| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bump version.
|
|
Tell clang to deal with the broken NEON instruction generator,
GCC likes to generate extremely nested parentheses.
|
|
|
|
|
|
external one. Restore patch to unbreak build with cwrappers. Bump
revision.
|
|
|
|
here.
|
|
|
|
changes in sbcl-1.3.1 relative to sbcl-1.3.0:
* enhancement: SB-THREAD support for ARM64.
* enhancement: compiling an out-of-line DEFSTRUCT constructor call
will warn if a defaulted value is incompatible with its slot type.
* enhancement: a local INLINE declaration on a structure constructor
will work as intended, subject to any other factors that inhibit
inlining, even if the DEFSTRUCT was not itself within a global
INLINE proclamation for the named constructor
* enhancement: SB-EXT:DYNAMIC-SPACE-SIZE is now defined for cheneygc.
* enhancement: x86[-64] platforms support SB-EXT:CAS on structure slots
of type SB-EXT:WORD
* enhancement: the interleaved structure slot optimization from
release 1.2.6 has been ported to 32-bit x86, Sparc, PowerPC, ARM64.
* enhancement: SB-THREAD:JOIN-THREAD signals a proper error when an attempt
is made to join the current thread
* bug fix: NTH-VALUE does not cause stack overflow. (lp#1511419)
* bug fix: structure constructor type checking is better. (lp#1508735)
* bug fix: supplied-p variables for unused optional or keyword variables no
longer confuse SB-DI:PARSE-COMPILED-DEBUG-FUN-LAMBDA-LIST (and thus the
backtrace machinery) (lp#1498644)
* bug fix: Backtrace correctly handles undefined-function frames on MIPS.
* bug fix: WITH-FLOAT-TRAPS-MASKED correctly clears accrued traps on MIPS
(fixes issues with floating-point type derivation in the compiler).
* bug fix: FLOAT-NAN-P and FLOAT-TRAPPING-NAN-P now work correctly on MIPS
and HPPA.
* bug fix: MIPS context register access now masks to 32 bits (fixing issues
parsing negative-fixnum values for internal-error arguments and escaped
debug variables on 64-bit CPUs).
* bug fix: (SETF SAP-REF-DOUBLE) with constant offset on big-endian MIPS
now works correctly.
* bug fix: Callback parameter (argument) handling on MIPS is now vastly
more correct.
* bug fix: %DECREMENT-SEMAPHORE adjusts the remaining timeout after a
spurious wakeup
|
|
Based on changes from Matthew Mondor as forwarded by Kamil Rytarowski.
Changes since 15.3.7:
API changes
- There is no UFFI nickname for FFI package - we piggyback on
cffi-uffi-compat for UFFI dependent systems (our UFFI wasn't version 2.0
compatible and there were problems with ADSF dependencies on UFFI - it
wasn't a system)
- CLOS has the new nickname "MOP"
- The new ext:run-program :error argument can automatically create a
separate stream if provided with the :stream keyword.
The external-process structure also has a new field to hold that stream.
- ext:run-program accepts new arguments - :if-input-does-not-exist,
:if-error-exists and :external-format
- ext:system no longer binds *standard-input* and *standard-output* and
now ignores input and output (use ext:run-program for more control)
- methods can be specialized on both single-float and double-float
(built-in classes were added for them)
- LET/FLET/LABELS will signal error if parameter of the same name will
appear multiple times
- lambda lists with repeated required parameter name are considered invalid
- deprecated configure options "--with-system-boehm=x" and
"--enable-slow-config" removed
Enhancements:
- Verification if manual is up-to-date, providing corrections for
outdated parts
- Documentation is now included in the main repository under the
toplevel directory `doc'
- Update libffi to version 3.2.1
- Update asdf to version 3.1.5.4
- Update Boehm-Demers-Weiser garbage collector to version 7.4.2
- Pathname string-parts internal representation is now character,
not base-char
- Dead code removal, tabulators were replaced by spaces
- Better quality of generated code (explicit casting when necessary)
Issues fixed:
- Various fixes of bogus declarations
- Remove deprecated GC calls
- ROTATEF, SHIFTF, PSETF reworked to conform to the ANSI standard.
Places were handled improperly in regard of multiple values.
- Improved unicode support in character handling
- Format handles floats and exponentials correctly (major format rework)
- Stack limits refinements and cleanup, inconsistency and bug fixes
- Duplicate large block deallocation with GMP 6.0.0a fixed
- ECL builds on OpenBSD with threads enabled
- Closures put in mapcar work as expected in both compiled and
interpreted code
- Improved readtable-case handling (:invert and character literals now
conform)
- Library initialization functions have unique names - no risk of
clashing symbol names in object files
- Format float bug fixed, when width and fdigits were not set, but k was
- `logical-pathname-translations' now throws an error if logical
pathname wasn't defined yet, to conform with ANSI (it used to return NIL)
- Wildcards in logical pathname translations are replaced correctly
- Regression testing framework and unit tests cleanup
- deftype ANSI conformity fix (deftype accepts macro labda-lists)
- ECL built with MSVC doesn't crash when Control-C is pressed
- Other minor tweaks
Changes in 15.3.7 since 15.2.21:
Issues fixed:
- DEFUN functions not defined as toplevel forms were also directly
referenced by other code in the same file.
- STABLE-SORT works as desired (bogus optimization for strings fixed).
- broken --with-sse=yes configure flag works once again.
Enhancements:
- autoconf scripts are rewritten to support version 2.69 stack.
- stack direction is now correctly determined, fixing gcc 5.x builds.
- compilation of ECL under MSVC (2008/2010/2012) even with custom
code pages.
- In compiled code it is possible to declare variables to have a C
type such as in (declare (:double a)) and then the variable is
enforced to be unboxed to such type.
- New form FFI:C-PROGN used to interleave C statements with lisp
code, where the lisp code may refer to any number of variables.
Example:
(lambda (i)
(let* ((limit i)
(iterator 0))
(declare (:int limit iterator))
(ffi:c-progn (limit iterator)
"for (#1 = 0; #1 < #0; #1++) {"
(print iterator)
"}")))
Changes in 15.2.21 since 13.5.1:
- Features coverity scan model, ffi-unload-module implementation,
probably more.
- Build system enhancements, parallel builds, fixes, simplifications,
cleanups, maintenance. minor cleanup, maintenance.
- Numerous fixes.
|
|
Version 1.3.3
=============
Enhancements
------------
* [r14802,r14813] Add character name for non-breaking space
Use a human readable name for character 160, #\No-break_space,
following sbcl, ccl and clisp. This permits the Quicklisp system
spinneret to load. The #\No-break_space name is a valid
CHAR-NAME/NAME-CHAR pair, but is not emitted as a glyph under the
current output encoding under the CL:FORMAT "~:c" directive as
these implementations do by default.
Thanks to Javier Olaechea.
Fixes
-----
* [r14808] CL:FILE-WRITE-DATE fixed for logical pathnames
* ANSI-TEST
** Update references to new git repository at
<git+https://gitlab.common-lisp.net/ansi-test/ansi-test.git>
** ABCL now runs the git master consolidated ANSI-TEST suite which
features subdirectories and distinquished value for
*DEFAULT-PATHNAME-DEFAULTS*.
** ABCL.TEST.ANSI:CLEAN-TESTS now acts recursively via appropiate
Pathname wildcards to match new directory structure.
* ASDF
Fix COMPILE-SYSTEM to offer full ANSI environment for ASDF and
ABCL-CONTRIB.
* ABCL-ASDF
** Use of Maven has been robustified.
*** [r14803] Fix usage with all known versions through maven-3.3.3
Addresses <http://abcl.org/trac/ticket/390>.
*** [r14806] Fix usage with specifying local Maven repository
** More complete attempt at re-initialization via
(ABCL-ASDF:INIT :force t)
Version 1.3.2
=============
Unreleased.
Enhancements
------------
* Make result of DEFINE-MODIFY-MACRO available at compilation time
[r14727]
Fixes
-----
* Fix failed AVER [#289] [r14763]
* Fix incorrect dead code elimination
Additionally, don't recurse into flet/labels upon elimination of a
single labels function; simply continue by changing the applicable
set. Reported by Vibhu Mohindra. [r14754][r14756]
* Numeric tower repairs on promoting floats across representation
boundaries [r14749-50] (Massimiliano Ghilardi).
* Return SIMPLE-ERROR for invalid external-format arguments.[r14735]
* Lisp stack frame representation now formatted as unreadable. [r14738-9]
Contrib
-------
* JSS
** Fix GET-JAVA-FIELD and SET-JAVA-FIELD [r14718]
** no longer error on NO-SUCH-JAVA-FIELD, by setting fields as
accessible where necessary [r14715] [r14725]
* ABCL-ASDF
** Update to current Maven support (keep up with changing APIs through
the Maven 3.2.3-3.2.5 hysteresis) [r14742-7] (Cyrus Hamon).
** Special-case JNA artifacts with alternate network location [r14733]
** Further work on ABCL-ASDF:RESOLVE [r14732] (Cyrus Hamon)
** Find Maven under FreeBSD ports [r14723], under OS X Homebrew [r14776]
* ABCL-JAR
** Fix ASDF-JAR:PACKAGE [#376] [r14717][r14720][r14736] (Eduardo Bellani)
* ASDF
** Updated to version 3.1.4.
|
|
|
|
2.0123 2015-12-06
- Get rid of an undef-warning in XML::LibXML::Reader .
- https://rt.cpan.org/Ticket/Display.html?id=106830
- Thanks to Rich for the report and testcase.
- Apply patch from Debian for rewording the documentation.
- https://rt.cpan.org/Ticket/Display.html?id=110116
- Some extra rewording has been done by SHLOMIF.
- Thanks to Gregor Herrman and the Debian Team
|
|
|
|
**** 1.04 December 8, 2015
Fix rt.cpan.org #109183
Semantics of "retry" and "retrans" options has changed with 1.03
Fix rt.cpan.org #109152
Deprecated method make_query_packet breaks calling code
Fix rt.cpan.org #109135
Resolver behaves differently with long and short IPv6 address format
Fix rt.cpan.org #108745
Net::DNS::Resolver bgsend
|
|
|
|
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
Adobe Security Bulletin
Security updates available for Adobe Flash Player
Release date: December 8, 2015
Last updated: December 8, 2015
Vulnerability identifier: APSB15-32
CVE number: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049,
CVE-2015-8050, CVE-2015-8418, CVE-2015-8454, CVE-2015-8455, CVE-2015-8055,
CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060,
CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065,
CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070,
CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404,
CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409,
CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414,
CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420,
CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425,
CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430,
CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435,
CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440,
CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445,
CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450,
CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
Platform: All Platforms
|
|
syncthing upstream regularly breaks protocol compatibility. Define
that we will update when f-droid does and that testing against android
is required for major updates, in an attempt to avoid imposing pain on
users and also avoid having to have many versions. Take maintainership.
More or less discussed with tnn@ and jnemeth@.
|
|
|
|
Non-Windows CVE mentioned below was already fixed in pkgsrc.
Changes:
Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.
* CVE-2015-8359: DLL Preloading vulnerability on Windows
The version of Qt bundled with KeePassX 0.4.3 is vulnerable to
a DDL preloading attack. This vulnerability only affects
KeePassX on Windows. If successfully exploited, arbitrary code
can be executed in the context of KeePassX. KeePassX 0.4.4
ships with Qt 4.8.7 and employs additional hardening measures.
Thanks to Trenton Ivey from SecureWorks for reporting this
vulnerability to us.
* CVE-2015-8378: Canceling XML export function creates export as ".xml"Ć¢file
When canceling the "Export to > KeePassX XML file" function
the cleartext passwords were still exported. In this case the
password database was exported as the file ".xml" in the current
working directory (often $HOME or the directory of the database).
Originally reported as Debian bug #791858
KeePassX 0.4.4 fixes both vulnerabilities.
|
|
|
|
Upstream changes:
1.0039 2015-12-06 03:27:59 PST
[BUG FIXES]
- Revert the change to use the faster header builder because it breaks the legit
Plack::Response constructor that sets HTTP::Header object directly (#541)
1.0038 2015-11-25 12:36:29 PST
[IMPROVEMENTS]
- Added MIME type for apk files #514 (allanwhiteford)
- Allow passing custom formatters to Plack::Middleware::AccessLog #515 (frew)
- Allow '0' be a valid category for log4perl middleware #523
- Doc fix for Plack::Runner #528 (polettix)
- Doc improvements for -R/-M command line #529 (mickeyn)
- Bind test server explicitly on 127.0.0.1, not 0.0.0.0
- Support single-process manager in FCGI #535 (ianburrell)
- Optimize Plack::Response header builder #540 (kazeburo)
|
|
|
|
Upstream changes:
0.11 2015-07-04 NEILB
- Added [MetaJSON] to dist.ini, so release will include META.json.
RT#105632 from ETHER++
|
|
|
|
Upstream changes:
6.36 2015-12-08
- Improved Mojo::JSON performance slightly. (haarg)
- Improved inactivity_timeout helper to return the current controller object.
6.35 2015-12-04
- Removed deprecated collecting method from Mojo::UserAgent::CookieJar.
- Fixed warnings in Mojo::Cookie::Response.
|
|
Thank you, joerg@.
|
|
|
|
|
|
build:
- Add support for Intel's VTune JIT profiling when compiled with
--enable-vtune-profiling.
- Properly enable V8 snapshots by default. Due to a configuration
error, snapshots have been kept off by default when the intention
is for the feature to be enabled.
crypto:
- Simplify use of ECDH (Elliptic Curve Diffie-Hellman) objects
(created via crypto.createECDH(curve_name)) with private keys
that are not dynamically generated via generateKeys(). The
public key is now computed when explicitly setting a private
key. Added validity checks to reduce the possibility of
computing weak or invalid shared secrets. Also, deprecated
the setPublicKey() method for ECDH objects as its usage is
unnecessary and can lead to inconsistent state.
- Update root certificates from the current list stored
maintained by Mozilla NSS.
- Multiple CA certificates can now be passed with the ca option
to TLS methods as an array of strings or in a single new-line
separated string.
tools:
- Include a tick processor in core, exposed via the
--prof-process command-line argument which can be used to
process V8 profiling output files generated when using the
--prof command-line argument.
|
|
|
|
From Matthias Ferdinand.
|
|
Changes:
- Fix bokken startup script.
- Add runtime dependency on py-Pillow
It would be probably better to link bin/bokken share/bokken/bokken.py
The intermediate script tries to detect (wrongly in pkgsrc) the Python
executable and it needs adapting anyway.
|
|
|
|
|
|
2015.12.05 - GNU nano 2.5.0 "Karma", the first release of the 2.5 series,
is now available. Please note that as of this release,
there will no longer be separate stable and unstable
branches. The development team will prioritize bug fixes
as needed, and make new releases in proportion to the
severity of the bugs which are fixed.
This release includes all of the fixes now in
2.4.3, as well as color syntax highlighting improvements,
undo fixes, and many more improvements! Thank you for
using nano!
|
|
|
|
|
|
Changes:
release 2015.07.2
Bonus release! This release contains fixes for CMake configuration bugs that
affected installation of 2015.07.1 on some platforms.
release 2015.07.1
To upgrade to this release, you must update libhackrf and hackrf-tools on your
host computer. You must also update firmware on your HackRF. It is important
to update both the host code and firmware for this release to work properly.
If you only update one or the other, you may experience unpredictable
behaviour.
Major changes in this release include:
Multiple HackRF support. Users with more than one HackRF can target a
specific device from software using the device serial number. The serial
number is easy to find with hackrf_info. Thanks, Hessu!
Linux kernel module detaching. A work-around to avoid the unofficial HackRF
kernel module in recent kernel versions that has been causing problems for
many users.
Updating the CPLD is now possible from Windows. There is no CPLD update with
this release, but Windows users should now be able to update.
Support for rad1o hardware, the badge of CCCamp 2015 based on HackRF One.
This package contains host software supporting rad1o; for firmware and other
resources, refer to: https://rad1o.badge.events.ccc.de/
There have been many more enhancements and bug fixes, for a full list of
changes, see the git log.
|
|
|
|
|
|
It doesn't make sense to let the user configure the XAW_TYPE when only
one specific setting (XAW_TYPE=3d) works at all.
Thanks, joerg
|
|
|
|
Automake improvements
Misc documentation fixes
Misc updates to startup scripts
lru_crawler enable blocks until ready (test failure)
Record and report on time spent in listen_disabled (time_in_listen_disabled_us)
Update manpage for -I command. Make it more clear
Fix display of settings.hot_lru_pct in stats settings
No longer edits the output of ps while processing arguments
No longer crashes when failing to give arguments to some start args
Fix memcached unable to bind to an ipv6 address
No longer attempts bind to same interface more than once
fixed libevent version check: add the missing 1.0.x version check
fix off-by-one in LRU crawler, causing rare segfault
remove another invalid assert(), fixes clang and pedantic compilation
|
|
|
|
|
|
Patch based largely on a pull request by bahamat@:
https://github.com/joyent/pkgsrc/pull/307
3.7.2:
Bug fixes:
- readfile() and read*list() should print an error if they fail to read file.
(Redmine #7702)
- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
message on AIX.
- If there is an error saving a mustache template file
it is now logged with log-level error (was inform).
- Change: Clarify bootstrap/failsafe reports
- Fixed several bugs which prevented CFEngine from loading
libraries from the correct location. This affected several platforms.
(Redmine #6708)
- If file_select.file_types is set to symlink and there
are regular files in the scanned directory, CFEngine no longer
produces an unneccessary error message. (Redmine #6996)
- Fix: Solaris packages no longer contain duplicate library
files, but instead symlinks to them. (Redmine #7591)
- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
multiple -D, -N and -s arguments (Redmine #7191)
- Fix "@endif" keyword sometimes being improperly processed
by policy parser. (Redmine #7413)
- It is possible to edit the same value in multiple regions
of one file. (Redmine #7460)
- Fix select_class not setting class when used in common bundle with slist.
(Redmine #7482)
- Fix broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly
into files. (Redmine #6027)
- Include latest security updates for 3.7.
- Reduce malloc() thread contention on heavily loaded
cf-serverd, by not exiting early in the logging function, if no message
is to be printed. (Redmine #7624)
- Improve cf-serverd's lock contention because of getpwnam()
call. (Redmine #7643)
- action_policy "warn" now correctly produces warnings instead
of various other verbosity levels. (Redmine #7274)
- Change: Improve efficiency and debug reports (Redmine #7527)
- Change package modules permissions on hub package so that
hub can execute package promises. (Redmine #7602)
- No longer hang when changing permissions/ownership on fifos
(Redmine #7030)
- Fix exporting CSV reports through HTTPS. (Redmine #7267)
- failsafe.cf will be created when needed. (Redmine #7634)
- Mustache templates: Fix key when value is not a
primitive. The old behavior, when iterating across a map or array of
maps, was to abort if the key was requested with . The new
behavior is to always replace with either the key name or the
iteration position in the array. An error is printed if is used
outside of a Mustache iteration section.
- Legacy package promise: Result classes are now defined if
the package being promised is already up to date. (Redmine #7399)
- TTY detection should be more reliable. (Redmine #7606)
Masterfiles:
- Add: Path to svcprop in stdlib
- Add: New `results` classes body [] (Redmine #7418, #7481)
- Remove: Support for email settings from augments_file (Redmine #7682)
3.7.1:
Bug fixes:
- Fix daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
- Fix upgrade causing error message under systemd because of open ports.
- Fix build with musl libc. (Redmine #7455)
- Long promiser strings with multiple lines are now
abbreviated in logs. (Redmine #3964)
- Fixed a bug which could cause daemons to not to be killed
correctly when upgrading or manually running "service cfengine3 stop".
(Redmine #7193)
- Package promise: Fix inability to install certain packages
with numbers.
- Fix package promise not removing dependant packages. (Redmine #7424)
- Fix warning "Failed to parse csv file entry" with certain very long
commands promises. (Redmine #7400)
- Fix misaligned help output in cf-hub. (Redmine #7273)
- Augmenting inputs from the augments_file (Redmine #7420)
- Add support for failover to 3rd HA node located outside cluster.
- Upgrade all dependencies for patch release.
- Fix a bug which caused daemons not to be restarted on
upgrade. (Redmine #7528)
3.7.0:
New features:
- New package promise implementation.
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
* feature_yaml
* feature_xml
For the official CFEngine packages, these are always enabled, but
packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" argument, which
will cause it to return true ("any") if the calculated result is
non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
attributes.
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
alias.
- Ability to expand JSON variables directory in Mustache templates:
Prefix the name with '%' for multiline expansion, '$' for compact
expansion.
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
improvements from versions that don't understand them.
- compile time option (--with-statedir) to
override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
simplify the bootstrap process for clients that have different
sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
it defaults to the promiser string (canonified) with "service_" as a
prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
connections ("bwlimit" attribute in "body common control") . To
enforce it in both directions, make sure the attribute is set on both
sides of the connection.
- Secure bootstrap has been facilitated by use of
"cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
- body common control: tls_min_version
- body server control: allowtlsversion
- body common control: tls_ciphers
- body server control: allowciphers (preexisting)
Changes:
- Improved output format, less verbose, and messages are grouped.
- cf-execd: agent_expireafter default was changed to 120 minutes
(Redmine #7113)
- All embedded databases are now rooted in the state/ directory.
- TLS used as default for all outgoing connections.
- process promise now reports kept status instead of repaired if a
signal is not sent, even if the restart_class is set. The old
behavior was to set the repaired status whenever the process was not
running. (Redmine#7216).
- Bootstrapping requires keys to be generated in advance using cf-key.
- Disable class set on reverse lookup of interfaces IP addresses.
(Redmine #3993, Redmine #6870)
- Define a hard class with just the OS major version on FreeBSD.
- Abort cf-agent if OpenSSL's random number generator can't
be seeded securely.
- Masterfiles source tarball now installs using the usual commands
"./configure; make install".
- Updated Emacs syntax highlighting template to support the latest
syntax enhancements in 3.7.
Deprecations:
- Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
not acceptable any more. (Redmine #6978)
- 3.4 is no longer supported in masterfiles.
Bug fixes:
- Fix server common bundles evaluation order (Redmine#7211).
- Limit LMDB disk usage by preserving sparse areas in LMDB files
(Redmine#7242).
- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
- Fixed insert_lines failing to converge if preserve_block was used.
(Redmine #7094)
- Fixed init script failing to stop/restart daemons on openvz/lxc
hosts. (Redmine #3394)
- rm_rf_depth now deletes base directory as advertised. (Redmine #7009)
- Refactored cf-agent's connection cache to properly differentiate
hosts using all needed attributes like host and port.
(Redmine #4646)
- Refactored lastseen database handling to avoid inconsistencies.
(Redmine #6660)
- cf-key --trust-key now supports new syntax to also update the
lastseen database, so that clients using old protocol will trust
the server correctly.
- Fixed a bug which sometimes caused an agent or daemon to kill or stop
itself. (Redmine #7075, #7244)
- Fixed a bug which made it difficult to kill CFEngine daemons,
particularly cf-execd. (Redmine #6659, #7193)
- Fixed a bug causing systemd not to be detected correctly on Debian.
(Redmine #7297)
- "cf-promises -T" will now correctly report the checked out commit,
even if you haven't checked out a Git branch. (Redmine #7332)
- Reduce verbosity of harmless errors related to socket timeouts and
missing thermal zone files. (Redmine #6486 and #7238)
- Fix process_result logic to match the purpose of body process_select
days_older_than (Redmine #3009)
Masterfiles:
Added:
- Support for user specified overring of framework defaults without
modifying policy supplied by the framework itself (see
example_def.json)
- Support for def.json class augmentation in update policy
- Run vacuum operation on postgresql every night as a part of
maintenance.
- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
- New negative class guard `cfengine_internal_disable_agent_email` so
that agent email can be easily disabled by augmenting def.json
Changed:
- Relocate def.cf to controls/VER/
- Relocate update_def to controls/VER
- Relocate all controls to controls/VER
- Only load cf_hub and reports.cf on CFEngine Enterprise installs
- Relocate acls related to report collection from bundle server
access_rules to controls/VER/reports.cf into bundle server
report_access_rules
- Re-organize cfe_internal splitting core from enterprise specific
policies and loading the appropriate inputs only when necessary
- Moved update directory into cfe_internal as it is not generally
intended to be modified
- services/autorun.cf moved to lib/VER/ as it is not generally intended
to be modified
- To improve predictibility autorun bundles are activated in
lexicographical order
- Relocate services/file_change.cf to cfe_internal/enterprise. This
policy is most useful for a good OOTB experience with CFEngine
Enterprise Mission Portal.
- Relocate service_catalogue from promsies.cf to services/main.cf. It is
intended to be a user entry. This name change correlates with the main
bundle being activated by default if there is no bundlesequence
specified.
- Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found.
(Redmine: #7167)
- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
- Set postgresql_monitoring_maintenance only for versions 3.6.0 and
3.6.1
- Move hub specific bundles from lib/VER/cfe_internal.cf into
lib/VER/cfe_internal_hub.cf and load them only if policy_server policy
if set.
- Re-organize lib/VER/stdlib.cf from lists into classic array for use
with getvalues
Removed:
- Diff reporting on /etc/shadow (Enterprise)
- Update policy from promise.cf inputs. There is no reason to include
the update policy into promsies.cf, update.cf is the entry for the
update policy
- _not_repaired outcome from classes_generic and scoped_classes generic
(Redmine: # 7022)
Fixes:
- standard_services now restarts the service if it was not already
running when using service_policy => restart with chkconfig (Redmine
#7258)
|
|
imeplementation detail for consumers. Bump revision.
|
|
|
|
|
