- performance has been significantly improved, with a 10-20% speed
increase over 3.5 when using the default masterfiles
- agents support the legacy protocol without TLS envelope
This allows upgrading of an agent before the policy server.
- several general improvements and bug fixes too numerous to list
here.
- remove cfengine-bootstrap.patch, included upstream
- split masterfiles off as cfengine-masterfiles package
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=76
- New promise type "users" for managing local user accounts.
- TLS authentication and fully encrypted network protocol
- New attributes in 'bundle server access_rules'
- New variable type 'data' for handling of structured data
- Tagging of classes and variables with meta data
- Many new built-in variables
- Many new functions
- Replace tokyocabinet with lmdb database
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=66
- Fix packaging
- rename cfengine-devel to libpromises-devel
- rename libpromises1 to libpromises3
- Update to 3.5.3
- Improved security checks of symlink ownership.
A symlink created by a user pointing to resources owned by a
different user will no longer be followed.
- Changed the way package versions are compared in package promises.
(Redmine #3314)
In previous versions the comparison was inconsistent. This has
been fixed, but may also lead to behavior changes in certain
cases. In CFEngine 3.5.3, the comparison works as follows:
<package-being-considered> <package_select> <package_version>
For instance: apache-2.2.31 ">=" "2.2.0" will result in the
package being installed.
Bug fixes:
- fix cf-monitord crash due to incorrect array initialization (Redmine
#3180)
- fix cf-serverd stat()'ing the file tree every second (Redmine #3479)
- correctly populate sys.hardware_addresses variable (Redmine #2936)
- add support for Debian's GNU/kfreebsd to build system (Redmine #3500)
- fix possible stack corruption in guest_environments promises (Redmine
#3552)
- work-around hostname trunctation in HP-UX's uname (Redmine #3517)
- fix body copy purging of empty directories (Redmine #3429)
- make discovery and loading of avahi libraries more robust
- compile and packaging fixes for HP-UX, AIX and Solaris
- fix fatal error in lsdir() when directory doesn't exist (Redmine
#3273)
OBS-URL: https://build.opensuse.org/request/show/210568
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cfengine?expand=0&rev=41
- Update to 3.5.2
Bug-fixes in the CFEngine Core:
- fix delayed abortclasses checking (Redmine #2316, #3114, #3003)
- fix maplist arguments bug (Redmine #3256)
- fix segfaults in cf-pomises (Redmine #3173, 3194)
- fix build on Solaris 10/SmartOS (Redmine #3097)
- sanitize characters from /etc/issue in sys.flavor for Debian
(Redmine #2988)
- Fix segfault when dealing with files or data > 4K
(Redmine #2912, 2698)
- Don't truncate keys to 126 characters in getindices
(Redmine #2626)
- files created via log_* actions now have mode 600
(Redmine #1578)
- fix wrong log message when a promise is ignored due to
'ifvarclass' not matching
- fix lifetime of persistent classes (Redmine #3259)
- fix segfault when process_select body had no process_result
attribute
- Default to AND'ed expression of all specified attributes
(Redmine #3224)
- include system message in output when acl promises fail
- fix invocation of standard_services bundle and corresponding
promise compliance (Redmine #2869)
- run fdupes after install
OBS-URL: https://build.opensuse.org/request/show/196885
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cfengine?expand=0&rev=39
Bug-fixes in the CFEngine Core:
- fix delayed abortclasses checking (Redmine #2316, #3114, #3003)
- fix maplist arguments bug (Redmine #3256)
- fix segfaults in cf-pomises (Redmine #3173, 3194)
- fix build on Solaris 10/SmartOS (Redmine #3097)
- sanitize characters from /etc/issue in sys.flavor for Debian
(Redmine #2988)
- Fix segfault when dealing with files or data > 4K
(Redmine #2912, 2698)
- Don't truncate keys to 126 characters in getindices
(Redmine #2626)
- files created via log_* actions now have mode 600
(Redmine #1578)
- fix wrong log message when a promise is ignored due to
'ifvarclass' not matching
- fix lifetime of persistent classes (Redmine #3259)
- fix segfault when process_select body had no process_result
attribute
- Default to AND'ed expression of all specified attributes
(Redmine #3224)
- include system message in output when acl promises fail
- fix invocation of standard_services bundle and corresponding
promise compliance (Redmine #2869)
- run fdupes after install
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=60
Core Changes:
- the CFEngine Standard Library in masterfiles/libraries is now
split into promise-type specific policy files, and lives in a
version-specific directory. This should have no impact on current
code, but allows more granular include of needed stdlib
elements (Redmine #3044)
- file changes are logged with log level Notice, not Error
Bug fixes:
- fix recursive copying of files (Redmine #2965)
- respect classes in templates (Redmine ##2928)
- fix timestamps on Windows (Redmine #2933)
- fix non-root cf-agent flooding syslog (Redmine #2980)
- fix email flood from cf-execd due to timestamps in agent output
(Redmine #3011)
- Preserve security context when editing or copying local files
(Redmine #2728)
- fix path for sys.crontab on redhat systems (Redmine #2553)
- prevent incorrect "insert_lines promise uses the same
select_line_matching anchor" warning (Redmine #2778)
- Fix regression of setting VIPADDRESS to 127.0.0.1 (Redmine #3010)
- Fix "changes" promise not receiving status when file is missing
(Redmine #2820)
- Fix symlinks being destroyed when editing them (Redmine #2363)
- Fix missing "promise kept" status for the last line in a file
(Redmine #2943)
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=55
- new built-in functions: classesmatching, strftime, filestat,
ifelse, maparray
- action_policy => "warn" causes not_kept classes to be set on
promise needing repair.
- command line option version (-V) now prints a shorter
parsable version without graphic
- implicit execution of server and common bundles taking
arguments is skipped in cf-serverd.
- ifvarclass checked from classes promises in common bundles
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=41
New features:
- cf-promises flag --parse-tree is replaced by --policy-output-format=,
requiring the user to specify the output format (none, cf, json)
- cf-promises allows partial check of policy (without body common
control) without integrity check;
--full-check enforces integrity check
- agent binaries support JSON input format (.json file as generated
by cf-promises)
- cf-key: new options --trust-key/-t and --print-digest/-p
- Class "failsafe_fallback" is defined in failsafe.cf when main
policy contains errors and failsafe is run because of this
- add scope attribute for body classes (Redmine #2013)
Changes:
- WARNING: option --policy-server removed, require option to
--bootstrap instead
- process promises don't log if processes are out of range unless
you run in verbose mode
- reports promises are now allowed in any context (Redmine #2005)
- cf-report has been removed
- cf-execd: --once implies --no-fork
Bugfixes:
- do not wait for splaytime when executing only once
- disable xml editing functionality when libxml2 doesn't provide
necessary APIs (Redmine #1937)
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=39
New Features:
- Enable zeroconf-discovery of policy hubs for automatic bootstrapping
if Avahi is present
- Support for sys.cpus on more platforms than Linux & HPUX
Changes:
- Make parser output in GCC compatible format the only supported format
(remove --gcc-brief-format flag)
- Silence license warnings in Enterprise Free25 installations
Bugfixes:
- Allocate memory dynamically to avoid out-of-buffer or out-of-hash
situations
- fix edit_xml update of existing attributes (Redmine #2034)
- use failsafe policy from compile-time specified workdir (Redmine #1991)
- Update to 3.4.2 (Bugfix and Stability release)
Bugfixes:
- Fixes to policies in masterfiles (see masterfiles/Changelog for details)
- Fixes for OpenBSD (GitHub #278)
- Do not canonify values specified in abortbundleclasses/abortclasses (Redmine #1786)
- Fix build issues on NetBSD, SLES 12.2
- Improve error message when libxml2 support is not compiled (Redmine #1799)
- fix potential segmentation fault when trimming network socket data (GitHub #233)
- fix potential segmentation fault when address-lookups in lastseen db failed (GitHub #233)
- execute background promise serially when max_children was reached, rather
than skipping them (GitHub #233)
- fix segmentation fault in cf-promises when invoked with --reports (Redmine #1931)
- fix compilation with Sun Studio 12 (Redmine #1901)
- silence type-pun warning when building on HP-UX (GitHub #287)
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=37
- update to 3.4.1 final
remove cfengine-3.4.0.patch, was accepted upstream
3.4.1 (Bugfix and Stability release)
New feature/behavior:
- cf-execd terminates agent processes that are not responsive
for a configurable amount of time (see agent_expireafter in
body executor control), defaulting to 1 week
Bugfixes:
- fix regression of classmatch() failing with hard classes
(Redmine #1834)
- create promise-defined and persistent classes in correct
namespace (Redmine #1836)
- several fixes to namespace support
- fix several crash bugs caused by buffer overflow and race
conditions in cf-serverd
- regenerate time classes in cf-execd for each run
(Redmine #1838)
- edit_xml: fix select_xpath implementation and update
documentation
NOTE: code that uses select_xpath_region needs to be changed
to select_xpath
- edit_xml: make sure that text-modification functions don't
overwrite child nodes
- edit_xml: improve error logging
OBS-URL: https://build.opensuse.org/request/show/145425
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cfengine?expand=0&rev=29
New feature/behavior:
- cf-execd terminates agent processes that are not responsive
for a configurable amount of time (see agent_expireafter in
body executor control), defaulting to 1 week
Bugfixes:
- fix regression of classmatch() failing with hard classes
(Redmine #1834)
- create promise-defined and persistent classes in correct
namespace (Redmine #1836)
- several fixes to namespace support
- fix several crash bugs caused by buffer overflow and race
conditions in cf-serverd
- regenerate time classes in cf-execd for each run
(Redmine #1838)
- edit_xml: fix select_xpath implementation and update
documentation
NOTE: code that uses select_xpath_region needs to be changed
to select_xpath
- edit_xml: make sure that text-modification functions don't
overwrite child nodes
- edit_xml: improve error logging
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/cfengine?expand=0&rev=33
