diff --git a/0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch b/0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch deleted file mode 100644 index 0a603e2..0000000 --- a/0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 00f764ed46713ea95a26836404b93aa6df899b59 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= -Date: Fri, 11 Apr 2014 09:25:05 +0200 -Subject: [PATCH 1/3] Simplify and fix parsing of /etc/SuSE-release (fixes - issue #5423) - -This patch is a simplification of sysinfo.c:Linux_Suse_Version() -to achieve the following - -- distinction between "SUSE Linux Enterprise Server" (sles) and "... Desktop" (sled) -- distinction between SUSE Linux Enterprise products (suse) and openSUSE (opensuse) -- extract version from VERSION and PATCHLEVEL lines instead of - first line of /etc/SuSE-release -- verified for sles version 9,10,11,12; sled versions 10,11,12, openSUSE 13.1 ---- - libenv/sysinfo.c | 187 +++++++++++++++-------------------------------- - 1 file changed, 60 insertions(+), 127 deletions(-) - -diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c -index 8a3d4f05174f..a6b1618c6a70 100644 ---- a/libenv/sysinfo.c -+++ b/libenv/sysinfo.c -@@ -1963,6 +1963,7 @@ static int Linux_Suse_Version(EvalContext *ctx) - #define SUSE_RELEASE_FLAG "linux " - - char classbuf[CF_MAXVARSIZE]; -+ char *vendor = "suse"; - - Log(LOG_LEVEL_VERBOSE, "This appears to be a SUSE system."); - EvalContextClassPutHard(ctx, "SUSE", "inventory,attribute_name=none,source=agent"); -@@ -1982,23 +1983,26 @@ static int Linux_Suse_Version(EvalContext *ctx) - return 1; - } - -- char vbuf[CF_BUFSIZE], strversion[CF_MAXVARSIZE], strpatch[CF_MAXVARSIZE]; -- strversion[0] = '\0'; -- strpatch[0] = '\0'; -+ char vbuf[CF_BUFSIZE]; - - int major = -1, minor = -1; - while (fgets(vbuf, sizeof(vbuf), fp) != NULL) - { - if (strncmp(vbuf, "VERSION", strlen("version")) == 0) - { -- strlcpy(strversion, vbuf, sizeof(strversion)); -- sscanf(vbuf, "VERSION = %d", &major); -+ int res; -+ res = sscanf(vbuf, "VERSION = %d.%d", &major, &minor); -+ Log(LOG_LEVEL_VERBOSE, "VERSION sscanf returned %d.", res); -+ if (res < 1) -+ major = -1; -+ else if (res < 2) -+ minor = -1; - } - - if (strncmp(vbuf, "PATCH", strlen("PATCH")) == 0) - { -- strlcpy(strpatch, vbuf, sizeof(strpatch)); -- sscanf(vbuf, "PATCHLEVEL = %d", &minor); -+ if (sscanf(vbuf, "PATCHLEVEL = %d", &minor) != 1) -+ minor = -1; - } - } - if (ferror(fp)) -@@ -2012,28 +2016,38 @@ static int Linux_Suse_Version(EvalContext *ctx) - - fclose(fp); - -- /* Check if it's a SUSE Enterprise version */ -+ /* Check which SUSE/openSUSE product it is */ - -- Log(LOG_LEVEL_VERBOSE, "Looking for SUSE enterprise info in '%s'", relstring); -+ Log(LOG_LEVEL_VERBOSE, "Looking for SUSE product info in '%s'", relstring); - -- /* Convert relstring to lowercase to handle rename of SuSE to -- * SUSE with SUSE 10.0. -- */ -- -- for (int i = 0; i < strlen(relstring); i++) -+ if (!strncasecmp(relstring, SUSE_SLES8_ID, strlen(SUSE_SLES8_ID))) - { -- relstring[i] = tolower(relstring[i]); -+ EvalContextClassPutHard(ctx, "SLES8", "inventory,attribute_name=none,source=agent"); - } -- -- /* Check if it's a SUSE Enterprise version (all in lowercase) */ -- -- if (!strncmp(relstring, SUSE_SLES8_ID, strlen(SUSE_SLES8_ID))) -+ else if (!strncasecmp(relstring, SUSE_SLES_ID, strlen(SUSE_SLES_ID))) - { -- classbuf[0] = '\0'; -- strcat(classbuf, "SLES8"); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ EvalContextClassPutHard(ctx, "sles", "inventory,attribute_name=none,source=agent"); -+ if (major != -1) -+ { -+ snprintf(classbuf, CF_MAXVARSIZE, "SLES%d", major); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ } -+ } -+ else if (!strncasecmp(relstring, SUSE_SLED_ID, strlen(SUSE_SLED_ID))) -+ { -+ EvalContextClassPutHard(ctx, "sled", "inventory,attribute_name=none,source=agent"); -+ if (major != -1) -+ { -+ snprintf(classbuf, CF_MAXVARSIZE, "SLED%d", major); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ } -+ } -+ else if (!strncasecmp(relstring, "opensuse", strlen("opensuse"))) -+ { -+ vendor = "opensuse"; -+ EvalContextClassPutHard(ctx, vendor, "inventory,attribute_name=none,source=agent"); - } -- else if (strncmp(relstring, "sles", 4) == 0) -+ else if (strncasecmp(relstring, "sles", 4) == 0) - { - Item *list, *ip; - -@@ -2051,120 +2065,39 @@ static int Linux_Suse_Version(EvalContext *ctx) - } - else - { -- for (int version = 9; version < 13; version++) -- { -- snprintf(vbuf, CF_BUFSIZE, "%s %d ", SUSE_SLES_ID, version); -- Log(LOG_LEVEL_DEBUG, "Checking for SUSE [%s]", vbuf); -- -- if (!strncmp(relstring, vbuf, strlen(vbuf))) -- { -- snprintf(classbuf, CF_MAXVARSIZE, "SLES%d", version); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- } -- else -- { -- snprintf(vbuf, CF_BUFSIZE, "%s %d ", SUSE_SLED_ID, version); -- Log(LOG_LEVEL_DEBUG, "Checking for SUSE [%s]", vbuf); -- -- if (!strncmp(relstring, vbuf, strlen(vbuf))) -- { -- snprintf(classbuf, CF_MAXVARSIZE, "SLED%d", version); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- } -- } -- } -+ Log(LOG_LEVEL_WARNING, "Unknown product '%s' in /etc/SuSE-release", relstring); - } - -- /* Determine release version. We assume that the version follows -- * the string "SuSE Linux" or "SUSE LINUX". -- */ -- -- char *release = strstr(relstring, SUSE_RELEASE_FLAG); -- if (release == NULL) -+ if (major != -1) - { -- release = strstr(relstring, "opensuse"); -- if (release == NULL) -+ strncpy(classbuf, vendor, CF_MAXVARSIZE); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", major); -+ SetFlavour(ctx, classbuf); -+ if (minor != -1) - { -- release = strversion; -+ snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", minor); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); - } -- } -- -- if (release == NULL) -- { -- Log(LOG_LEVEL_VERBOSE, -- "Could not find a numeric OS release in %s", -- SUSE_REL_FILENAME); -- return 2; -+ /* The correct spelling for SUSE is "SUSE" but CFEngine used to use "SuSE". -+ * Keep this for backwards compatibility until CFEngine 3.7 -+ */ -+ strncpy(classbuf, "SuSE", CF_MAXVARSIZE); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", major); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ if (minor != -1) -+ { -+ snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", minor); -+ EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -+ } -+ Log(LOG_LEVEL_VERBOSE, "Discovered %s version %d.%d", vendor, major, minor); - } - else - { -- char strmajor[PRINTSIZE(major)], strminor[PRINTSIZE(minor)]; -- if (strchr(release, '.')) -- { -- sscanf(release, "%*s %d.%d", &major, &minor); -- xsnprintf(strmajor, sizeof(strmajor), "%d", major); -- xsnprintf(strminor, sizeof(strminor), "%d", minor); -- -- if (major != -1 && minor != -1) -- { -- strcpy(classbuf, "SUSE"); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- strcat(classbuf, "_"); -- strcat(classbuf, strmajor); -- SetFlavor(ctx, classbuf); -- strcat(classbuf, "_"); -- strcat(classbuf, strminor); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- -- /* The correct spelling for SUSE is "SUSE" but CFEngine used to use "SuSE". -- * Keep this for backwards compatibility until CFEngine 3.7 -- */ -- strcpy(classbuf, "SuSE"); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- strcat(classbuf, "_"); -- strcat(classbuf, strmajor); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- strcat(classbuf, "_"); -- strcat(classbuf, strminor); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- -- Log(LOG_LEVEL_VERBOSE, "Discovered SUSE version %s", classbuf); -- return 0; -- } -- } -- else -- { -- sscanf(strversion, "VERSION = %s", strmajor); -- sscanf(strpatch, "PATCHLEVEL = %s", strminor); -- -- if (major != -1 && minor != -1) -- { -- strcpy(classbuf, "SLES"); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- strcat(classbuf, "_"); -- strcat(classbuf, strmajor); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- strcat(classbuf, "_"); -- strcat(classbuf, strminor); -- EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- -- snprintf(classbuf, CF_MAXVARSIZE, "SUSE_%d", major); -- SetFlavor(ctx, classbuf); -- -- /* The correct spelling for SUSE is "SUSE" but CFEngine used to use "SuSE". -- * Keep this for backwards compatibility until CFEngine 3.7 -- */ -- snprintf(classbuf, CF_MAXVARSIZE, "SuSE_%d", major); -- EvalContextClassPutHard(ctx, classbuf, "source=agent"); -- -- Log(LOG_LEVEL_VERBOSE, "Discovered SUSE version %s", classbuf); -- return 0; -- } -- } -+ Log(LOG_LEVEL_VERBOSE, "Could not find a numeric OS release in %s", SUSE_REL_FILENAME); - } - -- Log(LOG_LEVEL_VERBOSE, "Could not find a numeric OS release in %s", SUSE_REL_FILENAME); -- - return 0; - } - --- -2.24.0 - diff --git a/0002-Reduce-string-truncation-warnings.patch b/0002-Reduce-string-truncation-warnings.patch deleted file mode 100644 index 92f6841..0000000 --- a/0002-Reduce-string-truncation-warnings.patch +++ /dev/null @@ -1,619 +0,0 @@ -From 5c454a3ac32943ddd867cd0955bead955f38fd6d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= -Date: Tue, 3 Jul 2018 09:18:08 +0200 -Subject: [PATCH 2/3] Reduce string truncation warnings - ---- - cf-agent/verify_databases.c | 18 +++++++------- - cf-agent/verify_exec.c | 4 ++-- - cf-agent/verify_packages.c | 2 +- - cf-execd/cf-execd-runner.c | 4 ++-- - cf-monitord/env_monitor.c | 8 +++---- - cf-monitord/mon_network_sniffer.c | 6 ++--- - cf-runagent/cf-runagent.c | 6 ++--- - cf-serverd/server_common.c | 18 +++++++------- - libcfnet/client_protocol.c | 2 +- - libenv/sysinfo.c | 40 +++++++++++++++---------------- - libpromises/cf3globals.c | 2 +- - libpromises/cf3lex.l | 6 ++--- - libpromises/cf3parse.y | 2 +- - libpromises/eval_context.c | 4 ++-- - libpromises/evalfunction.c | 2 +- - libpromises/expand.c | 2 +- - libpromises/keyring.c | 4 ++-- - tests/unit/logging_test.c | 2 +- - tests/unit/set_domainname_test.c | 2 +- - 19 files changed, 66 insertions(+), 68 deletions(-) - -diff --git a/cf-agent/verify_databases.c b/cf-agent/verify_databases.c -index be8ed98bbc15..c55da6a890d5 100644 ---- a/cf-agent/verify_databases.c -+++ b/cf-agent/verify_databases.c -@@ -221,7 +221,7 @@ static PromiseResult VerifySQLPromise(EvalContext *ctx, const Attributes *a, con - } - else - { -- snprintf(query, CF_MAXVARSIZE - 1, "%s.%s", database, table); -+ snprintf(query, sizeof(query) - 1, "%s.%s", database, table); - - if (VerifyTablePromise(ctx, &cfdb, query, a->database.columns, a, pp, &result)) - { -@@ -301,7 +301,7 @@ static int VerifyDatabasePromise(CfdbConn *cfdb, char *database, const Attribute - if (((a->transaction.action) != cfa_warn) && (!DONTDO)) - { - Log(LOG_LEVEL_VERBOSE, "Attempting to delete the database '%s'", database); -- snprintf(query, CF_MAXVARSIZE - 1, "drop database %s", database); -+ snprintf(query, sizeof(query) - 1, "drop database %s", database); - CfVoidQueryDB(cfdb, query); - return cfdb->result; - } -@@ -317,7 +317,7 @@ static int VerifyDatabasePromise(CfdbConn *cfdb, char *database, const Attribute - if (((a->transaction.action) != cfa_warn) && (!DONTDO)) - { - Log(LOG_LEVEL_VERBOSE, "Attempting to create the database '%s'", database); -- snprintf(query, CF_MAXVARSIZE - 1, "create database %s", database); -+ snprintf(query, sizeof(query) - 1, "create database %s", database); - CfVoidQueryDB(cfdb, query); - return cfdb->result; - } -@@ -506,7 +506,7 @@ static bool VerifyTablePromise(EvalContext *ctx, CfdbConn *cfdb, char *table_pat - const Promise *pp, PromiseResult *result) - { - assert(a != NULL); -- char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_MAXVARSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE]; -+ char name[CF_MAXVARSIZE], type[CF_MAXVARSIZE], query[CF_BUFSIZE], table[CF_MAXVARSIZE], db[CF_MAXVARSIZE]; - int i, count, size, no_of_cols, *size_table, *done, identified; - bool retval = true; - char **name_table, **type_table; -@@ -678,12 +678,12 @@ static bool VerifyTablePromise(EvalContext *ctx, CfdbConn *cfdb, char *table_pat - { - if (size_table[i] > 0) - { -- snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i], -+ snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s(%d)", table, name_table[i], - type_table[i], size_table[i]); - } - else - { -- snprintf(query, CF_MAXVARSIZE - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i], -+ snprintf(query, sizeof(query) - 1, "ALTER TABLE %s ADD %s %s", table, name_table[i], - type_table[i]); - } - -@@ -750,7 +750,7 @@ static bool CreateTableColumns(CfdbConn *cfdb, char *table, Rlist *columns) - - if (no_of_cols > 0) - { -- snprintf(query, CF_BUFSIZE - 1, "create table %s(", table); -+ snprintf(query, sizeof(query) - 1, "create table %s(", table); - - for (i = 0; i < no_of_cols; i++) - { -@@ -789,7 +789,7 @@ static bool CreateTableColumns(CfdbConn *cfdb, char *table, Rlist *columns) - static Rlist *GetSQLTables(CfdbConn *cfdb) - { - Rlist *list = NULL; -- char query[CF_MAXVARSIZE]; -+ char query[CF_BUFSIZE]; - - ListTables(cfdb->type, query); - -@@ -878,7 +878,7 @@ static bool ValidateSQLTableName(char *table_path, char *db, char *table) - - static void QueryTableColumns(char *s, char *db, char *table) - { -- snprintf(s, CF_MAXVARSIZE - 1, -+ snprintf(s, CF_BUFSIZE - 1, - "SELECT column_name,data_type,character_maximum_length FROM information_schema->columns WHERE table_name ='%s' AND table_schema = '%s'", - table, db); - } -diff --git a/cf-agent/verify_exec.c b/cf-agent/verify_exec.c -index fae286563eb3..941645aee991 100644 ---- a/cf-agent/verify_exec.c -+++ b/cf-agent/verify_exec.c -@@ -207,7 +207,7 @@ static char *GetLockNameExec(const Attributes *a, const Promise *pp) - static ActionResult RepairExec(EvalContext *ctx, const Attributes *a, - const Promise *pp, PromiseResult *result) - { -- char eventname[CF_BUFSIZE]; -+ char eventname[CF_BUFSIZE * 2]; - char cmdline[CF_BUFSIZE]; - char comm[20]; - int outsourced, count = 0; -@@ -460,7 +460,7 @@ static ActionResult RepairExec(EvalContext *ctx, const Attributes *a, - umask(maskval); - #endif - -- snprintf(eventname, CF_BUFSIZE - 1, "Exec(%s)", cmdline); -+ snprintf(eventname, CF_BUFSIZE*2 - 1, "Exec(%s)", cmdline); - - #ifndef __MINGW32__ - if ((a->transaction.background) && outsourced) -diff --git a/cf-agent/verify_packages.c b/cf-agent/verify_packages.c -index c3ffded995f0..e291858a71e9 100644 ---- a/cf-agent/verify_packages.c -+++ b/cf-agent/verify_packages.c -@@ -3233,7 +3233,7 @@ static void DeletePackageManagers(PackageManager *np) - - const char *PrefixLocalRepository(const Rlist *repositories, const char *package) - { -- static char quotedPath[CF_MAXVARSIZE]; /* GLOBAL_R, no need to initialize */ -+ static char quotedPath[CF_BUFSIZE * 2]; /* GLOBAL_R, no need to initialize */ - struct stat sb; - char path[CF_BUFSIZE]; - -diff --git a/cf-execd/cf-execd-runner.c b/cf-execd/cf-execd-runner.c -index 1e743b4d09da..dfde122ba84c 100644 ---- a/cf-execd/cf-execd-runner.c -+++ b/cf-execd/cf-execd-runner.c -@@ -195,7 +195,7 @@ void LocalExec(const ExecConfig *config) - strlcpy(esc_command, MapName(cmd), CF_BUFSIZE); - - -- char filename[CF_BUFSIZE]; -+ char filename[CF_BUFSIZE * 3]; - { - char line[CF_BUFSIZE]; - snprintf(line, CF_BUFSIZE, "_%jd_%s", (intmax_t) starttime, CanonifyName(ctime(&starttime))); -@@ -205,7 +205,7 @@ void LocalExec(const ExecConfig *config) - strlcpy(canonified_fq_name, config->fq_name, CF_BUFSIZE); - CanonifyNameInPlace(canonified_fq_name); - -- snprintf(filename, CF_BUFSIZE, "%s/outputs/cf_%s_%s_%p", -+ snprintf(filename, sizeof(filename), "%s/outputs/cf_%s_%s_%p", - GetWorkDir(), canonified_fq_name, line, thread_name); - - MapName(filename); -diff --git a/cf-monitord/env_monitor.c b/cf-monitord/env_monitor.c -index 472e4c2c3d3e..866aa18dacec 100644 ---- a/cf-monitord/env_monitor.c -+++ b/cf-monitord/env_monitor.c -@@ -938,7 +938,7 @@ static double SetClasses(EvalContext *ctx, char *name, double variable, double a - { - Log(LOG_LEVEL_DEBUG, "No sigma variation .. can't measure class"); - -- snprintf(buffer, CF_MAXVARSIZE, "entropy_%s.*", name); -+ snprintf(buffer, sizeof(buffer), "entropy_%s.*", name); - MonEntropyPurgeUnused(buffer); - - return sig; -@@ -1046,13 +1046,13 @@ static void SetVariable(char *name, double value, double average, double stddev, - { - char var[CF_BUFSIZE]; - -- snprintf(var, CF_MAXVARSIZE, "value_%s=%.2lf", name, value); -+ snprintf(var, sizeof(var), "value_%s=%.2lf", name, value); - AppendItem(classlist, var, ""); - -- snprintf(var, CF_MAXVARSIZE, "av_%s=%.2lf", name, average); -+ snprintf(var, sizeof(var), "av_%s=%.2lf", name, average); - AppendItem(classlist, var, ""); - -- snprintf(var, CF_MAXVARSIZE, "dev_%s=%.2lf", name, stddev); -+ snprintf(var, sizeof(var), "dev_%s=%.2lf", name, stddev); - AppendItem(classlist, var, ""); - } - -diff --git a/cf-monitord/mon_network_sniffer.c b/cf-monitord/mon_network_sniffer.c -index 4ec8f3c79124..7466d94fcb70 100644 ---- a/cf-monitord/mon_network_sniffer.c -+++ b/cf-monitord/mon_network_sniffer.c -@@ -210,7 +210,7 @@ static void IncrementCounter(Item **list, char *name) - - static void AnalyzeArrival(Item *ip_addresses, long iteration, char *arrival, double *cf_this) - { -- char src[CF_BUFSIZE], dest[CF_BUFSIZE], flag = '.', *arr; -+ char src[CF_BUFSIZE], dest[CF_BUFSIZE * 2], flag = '.', *arr; - int isme_dest, isme_src; - - src[0] = dest[0] = '\0'; -@@ -399,11 +399,11 @@ static void AnalyzeArrival(Item *ip_addresses, long iteration, char *arrival, do - - if (strstr(arrival, ".138")) - { -- snprintf(dest, CF_BUFSIZE - 1, "%s NETBIOS", src); -+ snprintf(dest, sizeof(dest) - 1, "%s NETBIOS", src); - } - else if (strstr(arrival, ".2049")) - { -- snprintf(dest, CF_BUFSIZE - 1, "%s NFS", src); -+ snprintf(dest, sizeof(dest) - 1, "%s NFS", src); - } - else - { -diff --git a/cf-runagent/cf-runagent.c b/cf-runagent/cf-runagent.c -index 6c546acd55e2..5e9b74d5d3e9 100644 ---- a/cf-runagent/cf-runagent.c -+++ b/cf-runagent/cf-runagent.c -@@ -796,15 +796,15 @@ static void HailExec(AgentConnection *conn, char *peer) - static FILE *NewStream(char *name) - { - FILE *fp; -- char filename[CF_BUFSIZE]; -+ char filename[CF_BUFSIZE * 2]; - - if (OUTPUT_DIRECTORY[0] != '\0') - { -- snprintf(filename, CF_BUFSIZE, "%s/%s_runagent.out", OUTPUT_DIRECTORY, name); -+ snprintf(filename, sizeof(filename), "%s/%s_runagent.out", OUTPUT_DIRECTORY, name); - } - else - { -- snprintf(filename, CF_BUFSIZE, "%s%coutputs%c%s_runagent.out", -+ snprintf(filename, sizeof(filename), "%s%coutputs%c%s_runagent.out", - GetWorkDir(), FILE_SEPARATOR, FILE_SEPARATOR, name); - } - -diff --git a/cf-serverd/server_common.c b/cf-serverd/server_common.c -index 77ac6c4dfd43..31d71ab4a742 100644 ---- a/cf-serverd/server_common.c -+++ b/cf-serverd/server_common.c -@@ -372,8 +372,8 @@ static void AbortTransfer(ConnectionInfo *connection, char *filename) - { - Log(LOG_LEVEL_VERBOSE, "Aborting transfer of file due to source changes"); - -- char sendbuffer[CF_BUFSIZE]; -- snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s", -+ char sendbuffer[CF_BUFSIZE*2]; -+ snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s", - CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename); - - if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1) -@@ -387,9 +387,9 @@ static void FailedTransfer(ConnectionInfo *connection) - { - Log(LOG_LEVEL_VERBOSE, "Transfer failure"); - -- char sendbuffer[CF_BUFSIZE]; -+ char sendbuffer[CF_BUFSIZE*2]; - -- snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR); -+ snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR); - - if (SendTransaction(connection, sendbuffer, 0, CF_DONE) == -1) - { -@@ -421,7 +421,7 @@ void CfGetFile(ServerFileGetState *args) - { - Log(LOG_LEVEL_INFO, "REFUSE access to file: %s", filename); - RefuseAccess(args->conn, args->replyfile); -- snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR); -+ snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR); - if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC) - { - SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size); -@@ -439,7 +439,7 @@ void CfGetFile(ServerFileGetState *args) - { - Log(LOG_LEVEL_ERR, "Open error of file '%s'. (open: %s)", - filename, GetErrorStr()); -- snprintf(sendbuffer, CF_BUFSIZE, "%s", CF_FAILEDSTR); -+ snprintf(sendbuffer, sizeof(sendbuffer), "%s", CF_FAILEDSTR); - if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC) - { - SendSocketStream(ConnectionInfoSocket(conn_info), sendbuffer, args->buf_size); -@@ -460,7 +460,7 @@ void CfGetFile(ServerFileGetState *args) - - while (true) - { -- memset(sendbuffer, 0, CF_BUFSIZE); -+ memset(sendbuffer, 0, sizeof(sendbuffer)); - - Log(LOG_LEVEL_DEBUG, "Now reading from disk..."); - -@@ -492,7 +492,7 @@ void CfGetFile(ServerFileGetState *args) - - if (sb.st_size != savedlen) - { -- snprintf(sendbuffer, CF_BUFSIZE, "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename); -+ snprintf(sendbuffer, sizeof(sendbuffer), "%s%s: %s", CF_CHANGEDSTR1, CF_CHANGEDSTR2, filename); - - if (ConnectionInfoProtocolVersion(conn_info) == CF_PROTOCOL_CLASSIC) - { -@@ -608,7 +608,7 @@ void CfEncryptGetFile(ServerFileGetState *args) - - while (true) - { -- memset(sendbuffer, 0, CF_BUFSIZE); -+ memset(sendbuffer, 0, sizeof(sendbuffer)); - - if ((n_read = read(fd, sendbuffer, blocksize)) == -1) - { -diff --git a/libcfnet/client_protocol.c b/libcfnet/client_protocol.c -index 2f4668882f6a..54cfda95e4d3 100644 ---- a/libcfnet/client_protocol.c -+++ b/libcfnet/client_protocol.c -@@ -63,7 +63,7 @@ void SetSkipIdentify(bool enabled) - - bool IdentifyAgent(ConnectionInfo *conn_info) - { -- char uname[CF_BUFSIZE], sendbuff[CF_BUFSIZE]; -+ char uname[CF_MAXVARSIZE], sendbuff[CF_BUFSIZE]; - char dnsname[CF_MAXVARSIZE], localip[CF_MAX_IP_LEN]; - int ret; - -diff --git a/libenv/sysinfo.c b/libenv/sysinfo.c -index a6b1618c6a70..20c92996eed7 100644 ---- a/libenv/sysinfo.c -+++ b/libenv/sysinfo.c -@@ -444,7 +444,7 @@ static void GetNameInfo3(EvalContext *ctx) - }; - int have_component[COMPONENTS_SIZE]; - struct stat sb; -- char name[CF_MAXVARSIZE], quoteName[CF_MAXVARSIZE], shortname[CF_MAXVARSIZE]; -+ char name[CF_MAXVARSIZE], quoteName[CF_BUFSIZE], shortname[CF_MAXVARSIZE]; - - if (uname(&VSYSNAME) == -1) - { -@@ -2073,7 +2073,7 @@ static int Linux_Suse_Version(EvalContext *ctx) - strncpy(classbuf, vendor, CF_MAXVARSIZE); - EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); - snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", major); -- SetFlavour(ctx, classbuf); -+ SetFlavor(ctx, classbuf); - if (minor != -1) - { - snprintf(classbuf + strlen(classbuf), CF_MAXVARSIZE - strlen(classbuf), "_%d", minor); -@@ -2186,7 +2186,7 @@ static void LinuxDebianSanitizeIssue(char *buffer) - - static int Linux_Misc_Version(EvalContext *ctx) - { -- char flavor[CF_MAXVARSIZE]; -+ char flavor[CF_BUFSIZE]; - char version[CF_MAXVARSIZE]; - char os[CF_MAXVARSIZE]; - char buffer[CF_BUFSIZE]; -@@ -2227,7 +2227,7 @@ static int Linux_Misc_Version(EvalContext *ctx) - - if (*os && *version) - { -- snprintf(flavor, CF_MAXVARSIZE, "%s_%s", os, version); -+ snprintf(flavor, CF_BUFSIZE, "%s_%s", os, version); - SetFlavor(ctx, flavor); - return 1; - } -@@ -2242,7 +2242,7 @@ static int Linux_Debian_Version(EvalContext *ctx) - int major = -1; - int release = -1; - int result; -- char classname[CF_MAXVARSIZE], buffer[CF_MAXVARSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE]; -+ char classname[CF_BUFSIZE], buffer[CF_BUFSIZE], os[CF_MAXVARSIZE], version[CF_MAXVARSIZE]; - - Log(LOG_LEVEL_VERBOSE, "This appears to be a debian system."); - EvalContextClassPutHard( -@@ -2276,7 +2276,7 @@ static int Linux_Debian_Version(EvalContext *ctx) - - case 1: - Log(LOG_LEVEL_VERBOSE, "This appears to be a Debian %u system.", major); -- snprintf(classname, CF_MAXVARSIZE, "debian_%u", major); -+ snprintf(classname, CF_BUFSIZE, "debian_%u", major); - SetFlavor(ctx, classname); - break; - -@@ -2285,11 +2285,8 @@ static int Linux_Debian_Version(EvalContext *ctx) - sscanf(buffer, "%25[^/]", version); - if (strlen(version) > 0) - { -- snprintf(classname, CF_MAXVARSIZE, "debian_%s", version); -- EvalContextClassPutHard( -- ctx, -- classname, -- "inventory,attribute_name=none,source=agent,derived-from-file="DEBIAN_VERSION_FILENAME); -+ snprintf(classname, CF_BUFSIZE, "debian_%s", version); -+ EvalContextClassPutHard(ctx, classname, "inventory,attribute_name=none,source=agent"); - } - break; - } -@@ -2543,13 +2540,13 @@ static int EOS_Version(EvalContext *ctx) - { - if (strstr(buffer, "EOS")) - { -- char version[CF_MAXVARSIZE], class[CF_MAXVARSIZE]; -+ char version[CF_MAXVARSIZE], class[CF_BUFSIZE]; - EvalContextClassPutHard(ctx, "eos", "inventory,attribute_name=none,source=agent"); - EvalContextClassPutHard(ctx, "arista", "source=agent"); - version[0] = '\0'; - sscanf(buffer, "%*s %*s %*s %s", version); - CanonifyNameInPlace(version); -- snprintf(class, CF_MAXVARSIZE, "eos_%s", version); -+ snprintf(class, CF_BUFSIZE, "eos_%s", version); - EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent"); - } - } -@@ -2569,14 +2566,14 @@ static int MiscOS(EvalContext *ctx) - { - if (strstr(buffer, "BIG-IP")) - { -- char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_MAXVARSIZE]; -+ char version[CF_MAXVARSIZE], build[CF_MAXVARSIZE], class[CF_BUFSIZE]; - EvalContextClassPutHard(ctx, "big_ip", "inventory,attribute_name=none,source=agent"); - sscanf(buffer, "%*s %s %*s %s", version, build); - CanonifyNameInPlace(version); - CanonifyNameInPlace(build); -- snprintf(class, CF_MAXVARSIZE, "big_ip_%s", version); -+ snprintf(class, CF_BUFSIZE, "big_ip_%s", version); - EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent"); -- snprintf(class, CF_MAXVARSIZE, "big_ip_%s_%s", version, build); -+ snprintf(class, CF_BUFSIZE, "big_ip_%s_%s", version, build); - EvalContextClassPutHard(ctx, class, "inventory,attribute_name=none,source=agent"); - SetFlavor(ctx, "BIG-IP"); - } -@@ -2589,7 +2586,8 @@ static int MiscOS(EvalContext *ctx) - - static int VM_Version(EvalContext *ctx) - { -- char *sp, buffer[CF_BUFSIZE], classbuf[CF_BUFSIZE], version[CF_BUFSIZE]; -+#define CF_CLASSBUFSIZE 2*CF_BUFSIZE -+ char *sp, buffer[CF_BUFSIZE], classbuf[CF_CLASSBUFSIZE], version[CF_BUFSIZE]; - int major, minor, bug; - int sufficient = 0; - -@@ -2601,17 +2599,17 @@ static int VM_Version(EvalContext *ctx) - { - if (sscanf(buffer, "VMware ESX Server %d.%d.%d", &major, &minor, &bug) > 0) - { -- snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d", major); -+ snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d", major); - EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d", major, minor); -+ snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d", major, minor); - EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); -- snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug); -+ snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %d.%d.%d", major, minor, bug); - EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); - sufficient = 1; - } - else if (sscanf(buffer, "VMware ESX Server %s", version) > 0) - { -- snprintf(classbuf, CF_BUFSIZE, "VMware ESX Server %s", version); -+ snprintf(classbuf, CF_CLASSBUFSIZE, "VMware ESX Server %s", version); - EvalContextClassPutHard(ctx, classbuf, "inventory,attribute_name=none,source=agent"); - sufficient = 1; - } -diff --git a/libpromises/cf3globals.c b/libpromises/cf3globals.c -index 7915affc07fc..932dd62456f9 100644 ---- a/libpromises/cf3globals.c -+++ b/libpromises/cf3globals.c -@@ -55,7 +55,7 @@ long LASTSEENEXPIREAFTER = SECONDS_PER_WEEK; /* GLOBAL_P */ - bool DONTDO = false; /* GLOBAL_A */ - - /* NB! Check use before changing sizes */ --char VFQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */ -+char VFQNAME[CF_BUFSIZE] = ""; /* GLOBAL_E GLOBAL_P */ - char VUQNAME[CF_MAXVARSIZE] = ""; /* GLOBAL_E */ - char VDOMAIN[CF_MAXVARSIZE] = ""; /* GLOBAL_E GLOBAL_P */ - -diff --git a/libpromises/cf3lex.l b/libpromises/cf3lex.l -index c28c4302a74a..766fe3fd7896 100644 ---- a/libpromises/cf3lex.l -+++ b/libpromises/cf3lex.l -@@ -334,7 +334,7 @@ promise_type [a-zA-Z_]+: - { - yyerror("identifier too long"); - } -- strncpy(P.currentid, yytext, CF_MAXVARSIZE); -+ strncpy(P.currentid, yytext, CF_MAXVARSIZE-1); - return IDSYNTAX; - } - -@@ -347,7 +347,7 @@ promise_type [a-zA-Z_]+: - { - yyerror("qualified identifier too long"); - } -- strncpy(P.currentid, yytext, CF_MAXVARSIZE); -+ strncpy(P.currentid, yytext, CF_MAXVARSIZE-1); - return IDSYNTAX; - } - -@@ -441,7 +441,7 @@ promise_type [a-zA-Z_]+: - - tmp = xstrdup(yytext); - tmp[yyleng - 1] = '\0'; -- strncpy(P.currenttype, tmp, CF_MAXVARSIZE); -+ strncpy(P.currenttype, tmp, CF_MAXVARSIZE-1); - - if (P.currentclasses != NULL) - { -diff --git a/libpromises/cf3parse.y b/libpromises/cf3parse.y -index 9fea664a9874..5e5268d9f372 100644 ---- a/libpromises/cf3parse.y -+++ b/libpromises/cf3parse.y -@@ -1142,7 +1142,7 @@ functionid: IDSYNTAX - | NAKEDVAR - { - ParserDebug("\tP:%s:%s:%s:%s function nakedvar = %s\n", P.block, P.blocktype, P.blockid, P.currentclasses ? P.currentclasses : "any", P.currentstring); -- strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE); // Make a var look like an ID -+ strncpy(P.currentid,P.currentstring,CF_MAXVARSIZE-1); // Make a var look like an ID - free(P.currentstring); - P.currentstring = NULL; - } -diff --git a/libpromises/eval_context.c b/libpromises/eval_context.c -index 7c7ffd069e3e..497ea48874c3 100644 ---- a/libpromises/eval_context.c -+++ b/libpromises/eval_context.c -@@ -1571,7 +1571,7 @@ Class *EvalContextClassMatch(const EvalContext *ctx, const char *regex) - static bool EvalContextClassPut(EvalContext *ctx, const char *ns, const char *name, bool is_soft, ContextScope scope, const char *tags) - { - { -- char context_copy[CF_MAXVARSIZE]; -+ char context_copy[CF_BUFSIZE]; - char canonified_context[CF_MAXVARSIZE]; - - -@@ -1594,7 +1594,7 @@ static bool EvalContextClassPut(EvalContext *ctx, const char *ns, const char *na - - if (ns && strcmp(ns, "default") != 0) - { -- snprintf(context_copy, CF_MAXVARSIZE, "%s:%s", ns, canonified_context); -+ snprintf(context_copy, CF_BUFSIZE, "%s:%s", ns, canonified_context); - } - else - { -diff --git a/libpromises/evalfunction.c b/libpromises/evalfunction.c -index 505a2e6d140b..6fb0f261fafc 100644 ---- a/libpromises/evalfunction.c -+++ b/libpromises/evalfunction.c -@@ -496,7 +496,7 @@ static Rlist *GetHostsFromLastseenDB(Item *addresses, time_t horizon, bool retur - Item *ip; - time_t now = time(NULL); - double entrytime; -- char address[CF_MAXVARSIZE]; -+ char address[CF_BUFSIZE]; - - for (ip = addresses; ip != NULL; ip = ip->next) - { -diff --git a/libpromises/expand.c b/libpromises/expand.c -index 37da303b189e..0494a3c1be29 100644 ---- a/libpromises/expand.c -+++ b/libpromises/expand.c -@@ -870,7 +870,7 @@ static void ResolveControlBody(EvalContext *ctx, GenericAgentConfig *config, - - EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "domain"); - EvalContextVariableRemoveSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost"); -- snprintf(VFQNAME, CF_MAXVARSIZE, "%s.%s", VUQNAME, VDOMAIN); -+ snprintf(VFQNAME, CF_BUFSIZE, "%s.%s", VUQNAME, VDOMAIN); - EvalContextVariablePutSpecial(ctx, SPECIAL_SCOPE_SYS, "fqhost", - VFQNAME, CF_DATA_TYPE_STRING, - "inventory,source=agent,attribute_name=Host name"); -diff --git a/libpromises/keyring.c b/libpromises/keyring.c -index a8e4f2c8c640..55e52c28a358 100644 ---- a/libpromises/keyring.c -+++ b/libpromises/keyring.c -@@ -83,9 +83,9 @@ int RemovePublicKey(const char *id) - - if (c && c[strlen(suffix)] == '\0') /* dirp->d_name ends with suffix */ - { -- char keyfilename[CF_BUFSIZE]; -+ char keyfilename[CF_BUFSIZE * 2]; - -- snprintf(keyfilename, CF_BUFSIZE, "%s/%s", keysdir, dirp->d_name); -+ snprintf(keyfilename, CF_BUFSIZE * 2, "%s/%s", keysdir, dirp->d_name); - MapName(keyfilename); - - if (unlink(keyfilename) < 0) -diff --git a/tests/unit/logging_test.c b/tests/unit/logging_test.c -index e625e2b8c945..dc6ee2451a88 100644 ---- a/tests/unit/logging_test.c -+++ b/tests/unit/logging_test.c -@@ -6,7 +6,7 @@ - #include - #include - --char VFQNAME[CF_MAXVARSIZE]; -+char VFQNAME[CF_BUFSIZE]; - char VPREFIX[CF_MAXVARSIZE]; - - static struct sockaddr *got_address; -diff --git a/tests/unit/set_domainname_test.c b/tests/unit/set_domainname_test.c -index 55cd05c17463..87a9dace0d68 100644 ---- a/tests/unit/set_domainname_test.c -+++ b/tests/unit/set_domainname_test.c -@@ -9,7 +9,7 @@ - - /* Global variables we care about */ - --char VFQNAME[CF_MAXVARSIZE]; -+char VFQNAME[CF_BUFSIZE]; - char VUQNAME[CF_MAXVARSIZE]; - char VDOMAIN[CF_MAXVARSIZE]; - --- -2.24.0 - diff --git a/0003-make-home-dir-for-tests.patch b/0003-make-home-dir-for-tests.patch deleted file mode 100644 index 115ebdd..0000000 --- a/0003-make-home-dir-for-tests.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 114297240e5a86235a13f654bd2905c27c777b4f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= -Date: Tue, 3 Jul 2018 09:38:39 +0200 -Subject: [PATCH 3/3] make home dir for tests - -Author: Adam Majer -Upstream: https://tracker.mender.io/browse/CFE-2549 -BNC#1016848 -Summary: this tests requires home directory, otherwise spams logfile ---- - tests/load/run_lastseen_threaded_load.sh | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tests/load/run_lastseen_threaded_load.sh b/tests/load/run_lastseen_threaded_load.sh -index aebcf21a913e..215379e9f416 100755 ---- a/tests/load/run_lastseen_threaded_load.sh -+++ b/tests/load/run_lastseen_threaded_load.sh -@@ -7,5 +7,6 @@ then - fi - - echo "Starting run_lastseen_threaded_load.sh test" -+text -x ~/.cfagent/state || mkdir -p ~/.cfagent/state - - ./lastseen_threaded_load -c 1 4 1 1 --- -2.24.0 - diff --git a/cfengine-3.14.0.2.tar.gz b/cfengine-3.14.0.2.tar.gz deleted file mode 100644 index 9223883..0000000 --- a/cfengine-3.14.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7e11ec3d188240d71725a24504c5b7680004481fe596d7d895c8bee364e75b6d -size 2231997 diff --git a/cfengine-3.16.0.tar.gz b/cfengine-3.16.0.tar.gz new file mode 100644 index 0000000..79c5412 --- /dev/null +++ b/cfengine-3.16.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f4256e6e1ca04776a9fd48f1388a30edfa8d11fdcf870ba62ce5b0ad62a87372 +size 3137694 diff --git a/cfengine.changes b/cfengine.changes index bef4600..3dc0f7f 100644 --- a/cfengine.changes +++ b/cfengine.changes @@ -1,8 +1,234 @@ +------------------------------------------------------------------- +Tue Sep 22 07:52:50 UTC 2020 - Klaus Kämpf + +- update to 3.16.0 + - Added 'cf-secret' binary for host-specific encryption (CFE-2613) + - 'cf-check diagnose --test-write' can now be used to test writing + into LMDB files (ENT-4484) + - 'if' constraint now works in combination with class contexts + (CFE-2615) + - Added $(sys.cf_version_release) variable (ENT-5348) + - Added new macros to parser: else, maximum_version, between_versions, + before_version, at_version and after_version. Version macros now + accept single digits (CFE-3198) + - Added cf-postgres requirement to cf-apache and cf-hub systemd units + (ENT-5125) + - Added files promise content attribute (CFE-3276) + - Added string_trim() policy function (CFE-3074) + - Added warning if CSV parser parses nothing from non-empty file + (CFE-3256) + - All changes made by 'files' promises are now reported. Also, + directory and file creations are now properly reported as 'info' + messages. And failures in edit_xml result in promises marked as + failed not interrupted. Purged dirs and files are reported as + repaired (ENT-5291, CFE-3260) + - Bootstrap to loopback interface is now allowed, with a warning + (CFE-3304) + - Client initiated reporting was fixed on RHEL 8.1 (ENT-5415) + - Fixed rare crashing bug when parsing zombie entries in ps output. + The problem was only ever observed on AIX, but could theoretically happen + on any platform depending on exact libc behavior. (ENT-5329) + - Fixed an issue causing duplicate entries in sys.interfaces, and + sys.hardware. (CFE-3046) + - Fixed ifelse() to return fallback in case of unresolved variables + (ENT-4653) + - Fixed locking of promises using log_repaired / log_string with + timestamps (CFE-3376) + - Fixed memory leak in handling of inline JSON in policy evaluation + - Fixed memory leak in readlist functions (CFE-3263) + - Fixed race condition when multiple agents are acquiring critical + section locks simultaneously (CFE-3361) + - Fixed selection of standard_services when used from non-default + namespace (ENT-5406) + - Fixed service status cfengine3 on systemd managed hosts + (ENT-5528) + - Fixed some memory leaks and crashes in policy evaluation (CFE-3263) + - Improved error message for invalid body attribute names (CFE-3273) + - Improved management of secondary groups to avoid intermediary state + failures (ENT-3710) + - LMDB files are now created with correct permissions (ENT-5986) + - Log messages about broken Mustache templates are now errors + (CFE-3263) + - Made classfiltercsv() fail properly on invalid class expression index + - Measurements promises with no match no longer produce errors + (ENT-5171) + - Moved error reading file in countlinesmatching() from verbose to + error (CFE-3234) + - Added new data validation policy functions validdata() and validjson() + (CFE-2898) + - New version checking convenience policy functions (CFE-3197) + Added the following policy functions to check against local CFEngine version: + - cf_version_maximum() + - cf_version_minimum() + - cf_version_after() + - cf_version_before() + - cf_version_at() + - cf_version_between() + - Removed (USE AT YOUR OWN RISK) from cf-key help menu for -x (ENT-5090) + - Rewrote helloworld.cf to use files promises content attribute (CFE-3276) + - The outcome classes are now defined for the top-level directory when + 'include_basedir' is 'false' (ENT-5291) + - Variable references with nested parentheses no longer cause errors + (CFE-3242) + - cf-check: Added a more user friendly message when trying to print + unknown binary data (ENT-5234) + - cf-check: Added data validation for cf_lastseen.lmdb (CFE-2988) + - cf-check: Added nice printing for nova_agent_executions.lmdb + (ENT-5234) + - cf-check: Added validation for timestamps in cf_lock.lmdb (CFE-2988) + - cf-check: Added validation for timestamps in lastseen.lmdb (CFE-2988) + - cf-check: Fixed issue causing repair to target the wrong database file + (ENT-5309) + - cf-check: Symlinked LMDB databases are now preserved in repair + Performs diagnosis and repair on symlink target instead of symlink. + Repaired files / copies are placed alongside symlink target. + In some cases, the symlink target is deleted to repair a corrupt + database, and the symlink is left as a broken symlink. This is + handled gracefully by the agent, it will be recreated. + Broken symlinks are now detected as an acceptable condition in diagnose, + it won't try to repair them or delete them. (ENT-5162) + - storage promises managing nfs mounts should now correctly mount + after editing fstab entries + +- drop 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch, + 0002-Reduce-string-truncation-warnings.patch, + 0003-make-home-dir-for-tests.patch - all upstream + ------------------------------------------------------------------- Tue Jul 28 14:28:49 UTC 2020 - Thorsten Kukuk - Fix version format for suse_version (SuSEfirewall2 check) +------------------------------------------------------------------- +Fri Jun 12 14:34:51 UTC 2020 - Klaus Kämpf + +- update to 3.15.0 + - New policy function basename() added (CFE-3196) + - Added read_module_protocol() policy function + This function reads module protocol from a file, and can be used + for caching the results of commands modules. (CFE-2973) + - The @ character is now allowed in the key of classic arrays defined + by the module protocol (CFE-3099) + - nth() policy function now supports negative indices (CFE-3194) + - Fixed .xy floating point numbers parsing in eval() (CFE-2762) + - Added inform constraint to commands promises, to allow suppression of + INFO log messages (CFE-2973) + - Changed unless constraint to be more consistent with if + For any situation where if would NOT skip a promise, unless + will cause the promise to be skipped. When there are + unresolved variables / function calls, if will skip, unless + will NOT skip. (CFE-3160) + - Default minimum allowed TLS version is now 1.1 (ENT-4616) + - Network protocol version 2 is now called "tls" + "tls" or "2" can be used in places where you specify network + protocol. Log messages were altered, to show "tls" instead of + "latest". (ENT-4406) + - Introduced protocol version 3 - "cookie" + This protocol is identical to version 2 ("tls"), + except it allows the enterprise reporting hub to send + the COOKIE command to enterprise hosts. This command is used for + detecting hosts using duplicate identities. Protocol version "latest" + now points to version 3. For community installations, it should not + make a difference, policy servers will not send this command. The only + visible difference is the new version number (in logs and policy). + (ENT-4406) + - Package modules now hit network when package cache is first initialized + (CFE-3094) + - Fixed promise skipping bug in unless (CFE-2689) + - Fixed error message for unexpanded variables in function calls in unless + (CFE-2689) + - Prevented buffer overflow when policy variable names are longer than + 1024 bytes + - Zero bytes in class guards no longer cause crashes (CFE-3028) + - Fixed bug in ps parsing on OpenBSD / NetBSD causing bootstrap to fail + - Fixed crash in policy/JSON parsing of numbers with too many decimal + points (CFE-3138) + - copy_from without preserve now respects destination mode (ENT-4016) + - Removed stime_range and ttime_range constraints from promise hash + (ENT-4921) + - Fixed promise result when using process_stop in processes type promises + (ENT-4988) + - cf-execd now sends SIGKILL to the agent process in case of + agent_expireafter, after attempting SIGINT and SIGTERM (CFE-2664) + - cf-serverd now tries to accept connection multiple times (CFE-3066) + - Fixed multiple measurements tracking growth of same file (ENT-4814) + - Set create permissions of monitord files in state directory to 0600 + 0600 matches the permissions enforced by policy. + Affected files: + * state/cf_incoming.* + * state/cf_outgoing.* + * state/cf_users + * state/env_data + (ENT-4863) + - Clarified descriptions of io_writtendata and io_readdata (ENT-5127) + - Clarified log message about process_count and restart_class being used + concurrently (CFE-208) + - Agent runs that hit abortclasses now record results (ENT-2471) + - An ID of rhel in os-release file will now define both rhel and redhat + classes (CFE-3140) + - Version specific distro classes are now collected by default in + Enterprise (ENT-4752) + - redhat_8 and redhat_8_0 are now defined on RHEL 8 (CFE-3140) + - Added derived-from-file tag to hard classes based on /etc/redhat-release + (CFE-3140) + - Added sys.bootstrap_id policy variable containing the ID from + /var/cfengine/bootstrap_id.dat, if present (CFE-2977) + - sys.interfaces now contains interfaces even when they only have + IPv6 addresses (ENT-4858) + - IPv6-only interfaces added to sys.hardware_(addresses,mac) (CFE-3164) + - IPv6 addresses are now added to policy variable sys.ip_addresses + (CFE-682) + - IPv6 addresses now respect ignored_interfaces.rx (CFE-3156) + - hostname now allowed in bindtoaddress (CFE-3190) + - Fixed issue when removing comments from files in various policy functions + This also fixes many erroneous occurences of the error message + mentioning: + + [...] because it legally matches nothing + + (A warning can still appear if a comment regex actually matches nothing). + Also made this comment removing logic faster. + Affected functions include: + * readstringlist() + * readintlist() + * readreallist() + * peers() + * peerleader() + * peerleaders() + * data_readstringarray() + * data_readstringarrayidx() + * data_expand() + * readstringarray() + * readstringarrayidx() + * readintarray() + * readrealarray() + * parsestringarray() + * parsestringarrayidx() + * parseintarray() + * parserealarray() + (CFE-3188, ENT-5019) + - Fixed memory leak in JSON / env file parsing (CFE-3210) + - Fixed memory leak in handling of nfs / fstab (CFE-3210) + - Fixed memory leak in string_replace() and regex_replace() (CFE-3210) + - Fixed memory leak when using with constraint (CFE-3210) + - Fixed minor memory leak in policy evaluation (CFE-3210) + - Fixed small memory leak in SQL database promises (CFE-3210) + - Received SIGBUS now triggers a repair of local DBs (CFE-3127) + - Corrupted LMDB files are now automatically repaired (CFE-3127) + - Keys in the lock database, cf_lock.lmdb, are now human-readable + (CFE-2596) + - Local databases now use synchronous access on AIX and Solaris (ENT-4002) + - Report corrupted local database with a critical log message (CFE-2469) + - Local DB errors are now logged with the particular DB file path (CFE-2469) + - cf-check: repair now preserves readable data in corrupted LMDB files + (CFE-3127) + - cf-check: --dump option was added to the backup command + - cf-check: Added --no-fork to diagnose command (CFE-3145) + - cf-check: Added -M manpage option and other common options (CFE-3082) + - cf-check: No DB files in state dir now causes errors + - cf-check: dump command now dumps DB contents to JSON5 (CFE-3126) + - cf-check: help command can now take a topic as argument + ------------------------------------------------------------------- Fri Feb 7 17:51:06 UTC 2020 - Stefan Brüns diff --git a/cfengine.firewalld b/cfengine.firewalld new file mode 100644 index 0000000..bef314c --- /dev/null +++ b/cfengine.firewalld @@ -0,0 +1,6 @@ + + + CFengine + CFEngine automates large-scale IT computing infrastructure + + diff --git a/cfengine.spec b/cfengine.spec index eab6092..b981334 100644 --- a/cfengine.spec +++ b/cfengine.spec @@ -27,8 +27,10 @@ #define workdir %%{basedir}/work %if 0%{?suse_version} < 1500 +# assume SuSEfirewall2 %define with_sfw2 1 %else +# assume firewalld %define with_sfw2 0 %endif # pass --with-bla to enable the build @@ -37,7 +39,7 @@ %bcond_with libvirt Name: cfengine -Version: 3.14.0.2 +Version: 3.16.0 Release: 0 Summary: Configuration management framework License: GPL-3.0-only @@ -53,6 +55,7 @@ Source6: cf-execd Source7: cf-serverd Source10: %{name}.cron Source11: %{name}-rpmlintrc +Source12: %{name}.firewalld # docs Source101: http://www.cfengine.org/manuals/cf3-Reference.pdf Source102: http://www.cfengine.org/manuals/cf3-conceptguide.pdf @@ -62,19 +65,6 @@ Source105: http://www.cfengine.org/manuals/cf3-solutions.pdf Source106: http://www.cfengine.org/manuals/cf3-tutorial.pdf Source107: http://www.verticalsysadmin.com/cfengine/primer.pdf -# PATCH-FIX-SUSE -# set cfengine's notion of bindir to /usr/bin instead of /var/cfengine/bin -# kkaempf@suse.de -#Patch1: 0001-Set-sys.bindir-to-usr-sbin-expect-cf-components-ther.patch -# PATCH-FIX-UPSTREAM add 'suse' class for consistency with other vendor classes -# PATCH-FEATURE-UPSTREAM better /etc/SuSE-release parsing, upstream #5423 -# kkaempf@suse.de -Patch2: 0001-Simplify-and-fix-parsing-of-etc-SuSE-release-fixes-i.patch -# PATCH-FIX-SUSE reduce "string truncated" (in strncpy) warnings -Patch3: 0002-Reduce-string-truncation-warnings.patch -# PATCH-FIX-SUSE BNC#1016848, adam.majer -Patch10: 0003-make-home-dir-for-tests.patch - BuildRequires: bison BuildRequires: db-devel BuildRequires: flex @@ -90,6 +80,9 @@ BuildRequires: util-linux # for llzma BuildRequires: xz-devel Requires: %{libsoname} = %{version} +%if !%{with_sfw2} +BuildRequires: firewall-macros +%endif %if %{with mysql} BuildRequires: mysql-devel %endif @@ -152,10 +145,7 @@ BuildArch: noarch Lots of example promises for CFEngine. %prep -%setup -q -n core-3.14.0-2 -%patch2 -p1 -%patch3 -p1 -%patch10 -p1 +%setup -q ##### rpmlint #### wrong-file-end-of-line-encoding @@ -251,30 +241,39 @@ done # Firewall %if %{with_sfw2} install -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine +%else +mkdir -p %{buildroot}/%{_prefix}/lib/firewalld/services +install -D -m 644 %{SOURCE12} %{buildroot}/%{_prefix}/lib/firewalld/services/%{name}.xml %endif # Ckeabyo dyoes %fdupes %{buildroot}%{_datadir}/cfengine %pre -%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service +%service_add_pre cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service %post -%service_add_post cf-execd.service cf-monitord.service cf-serverd.service +%service_add_post cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service if [ $1 -lt 2 ]; then # first install, generate key pair cf-key fi +%if !%{with_sfw2} +%firewalld_reload +%endif %preun -%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service +%service_del_preun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service %postun -%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service +%service_del_postun cf-execd.service cf-monitord.service cf-serverd.service cf-apache.service cf-hub.service cf-postgres.service cf-runalerts.service cfengine3.service if [ $1 -eq 0 ]; then # clean up inputs cache dir on removal rm -rf %{basedir}/inputs/* fi +%if !%{with_sfw2} +%firewalld_reload +%endif %post -n %{libsoname} -p /sbin/ldconfig @@ -291,6 +290,7 @@ fi %{_bindir}/cf-net %{_bindir}/cf-monitord %{_bindir}/cf-promises +%{_bindir}/cf-secret %{_bindir}/cf-serverd %{_bindir}/cf-upgrade %{_bindir}/cf-runagent @@ -301,8 +301,15 @@ fi %{_sbindir}/rccf-execd %{_sbindir}/rccf-monitord %{_sbindir}/rccf-serverd +%{_unitdir}/*.service %if %{with_sfw2} +%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d +%config %dir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/cfengine +%else +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/%{name}.xml %endif %{_mandir}/man8/* %dir %{basedir}