Port, Apollo Domain
Cdrecord:
- cdrecord now warns and aborts if someone tries to write more CD-Text
for a single language than permitted by the standard.
Cdda2wav (Maintained/enhanced by Jörg Schilling, originated by Heiko Eißfeldt heiko@hexco.de):
- many typo fixes to the cdda2wav.1 man page, thanks to John Bradshaw
Mkisofs (Maintained/enhanced by Jörg Schilling since 1997, originated by Eric Youngdale):
- Add several forgotten options to the mkisofs man page.
Changes in 4.0.14:
Fix floppyd for disks bigger than 2 Gig
Remove obsolete -z flag
Remove now unsupported AC_USE_SYSTEM_EXTENSIONS
Fixed output formatting of mdir if MTOOLS_DOTTED_DIR is set
Mformat now correctly writes backup boot sector
Fixed signedness of serial number in mlabel
Fixed buffer size problem in mlabel
Make mlabel write backup boot sector if FAT32
Catch situation where both clear and new label are given to mlabel
Quote filename parameters to scripts
Mformat: Close file descriptor for boot sector
Added lzip support to scripts/uz
Added Tot_sectors option to mformat
Fixed hidden sector handling in mformat
Minfo generates mformat command lines containing new -T option
Mlabel prints error if label too long
Pkgsrc changes:
- Confirm it's working with python27
Upstream changes:
Changes in version 1.0
This page lists all changes made to Fabric in its 1.0.0 release.
Highlights
* #7: run/sudo now allow full interactivity with the remote end. You can
interact with remote prompts and similar interfaces, making certain tasks much
easier, and freeing you from the need to find noninteractive solutions if you
don't want to. See Interaction with remote programs for more on these changes.
* put and get received many updates, including but not limited to: recursion,
globbing, inline sudo capability, and increased control over local file paths.
See the individual ticket line-items below for details. Erich Heine (sophacles
on IRC) played a large part in implementing and/or collecting these changes and
deserves much of the credit.
* Added functionality for loading fabfiles which are Python packages
(directories) instead of just modules (single files). This allows for easier
organization of nontrivial fabfiles and paves the way for task namespacing in
the near future. See Fabfile discovery for details.
* #185: Mostly of interest to those contributing to Fabric itself, Fabric
now leverages Paramiko to provide a stub SSH and SFTP server for use during runs
of our test suite. This makes quick, configurable full-stack testing of Fabric
(and, to an extent, user fabfiles) possible.
Backwards-incompatible changes
The below changes are backwards incompatible and have the potential to break
your 0.9.x based fabfiles!
* contains and append previously had the filename argument in the second
position, whereas all other functions in the contrib.files module had filename
as the first argument. These two functions have been brought in line with the
rest of the module.
* sed now escapes single-quotes and parentheses in addition to forward
slashes, in its before and after kwargs. Related to, but not entirely contained
within, #159.
* The user and pty kwargs in sudo's signature have had their order swapped
around to more closely match run.
* As part of the changes made in #7, run and sudo have had the default value
of their pty kwargs changed from False to True. This, plus the addition of the
combine_stderr kwarg/env var, may result in significant behavioral changes in
remote programs which operate differently when attached to a tty.
* #61: put and get now honor the remote current-working-directory changes
applied by cd. Previously they would always treat relative remote paths as being
relative to the remote home directory.
* #79: get now allows increased control over local filenames when downloading
single or multiple files. This is backwards incompatible because the default
path/filename for downloaded files has changed. Thanks to Juha Mustonen, Erich
Heine and Max Arnold for brainstorming solutions.
* #88: local has changed the default value of its capture kwarg, from True
to False. This was changed in order to be more intuitive, at the cost of no
longer defaulting to the same rich return value as in run/sudo (which is still
available by specifying capture=True.)
* #121: put will no longer automatically attempt to mirror local file modes.
Instead, you?ll need to specify mirror_local_mode=True to get this behavior.
Thanks to Paul Smith for a patch covering part of this change.
* #172: append has changed the default value of its partial kwarg from True
to False in order to be safer/more intuitive.
* #221: runs_once now memoizes the wrapped task's return value and returns
that value on subsequent invocations, instead of returning None. Thanks to Jacob
Kaplan-Moss and Travis Swicegood for catch + patch.
Feature additions
* Prerelease versions of Fabric (starting with the 1.0 prereleases) will now
print the Git SHA1 hash of the current checkout, if the user is working off of a
Git clone of the Fabric source code repository.
* Added path context manager for modifying commands? effective $PATH.
* Added convenience .succeeded attribute to the return values of
run/sudo/local which is simply the opposite of the .failed attribute. (This
addition has also been backported to Fabric's 0.9 series.)
* Refactored SSH disconnection code out of the main fab loop into
disconnect_all, allowing library users to avoid problems with non-fabfile Python
scripts hanging after execution finishes.
* #2: Added use_sudo kwarg to put to allow uploading of files to privileged
locations. Thanks to Erich Heine and IRC user npmap for suggestions and patches.
* #23: Added prefix context manager for easier management of persistent state
across commands.
* #27: Added environment variable (always_use_pty) and command-line flag
(--no-pty) for global control over the run/sudo pty argument.
* #28: Allow shell-style globbing in get. Thanks to Erich Heine and Max Arnold.
* #55: run, sudo and local now provide access to their standard error (stderr)
as an attribute on the return value, alongside e.g. .failed.
* #148: local now returns the same 'rich' string object as run/sudo do, so
that it is a string containing the command's stdout (if capture=True) or the
empty string (if capture=False) which exposes the .failed and .return_code
attributes, and so forth.
* #151: Added a puts utility function, which allows greater control over
fabfile-generated (as opposed to Fabric-generated) output. Also added fastprint,
an alias to puts allowing for convenient unbuffered, non-newline-terminated
printing.
* #192: Added per-user/host password cache to assist in multi-connection
scenarios.
* #193: When requesting a remote pseudo-terminal, use the invoking terminal's
dimensions instead of going with the default.
* #217: get/put now accept file-like objects as well as local file paths for
their local_path arguments.
* #245: Added the lcd context manager for controlling local's current working
directory and put/get's local working directories.
* #274: put/get now have return values which may be iterated over to access
the paths of files uploaded remotely or downloaded locally, respectively. These
return values also allow access to .failed and .succeeded attributes, just like
run and friends. (In this case, .failed is actually a list itself containing any
paths which failed to transfer, which naturally acts as a boolean as well.)
Bugfixes
* N/A
Documentation updates
* API, tutorial and usage docs updated with the above new features.
* README now makes the Python 2.5+ requirement up front and explicit; some
folks were still assuming it would run on Python 2.4.
* Added a link to Python?s documentation for string interpolation in
upload_template's docstring.
Changes in version 0.9.5
The following changes were implemented in Fabric 0.9.5:
Bugfixes
* #264: Fix edge case in reboot by gracefully clearing connection cache.
* #268: Allow for @ symbols in usernames, which is valid on some systems.
Fabric's host-string parser now splits username and hostname at the last @
found instead of the first.
Very minor release.
pkgsrc changes:
- switch MASTER_SITES to pypi.python.org
upstream changes:
* Added documentation for using Fabric as a library.
* Mentioned our Twitter account on the main docs page.
* #290: Added escape kwarg to append to allow control over previously automatic single-quote escaping.
"Support for SMBIOS 2.6.1 and 2.7 was added. This includes new enumerated values
for recent hardware, as well as support for large memory modules and arrays, and
a new entry type for management controller host interfaces. Additionally, many
minor bugs were fixed."
per maintainer update request by PR#44548.
Changes in pkgsrc:
* Added LICENSE.
Changes:
* Versions of ipa_{ac,db,st}_mod APIs were changed to 2.
* Optimized and simplified source code of IPA.
* New parameter "ictl" in ipa.conf.
* New parameter "ctl_query_max_size" in ipa.conf.
* New parameter "value_units" in ipa.conf and ipastat.conf.
* Now "restart" and "expire" parameters are optional in ipa.conf.
* Now "limit" and "threshold" parameters in ipa.conf can be
equal to zero.
* Now ipactl can create and delete dynamic rules.
* Now ipactl accepts commands "set limit ... counter ..."
and "set threshold ... counter ...".
* If a limit or a threshold uses "null" database and if it was
initialized, then next time during initialization (when some time
related problem occurred) imitate its old state from its current
state.
* Allow to use '_' characters in macro variables names.
* Added support for ipactl's messages credentials checking for NetBSD.
* Give limitation on the depth of included files (macro variable
INCLUDE_DEPTH_MAX with default value 100).
* configure.ac was optimized.
* All manual pages were reformatted to follow traditional
typographic style.
* Now all debug messages in ipa and ipastat are written with
the "DEBUG: " prefix.
* Check correctness of names of dynamic rules and names in
received control commands.
* Check correctness of names in ipa, ipastat and ipactl
options arguments.
* Now ipa does not use SIGALRM in timeout implementation for
control socket.
* Now ipactl does not use SIGALRM in timeout implementation.
* Now non-standard function mem_vasprintf() exported to modules
returns number of characters in allocated buffer.
* Now if some configuration error occurred in included file,
then ipa and ipastat log include history, that allows much
easy identify point of failure.
* Now ipactl does not have limits on lengths of rules, limits,
thresholds names.
* In some places where EWOULDBLOCK is checked, checks for EAGAIN
were added, as it is documented in SUSv3.
* On some systems there is no strtoull(3) function, which
is part of SUSv3, check it in the configure script and
use own version if it is absent.
so much it's borderline not funny anymore.
(tested on a similar patch to libpciaccess 0.10.8, since my X still
refuses to start with libpciaccess 0.11)
from jmcneill
* In order for pftop to be built successfully with newer PF
versions (> 4.1), additional patches are necessary which were taken
from OpenBSD's ports as seen in PR pkg/44339
* Pftop compiled for another PF version will not work (properly),
so to avoid any problems we must depend on the OS version
ok@ wiz
nvramtool is a utility for reading/writing coreboot parameters and
displaying information from the coreboot table in CMOS.
The program works only on x86-based systems that use coreboot.
Some urgent patches to 3.1.3.
Class validation parse bug fixed.
Global zone handling error for solaris fixed.
Package architectures handled correctly (bug #456).
Reading and writing of key name "root-.pub" eliminated (bug #442, #453).
cf-serverd crash because of race condition on SERVER_KEYSEEN fixed.
Lock purging to avoid remnant complexity explosion (bug #430).
Some copyright notices added that got lost.
3.1.3 (Stability release)
Major memory leaks in cf-monitord, cf-execd, cf-serverd fixed (bug #427).
The daemons now show no growth even with very complex policies.
cf-serverd crash due to race condition in DeleteScope() fixed (bug #406).
Added 30 second timeout on recv() on Linux.
package_noverify_returncode implemented (bug #256).
A flexible mechanism for setting classes based on return codes of
commands has been introduced. Allows for setting promise kept,
repaired or failed based on any return codes. This is currently
implemented for commands-promises, package-manager commands and
transformer in files. In classes body, see attributes
kept_returncodes, repaired_returncodes, failed_returncodes (bug
#248, #329).
New function ip2host - reverse DNS lookup (bug #146).
3.1.2 (Scalability/efficiency release)
Big efficiency improvements by caching output from
cf-promises. Can also be used for much more efficent policy
deployment (only pull if changed).
Caching state of ps command for greater efficiency. Reloaded for each bundle.
Index class lookup improves efficiency of class evaluation for huge configurations.
Fixed issue where certain promiser strings got corrupted.
Minor memory access issues fixed.
Iterator bug introduced in 3.1.0 fixed
3.1.1 (Bugfix release)
Memory leaks in server tracked down and fixed.
List expansion bug (one list items not executed) fixed.
Security issue introduced by change of runcommand shell policy fixed.
If users defined a runcommand for cf-runagent/cf-serverd communication,
possible to execute commands.
cf-key -s command for showing key hash/IP address identity pairs
3.1.0
Change in storage of public keys. Cfengine now hashes the public key and uses this
as the keyname. Keys will be converted automatically.
The old dynamic addresses lists are deprecated.
Caching of dns and key information for greater server speed.
Change in last-seen format reflects the public key usage.
New package policy addupdate - installs package if not there and
updates it otherwise.
Support for package_changes => "bulk" in file repository as well.
New special function readstringarrayidx, similar to readstringarray,
but uses integer indeces. Very useful if first row elements are
not good identifiers (e.g. contains spaces, non-unique, etc.).
Change two log formats to use time() instead of date()
- filechanges
- total compliance
Change from using md5 to sha256 as default digest for commercial version,
community retains md5 for compat.
Commands not returning 0 in commands-promises are flagged
as repair_failed.
Adjustable timeout on connect(). Defaults to 10 seconds, adjustable
with default_timeout in agent control.
Redesign of the knowledge map infrastructure.
Now possible to use variables to call methods, e.g
methods:
"name $(list)" usebundle => $(list)("abc");
See reference manual notes
Changes to normal ordering to optimize execution.
Increased stability by always initializing Attribute and Promise
structures.
When running cf-promises in dry-run mode (-n), the user does not need
to put binaries in WORKDIR/bin. For example, non-privileged users can verify root
policies.
Source control revision added in version string if run in verbose mode
(e.g. "cf-promises -vV"). This needs some refining, uses revision of a header now.
New semantics in return values of list functions. Null values are now allowed
and there is no iteration over empty lists. The value "cf_null" is reserved for
use as a null iterator.
3.0.5p1
Showing paths allowed/denied access to when cf-serverd is run in verbose mode.
Bug in server fixed for dynamic addresses.
File handle closure bugfix - too many open databases.
Seg fault in mount files fix.
Twin used in cf-execd without checking.
Check_root set wrong directory permissions at source not destination.
Error message degraded in body definition.
Undefined body not warned as error.
Various build enahncements.
Package_list_update called only once per manager, and fixed crash.
Version number bug in packages.
3.0.5
Encryption problems fixed - client key buffer was uninitialized.
Classes-promisers are now automatically canonified when class
strings are defined, to simplifying the use of variables in classes.
New scalars sys.cf_version and sys.nova_version that hold Cfengine version information.
Attribute package_delete_convention added, to allow customizable
package name in delete command during update.
package_list_update_ifelapsed limit added.
Private variable $(firstrepo) is available in package_name_convention
and package_delete_convention in order to expand the full path to
a package, which is required by some managers.
Some of the threading code is rewritten and made more robust. This includes
synchronizing access to the lastseen database from the server.
Bad initialization of BSD flags fixed
Multiple variable expansion issues in control fixed for server and agent
Allow ignore_missing_bundles to affect methods: bundles too
Run agent trust dialogue fixed
Bug in CPU monitoring, increasing time scale caused linear decay
of CPU measurement.
Bug in Setuid log storage, fix.
Hooks added for new Nova virtualization promises.
Multithreading mutex failed to collide during cfservd leading to dropped authentication under heavy load.
3.0.4
Class cancellation in promises to create better class feedback,
allows emulation of switch/case semantics etc
Value of SA measurement promises
Special function getenv() which returns the contents of an
environment variable (on all platforms).
New function translatepath for generic Windows
New function escape() to escape literals as regular expressions (like SQL)
New function host2ip for caching IP address lookup
New function regextract for setting variables with backreferences
New variables for the components $(sys.cf_agent), $(sys.cf_know) etc
pointing to the binaries.
More robust integrated database implementation; closing all
handles when receiving signals, self-healing on corruption.
Package installation on localhost without a manager like yum completed,
multiple repositories searched, and universal methods.
Numerous bugfixes
3.0.3
sha256 .. new hashes in openssl included in syntax tree.
End of line autocropping in readfile (hopefully intelligent)
hashmatch function incorrectly implemented -
old debugging code left behind. Fix.
sys.crontab variable
Unknown user is now interpretated as "same user",
so that we give cfengine a chance to fix
Unregistered addresses no longer report "(Non registered IP)",
but return as the address itself when doing reverse lookups.
(Sorry for the long commit message)
