nbase is a collection of NetBSD tools portable to Linux, MacOS-X and other
UNIX-like systems. Its version looks like x.y.z.n, where x is a NetBSD major
version, y -- NetBSD minor version, z -- NetBSD patch level, and n -- nbase
release number. For example, 7.0.0.4 means fourth release of nbase that
corresponds to NetBSD 7.0-RELEASE.
2017.7.4:
Pin tornado version in requirements file
Fix regression with identity file usage
Add 2017.7.4 Release Notes with PRs
use local config for vault when masterless
Features
- Password protected ssl keys
- Add OpenBSD module to system() source
- Add Ubuntu Trusty support to Docker build
Bugfixes
- Fix increased memory usage during saving disk-buffer
- Fix maximum record length limitations of disk-buffer
- Fix a memory leak in cfg-lexer
- Fix some issues found by pylint in python module
- Fix a crash due to a race condition in kv-parser()
- Fix a crash due to a race condition in file() destination
- Fix deprecated API usage in python module tests
- Fix a race condition in internal() source
- Fix a locale issue in merge-grammar python tool
- Fix compile problems with autotools when '--disable-all-modules'
used
- Fix a file descriptor leak in persist-state
- Fix a file descriptor leak in pseudofile()
- Fix memory/fd leaks in loggen tool
- Fix compile problems on Fedora, RHEL6, CentOS6 and SUSE based
platforms
- Fix a crash when large variety of keys added to messages
- Fix compile problems when PATH_MAX not defined
- Fix integer overflow problems in grammar
- Fix a memory leak in filter()
- Fix memory leak of persist-name() option
- Fix message corruption caused by a bug in the subst() rewrite rule
- Fix silently dropped messages in elasticsearch2() when sending in
bulk mode
- Fix broken disk-buffer() support in elasticsearch2()
- Fix Hy support in python module
- Fix an event scheduler related crash during reloading syslog-ng
- Fix a crash with SIGBUS when persist file cannot grow
Other changes
- Improve error reporting in "block" definitions in config
- Add warning message when disk-buffer() directory is changed in
configuration
- Syslog-ng debun improvements
- Refactor in rewrite() module init
- Missing child program (exit status 127) handling is changed in
program() destination:
- stopping destination instead of polling for the child program
- Refactor in filter() module
- Improve thread synchronization in mainloop and refactor
- Adapted json-c v0.13 API changes to json-parser
- Add filters as selectors in contextual data
A tool to monitor I/O latency in real time.
It shows disk latency in the same way as ping shows network latency.
Packaged for wip by miwarin, with fixes by rillig and myself.
0.34 2018-02-26T06:32:16Z
- run start_server even if no port (or path) is specified (thanks to Ichito Nagata) #49
- add `.` in @INC (thanks to Petr Písař) #47
==== Bugfixes
Affecting all Beats
- Add logging when monitoring cannot connect to Elasticsearch.
- Fix infinite loop when event unmarshal fails in Kubernetes
pod watcher.
Filebeat
- Fix a conversion issue for time related fields in the Logstash
module for the slowlog fileset.
## consul 1.0.6
- agent: Fixed a panic when using the Azure provider for retry-join.
- agent: Fixed a panic when querying Consul's DNS interface over TCP.
Upstream changes:
New in v0.7.17 (2018/02/26)
---------------------------
* Removed changes made in bug #1044715 Provide a file history feature
- Changes required too much memory to carry in the manifest
- The option --file-changed in collection-status is now invalid
- This will close bugs: #1730451, #896728, #1526557, #1550176
- Starting a full backup will be needed to fully utilize this fix
* Fix update of Launchpad Translations. Translations were not being picked
up on a daily basis and we got several months behind.
3.3.4:
Fixed a bug where rereading the configuration would not detect changes to eventlisteners.
Fixed a bug where the warning Supervisord is running as root and it is searching for its config file may have been incorrectly shown by supervisorctl if its executable name was changed.
Fixed a bug in the web interface where redirect URLs did not have a slash between the host and query string, which caused issues when proxying with Nginx.
When supervisord successfully drops privileges during startup, it is now logged at the INFO level instead of CRIT.
The HTTP server now returns a Content-Type header specifying UTF-8 encoding. This may fix display issues in some browsers.
Version 1.5.0 -- 2018/02/16
---------------------------
* More specific error when failing to create XDG fallback trash directory (#20)
* Windows: Workaround for long paths (#23)
Version 8.33.0 [v8-stable] 2018-02-20
- auto-detect if running inside a container (as pid 1)
- config: add include() script object
- template: add option to generate json "container"
- core/template: add format jsonf to constant template entries
- config: add ability to disable config parameter ("config.enable")
- script: permit to use environment variables during configuration
- new global config parameter "shutdown.enable.ctl-c"
- config optimizer: detect totally empty "if" statements and optimize
them out
- template: constant entry can now also be formatted as json field
- omstdout: support for new-style configuration parameters added
- core: set TZ on startup if not already set
- imjournal bugfix: file handle leak during journal rotation
- lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
- script bugfix: replace() function worked incorrectly in some cases
- build system bugfix: --disable-libcurl did not work
- fixed build issues on Alpine Linux
- core bugfix: misadressing in external command parser
- core bugfix: small memory leak in external command parser
- core bugfix: string not properly terminated when RFC5424 MSGID is used
- bugfix: strndup() compatibility layer func copies too much
struct SSL is opaque in openssl-1.1; and the SSL_free() man page
says that one should not free members of it manually (in both
the openssl-1.0 and openssl-1.1 man pages).
Regen two other patches (NFC for these).
Bump PKGREVISION.
lang/go/go-package.mk install several files that are not needed for packages
that just install a program. Define `do-install' target to avoid that.
While here also install fzf-tmux in bin/, man pages under ${PKGMANDIR}
accordingly and shell completions/bindings and vim plugin under
share/fzf. Update MESSAGE to reflect this change.
PKGREVISION++
Discussed with <maya>.
dbus-glib 0.110 (2018-01-29)
============================
The “sphere tank” release.
Dependencies:
• GLib 2.40 is required
Enhancements:
• The GLib main-loop glue, "dbus-gmain", is now available as a separate
subproject (the dbus-gmain branch in dbus-glib's git repository) for
embedding in larger projects like dbus-glib and dbus-python via the
`git subtree` or `git submodule` commands. This removes dbus-python's
dependency on the rest of dbus-glib.
Fixes:
• autogen.sh can now detect gtk-doc >= 1.26.
• More files have per-file copyright information.
D-Bus Python Bindings 1.2.6 (2018-01-29)
========================================
The “doppler radar” release.
Dependencies:
• When using Python 2, version 2.7 is now required. Python 2.6 security
support ended in 2013.
• When using Python 3, version 3.4 or later is now required.
Python 3.2 security support ended in 2016, and Python 3.3 security
support ended in 2017.
• Most unit tests now require the tap.py module from PyPI.
• The deprecated dbus-glib library is no longer required. A bundled copy
of its main loop integration code is included instead.
• GLib version 2.40 or later is required.
• libdbus version 1.8 or later is required.
Enhancements:
• AX_PYTHON_DEVEL is now used to find the CPPFLAGS, LDFLAGS and libraries
needed to link test-import-repeatedly to libpython, which should reduce
the number of wheels reinvented here.
• Remove workarounds for Python 2.6 limitations
• All unit tests now produce structured output (TAP)
Fixes:
• Fix a NULL dereference in constructing a Server if the underlying C
function fails
• Silence compiler warnings triggered by the Python headers under gcc 7
• Avoid __gtype__ appearing in documentation, for reproducible builds
• Rename _dbus_bindings/ and _dbus_glib_bindings/ source directories to
dbus_bindings/ and dbus_glib_bindings/ to avoid an ImportWarning
appearing in the API documentation, which made the documentation build
non-reproducible
dbus 1.12.4 (2018-02-08)
========================
The “Stria Campania 115” release.
Fixes:
• When iterating the DBusConnection while blocking on a pending call,
don't wait for I/O if that pending call already has a result; and make
sure that whether it has a result is propagated in a thread-safe way.
This prevents certain multi-threaded calling patterns from blocking
until their timeout even when they should have succeeded sooner.
(fd.o #102839; Manish Narang, Michael Searle)
• Report the correct error if OOM is reached while trying to listen
on a TCP socket (fd.o #89104, Simon McVittie)
• Fix assertion failures in recovery from OOM while setting up a
DBusServer (fd.o #89104, Simon McVittie)
• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
(fd.o #104265, Benedikt Heine)
• On Linux systems with systemd < 237, if ${localstatedir}/dbus doesn't
exist, create it before trying to create ${localstatedir}/dbus/machine-id
(fd.o #104577, Chris Lesiak)
• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
This switch is meant to be used by packages requiring an implementation of the
former libusb (as in devel/libusb). The original implementation can be
chosen by setting LIBUSB_TYPE to "native".
The alternative implementation libusb-compat (as in devel/libusb-compat) wraps
libusb1 (in devel/libusb1). This implementation can be chosen by setting
LIBUSB_TYPE to "compat". On NetBSD, it has the advantage of not requiring root
privileges to locate and use USB devices without a kernel driver.
This second part switches packages using libusb to this framework. It does not
change compilation options or dependencies at this point.
Compile-tested on most packages affected and available on NetBSD/amd64.
SECURITY:
- dns: Updated DNS vendor library to pick up bug fix in the DNS server
where an open idle connection blocks the accept loop.
FEATURES:
- agent: Added support for gRPC health checks that probe the standard
gRPC health endpoint.
IMPROVEMENTS:
- agent: (Consul Enterprise) The `disable_update_check` option to
disable Checkpoint now defaults to `true`
- build: Bumped Go version to 1.9.3.
BUG FIXES:
- agent: (Consul Enterprise) Fixed an issue where the snapshot agent's
HTTP client config was being ignored in favor of the HTTP
command-line flags.
- agent: Fixed an issue where health checks added to services with
tags would cause extra periodic writes to the Consul servers, even
if nothing had changed.
- agent: Fixed several areas where reading from catalog, health, or
agent HTTP endpoints could make unintended mofidications to Consul's
state in a way that would cause unnecessary anti-entropy syncs back
to the Consul servers.
- agent: Fixed an issue where Serf events for failed Consul servers
weren't being proactively processed by the RPC router.
- audacity: GCC 6 wants std namespace, found via <cmath>.
- smpeg2: don't initialise unsigned with "0-1".
- libclucene/strigi: match GCC 6 (and 7, and 8, and 9.)
==== Breaking changes
Affecting all Beats
- The log format may differ due to logging library changes.
- The default value for pipelining is reduced to 2 to avoid high
memory in the Logstash beats input.
Auditbeat
- Split the audit.kernel and audit.file metricsets into their own
modules
named auditd and file_integrity, respectively. This change requires
existing users to update their config.
- Renamed file_integrity module fields.
- Renamed auditd module fields.
Metricbeat
- Rename `golang.heap.system.optained` field to
`golang.heap.system.obtained`.
- De dot keys in jolokia/jmx metricset to prevent collisions.
==== Bugfixes
Auditbeat
- Fixed an issue where the proctitle value was being truncated.
- Fixed an issue where values were incorrectly interpretted as hex
data.
- Fixed parsing of the `key` value when multiple keys are present.
- Fix possible resource leak if file_integrity module is used with
config
reloading on Windows or Linux.
Filebeat
- Fix variable name for `convert_timezone` in the system module.
Metricbeat
- Fix error `datastore '*' not found` in Vsphere module.
- Fix error `NotAuthenticated` in Vsphere module.
- Fix mongodb session consistency mode to allow command execution on
secondary nodes.
- Fix kubernetes `state_pod` `status.phase` so that the active phase
is returned instead of `unknown`.
- Fix error collecting network_names in Vsphere module.
- Fix process cgroup memory metrics for memsw, kmem, and kmem_tcp.
- Fix kafka OffsetFetch request missing topic and partition
parameters.
Packetbeat
- Fix mysql SQL parser to trim `\r` from Windows Server
`SELECT\r\n\t1`.
==== Added
Affecting all Beats
- Adding a local keystore to allow user to obfuscate password
- Add autodiscover for kubernetes.
- Add Beats metrics reporting to Xpack.
- Update the command line library cobra and add support for zsh
completion
- Update to Golang 1.9.2
- Moved `ip_port` indexer for `add_kubernetes_metadata` to all beats.
- `ip_port` indexer now index both IP and IP:port pairs.
- Add the ability to write structured logs.
- Use structured logging for the metrics that are periodically logged
via the
`logging.metrics` feature.
- Improve Elasticsearch output metrics to count number of dropped and
duplicate (if event ID is given) events.
- Add the abilility for the add_docker_metadata process to enrich
based on process ID.
- The `add_docker_metadata` and `add_kubernetes_metadata` processors
are now GA, instead of Beta.
- Update go-ucfg library to support top level key reference and cyclic
key reference for the
keystore
Auditbeat
- Auditbeat is marked as GA, no longer Beta.
- Add support for BLAKE2b hash algorithms to the file integrity
module.
- Add support for recursive file watches.
Filebeat
- Add Osquery module.
- Add stream filtering when using `docker` prospector.
Metricbeat
- Add ceph osd_df to metricbeat
- Add field network_names of hosts and virtual machines.
- Add experimental system/raid metricset.
- Add a dashboard for the Nginx module.
- Add experimental mongodb/collstats metricset.
- Update the MySQL dashboard to use the Time Series Visual Builder.
- Add experimental uwsgi module.
- Docker and Kubernetes modules are now GA, instead of Beta.
- Support haproxy stats gathering using http (additionaly to tcp
socket).
- Support to optionally 'de dot' keys in http/json metricset to
prevent collisions.
Packetbeat
- Configure good defaults for `add_kubernetes_metadata`.
- agent: Fixed several areas where reading from catalog, health, or
agent HTTP endpoints could make unintended mofidications to Consul's
state in a way that would cause unnecessary anti-entropy syncs back to
the Consul servers
18.1.0:
Deprecations:
- The meaning of the structlog[dev] installation target will change from "colorful output" to "dependencies to develop structlog" in 19.1.0.
The main reason behind this decision is that it's impossible to have a structlog in your normal dependencies and additionally a structlog[dev] for developement (pip will report an error).
Changes:
- Empty strings are valid events now.
- Do not encapsulate Twisted failures twice with newer versions of Twisted.
- structlog.dev.ConsoleRenderer now accepts a *force_colors* argument to output colored logs even if the destination is not a tty.
Use this option if your logs are stored in files that are intended to be streamed to the console.
- structlog.dev.ConsoleRenderer now accepts a *level_styles* argument for overriding the colors for individual levels, as well as to add new levels.
- structlog.stdlib.BoundLogger.exception() now uses the exc_info argument if it has been passed instead of setting it unconditionally to True.
- Default configuration now uses plain dict\ s on Python 3.6+ and PyPy since they are ordered by default.
- Added structlog.is_configured() to check whether or not structlog has been configured.
- Added structlog.get_config() to introspect current configuration.
SECURITY:
- ui: Patched handlebars JS to escape `=` to prevent potential XSS
issues.
BREAKING CHANGES:
- agent: Updated Consul's HTTP server to ban all URLs containing
non-printable characters (a bad request status will be returned for
these cases). This affects some user-facing areas like key/value entry
key names which are carried in URLs.
FEATURES:
- agent: Added retry-join support for Azure Virtual Machine Scale
Sets.
IMPROVEMENTS:
- agent: Added agent-side telemetry around Catalog APIs to provide
insight on Consul's operation from the user's perspecive.
- agent: Added the `NodeID` field back to the /v1/agent/self
endpoint's `Config` block.
- api: Added missing `CheckID` and `Name` fields to API client's
`AgentServiceCheck` structure so that IDs and names can be set when
registering checks with services.
BUG FIXES:
- agent: Fixed an issue where config file symlinks were not being
interpreted correctly.
- agent: Ignore malformed leftover service/check files and warn about
them instead of refusing to start.
- agent: Enforce a valid port for the Serf WAN since it can't be
disabled.
- agent: Stopped looging messages about zero RTTs when updating
network coordinates since they are not harmful to the algorithm.
Since we are still trying to find the root cause of these zero
measurements, we added new metrics counters so these are still
observable.
- server: Fixed a crash when POST-ing an empty body to the /v1/query
endpoint.
- server: (Consul Enterprise) Fixed an issue where unhealthy servers
were not replaced in a redundancy zone by autopilot (servers
previously needed to be removed in order for a replacement to occur).
- ui: Added a URI escape around key/value keys so that it's not
possible to create unexpected partial key names when entering
characters like `?` inside a key.
