"Fossies" - the Fresh Open Source Software Archive

Member "cfengine-3.15.4/ChangeLog" (7 Jun 2021, 151458 Bytes) of package /linux/misc/cfengine-3.15.4.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 3.15.3_vs_3.15.4.

    1 3.15.4:
    2 	- cf-runagent now exits with a code reflecting remote agent run status(es)
    3 	  (CFE-3594)
    4 	- Increased file descriptor limit from 128 to 2048 (CFE-3625)
    5 	- Added warning when trying to use {{.}} to expand containers in mustache templates
    6 	  (CFE-3457, CFE-3489)
    7 	- Changed log message about whitespace in class expressions to be errors
    8 	  (CFE-3560)
    9 	- Clarified error message about untrusted state directory not being private
   10 	  (CFE-3599)
   11 	- New observations of root owned SETUID programs moved from WARN to NOTICE
   12 	  (ENT-6519)
   13 	- Stopped emitting warning and recording result when observing new SETGID files
   14 	  (ENT-6750)
   15 	- Restored log level for failure to state remote files without missing_ok to ERROR
   16 	  (ENT-5879)
   17 	- Value of the 'files_single_copy' body control attribute is now logged in verbose logging mode
   18 	  (CFE-3622)
   19 	- Value of the 'files_single_copy' body control attribute can now be an empty list
   20 	  (CFE-3622)
   21 	- 'files_single_copy' no longer treats paths of copied files as regular expressions
   22 	  (CFE-3621)
   23 	- Fixed vulnerabillity where malformed input could trigger buffer overflow in
   24 	  format() policy function (CFE-3525)
   25 	- Policy function format() no longer truncates strings lager than 4096 bytes
   26 	  (CFE-2686)
   27 	- Policy function storejson() no longer truncates strings lager than 4096 bytes
   28 	  (CFE-2507)
   29 	- "source=promise_iteration" variables are no longer created in foreign bundles
   30 	  (ENT-7029)
   31 
   32 3.15.3:
   33 	- cf-secret binary for managing secrets was added (CFE-2613)
   34 	- Added sys.cf_secret component variable
   35 	- cf-monitord now uses /proc/net/* files to get network information if possible
   36 	  (CFE-2945)
   37 	- Changed bootstrap to loopback to a warning instead of exit (CFE-3304)
   38 	- Directory listings in files changes monitoring are now only updated
   39 	  when there is a change (CFE-3382)
   40 	- Variables are now correctly expanded in data/list references (CFE-3299)
   41 	- LMDB files are now created with correct permissions (ENT-5986)
   42 	- Promises with 'action => bg()' no longer break reporting data
   43 	  (ENT-6042)
   44 	- Backgrounded commands are now correctly executed in the child process
   45 	  (CFE-3379)
   46 	- AVCs are no longer produced for CFEngine processes accessing /proc/net
   47 	  (CFE-3240)
   48 	- Spaces inside square brackets (slist/data indices) are now allowed in
   49 	  class expressions (CFE-3320)
   50 	- Variables specifying data/list names in @() references are now expanded
   51 	  (CFE-2434)
   52 	- Fixed how we check for `--cols` argument to `ps` (ENT-6098)
   53 	- Fixed locking of promises using log_repaired / log_string with
   54 	  timestamps (CFE-3376)
   55 	- Fixed memory leak in users promises
   56 	- Fixed race condition when multiple agents are acquiring critical
   57 	  section locks simultaneously (CFE-3361)
   58 
   59 3.15.2:
   60 	- 'if' constraint now works in combination with class contexts
   61 	  (CFE-2615)
   62 	- Fixed rare crashing bug when parsing zombie entries in ps
   63 	  output. The problem was only ever observed on AIX, but could
   64 	  theoretically happen on any platform depending on exact libc behavior.
   65 	  (ENT-5329)
   66 	- Fixed ifelse() to return fallback in case of unresolved variables
   67 	  (ENT-4653)
   68 	- Fixed service status cfengine3 on systemd managed hosts (ENT-5528)
   69 	- Improved management of secondary groups to avoid intermediary state failures
   70 	  (ENT-3710)
   71 
   72 3.15.1:
   73 	- `cf-check diagnose --test-write` can now be used to test writing into LMDB files
   74 	  (ENT-4484)
   75 	- Added cf-postgres requirement to cf-apache and cf-hub systemd units
   76 	  (ENT-5125)
   77 	- Added new binary version macros:
   78 	  - `@if maximum_version(x)`
   79 	  - `@else`
   80 	  - `@if between_versions(x, y)`
   81 	  - `@if before_version(x)`
   82 	  - `@if at_version(x)`
   83 	  - `@if after_version(x)`
   84 	  (CFE-3198)
   85 	- Added warning if CSV parser parses nothing from a non-empty file
   86 	  (CFE-3256)
   87 	- Fixed an issue causing duplicate entries in sys.interfaces, and
   88 	  sys.hardware (CFE-3046)
   89 	- Fixed crashes and memory leaks in JSON and mustache code
   90 	- Fixed memory leak in handling of inline JSON in policy evaluation
   91 	- Made classfiltercsv() fail properly on invalid class expression index
   92 	- Measurements promises with no match no longer produce errors
   93 	  (ENT-5171)
   94 	- Moved error reading file in countlinesmatching() from verbose to error
   95 	  (CFE-3234)
   96 	- Removed (USE AT YOUR OWN RISK) from cf-key help menu for -x
   97 	  (ENT-5090)
   98 	- Variable references with nested parentheses no longer
   99 	  cause errors (CFE-3242)
  100 	- Version macros now accept single digits (CFE-3198)
  101 	- cf-agent: report purged dirs and files as repaired in 'files' promises (CFE-3260)
  102 	- cf-check: Added a more user friendly message when trying to print unknown binary data
  103 	  (ENT-5234)
  104 	- cf-check: Added data validation for cf_lastseen.lmdb (CFE-2988)
  105 	- cf-check: Added nice printing for nova_agent_executions.lmdb
  106 	  (ENT-5234)
  107 	- cf-check: Added validation for timestamps in cf_lock.lmdb (CFE-2988)
  108 	- cf-check: Added validation for timestamps in lastseen.lmdb (CFE-2988)
  109 	- cf-check: Fixed issue causing repair to target the wrong database file
  110 	  (ENT-5309)
  111 	- cf-check: Symlinked LMDB databases are now preserved in repair
  112 	  Performs diagnosis and repair on symlink target instead of symlink.
  113 	  Repaired files / copies are placed alongside symlink target.
  114 	  In some cases, the symlink target is deleted to repair a corrupt
  115 	  database, and the symlink is left as a broken symlink. This is
  116 	  handled gracefully by the agent, it will be recreated. Broken
  117 	  symlinks are now detected as an acceptable condition in diagnose,
  118 	  it won't try to repair them or delete them.
  119 	  (ENT-5162)
  120 	- Fixed selection of standard_services by default when used from non-default namespace (ENT-5406)
  121 
  122 3.15.0:
  123 	- New policy function basename() added (CFE-3196)
  124 	- Added read_module_protocol() policy function
  125 	  This function reads module protocol from a file, and can be used
  126 	  for caching the results of commands modules. (CFE-2973)
  127 	- The @ character is now allowed in the key of classic arrays defined
  128 	  by the module protocol (CFE-3099)
  129 	- nth() policy function now supports negative indices (CFE-3194)
  130 	- Fixed .xy floating point numbers parsing in eval() (CFE-2762)
  131 	- Added inform constraint to commands promises, to allow suppression of
  132 	  INFO log messages (CFE-2973)
  133 	- Changed unless constraint to be more consistent with if
  134 	  For any situation where if would NOT skip a promise, unless
  135 	  will cause the promise to be skipped. When there are
  136 	  unresolved variables / function calls, if will skip, unless
  137 	  will NOT skip. (CFE-3160)
  138 	- Default minimum allowed TLS version is now 1.1 (ENT-4616)
  139 	- Network protocol version 2 is now called "tls"
  140 	  "tls" or "2" can be used in places where you specify network
  141 	  protocol. Log messages were altered, to show "tls" instead of
  142 	  "latest". (ENT-4406)
  143 	- Introduced protocol version 3 - "cookie"
  144 	  This protocol is identical to version 2 ("tls"),
  145 	  except it allows the enterprise reporting hub to send
  146 	  the COOKIE command to enterprise hosts. This command is used for
  147 	  detecting hosts using duplicate identities. Protocol version "latest"
  148 	  now points to version 3. For community installations, it should not
  149 	  make a difference, policy servers will not send this command. The only
  150 	  visible difference is the new version number (in logs and policy).
  151 	  (ENT-4406)
  152 	- Package modules now hit network when package cache is first initialized
  153 	  (CFE-3094)
  154 	- Fixed promise skipping bug in unless (CFE-2689)
  155 	- Fixed error message for unexpanded variables in function calls in unless
  156 	  (CFE-2689)
  157 	- Prevented buffer overflow when policy variable names are longer than
  158 	  1024 bytes
  159 	- Zero bytes in class guards no longer cause crashes (CFE-3028)
  160 	- Fixed bug in ps parsing on OpenBSD / NetBSD causing bootstrap to fail
  161 	- Fixed crash in policy/JSON parsing of numbers with too many decimal
  162 	  points (CFE-3138)
  163 	- copy_from without preserve now respects destination mode (ENT-4016)
  164 	- Removed stime_range and ttime_range constraints from promise hash
  165 	  (ENT-4921)
  166 	- Fixed promise result when using process_stop in processes type promises
  167 	  (ENT-4988)
  168 	- cf-execd now sends SIGKILL to the agent process in case of
  169 	  agent_expireafter, after attempting SIGINT and SIGTERM (CFE-2664)
  170 	- cf-serverd now tries to accept connection multiple times (CFE-3066)
  171 	- Fixed multiple measurements tracking growth of same file (ENT-4814)
  172 	- Set create permissions of monitord files in state directory to 0600
  173 	  0600 matches the permissions enforced by policy.
  174 	  Affected files:
  175 	   * state/cf_incoming.*
  176 	   * state/cf_outgoing.*
  177 	   * state/cf_users
  178 	   * state/env_data
  179 	  (ENT-4863)
  180 	- Clarified descriptions of io_writtendata and io_readdata (ENT-5127)
  181 	- Clarified log message about process_count and restart_class being used
  182 	  concurrently (CFE-208)
  183 	- Agent runs that hit abortclasses now record results (ENT-2471)
  184 	- An ID of rhel in os-release file will now define both rhel and redhat
  185 	  classes (CFE-3140)
  186 	- Version specific distro classes are now collected by default in
  187 	  Enterprise (ENT-4752)
  188 	- redhat_8 and redhat_8_0 are now defined on RHEL 8 (CFE-3140)
  189 	- Added derived-from-file tag to hard classes based on /etc/redhat-release
  190 	  (CFE-3140)
  191 	- Added sys.bootstrap_id policy variable containing the ID from
  192 	  /var/cfengine/bootstrap_id.dat, if present (CFE-2977)
  193 	- sys.interfaces now contains interfaces even when they only have
  194 	  IPv6 addresses (ENT-4858)
  195 	- IPv6-only interfaces added to sys.hardware_(addresses,mac) (CFE-3164)
  196 	- IPv6 addresses are now added to policy variable sys.ip_addresses
  197 	  (CFE-682)
  198 	- IPv6 addresses now respect ignored_interfaces.rx (CFE-3156)
  199 	- hostname now allowed in bindtoaddress (CFE-3190)
  200 	- Fixed issue when removing comments from files in various policy functions
  201 	  This also fixes many erroneous occurences of the error message
  202 	  mentioning:
  203 
  204 	     [...] because it legally matches nothing
  205 
  206 	  (A warning can still appear if a comment regex actually matches nothing).
  207 	  Also made this comment removing logic faster.
  208 	  Affected functions include:
  209 	  * readstringlist()
  210 	  * readintlist()
  211 	  * readreallist()
  212 	  * peers()
  213 	  * peerleader()
  214 	  * peerleaders()
  215 	  * data_readstringarray()
  216 	  * data_readstringarrayidx()
  217 	  * data_expand()
  218 	  * readstringarray()
  219 	  * readstringarrayidx()
  220 	  * readintarray()
  221 	  * readrealarray()
  222 	  * parsestringarray()
  223 	  * parsestringarrayidx()
  224 	  * parseintarray()
  225 	  * parserealarray()
  226 	  (CFE-3188, ENT-5019)
  227 	- Fixed memory leak in JSON / env file parsing (CFE-3210)
  228 	- Fixed memory leak in handling of nfs / fstab (CFE-3210)
  229 	- Fixed memory leak in string_replace() and regex_replace() (CFE-3210)
  230 	- Fixed memory leak when using with constraint (CFE-3210)
  231 	- Fixed minor memory leak in policy evaluation (CFE-3210)
  232 	- Fixed small memory leak in SQL database promises (CFE-3210)
  233 	- Received SIGBUS now triggers a repair of local DBs (CFE-3127)
  234 	- Corrupted LMDB files are now automatically repaired (CFE-3127)
  235 	- Keys in the lock database, cf_lock.lmdb, are now human-readable
  236 	  (CFE-2596)
  237 	- Local databases now use synchronous access on AIX and Solaris (ENT-4002)
  238 	- Report corrupted local database with a critical log message (CFE-2469)
  239 	- Local DB errors are now logged with the particular DB file path (CFE-2469)
  240 	- cf-check: repair now preserves readable data in corrupted LMDB files
  241 	  (CFE-3127)
  242 	- cf-check: --dump option was added to the backup command
  243 	- cf-check: Added --no-fork to diagnose command (CFE-3145)
  244 	- cf-check: Added -M manpage option and other common options (CFE-3082)
  245 	- cf-check: No DB files in state dir now causes errors
  246 	- cf-check: dump command now dumps DB contents to JSON5 (CFE-3126)
  247 	- cf-check: help command can now take a topic as argument
  248 
  249 3.14.0:
  250 	- A bootstrap_id.dat file is now generated on every bootstrap
  251 	  (CFE-2977)
  252 	- Added options to cf-net to set minimum TLS version and ciphers
  253 	  (ENT-4617)
  254 	- Added --no-truncate option to cf-key
  255 	  This option, when used with --show-hosts changes the formatting
  256 	  of the output. Instead of padding and truncating each of the
  257 	  fields, they are printed, in full, with no padding, and separated
  258 	  by a single tab character. The output is not as pretty, but should
  259 	  be more useful for parsing by other scripts / tooling. (CFE-3036)
  260 	- Added a new option --skip-db-check to agent and execd
  261 	  This option allows you to enable/disable database (LMDB) consistency
  262 	  checks. Initially it is disabled by default, but this will likely
  263 	  change. (CFE-2893)
  264 	- Added a new utility to contrib: cf-remote
  265 	  cf-remote is a python + fabric tool to log in to remote hosts
  266 	  you have ssh access to. It can be used to download, transfer,
  267 	  and install cfengine packages as well as bootstrapping etc.
  268 	  At this point, cf-remote is not packaged with CFEngine, but can be
  269 	  installed separately from:
  270 	  https://github.com/cfengine/core/tree/master/contrib/cf-remote
  271 	  (CFE-2889)
  272 	- Added derived-from-file tags to hard classes based on /etc/debian_version and /etc/issue
  273 	- Added a function to filter CSV-files by classes (CFE-2768)
  274 	- Forward slash is now an allowed character in module protocol commands
  275 	  (CFE-2478)
  276 	- Augments files can now handle class expressions by appending '::'
  277 	  A condition in an augments file is treated as a class expression
  278 	  if it ends in ::. Otherwise it is treated as a regular
  279 	  expression. (CFE-2954)
  280 	- Internal ps command can now handle longer usernames (CFE-2951)
  281 	- Made copylink_pattern honor '/../' in copy source (CFE-2960)
  282 	- CSV parser now supports CRLF inside double quotes (ENT-4504)
  283 	- Added an error when a function defining a variables still fails at
  284 	  pass 3 (CFE-2983)
  285 	- Documented cf-execd and cf-serverd response to SIGHUP in manpage
  286 	  (CFE-2853)
  287 	- Stopped trimming leading zeroes in ubuntu minor version class
  288 	  The old version detection logic (using /etc/debian_version) was
  289 	  converting the minor version part to an integer, defining
  290 	  ubuntu_18_4 instead of ubuntu_18_04. The new platform detection
  291 	  (based on /etc/os-release) defines ubuntu_18_04. Since both old
  292 	  and new methods are running to maximize compatibility, both
  293 	  ubuntu_18_04 and ubuntu_18_4 were defined.
  294 	  This commit ensures that the old detection logic treats the
  295 	  minor version (the 04 part) as a string, not an integer. The
  296 	  change is specific to Ubuntu, and should affect Ubuntu 18.04,
  297 	  16.04, 14.04, etc. (CFE-2882)
  298 	- SUID log permissions are now properly enforced (CFE-2919)
  299 	- Agent log file names are now always lowercase
  300 	- Extended module with file protocol for data (CFE-3050)
  301 	- Fixed a segfault in 'cf-promises -p json-full' (CFE-3019)
  302 	- Added cf-key help output to indicate ability to delete by key digest
  303 	  (CFE-2997)
  304 	- Fixed disabling TLS 1.0 (CFE-3068)
  305 	- Fixed growing memory footprint of daemons (CFE-3032)
  306 	- Fixed the log message about setting collect_window (ENT-4238)
  307 	- Fixed the log message when parsing TIME in 'ps' output fails
  308 	- Fixed parsing of YAML values starting with numbers (CFE-2033)
  309 	- Fixed sys.flavor on AIX (ENT-3970)
  310 	- Fixed 6 cases where promises could get the wrong outcome
  311 	  All cases were related to error handling and detected using
  312 	  static code analysis (LGTM). They were limited to cf-monitord
  313 	  and cf-agent (guest_environments and files promise types). Due
  314 	  to a programming mistake, promise results would sometimes be
  315 	  overwritten with 'skipped' outcome. Keeping the previous
  316 	  value or making the promises 'not kept' is expected behavior.
  317 	  Added a query to our CI (LGTM) to make sure we catch this error
  318 	  on new contributions.
  319 	- Fixed an issue while parsing ps output on AIX (ENT-4295)
  320 	- Fixed a memory leak in filesexist function (ENT-4313)
  321 	- Fixed a memory leak in mustache rendering (ENT-4313)
  322 	- Fixed a memory leak in: differences(), intersection(), unique()
  323 	  (ENT-4586)
  324 	- Fixed a segfault in policy parser (ENT-4022)
  325 	- Connection cache is now global (CFE-2678)
  326 	- Increased verbosity of AcquireLock permission error (ENT-4395)
  327 	- Message about invalid class characters from module protocol moved to VERBOSE
  328 	  (CFE-2887, CFE-3008)
  329 	- Prevented buffer overflows in cf-monitord data parsing
  330 	- Private keys generated by cf-key are no longer encrypted
  331 	  Private key files encrypted with a broken cipher and default
  332 	  hard coded passphrase provide no real security, and is only an
  333 	  inconvenience. Maybe it was intended to add a password prompt
  334 	  later, but it's been 10 years now, and the cipher and passphrase
  335 	  remain untouched. The function which reads keys still supports
  336 	  both encrypted and unencrypted keys, it will decrypt if necessary.
  337 	- Reduce SSL/TLS shutdowns on bad networks (CFE-3023)
  338 	- Removed programming error in handling of process_count body
  339 	  Previously, having a failing function call inside in_range_define
  340 	  or out_of_range_define would cause a programming error when
  341 	  trying to define that as a class. Fixed it by detecting the
  342 	  case, printing a normal error, and skipping defining the class. (CFE-2067)
  343 	- Set policy->release_id to "failsafe"/"bootstrap" when running failsafe.cf
  344 	  (CFE-3031)
  345 	- Switched permissions of various temporary files in state to 0600
  346 	  These files were created with 0644 permissions, and then
  347 	  repaired in policy. However, since they are deleted / recreated
  348 	  periodically, it causes INFO noise. Safer and better user
  349 	  experience to create them with restricted permissions to
  350 	  begin with.
  351 	  Affected files:
  352 	  * $(sys.statedir)/cf_procs
  353 	  * $(sys.statedir)/cf_rootprocs
  354 	  * $(sys.statedir)/cf_otherprocs
  355 	  (ENT-4601)
  356 	- string_split segments are now truncated to 1024 bytes instead of
  357 	  crashing (CFE-3047)
  358 	- Unresolved function calls in process_select body are now skipped
  359 	  Function calls which always fail, like getuid("nosuchuser"), are
  360 	  never resolved. Previously this would cause a programming error,
  361 	  since the body is expected to have a list of strings, not
  362 	  unresolved function calls.
  363 	  The function calls are silently skipped (with a verbose message)
  364 	  as this matches the behavior of calling the functions in a vars
  365 	  promise, and using that as a body parameter.
  366 	  (CFE-1968)
  367 	- cf-check directories can now be controlled from ENV vars (CFE-2994)
  368 	- cf-check: Added backup command
  369 	  This command copies lmdb files to a timestamped backup directory.
  370 	  (ENT-4064)
  371 	- cf-check: diagnose and backup now use state directory by default
  372 	  (ENT-4064)
  373 
  374 3.13.0:
  375 	- Add support for TLS 1.3 and its ciphersuites
  376 	- Add 'feature' hard classes for supported TLS versions
  377 	  Different versions of TLS are supported depending on what version
  378 	  of OpenSSL CFEngine was compiled and linked with. Newly added
  379 	  feature hard classes bring that information to the
  380 	  policy. Classes like these are now defined (for supported
  381 	  versions of TLS):
  382 	  feature_tls                     source=agent,hardclass
  383 	  feature_tls_1                   source=agent,hardclass
  384 	  feature_tls_1_0                 source=agent,hardclass
  385 	  feature_tls_1_1                 source=agent,hardclass
  386 	  feature_tls_1_2                 source=agent,hardclass
  387 	  feature_tls_1_3                 source=agent,hardclass
  388 	- Add a new variable $(sys.default_policy_path)
  389 	  A new sys variable that provides the path of the default policy
  390 	  file evaluated when no file is specified with the '-f' option.
  391 	- Add an option to skip the initial policy run on bootstrap
  392 	  In some cases it may not be desired to run the policy as the last
  393 	  step of the bootstrap. This can be done with the new
  394 	  '--skip-bootstrap-policy-run' option for cf-agent. (CFE-2826)
  395 	- Trigger promises.cf as the last step of bootstrap (CFE-2826)
  396 	- Add support for overriding the package module's path (CFE-2103)
  397 	- Add support for setting package module interpreter (CFE-2880)
  398 	- Added --log-level option to all components
  399 	  This allows you to specify any log level (info, verbose, debug etc.).
  400 	  It is also less strict, allowing different spelling. As an example,
  401 	  --log-level i, --log-level INFO, --log-level inform are all the same.
  402 	- Added a new binary: cf-check
  403 	  Corrupt local databases (LMDB) continues to be a problem.
  404 	  cf-check will be used to diagnose and remediate problems
  405 	  with corrupt databases. It is a standalone binary, which
  406 	  doesn't evaluate policy or use the local databases, thus
  407 	  it can be used in situations where the other binaries
  408 	  like cf-agent would hang.
  409 	  cf-check replaces our lmdb database dumper, lmdump.
  410 	  cf-check lmdump or symlinking / renaming it to lmdump
  411 	  will make cf-check have the exact same behavior as lmdump.
  412 	  cf-check will include much more functionality in the future
  413 	  and some of the code will be added to other binaries,
  414 	  for example to do health checks of databases on startup.
  415 	  Ticket: (ENT-4064)
  416 	- Added function string_replace. (CFE-2850)
  417 	- Allow dots in variable identifiers with no such bundle
  418 	  As described and discussed in CFE-1915, defining remote variables
  419 	  (injecting variables into remote bundles) is dangerous and must
  420 	  be blocked. However, using a dot-separated common prefix for
  421 	  variables raises no security concerns and can be considered
  422 	  valid. (CFE-1915)
  423 	- Allow requiring TLS 1.3 as the minimum version
  424 	- Apply augments after vars, classes and inputs in def.json
  425 	  (CFE-2741, CFE-2844)
  426 	- Bundle name is now part of the log message when aborting a bundle
  427 	  (CFE-2793)
  428 	- Class names set by module protocol are automatically canonified
  429 	  (CFE-2877, CFE-2887)
  430 	- Classes failsafe_fallback and bootstrap_mode are now reported by default
  431 	- Correct log level for data_readstringarray* (CFE-2922)
  432 	- Do not iterate over JSON objects' properties in mustache (CFE-2125)
  433 	- Do not render templates when passed invalid data (CFE-2194)
  434 	- Eliminated error messages caused by attempting to kill expired processes
  435 	  (CFE-2824)
  436 	- Fix cf-runalerts systemd unit conditions so the service will run
  437 	  (ENT-3929)
  438 	- Fix the off-by-one error in cf-runagent background process spawning
  439 	  (CFE-2873)
  440 	- Fixed OOB read / heap buffer overflow in evaluator (ENT-4136)
  441 	- Fixed a memory leak which occured when reloading RSA keys from disk
  442 	  (CFE-2857)
  443 	- Fixed a memory leak which occured while loading augments files
  444 	  (CFE-2913)
  445 	- Fixed an issue with splay time in cf-execd (CFE-2931)
  446 	- Fixed error handling and memory leak in cf-key (CFE-2918)
  447 	- Fixed memory leak in JSON to policy conversion (ENT-4136)
  448 	- Fixed memory leak in lmdb cleanup (CFE-2918)
  449 	- Fixed memory leaks in cf-agent during bootstrap (CFE-2918)
  450 	- Fixed memory leaks in variablesmatching() and findfiles() (CFE-2918)
  451 	- Fixed missing class with mustache templates in warn_only mode
  452 	  (CFE-2600)
  453 	- Fixed small memory leak in cf-serverd (CFE-2918)
  454 	- Fixed small memory leak in cf-upgrade (ENT-4136)
  455 	- Fixed small memory leaks of environment variable strings (CFE-2918)
  456 	- LMDB database dumper, lmdump, no longer creates empty databases
  457 	  (ENT-4064)
  458 	- Made variablesmatching functions treat args regexes more correctly
  459 	  variablesmatching() and variablesmatching_as_data() no longer
  460 	  use string comparison to find matches. The documentation is clear;
  461 	  arguments should be regexes (so you have to escape special
  462 	  characters).
  463 	  bundle agent main
  464 	  {
  465 	      vars:
  466 		  "myvar"
  467 		      string => "example",
  468 		      meta => {"os[linux]"};
  469 		  "matches"
  470 		      slist => variablesmatching(".*", "os\[linux\]");
  471 	      reports:
  472 		  "Match: $(matches)";
  473 	  }
  474 	  The above example is correct. If you don't escape the brackets
  475 	  like above, it will no longer work. (You probably shouldn't use
  476 	  brackets in tags anyway).
  477 	- Prevent the init script from managing processes inside containers
  478 	  (ENT-3800)
  479 	- Read mustache-rendered files in text mode when comparing digest
  480 	  (ENT-2526)
  481 	- Reload persistent classes on config reload in cf-execd and cf-serverd
  482 	  (CFE-2857)
  483 	- Fixed issue with @if macro failing when it is on the first line.
  484 	  (CFE-2817)
  485 	- Fixed issue with cf-agent intermittently hanging on windows
  486 	  sometimes (ENT-3756)
  487 	- change GIT_BRANCH to GIT_REFSPEC and remove Design Center vars
  488 	  (ENT-4023)
  489 	- os-release file is now used for hard classes and sys.flavor on all linuxes
  490 	  This will improve platform detection on newer operating systems where
  491 	  /etc/os-release (or /usr/lib/os-release) is present.
  492 	  A hard class will be set for the value of the ID key (canonified with
  493 	  underscores), if it exists. If both ID and VERSION_ID exist, multiple
  494 	  hard classes will be set for all parts of the version number. The
  495 	  special variable sys.flavor will also be set by determining major
  496 	  version from VERSION_ID.
  497 	  Example os-release file:
  498 		ID=coreos
  499 		VERSION_ID=1185.3.0
  500 	  For the example above, sys.flavor will be coreos_1185 and 4 hard
  501 	  classes will be set; coreos_1185_3_0, coreos_1185_3, coreos_1185,
  502 	  and coreos.
  503 	  For backwards compatibility, older distribution specific logic is still
  504 	  executed and may overwrite sys.flavor and define hard classes as before.
  505 	- refactor use of atexit to use custom cleanup function instead. On Windows
  506 	  atexit() unloads DLLs before and/or during atexit functions being called
  507 	  which causes bad behavior. (ENT-3756)
  508 
  509 3.12.0b1:
  510 	New Features:
  511 	- Add a --key-type option to specify RSA key size to cf-key
  512 	- New hash_to_int policy function (CFE-2733)
  513 	- Issue a warning on ignored locking attributes (CFE-2748)
  514 	- Add IPv6 hard classes with the "ipv6_" prefix (CFE-2310)
  515 	- Introduce "missing_ok" attribute in body copy_from
  516 	  This allows to ignore missing sources in file copy operations (CFE-2365)
  517 	- Enable Xen hypervisor detection on all x86 platforms (CFE-2203)
  518 	- Add sys.policy_entry variables (CFE-2572)
  519 	- Added inline_mustache template method (CFE-1846)
  520 	- New component cf-net (cf-net is a CLI for the CFEngine network protocol,
  521 	  useful for debugging, testing etc) and accompanying policy variable
  522 	  sys.cf_net containing path to cf-net binary
  523 
  524 	Changes:
  525 	- Load augments at the end of context discovery
  526 	  This means that classes defined as part of the context discovery
  527 	  (e.g. 'am_policy_hub' and 'policy_server') can be used in the
  528 	  augments (CFE-2482)
  529 	- Open measurements promise type from enterprise cf-monitord
  530 	- Transform filesexist() into a collecting function (CFE-2744)
  531 	- Load process table when actually needed for a processes promise (ENT-2536)
  532 	- Ignore commented out entries in fstab when edit_fstab is true (CFE-2198)
  533 	- Do not move obstructions in warn policy mode (CFE-2740)
  534 	- Made the max bytes parameter to file reading functions optional (CFE-2656)
  535 	- Do not tag large volatile variables for inventory
  536 	  sys.interfaces_data, sys.inet and sys.inet6 are commonly larger than the
  537 	  maximum data size allowed to be collected by cf-hub. Data larger than 1k
  538 	  is truncated. Instead of reporting truncated data this change stops
  539 	  tagging the variable so that it will not be collected to the Enterprise
  540 	  hub and will not be available in Mission Portal. (ENT-3483)
  541 	- cf-execd now re-parses augments on policy reload (CFE-2406)
  542 	- Improve misleading verbose message
  543 	  For constraints if/ifvarclass/unless, we now print the whole rval of the constraint.
  544 	  Previously the message was just "skipping variable because ifvarclass is not defined" while the variable itself was defined.
  545 	  Old message example:
  546 	    verbose: Skipping promise 'mailto' because 'if'/'ifvarclass' is not defined
  547 	  Changed to:
  548 	     verbose: Skipping promise 'mailto' because 'ifvarclass => not(isvariable("mailto"))' is not defined
  549 	  (CFE-2697)
  550 	- Promise comments for file changes moved to verbose (ENT-3414)
  551 	- Suppress output from systemctl based restart of services in
  552 	  bootstrap/failsafe (CFE-1459)
  553 	- Parser can now handle larger inbut buffers (CFE-1886)
  554 	- Improve logging of ACL errors (ENT-3455)
  555 	- cf-execd systemd service now only kills cf-execd itself (ENT-3395)
  556 	- Load multiple augments from "augments" string array in def.json
  557 	  (CFE-2084)
  558 	- Improve support for Alpine Linux
  559 	- Set the exit value when running cf-key
  560 	  When running cf-key to generate new keys, set the exit value of the
  561 	  program to be 0 on success and 1 on failure. This makes it easier to
  562 	  catch errors during setup of a new machine.
  563 	  Change the default behavior of the program to not write anything to stdout,
  564 	  opting to use the Log() function which can write to stdout and will also
  565 	  allow output to be sent to syslog.
  566 	  Add a --inform option to set the global log level to LOG_LEVEL_INFO.
  567 	  Change the permissions of the randseed file to 600 and catch the exception
  568 	  if the chmod call fails.
  569 	- Properly reverse-resolve DNS names longer than 63 chars (ENT-3379)
  570 	- Properly redirect init script to systemd on debian systems (ENT-3326)
  571 
  572 	Bug fixes:
  573 	- Disallow modifications of variables from a remote bundle (CFE-1915)
  574 	- Speedup evalution by not copying variables table when expanding a promise
  575 	  (CFE-2524)
  576 	- Resolve subkey conflicts when converting to JSON
  577 	  Whenever there is a conflict of array variable definitions prefer
  578 	  the container subkeys over simple values when converting to JSON
  579 	  (CFE-2536)
  580 	- Do not ignore meta promises in server bundles (CFE-2066)
  581 	- Add a debug log for computed class in splayclass
  582 	- Don't error when calling isexecutable on broken link (CFE-741)
  583 	- Fix segfault when no show-evaluated-vars/classes is specified
  584 	- Fix memory leak in cf-execd, triggered when sending email failed (CFE-2712)
  585 	- Fix IPv6 parsing to be un-reversed (CFE-2580)
  586 	- Fix bug preventing permission changes on Unix sockets (CFE-1782)
  587 	- Fix storage mount promise when existing mountpoint has a similar path
  588 	  (CFE-1960)
  589 	- Fix segfault when cf-promises -p is called against a file with syntax
  590 	  errors (CFE-2696)
  591 	- Fix rare cf-execd hang (CFE-2719)
  592 	- Fix mergedata segfault when called on a non-container (CFE-2704)
  593 	- Do not segfault if policy_server.dat only contains whitespaces and/or line breaks
  594 	- Fix segfault on JSON policy files with no bundles and bodies (CFE-2754)
  595 
  596 
  597 3.11.0:
  598 	New Features:
  599 	- Allow function calls in promiser using universal "with" attribute
  600 	  (CFE-1092)
  601 	- Add example of with attribute (CFE-1092)
  602 	- Detect Amazon Linux and set "AmazonLinux" hard class and
  603 	  sys.flavour variable
  604 	- New sysctlvalue() and data_sysctlvalues() functions from /proc/sys
  605 	  (CFE-2513)
  606 	- readdata() also auto-detects .yml files as YAML
  607 	- Added support for ENV and CSV file parsing (CFE-1881)
  608 	- Added vars and classes for CoreOS (ENT-3043)
  609 	- cf-agent: implement --show-evaluated-vars and --show-evaluated-classes
  610 	- Support for custom ports and host names as policy hub (CFE-953)
  611 	- cf-promises: allows --show-vars and --show-classes to take an optional filter
  612 	- Added a new tool: cf-net. cf-net is a CLI for the CFEngine
  613 	  network protocol, useful for debugging, testing etc (CFE-2493)
  614 	- New policy variable: sys.cf_net contains path to cf-net binary
  615 	- Read /etc/os-release into sys.os_release (CFE-1881)
  616 
  617 	Changes:
  618 	- readintlist() now prints an error if the
  619 	  file contains real numbers, not integers, and aborts; previously it was
  620 	  printing an info-level error message, was half-reading an integer out of
  621 	  the real, and was continuing successfully.
  622 	- "make tar-package" should create a tarball with the contents of
  623 	  "make install" (ENT-3041)
  624 	- Allow opening symlinks owned by root or by the current user
  625 	  (CFE-2516)
  626 	- Change warning message about depth_search on a non directory to
  627 	  DEBUG level
  628 	- Ensure synchronous start and stop with systmectl (ENT-2841)
  629 	- Put logs in /var/log and PID files in /var/run when using FHS layout
  630 	  (CFE-2449)
  631 	- readstringlist(), readintlist(), readreallist(): Print
  632 	  verbose instead of error message if file can not be read
  633 	- cf-serverd: Do not close connection when file does not exist
  634 	  (CFE-2532)
  635 	- policy_server.dat now appends a newline and supports host & port
  636 	- Allow string_head and string_tail to take negative arguments
  637 	- getvalues(inexistent_var) returns an empty list.
  638 	  Restores 3.7.x and earlier behaviour. (CFE-2479)
  639 	- Partially restore old getvalues(array) behaviour
  640 	  Bugfix: getvalues() now behaves correctly for old CFEngine
  641 	  arrays of depth 1
  642 	  Behaviour change: it always returns a list now. Even when v is a simple
  643 	  string (i.e. not an iterable) it will return an slist with one element:
  644 	  the value of the string variable.
  645 	  Known issues: getvalues() still misbehaves with double-indexed arrays
  646 	  (see CFE-2504, CFE-2536)
  647 	- The source version of CFEngine now installs binaries into
  648 	  bin folder instead of sbin folder (CFE-2448)
  649 	- Don't error during dry run for proposed execution (CFE-2561)
  650 	- Print verbose instead of error message when readfile() fails (CFE-2512)
  651 	- cf-serverd: Auto configure max open files ulimit according to
  652 	  maxconnections (CFE-2575)
  653 	- Made the max bytes parameter to file reading functions optional.
  654 	  Affects readfile(), readenvfile(), readcsv()
  655 
  656 	Bug fixes:
  657 	- Fix insert_lines related memory corruption (CFE-2520)
  658 	- Prevent LMDB assertion on AIX by ensuring nested DB calls are
  659 	  not occuring during signal handler cleanup (CFE-1996)
  660 	- Fix a bug which could cause cf-execd to believe there was
  661 	  an error when sending the email report, when there really wasn't
  662 	- zendesk#3204: Fix "lastseenexpireafter" 32-bit signed int overflow
  663 	- Fix cf-execd not exiting immediately with SIGTERM on AIX (ENT-3147)
  664 	- Fix automatic service stops based on runlevel (redhat/centos)
  665 	  (CFE-2611)
  666 	- Fix cf-serverd crash when reporting corrupted data (ENT-3023)
  667 	- Fix rare output truncation on Solaris 10/11 (CFE-2527)
  668 	- Fix crash on Solaris when ps ucb variant is not available (CFE-2506)
  669 	- Fix logic to detect when running under a Xen Hypervisor (CFE-1563)
  670 	- Fix "lastseenexpireafter" 32-bit signed int overflow (zendesk#3204)
  671 	- Fix IPv6 parsing to be un-reversed (CFE-2580)
  672 
  673 3.10.0:
  674 	New features/additions:
  675 	- All new features/additions for 3.8 and 3.9 are also included in 3.10.
  676 	- Add: Classes body tailored for use with diff
  677 	- New feature: Classes promise: allow classes without an expression to default to defined.
  678 	- Support for custom ports and host names as policy hub (CFE-953)
  679 	- Add: Definition of from_cfexecd for cf-execd initiated runs
  680 	  (CFE-2386)
  681 	- Add < <= > >= operators to eval().
  682 	- Add testing jUnit and TAP bundles and include them in stdlib.cf
  683 	- New function isipinsubnet() (ENT-7949)
  684 	- LogDebug(): implement module-based debug logging.
  685 	  Now most DEBUG messages are *not* printed even when "-d" is in use, but
  686 	  the specific debug module has to be enabled on the command line. For
  687 	  example to enable all log modules, run:
  688 	  cf-agent -d --log-modules=all
  689 	- Add: edit_line contains_literal_string to stdlib
  690 	- add variablesmatching_as_data() function paralleling variablesmatching()
  691 	  (Redmine #7885)
  692 	- Allow specifying agent maxconnections via def.json (CFE-2461)
  693 	- Add getuserinfo() function
  694 	- Add body agent control select_end_match_eof option. (CFE-2390)
  695 	- Add class to enable post transfer verification during policy updates
  696 	- Add ability to append to bundlesequnece with def.json (CFE-2460)
  697 	- policy_server.dat now appends a newline and supports host & port
  698 
  699 	Changes:
  700 	- Rewrite iteration engine to avoid combinatorial explosion with nested variable expansions.
  701 	  This speeds up enormously the execution of policies that included long
  702 	  slists or JSON containers, that in the past didn't even terminate.
  703 	  Change: "cf_null" string literal was changed to not be something
  704 		  special, and it's now a string that can be used anywhere, like
  705 		  in slists or part of bundlesequence etc.
  706 	  NOTE: Old policy should be grep'ed for "cf_null" and in case such
  707 		occurences were handled specially, they should be reworked.
  708 	  Change: "--empty-list--" is now never printed by format(),
  709 		  an empty list is now printed as "{  }".
  710 	  Change: Order of pre-evaluation was slightly changed, A new "vars" pass
  711 		  at the beginning of pre-evaluation was added. It used to be
  712 		  classes-vars, but it was changed to vars-classes-vars. As a
  713 		  result some classes or variables might be evaluated at a
  714 		  different time than before. As always try to write policy code that works no matter what the
  715 		  order of execution is.
  716 		  One way is to always *guard* the execution of functions to avoid
  717 		  bogus function results.  For example the following will avoid
  718 		  running execresult() bevore the file has been created:
  719 		    execresult("cmd /path/to/filename") if => fileexists("/path/to/filename");
  720 	  C internals: NULL Rlist is now perfectly valid, in fact it is the only
  721 		       way to denote an empty Rlist.
  722 	  C internals: Since a slist variable can be NULL, API of
  723 		       EvalContextVariableGet() changed: The way to detect if a
  724 		       variable is found, is not to check return value for NULL,
  725 		       but to check returned *type* for CF_DATA_TYPE_NONE.
  726 		       Fixed what I could find as wrong API uses. (CFE-2162)
  727 	- Allow arbitrary service policies (CFE-2402)
  728 	- Behaviour change: cf-execd: Do not append -Dfrom_cfexecd to exec_command .
  729 	  (CFE-2386)
  730 	- Failsafe/Bootstrap no longer copy files starting with .git (like .gitignore) or .mailmap
  731 	  (CFE-2439)
  732 	- Change: Enable strict transport security
  733 	- Change: Disable http TRACE method
  734 	- Change: Verify transfered files during policy update
  735 	- Allow getvariablemetatags() and getclassmetatags() to get a specific tag key
  736 	- Change: Use more restrictive unix socket perms (ENT-2705)
  737 	- Add sys.user_data container for user starting agent.
  738 	- Pass package promise options to underlying apt-get call (#802)
  739 	  (CFE-2468)
  740 	- Change: Enable agent component management policy on systemd hosts
  741 	  (CFE-2429)
  742 	- Change: Switch processes restart_class logging to verbose
  743 	- Change: Log level for keeping verbatim JSON to DEBUG (CFE-2141)
  744 	- Change: Require network before cfengine services (CFE-2435)
  745 	- Behaviour change: getvalues(inexistent_var) returns an empty list.
  746 	  Restores 3.7.x and earlier behaviour. (CFE-2479)
  747 	- Behaviour change: when used with CFEngine 3.10.0 or greater,
  748 	  bundles set_config_values() and set_line_based() are appending a
  749 	  trailing space when inserting a configuration option with empty value.
  750 	  (CFE-2466)
  751 	- Behaviour change: getvalues() always returns a list now. Even when v is a simple
  752 	  string (i.e. not an iterable) it will return an slist with one element:
  753 	  the value of the string variable.
  754 	- Behaviour change: readintlist() now prints an error if the
  755 	  file contains real numbers, not integers, and aborts; previously it was
  756 	  printing an info-level error message, was half-reading an integer out of
  757 	  the real, and was continuing successfully.
  758 	- Ensure synchronous start and stop with systemctl (ENT-2841)
  759 	- Change select_region INI_section to match end of section or end of file
  760 	  (CFE-2519)
  761 
  762 	Bug fixes:
  763 	- fix files promise not setting ACL properly on directories. (CFE-616)
  764 	- Upgrade CFEngine dependencies to the following versions:
  765 	  - lixml2 2.9.4
  766 	  - OpenSSL 1.0.2j
  767 	  - LibYAML 0.1.7
  768 	  - Curl 7.50.3
  769 	- Fix cumulative() to accept up to 1000 years, like it's documented.
  770 	- Fixed parsing of host name/IP and port number in cf-runagent
  771 	  (CFE-546)
  772 	- Fix intermittent error message of type:
  773 	  "error: Process table lacks space for last columns: <cmd>" (CFE-2371)
  774 	- storage: Properly initialize the list of current mounts (CFE-1803)
  775 	- Fix 'contain' attribute 'no_output' having no effect when
  776 	  the 'commands' promise is using 'module => "true"'. (CFE-2412)
  777 	- Fix bug which caused empty emails to be sent from cf-execd
  778 	  if there was no previous output log and the new log was fully filtered
  779 	  by email filters. (ENT-2739)
  780 	- allow ifelse(FALSE, $(x), "something else") to work. (CFE-2260)
  781 	- Fix connection cache, reuse connections when possible. (CFE-2447)
  782 	- Fix rare bug that would sometimes prevent redis-server from launching.
  783 	- Fix bug in files promise when multiple owners are promised
  784 	  but first one doesn't exist, and improve logging . (CFE-2432)
  785 	- define kept outcome with action warn if edit_line is as expected
  786 	  (CFE-2424)
  787 	- Example using getvariablemetatags() and getclassmetatags() to get a specific tag key
  788 	- Remove 2k limit on strings length when writing JSON policies
  789 	  (CFE-2383)
  790 	- Fix ttime_range constraint to go higher than 2G as number of seconds.
  791 	- Change: cronjob bundle tolerates different spacing
  792 	- Allow editing fields in lines longer than 4k (CFE-2438)
  793 	- Don't send empty emails for logs where everything is filtered.
  794 	  (ENT-2739)
  795 	- allow maplist(), maparray(), and mapdata() to evaluate function calls during iteration
  796 	  (ARCHIVE-1619)
  797 	- insert_lines is no longer implicitly matching EOF as
  798 	  end of the region if 'select_end' pattern is not matched . (CFE-2263)
  799 	- Change: Remove executable bit from systemd units (CFE-2436)
  800 	- cf-serverd should reload def.json when reloading policy (CFE-2406)
  801 	- Fix cf-monitord detection of usernames of the process table on AIX.
  802 	- Speed up local and remote file copying and fix spurious errors.
  803 	  (ENT-2769)
  804 	- Fix occasional segfault when running getindices() on a
  805 	  variable that has indices of multiple depths (e.g. both "a[x]" and
  806 	  "a[x][y]"). (CFE-2397)
  807 	- When no file is provided when calling cf-promises
  808 	  with cf or json output, use promises.cf by default. This restores the
  809 	  previous behavior. (CFE-2375)
  810 	- Fix: Services starting or stopping unnecessarily (CFE-2421)
  811 	- Change: Split systemd units (CFE-2278)
  812 	- EOF is  matched as an end of the region in edit_line
  813 	  promises only if 'select_end_match_eof' parameter is true. (CFE-2263)
  814 	- Fix double logging of output_prefix, and log process name for cf-agent syslog messages.
  815 	  (CFE-2225)
  816 	- Be less verbose if a network interface doesn't have a MAC address.
  817 	  (CFE-1995)
  818 	- Fix: CFEngine choking on standard services (CFE-2806)
  819 	- fix insert_lines related memory corruption (CFE-2520)
  820 	- fix cf-serverd crash when reporting corrupted data. (ENT-3023)
  821 	- Fix ability to manage INI sections with metachars for
  822 	  manage_variable_values_ini and set_variable_values_ini (CFE-2519)
  823 	- Fix apt_get package module incorrectly using interactive mode.
  824 	- Fix crash on Solaris when ps ucb variant is not available. (CFE-2506)
  825 	- cf-serverd: Do not close connection when file does not exist.
  826 	  (CFE-2532)
  827 	- getvalues() now behaves correctly for old CFEngine arrays of depth 1.
  828 	  Known issues: getvalues() still misbehaves with double-indexed arrays
  829 	  (see (CFE-2504, CFE-2536)
  830 
  831 3.9.0:
  832 	New features/additions:
  833 	- Add optional interface parameter to iprange() to match only one interface.
  834 	- Allow '=' in symbolic modes (Redmine #7826)
  835 	- Add: FreeBSD ports package module
  836 	- New package module for FreeBSD pkg package manager.
  837 	- Add support for adding/removing fifos in policy
  838 	- Add Linux parsing of /proc/net/ data.
  839 	  - sys.inet
  840 	  - sys.inet6
  841 	  - sys.interface_data
  842 	  - Data is returned as a data container.
  843 	  - See documentation for more details. (Jira CFE-1991)
  844 	- sys.ip2iface: new reverse mapping variable from IP to interface name
  845 	- Namespaced classes can now be specified on the command line.
  846 	- namespaces can now be passed to cf-runagent -D and --remote-bundles
  847 	  (Redmine #7856)
  848 	- Add 'cf-full' and 'json-full' to cf-promises '-p' option.
  849 	  They generate output based on the entire policy. The existing 'cf'
  850 	  already behaved this way, and it has now been changed to generate
  851 	  output only for a single file, which the existing 'json' option
  852 	  already does.
  853 	- New language functions: processexists() and findprocesses()
  854 	  (Redmine #7633)
  855 	- Implement new regex_replace() function. (Redmine #7346)
  856 	- Add log rotation policy for state/classes.jsonl log. (Redmine #7951)
  857 	- Added collect_vars utility bundle to stdlib
  858 	- Intoduce report_class_log attribute to body agent control.
  859 	  (Redmine #7951)
  860 	- Add standard_services service_method allowing for explicit usage
  861 	- cf-promises --show-vars can now show JSON variables.
  862 	- Add json_pipe mode to mapdata(), which allows piping a
  863 	  JSON container to an external program for manipulation and receiving
  864 	  JSON back. The jq tool is a good example where this mode can be
  865 	  useful. A corresponding $(def.jq) variable has also been added with
  866 	  a default path to this tool. See documentation for mapdata() for
  867 	  more information and examples. (Jira CFE-2071)
  868 	- behaviour change: "true" is always defined and "false" is never defined in a context expression.
  869 	- Add: nimclient package module for AIX
  870 	  This module provides basic functionality for using nimclient as a means
  871 	  to ensure packages are either present or absent. It does not support
  872 	  listing package updates available or provide any special caching.
  873 	- Add callstack_callers() and callstack_promisers() functions.
  874 	- Log variable definitions in debug output. (Redmine #7137)
  875 	- Add: Memory information to host info report (Jira CFE-1177)
  876 	- In Mustache templates, one can now use {{#-top-}} and
  877 	  {{/-top-}} tags to iterate over the top level element in a
  878 	  container. (Redmine #6545)
  879 	- Add network_connections() function that parses /proc/net
  880 	- Provide new -w argument to override the workdir for testing
  881 	- New feature: Emails sent by cf-execd can be filtered to get
  882 	  rid of emails for unwanted log messages. The attributes
  883 	  mailfilter_include and mailfilter_exclude in body executor
  884 	  control control what to include. See documentation for cf-execd for
  885 	  more information. (Jira CFE-2283)
  886 	- Add: file_make_mustache bundle to render mustache templates
  887 	- Add '-n' flag to cf-key to avoid host name lookups.
  888 	- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor multiple -D, -N and -s arguments
  889 	  (Redmine #7191)
  890 	- Add "canonify" mode to mapdata().
  891 	- Add: printfile bodies to stdlib
  892 	- Add: New results classes body [] (Redmine #7418, #7481)
  893 	- Implement cf-runagent --remote-bundles and cf-serverd "bundle" access promise.
  894 	  (Redmine #7581)
  895 	- Add commands promise arglist attribute, augmenting args attribute.
  896 	- It's now possible to reference variables in inline JSON,
  897 	  for example: mergedata('[ thing, { "mykey": otherthing[123] } ]').
  898 	  thing and otherthing[123] will be resolved as variables, since
  899 	  they are unquoted. See the documentation for more details.
  900 	  (Redmine #7871)
  901 	- Allow inline JSON to be used in the following function
  902 	  calls:
  903 	  - data_expand()
  904 	  - difference()
  905 	  - every()
  906 	  - filter()
  907 	  - format()
  908 	  - getindices()
  909 	  - getvalues()
  910 	  - grep()
  911 	  - intersection()
  912 	  - join()
  913 	  - length()
  914 	  - makerule()
  915 	  - mapdata()
  916 	  - maplist()
  917 	  - mean()
  918 	  - mergedata()
  919 	  - none()
  920 	  - nth()
  921 	  - parsejson()
  922 	  - product()
  923 	  - regarray()
  924 	  - reglist()
  925 	  - reverse()
  926 	  - shuffle()
  927 	  - some()
  928 	  - sort()
  929 	  - storejson()
  930 	  - string_mustache()
  931 	  - sublist()
  932 	  - sum()
  933 	  - unique()
  934 	  - url_get()
  935 	  - variance()
  936 	  For example: mergedata('[ "thing", { "mykey": "myvalue" } ]')
  937 	  See the documentation for more details. (Jira CFE-2253)
  938 	- Add: edit_line contains_literal_string to stdlib
  939 	- Add body agent control select_end_match_eof option. (Jira CFE-2390)
  940 
  941 	Changes:
  942 	- Change: classesmatching(): order of classes changed
  943 	- Change: getindices(), getvalues(), variablesmatching(), maparray():
  944 	  order of variables returned has changed
  945 	- Change: set_quoted_values uses bundle scoped classes
  946 	- Change: set_config_values uses bundle scoped classes
  947 	- Change: set_variable_values uses bundle scoped classes
  948 	- Change: set_config_values_matching uses bundle scoped classes
  949 	- Change: manage_variable_values_ini uses bundle scoped classes
  950 	- Change: set_line_based should use bundle scoped classes
  951 	  (Jira CFE-1959)
  952 	- getvalues() will now return a list also for data containers,
  953 	  and will descend recursively into the containers. (Redmine #7116)
  954 	- Change: Improve git drop user support
  955 	- Use new package promise as default package promise
  956 	  implementation. (Jira CFE-2332)
  957 	- Don't follow symbolic links when copying extended attributes.
  958 	- When a bodydefault:<promise_type>_<body_type> body is
  959 	  defined, it will be used by all promises of type <promise_type>
  960 	  unless another body is explicitly used.
  961 	- cf-serverd no longer appends "-I -Dcfruncommand" to
  962 		     cfruncommand, this has to be done manually in masterfiles
  963 		     body server control. (Redmine #7732)
  964 	- eval() function arguments mode and options are now
  965 	  optional.
  966 	- sort() function argument mode is now optional.
  967 	- Change: returnszero() no longer outputs the output of a command.
  968 	  The output can be seen by enabling info mode (-I).
  969 	- cfruncommand is not executed under shell. (Redmine #7409)
  970 	- Remove: Apache CGI module
  971 	- Change: Make maxbytes arg of readjson() and readyaml() optional
  972 	- Classes matching agent control's abortclasses are
  973 	  now printed before exit, even if they are defined in common bundles.
  974 	  Previously the regex (in abortclasses) that matched the class was
  975 	  printed if the class was defined in a common bundle, but the class
  976 	  itself was printed if it was defined in an agent bundle. With this
  977 	  change, the defined class that caused the abort is always printed.
  978 	- Remove: Support for email settings from augments_file (Redmine #7682)
  979 	- Change: set_variable_values_ini uses bundle scoped classes
  980 	- findfiles() now skips relative paths. (Redmine #7981)
  981 	- Clients connections using non TLS protocol are rejected
  982 	  by default. . (Jira CFE-2339)
  983 	- Change: Policy files specified in the "inputs" section of
  984 	  def.json will no longer be auto-loaded. One has to refer to the
  985 	  which are using the "inputs" field inside def.json. (Redmine #7961)
  986 	- Change: Separate binary details from policy update (Redmine #7662)
  987 	- Add guard for binary upgrade during bootstrap (Redmine #7861)
  988 	- Change: Modernize pkg module and package_method
  989 	- Remove: Userdir apache module
  990 	- filestat(path, "linktarget") now follows non-absolute links and returns full path of target.
  991 	  This introduces a change in behaviour. Here is an example:
  992 	  $ ls -l /bin/sh
  993 	  lrwxrwxrwx 1 root root 4 Jun  4  2015 /bin/sh -> dash
  994 	  Previously the filestat function would return "dash", and would also log
  995 	  an error that the file can not be read. Now it will return "/bin/dash"
  996 	  (or the final destination if it happens that /bin/dash is also a
  997 	  symlink).
  998 	  You can still get the previous behaviour by using
  999 	  filestat(path, "linktarget_shallow"). (Redmine #7404)
 1000 	- Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf
 1001 	  (Redmine #7861)
 1002 	- Behavior change: The promise string of a processes
 1003 	  promise now matches just the command line of each process instead of
 1004 	  the line that is output by ps. This was done to reduce fragmentation
 1005 	  between platforms, since ps is a very nonstandardized tool.
 1006 	  (Jira CFE-2161)
 1007 	- Allowed namespace names made more strict, to disallow
 1008 	  namespaces that cannot be reached. (Redmine #7903)
 1009 	- Behavior change: When using readintlist(), readreallist()
 1010 	  or readstringlist(), parsing an empty file will no longer result in a
 1011 	  failed function call, but instead an empty list. Failure to open the
 1012 	  file will still result in a failed function call.
 1013 	- insert_lines is no longer implicitly matching EOF as
 1014 	  end of the region if 'select_end' pattern is not matched .
 1015 	  (Jira CFE-2263)
 1016 	- EOF is  matched as an end of the region in edit_line
 1017 	  promises only if 'select_end_match_eof' parameter is true.
 1018 	  (Jira CFE-2263)
 1019 
 1020 	Bug fixes:
 1021 	- Upgrade CFEngine dependencies to the following versions:
 1022 	  - Curl     7.48.0
 1023 	  - libxml2  2.9.4
 1024 	  - LMDB     0.9.18
 1025 	  - OpenLDAP 2.4.44
 1026 	  - OpenSSL  1.0.2h
 1027 	  - PCRE     8.38
 1028 	  (Jira ENT-2720)
 1029 	- Upgrade dependencies to latest minor versions.
 1030 	  For Community / Enterprise:
 1031 	  For Enterprise:
 1032 	- Fix bug which sometimes misparses user names in ps output.
 1033 	- Fix: Problem with git not dropping privileges soon enough
 1034 	- Allow def.json up to 5MB instead of 4K.
 1035 	- It is possible to edit the same value in multiple regions
 1036 	  of one file. (Redmine #7460)
 1037 	- CFEngine on Windows no longer truncates log messages if the
 1038 	  program in question is killed halfway through.
 1039 	- Fixed a bug which caused def.json not being able to define
 1040 	  classes based on other hard classes. (Jira CFE-2333)
 1041 	- Change: Tighten Enterprise hub permissions (Jira ENT-2708)
 1042 	- Fix a regression which would sometimes cause "Permission
 1043 	  denied" errors on files inside directories with very restricted
 1044 	  permissions. (Redmine #7808)
 1045 	- Fix use-after-free in ArrayMap and HashMap (Redmine #7952)
 1046 	- Package repositories are no more hit every time package promise
 1047 	  is evaluated on SUSE.
 1048 	- Fix a bug which sometimes caused package promises to be
 1049 	  skipped with "XX Another cf-agent seems to have done this since I
 1050 	  started" messages in the log, most notably in long running cf-agent
 1051 	  runs (longer than one minute). (Redmine #7933)
 1052 	- TTY detection should be more reliable. (Redmine #7606)
 1053 	- cf-promises -p cf now produces valid cfengine code (Redmine #7956)
 1054 	- Fix ps options for FreeBSD to check processes only in current host and not in jails
 1055 	- cf-runagent now properly supports multiple -D or -s arguments
 1056 	  (Redmine #7191)
 1057 	- Fix: Work around impaired class definition from augments
 1058 	  (Jira CFE-2333)
 1059 	- Fix "No such file or directory" LMDB error on heavily loaded hosts.
 1060 	  (Jira CFE-2300)
 1061 	- Check for empty server response in RemoteDirList after decryption
 1062 	  (Redmine #7908)
 1063 	- Small performance optimization when cf-execd scans emails before sending.
 1064 	- Fix handling of closed connections during transactions
 1065 	  (Redmine #7926)
 1066 	- The core ps parsing engine used for processes promises
 1067 	  has been rewritten from scratch, and should be more robust than
 1068 	  before. (Jira CFE-2161)
 1069 	- Fix the lexer which could not handle empty newline(s)
 1070 	  before a @endif.
 1071 	- groupexists() no longer fails to detect a group name
 1072 	  starting with a digit. (Jira CFE-2351)
 1073 	- Fix HP-UX specific bug that caused a lot of log output to disappear.
 1074 	- Fix unresolved variable (Redmine #7931)
 1075 	- Change: Suppress standard services noise on SUSE (Redmine #6968)
 1076 	- Reduce verbosity of yum package module (Redmine #7485)
 1077 	- cf-runagent: Allow connections to localhost instead of failing silently.
 1078 	- Show errors regarding failure to copy extended attributes
 1079 	  when doing a local file copy. Errors could happen when copying
 1080 	  across two different mount points where the support for extended
 1081 	  attributes is different between the mount points.
 1082 	- Fix classes being set because of hash collision in the implementation.
 1083 	  (Redmine #7912)
 1084 	- fix build failure on FreeBSD 7.1 (Redmine #7415)
 1085 	- Improve logging when managing setuid/setgid
 1086 	- Reduce verbosity of apt_get package module (Redmine #7485)
 1087 	- packagesmatching() and packageupdatesmatching() should work
 1088 	  when new package promise is used. (Jira CFE-2246)
 1089 	- Fix bug which could render host unable to recover from a
 1090 	  syntax error, even if failsafe.cf was utilized. This could happen if
 1091 	  the file containing the syntax error was specified in the def.json
 1092 	  special file. (Redmine #7961)
 1093 	- Prevent crash in cf-execd email code when policy server is not set.
 1094 	- In case of networking error, assume checksum is wrong
 1095 	- Fix two cases where action_policy warn still produces errors
 1096 	  (Redmine #7274)
 1097 	- Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961)
 1098 	- @if minimum_version now correctly ignores lines starting with '@'
 1099 	  (Redmine #7862)
 1100 	- No longer hang when changing permissions/ownership on fifos
 1101 	  (Redmine #7030)
 1102 	- readfile() and read*list() should print an error if they fail to read file.
 1103 	  (Redmine #7702)
 1104 	- The isvariable() function call now correctly accepts all
 1105 	  array variables when specified inline. Previously it would not accept
 1106 	  certain special characters, even though they could be specified
 1107 	  indirectly by using a variable to hold it. (Redmine #7088)
 1108 	- Fix file descriptor leak when there are network errors.
 1109 	- Improve robustness of process table parsing on Solaris.
 1110 	  (Jira CFE-2161)
 1111 	- Installing packages containing version numbers using yum
 1112 	  now works correctly. (Redmine #7825)
 1113 	- Parse def.json vars, classes and inputs from the C
 1114 	  code. This fixes a bug where certain entries in this file would be
 1115 	  parsed too late to have any effect on the evaluation.
 1116 	  (Redmine #7453, #7615)
 1117 	- Change package modules permissions on hub package so that
 1118 	  hub can execute package promises. (Redmine #7602)
 1119 	- Fix: CFEngine choking on standard services (Jira CFE-2086)
 1120 	- Fix: cf-upgrade on SUSE
 1121 	- Fix: Stop cfengine choking on systemctl output (Jira CFE-2806)
 1122 	- storage: Properly initialize the list of current mounts
 1123 	  (Jira CFE-1803)
 1124 	- Fix bug which caused empty emails to be sent from cf-execd
 1125 	  if there was no previous output log and the new log was fully filtered
 1126 	  by email filters. (Jira ENT-2739)
 1127 	- Don't send empty emails for logs where everything is filtered.
 1128 	  (Jira ENT-2739)
 1129 	- Fix intermittent error message of type:
 1130 	  "error: Process table lacks space for last columns: <cmd>"
 1131 	  (Jira CFE-2371)
 1132 	- Be less verbose if a network interface doesn't have a MAC address.
 1133 	  (Jira CFE-1995)
 1134 
 1135 3.8.2:
 1136 	Fixes:
 1137 	- Update library dependencies to latest version.
 1138 	  Libraries upgraded:
 1139 	  - curl 7.47.0
 1140 	  - LMDB 0.9.18
 1141 	  - MySQL 5.1.72
 1142 	  - OpenLDAP 2.4.44
 1143 	  - OpenSSL 1.0.2g
 1144 	  - PostgreSQL 9.3.11
 1145 	  - Redis 3.0.7
 1146 	  - rsync 3.1.2
 1147 	  PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
 1148 	- Reduce verbosity of apt_get package module (Redmine #7485)
 1149 	- Reduce verbosity of yum package module (Redmine #7485)
 1150 	- The isvariable() function call now correctly accepts all
 1151 	  array variables when specified inline. Previously it would not accept
 1152 	  certain special characters, even though they could be specified
 1153 	  indirectly by using a variable to hold it. (Redmine #7088)
 1154 	- Don't follow symbolic links when copying extended attributes.
 1155 	- Fix a bug which sometimes caused package promises to be
 1156 	  skipped with "XX Another cf-agent seems to have done this since I
 1157 	  started" messages in the log, most notably in long running cf-agent
 1158 	  runs (longer than one minute). (Redmine #7933)
 1159 	- Fix bug which could render host unable to recover from a
 1160 	  syntax error, even if failsafe.cf was utilized. This could happen if
 1161 	  the file containing the syntax error was specified in the def.json
 1162 	  special file. (Redmine #7961)
 1163 	- Change: Policy files specified in the "inputs" section of
 1164 	  def.json will no longer be auto-loaded. One has to refer to the
 1165 	  $(def.augments_inputs) variable in the policy (the standard
 1166 	  masterfiles policies include this by default). This only affects
 1167 	  installations which are not based on the standard masterfiles, and
 1168 	  which are using the "inputs" field inside def.json. (Redmine #7961)
 1169 	- Fix file descriptor leak when there are network errors.
 1170 	- Fix cf-serverd error messages with classic protocol clients
 1171 	  (Redmine #7818)
 1172 	- Installing packages containing version numbers using yum
 1173 	  now works correctly. (Redmine #7825)
 1174 	- Fix ps options for FreeBSD to check processes only in current host and not in jails
 1175 	- fix build failure on FreeBSD 7.1 (Redmine #7415)
 1176 	- Show errors regarding failure to copy extended attributes
 1177 	  when doing a local file copy. Errors could happen when copying
 1178 	  across two different mount points where the support for extended
 1179 	  attributes is different between the mount points.
 1180 	- Fix classes being set because of hash collision in the implementation.
 1181 	  (Redmine #7912)
 1182 	- Allow def.json up to 5MB instead of 4K.
 1183 	- Fix a regression which would sometimes cause "Permission
 1184 	  denied" errors on files inside directories with very restricted
 1185 	  permissions. (Redmine #7808)
 1186 	- Change: Suppress standard services noise on SUSE (Redmine #6968)
 1187 
 1188 	Changes:
 1189 	- Change: classesmatching(): order of classes changed
 1190 
 1191 3.8.1:
 1192 	Changes:
 1193 	- Upgrade CFEngine dependencies to the following versions:
 1194 	  - OpenSSL   1.0.2e
 1195 	  - PCRE      8.38
 1196 	  - libxml2   2.9.3
 1197 	  - OpenLDAP  2.4.43
 1198 	  - libcurl   7.46.0
 1199 	- Upgrade LMDB to version 0.9.17. (Redmine #7879)
 1200 
 1201 	Bug fixes:
 1202 	- @if minimum_version now correctly ignores lines starting with '@'
 1203 	  (Redmine #7862)
 1204 	- Add guard for binary upgrade during bootstrap (Redmine #7861)
 1205 	- Namespaced classes can now be specified on the command line.
 1206 	- Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961)
 1207 	- Fix two cases where action_policy warn still produces errors
 1208 	  (Redmine #7274)
 1209 	- Parse def.json vars, classes and inputs from the C
 1210 	  code. This fixes a bug where certain entries in this file would be
 1211 	  parsed too late to have any effect on the evaluation.
 1212 	  (Redmine #7453, #7615)
 1213 	- Fix HP-UX specific bug that caused a lot of log output to disappear.
 1214 	- Check for empty server response in RemoteDirList after decryption
 1215 	  (Redmine #7908)
 1216 	- getvalues() will now return a list also for data containers,
 1217 	  and will descend recursively into the containers. (Redmine #7116)
 1218 	- Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf
 1219 	  (Redmine #7861)
 1220 
 1221 
 1222 3.8.0:
 1223 	New features/additions:
 1224 	- New feature: Bodies can now inherit attribute values from
 1225 	  other bodies by specifying "inherit_from" with the name of the body to
 1226 	  inherit from, plus any arguments it accepts. For example:
 1227 	    body classes myclasses
 1228 	    {
 1229 		inherit_from => classes_generic("myname");
 1230 	    }
 1231 	    (Redmine #4309)
 1232 	- Add url_get() function. (Redmine #6480)
 1233 	- Add @if feature() syntax
 1234 	  @if feature work like @if minimum_version but allows distinguishing
 1235 	  between features chosen at compile time.
 1236 	- Extend module protocol to create persistent classes.
 1237 	  To use it, have the module print a line with "^persistence=<minutes>"
 1238 	  before printing any class names. "persistence=0" goes back to non-
 1239 	  persistent classes. (Redmine #7302)
 1240 	- Add: New results classes body (Redmine #7418)
 1241 	- Add: Debug reports in cfe_internal_cleanup_agent_reports
 1242 	- Add: Path to svcprop in stdlib
 1243 	- Add: masterfiles-stage script to contrib
 1244 	- Whitespace is now allowed in class expressions for
 1245 	  readability, between class names and operators. (Redmine #7152)
 1246 
 1247 	Changes:
 1248 	- Change: Clarify bootstrap/failsafe reports
 1249 	- Change: Improve in-line docs for internal log maintenance
 1250 	- Change: Improve efficiency and debug reports (Redmine #7527)
 1251 	- Remove: 3.5 support from masterfiles policy framework
 1252 	- Long promiser strings with multiple lines are now
 1253 	  abbreviated in logs. (Redmine #3964)
 1254 	- Change: Reunify Version based policy split
 1255 	- Change: Separate binary details from policy update (Redmine #7662)
 1256 	- Remove /var/cfengine/cf3.<host>.runlog. (Redmine #6957)
 1257 	- Change: sys.libdir and sys.local_libdir to non version specific path
 1258 	    - sys.libdir now resolves to $(sys.inputdir)/lib
 1259 	    - sys.local_libdir now resolves to lib (Redmine #7559)
 1260 	- Moved the following files to /var/cfengine/log/:
 1261 	    - /var/cfengine/promise_summary.log
 1262 	    - /var/cfengine/cfagent.<host>.log
 1263 	- Change: Separate binary details from policy update (Redmine #7662)
 1264 	- Remove: Support for email settings from augments_file (Redmine #7682)
 1265 
 1266 	Bug fixes:
 1267 	- It is possible to edit the same value in multiple regions
 1268 	  of one file. (Redmine #7460)
 1269 	- Change package modules permissions on hub package so that
 1270 	  hub can execute package promises. (Rednime #7602) (Redmine #7602)
 1271 	- Fix exporting CSV reports through HTTPS. (Redmine #7267)
 1272 	- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
 1273 	  multiple -D, -N and -s arguments (Redmine #7191)
 1274 	- readfile() and read*list() should print an error if they fail to read file.
 1275 	  (Redmine #7702)
 1276 	- No longer hang when changing permissions/ownership on fifos
 1277 	  (Redmine #7030)
 1278 	- Fix broken HA policy for 3rd disaster-recovery node.
 1279 	- Fix: Policy errors for 3.5 and 3.6
 1280 	- Mustache templates: Fix {{@}} key when value is not a
 1281 	  primitive. The old behavior, when iterating across a map or array of
 1282 	  maps, was to abort if the key was requested with {{@}}. The new
 1283 	  behavior is to always replace {{@}} with either the key name or the
 1284 	  iteration position in the array. An error is printed if {{@}} is used
 1285 	  outside of a Mustache iteration section.
 1286 	- Fix build with musl libc. (Redmine #7455)
 1287 	- Fixed a bug which could cause daemons to not to be killed
 1288 	  correctly when upgrading or manually running "service cfengine3 stop".
 1289 	  (Redmine #7193)
 1290 	- Fix daemons not restarting correctly on upgrade on AIX.
 1291 	- Package promise: Fix inability to install certain packages
 1292 	  with numbers. (Redmine #7421)
 1293 	- Redmine #6027 Directories should no more be changed randomly
 1294 	  into files. (Redmine #6027)
 1295 	- Improve cf-serverd's lock contention because of getpwnam()
 1296 		     call. (Redmine #7643) (Redmine #7643)
 1297 	- action_policy "warn" now correctly produces warnings instead
 1298 	  of various other verbosity levels. (Redmine #7274)
 1299 	- If there is an error saving a mustache template file
 1300 	  it is now logged with log-level error (was inform).
 1301 	- The JSON parser now supports unquoted strings as keys.
 1302 	- Reduce malloc() thread contention on heavily loaded
 1303 	  cf-serverd, by not exiting early in the logging function, if no message
 1304 	  is to be printed. (Redmine #7624) (Redmine #7624)
 1305 	- Fix a bug which caused daemons not to be restarted on
 1306 	  upgrade. (Redmine #7528)
 1307 	- Include latest security updates for dependencies.
 1308 	- Fixed bug which would cause bff and depot packages not to
 1309 	  run package scripts on removal. (Redmine #7193)
 1310 	- Fix upgrade causing error message under systemd because of open ports.
 1311 	- Fixed several bugs which prevented CFEngine from loading
 1312 	  libraries from the correct location. This affected several platforms.
 1313 	  (Redmine #6708)
 1314 	- Legacy package promise: Result classes are now defined if
 1315 	  the package being promised is already up to date. (Redmine #7399)
 1316 	- failsafe.cf will be created when needed. (Redmine #7634)
 1317 	  (Redmine #7634)
 1318 	- If file_select.file_types is set to symlink and there
 1319 	  are regular files in the scanned directory, CFEngine no longer
 1320 	  produces an unnecessary error message. (Redmine #6996)
 1321 	- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
 1322 	  message on AIX.
 1323 	- Fix package promise not removing dependent packages. (Redmine #7424)
 1324 	- Fix: Solaris packages no longer contain duplicate library
 1325 	  files, but instead symlinks to them. (Redmine #7591)
 1326 	- Fix select_class not setting class when used in common bundle with slist.
 1327 	  (Redmine #7482)
 1328 	- Fix "@endif" keyword sometimes being improperly processed
 1329 	  by policy parser. (Redmine #7413)
 1330 	- Fix noise from internal policy to upgrade windows agents
 1331 	  (Redmine #7456)
 1332 	- cfruncommand now works if it contains spaces, with the TLS protocol.
 1333 	  (Redmine #7405)
 1334 	- Fix warning "Failed to parse csv file entry" with certain very long
 1335 	  commands promises. (Redmine #7400)
 1336 	- CFEngine no longer erronously passes -M to useradd on HP-UX. (Redmine #6734)
 1337 	- cf-monitord no longer complains about missing thermal zone files.
 1338 	  (Redmine #7238)
 1339 	- systemd is now detected correctly if it is a symlink (Redmine #7297)
 1340 	- TTY detection should be more reliable. (Redmine #7606)
 1341 	  (Redmine #7606)
 1342 
 1343 
 1344 3.7.3
 1345 	Fixes:
 1346 	- Reduce verbosity of yum package module (Redmine #7485)
 1347 	- Reduce verbosity of apt_get package module (Redmine #7485)
 1348 	- Upgrade dependencies to latest patch versions.
 1349 	  Upgraded libraries:
 1350 	  - curl 7.47.0
 1351 	  - libxml2 2.9.3
 1352 	  - LMDB 0.9.18
 1353 	  - MySQL 5.1.72
 1354 	  - OpenLDAP 2.4.44
 1355 	  - OpenSSL 1.0.2g
 1356 	  - PCRE 8.38
 1357 	  - PostgreSQL 9.3.11
 1358 	  - Redis 2.8.24
 1359 	  - rsync 3.1.2
 1360 	  PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
 1361 	- parse def.json vars, classes, and inputs in C (Redmine #7453)
 1362 	- Namespaced classes can now be specified on the command line.
 1363 	- getvalues() will now return a list also for data containers,
 1364 	  and will descend recursively into the containers. (Redmine #7116)
 1365 	- @if minimum_version now correctly ignores lines starting with '@'
 1366 	  (Redmine #7862)
 1367 	- Fix definition of classes from augments file
 1368 	- Don't follow symbolic links when copying extended attributes.
 1369 	- Fix ps options for FreeBSD to check processes only in current host and not in jails
 1370 	- Fix cf-serverd error messages with classic protocol clients
 1371 	  (Redmine #7818)
 1372 	- Change: Suppress standard services noise on SUSE (Redmine #6968)
 1373 	- The isvariable() function call now correctly accepts all
 1374 	  array variables when specified inline. Previously it would not accept
 1375 	  certain special characters, even though they could be specified
 1376 	  indirectly by using a variable to hold it. (Redmine #7088)
 1377 	- Show errors regarding failure to copy extended attributes
 1378 	  when doing a local file copy. Errors could happen when copying
 1379 	  across two different mount points where the support for extended
 1380 	  attributes is different between the mount points.
 1381 	- Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961)
 1382 	- Fix file descriptor leak when there are network errors.
 1383 	- Fix a regression which would sometimes cause "Permission
 1384 	  denied" errors on files inside directories with very restricted
 1385 	  permissions. (Redmine #7808)
 1386 	- Check for empty server response in RemoteDirList after decryption
 1387 	  (Redmine #7908)
 1388 	- Allow def.json up to 5MB instead of 4K.
 1389 	- Add guard for binary upgrade during bootstrap (Redmine #7861)
 1390 	- Fix HP-UX specific bug that caused a lot of log output to disappear.
 1391 	- Fix a bug which sometimes caused package promises to be
 1392 	  skipped with "XX Another cf-agent seems to have done this since I
 1393 	  started" messages in the log, most notably in long running cf-agent
 1394 	  runs (longer than one minute). (Redmine #7933)
 1395 	- Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf
 1396 	  (Redmine #7861)
 1397 	- Fix two cases where action_policy warn still produces errors
 1398 	  (Redmine #7274)
 1399 	- Fix classes being set because of hash collision in the implementation.
 1400 	  (Redmine #7912)
 1401 	- fix build failure on FreeBSD 7.1 (Redmine #7415)
 1402 	- Installing packages containing version numbers using yum
 1403 	  now works correctly. (Redmine #7825)
 1404 
 1405 	Changes:
 1406 	- Change: classesmatching(): order of classes changed
 1407 
 1408 	3.7.3
 1409 	Fixes:
 1410 	- Reduce verbosity of yum package module (Redmine #7485)
 1411 	- Reduce verbosity of apt_get package module (Redmine #7485)
 1412 	- Upgrade dependencies to latest patch versions.
 1413 	  Upgraded libraries:
 1414 	  - curl 7.47.0
 1415 	  - libxml2 2.9.3
 1416 	  - LMDB 0.9.18
 1417 	  - MySQL 5.1.72
 1418 	  - OpenLDAP 2.4.44
 1419 	  - OpenSSL 1.0.2g
 1420 	  - PCRE 8.38
 1421 	  - PostgreSQL 9.3.11
 1422 	  - Redis 2.8.24
 1423 	  - rsync 3.1.2
 1424 	  PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
 1425 	- parse def.json vars, classes, and inputs in C (Redmine #7453)
 1426 	- Namespaced classes can now be specified on the command line.
 1427 	- getvalues() will now return a list also for data containers,
 1428 	  and will descend recursively into the containers. (Redmine #7116)
 1429 	- @if minimum_version now correctly ignores lines starting with '@'
 1430 	  (Redmine #7862)
 1431 	- Fix definition of classes from augments file
 1432 	- Don't follow symbolic links when copying extended attributes.
 1433 	- Fix ps options for FreeBSD to check processes only in current host and not in jails
 1434 	- Fix cf-serverd error messages with classic protocol clients
 1435 	  (Redmine #7818)
 1436 	- Change: Suppress standard services noise on SUSE (Redmine #6968)
 1437 	- The isvariable() function call now correctly accepts all
 1438 	  array variables when specified inline. Previously it would not accept
 1439 	  certain special characters, even though they could be specified
 1440 	  indirectly by using a variable to hold it. (Redmine #7088)
 1441 	- Show errors regarding failure to copy extended attributes
 1442 	  when doing a local file copy. Errors could happen when copying
 1443 	  across two different mount points where the support for extended
 1444 	  attributes is different between the mount points.
 1445 	- Fix bad option nlwp to vzps on Proxmox / OpenVZ. (Redmine #6961)
 1446 	- Fix file descriptor leak when there are network errors.
 1447 	- Fix a regression which would sometimes cause "Permission
 1448 	  denied" errors on files inside directories with very restricted
 1449 	  permissions. (Redmine #7808)
 1450 	- Check for empty server response in RemoteDirList after decryption
 1451 	  (Redmine #7908)
 1452 	- Allow def.json up to 5MB instead of 4K.
 1453 	- Add guard for binary upgrade during bootstrap (Redmine #7861)
 1454 	- Fix HP-UX specific bug that caused a lot of log output to disappear.
 1455 	- Fix a bug which sometimes caused package promises to be
 1456 	  skipped with "XX Another cf-agent seems to have done this since I
 1457 	  started" messages in the log, most notably in long running cf-agent
 1458 	  runs (longer than one minute). (Redmine #7933)
 1459 	- Define (bootstrap|failsafe)_mode during update.cf when triggerd from failsafe.cf
 1460 	  (Redmine #7861)
 1461 	- Fix two cases where action_policy warn still produces errors
 1462 	  (Redmine #7274)
 1463 	- Fix classes being set because of hash collision in the implementation.
 1464 	  (Redmine #7912)
 1465 	- fix build failure on FreeBSD 7.1 (Redmine #7415)
 1466 	- Installing packages containing version numbers using yum
 1467 	  now works correctly. (Redmine #7825)
 1468 
 1469 	Changes:
 1470 	- Change: classesmatching(): order of classes changed
 1471 
 1472 
 1473 3.7.2:
 1474 	Bug fixes:
 1475 	- readfile() and read*list() should print an error if they fail to read file.
 1476 	  (Redmine #7702)
 1477 	- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
 1478 	  message on AIX.
 1479 	- If there is an error saving a mustache template file
 1480 	  it is now logged with log-level error (was inform).
 1481 	- Change: Clarify bootstrap/failsafe reports
 1482 	- Fixed several bugs which prevented CFEngine from loading
 1483 	  libraries from the correct location. This affected several platforms.
 1484 	  (Redmine #6708)
 1485 	- If file_select.file_types is set to symlink and there
 1486 	  are regular files in the scanned directory, CFEngine no longer
 1487 	  produces an unnecessary error message. (Redmine #6996)
 1488 	- Fix: Solaris packages no longer contain duplicate library
 1489 	  files, but instead symlinks to them. (Redmine #7591)
 1490 	- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
 1491 	  multiple -D, -N and -s arguments (Redmine #7191)
 1492 	- Fix "@endif" keyword sometimes being improperly processed
 1493 	  by policy parser. (Redmine #7413)
 1494 	- It is possible to edit the same value in multiple regions
 1495 	  of one file. (Redmine #7460)
 1496 	- Fix select_class not setting class when used in common bundle with slist.
 1497 	  (Redmine #7482)
 1498 	- Fix broken HA policy for 3rd disaster-recovery node.
 1499 	- Directories should no more be changed randomly
 1500 	  into files. (Redmine #6027)
 1501 	- Include latest security updates for 3.7.
 1502 	- Reduce malloc() thread contention on heavily loaded
 1503 	  cf-serverd, by not exiting early in the logging function, if no message
 1504 	  is to be printed. (Redmine #7624)
 1505 	- Improve cf-serverd's lock contention because of getpwnam()
 1506 	  call. (Redmine #7643)
 1507 	- action_policy "warn" now correctly produces warnings instead
 1508 	  of various other verbosity levels. (Redmine #7274)
 1509 	- Change: Improve efficiency and debug reports (Redmine #7527)
 1510 	- Change package modules permissions on hub package so that
 1511 	  hub can execute package promises. (Redmine #7602)
 1512 	- No longer hang when changing permissions/ownership on fifos
 1513 	  (Redmine #7030)
 1514 	- Fix exporting CSV reports through HTTPS. (Redmine #7267)
 1515 	- failsafe.cf will be created when needed. (Redmine #7634)
 1516 	- Mustache templates: Fix {{@}} key when value is not a
 1517 	  primitive. The old behavior, when iterating across a map or array of
 1518 	  maps, was to abort if the key was requested with {{@}}. The new
 1519 	  behavior is to always replace {{@}} with either the key name or the
 1520 	  iteration position in the array. An error is printed if {{@}} is used
 1521 	  outside of a Mustache iteration section.
 1522 	- Legacy package promise: Result classes are now defined if
 1523 	  the package being promised is already up to date. (Redmine #7399)
 1524 	- TTY detection should be more reliable. (Redmine #7606)
 1525 
 1526 	Masterfiles:
 1527 	- Add: Path to svcprop in stdlib
 1528 	- Add: New results classes body [] (Redmine #7418, #7481)
 1529 	- Remove: Support for email settings from augments_file (Redmine #7682)
 1530 
 1531 3.7.1:
 1532 	Bug fixes:
 1533 	- Fix daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
 1534 	- Fix upgrade causing error message under systemd because of open ports.
 1535 	- Fix build with musl libc. (Redmine #7455)
 1536 	- Long promiser strings with multiple lines are now
 1537 	  abbreviated in logs. (Redmine #3964)
 1538 	- Fixed a bug which could cause daemons to not to be killed
 1539 	  correctly when upgrading or manually running "service cfengine3 stop".
 1540 	  (Redmine #7193)
 1541 	- Package promise: Fix inability to install certain packages
 1542 	  with numbers.
 1543 	- Fix package promise not removing dependent packages. (Redmine #7424)
 1544 	- Fix warning "Failed to parse csv file entry" with certain very long
 1545 	  commands promises. (Redmine #7400)
 1546 	- Fix misaligned help output in cf-hub. (Redmine #7273)
 1547 	- Augmenting inputs from the augments_file (Redmine #7420)
 1548 	- Add support for failover to 3rd HA node located outside cluster.
 1549 	- Upgrade all dependencies for patch release.
 1550 	- Fix a bug which caused daemons not to be restarted on
 1551 	  upgrade. (Redmine #7528)
 1552 
 1553 3.7.0:
 1554 	New features:
 1555 	- New package promise implementation.
 1556 	  The syntax is much simpler, to try it out, check out the syntax:
 1557 	      packages:
 1558 		  "mypackage"
 1559 		    policy => "absent/present",
 1560 
 1561 		      # Optional, default taken from common control
 1562 		    package_module => apt_get,
 1563 
 1564 		      # Optional, will only match exact version. May be
 1565 		      # "latest".
 1566 		    version => "32.0",
 1567 
 1568 		      # Optional.
 1569 		    architecture => "x86_64";
 1570 
 1571 	- Full systemd support for all relevant platforms
 1572 	- New classes to determine whether certain features are enabled:
 1573 	    * feature_yaml
 1574 	    * feature_xml
 1575 	  For the official CFEngine packages, these are always enabled, but
 1576 	  packages from other sources may be built without the support.
 1577 	- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
 1578 	- YAML support: new readyaml() function and in readdata()
 1579 	- CSV support: new readcsv() function and in readdata()
 1580 	- New string_mustache() function
 1581 	- New data_regextract() function
 1582 	- eval() can now be called with "class" as the "mode" argument, which
 1583 	  will cause it to return true ("any") if the calculated result is
 1584 	  non-zero, and false ("!any") if it is zero.
 1585 	- New list_ifelse() function
 1586 	- New mapdata() function as well as JSON support in maparray().
 1587 	- filestat() function now supports "xattr" argument for extended
 1588 	  attributes.
 1589 	- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
 1590 	  alias.
 1591 	- Ability to expand JSON variables directory in Mustache templates:
 1592 	  Prefix the name with '%' for multiline expansion, '$' for compact
 1593 	  expansion.
 1594 	- Ability to expand the iteration *key* in Mustache templates with @
 1595 	- Canonical JSON output: JSON output has reliably sorted keys so the
 1596 	  same data structure will produce the same JSON every time.
 1597 	- New "@if minimum_version(x.x)" syntax in order to hide future language
 1598 	  improvements from versions that don't understand them.
 1599 	- compile time option (--with-statedir) to
 1600 	  override the default state/ directory path.
 1601 	- Fix error messages/ handling in process signalling which no longer
 1602 	  allowed any signals to fail silently
 1603 	- Also enable shortcut keyword for cf-serverd classic protocol, eg to
 1604 	  simplify the bootstrap process for clients that have different
 1605 	  sys.masterdir settings (Redmine #3697)
 1606 	- methods promises now accepts the bundle name in the promiser string,
 1607 	  as long as it doesn't have any parameters.
 1608 	- In a services promise, if the service_method bundle is not specified,
 1609 	  it defaults to the promiser string (canonified) with "service_" as a
 1610 	  prefix. The bundle must be in the same namespace as the promise.
 1611 	- inline JSON in policy files: surrounding with parsejson() is now
 1612 	  optional *when creating a new data container*.
 1613 	- New data_expand() function to interpolate variables in a data container.
 1614 	- Add configurable network bandwidth limit for all outgoing
 1615 	  connections ("bwlimit" attribute in "body common control") . To
 1616 	  enforce it in both directions, make sure the attribute is set on both
 1617 	  sides of the connection.
 1618 	- Secure bootstrap has been facilitated by use of
 1619 	  "cf-agent --boostrap HUB_ADDRESS --trust-server=no"
 1620 	- Implement new TLS-relevant options (Redmine #6883):
 1621 	  - body common control: tls_min_version
 1622 	  - body server control: allowtlsversion
 1623 	  - body common control: tls_ciphers
 1624 	  - body server control: allowciphers (preexisting)
 1625 
 1626 	Changes:
 1627 	- Improved output format, less verbose, and messages are grouped.
 1628 	- cf-execd: agent_expireafter default was changed to 120 minutes
 1629 	  (Redmine #7113)
 1630 	- All embedded databases are now rooted in the state/ directory.
 1631 	- TLS used as default for all outgoing connections.
 1632 	- process promise now reports kept status instead of repaired if a
 1633 	  signal is not sent, even if the restart_class is set. The old
 1634 	  behavior was to set the repaired status whenever the process was not
 1635 	  running. (Redmine#7216).
 1636 	- Bootstrapping requires keys to be generated in advance using cf-key.
 1637 	- Disable class set on reverse lookup of interfaces IP addresses.
 1638 	  (Redmine #3993, Redmine #6870)
 1639 	- Define a hard class with just the OS major version on FreeBSD.
 1640 	- Abort cf-agent if OpenSSL's random number generator can't
 1641 	  be seeded securely.
 1642 	- Masterfiles source tarball now installs using the usual commands
 1643 	  "./configure; make install".
 1644 	- Updated Emacs syntax highlighting template to support the latest
 1645 	  syntax enhancements in 3.7.
 1646 
 1647 	Deprecations:
 1648 	- Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
 1649 	  not acceptable any more. (Redmine #6978)
 1650 	- 3.4 is no longer supported in masterfiles.
 1651 
 1652 	Bug fixes:
 1653 	- Fix server common bundles evaluation order (Redmine#7211).
 1654 	- Limit LMDB disk usage by preserving sparse areas in LMDB files
 1655 	  (Redmine#7242).
 1656 	- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
 1657 	- Fixed insert_lines failing to converge if preserve_block was used.
 1658 	  (Redmine #7094)
 1659 	- Fixed init script failing to stop/restart daemons on openvz/lxc
 1660 	  hosts. (Redmine #3394)
 1661 	- rm_rf_depth now deletes base directory as advertised. (Redmine #7009)
 1662 	- Refactored cf-agent's connection cache to properly differentiate
 1663 	  hosts using all needed attributes like host and port.
 1664 	  (Redmine #4646)
 1665 	- Refactored lastseen database handling to avoid inconsistencies.
 1666 	  (Redmine #6660)
 1667 	- cf-key --trust-key now supports new syntax to also update the
 1668 	  lastseen database, so that clients using old protocol will trust
 1669 	  the server correctly.
 1670 	- Fixed a bug which sometimes caused an agent or daemon to kill or stop
 1671 	  itself. (Redmine #7075, #7244)
 1672 	- Fixed a bug which made it difficult to kill CFEngine daemons,
 1673 	  particularly cf-execd. (Redmine #6659, #7193)
 1674 	- Fixed a bug causing systemd not to be detected correctly on Debian.
 1675 	  (Redmine #7297)
 1676 	- "cf-promises -T" will now correctly report the checked out commit,
 1677 	  even if you haven't checked out a Git branch. (Redmine #7332)
 1678 	- Reduce verbosity of harmless errors related to socket timeouts and
 1679 	  missing thermal zone files. (Redmine #6486 and #7238)
 1680 
 1681 	Masterfiles:
 1682 
 1683 	Added:
 1684 	- Support for user specified overring of framework defaults without
 1685 	  modifying policy supplied by the framework itself (see
 1686 	  example_def.json)
 1687 	- Support for def.json class augmentation in update policy
 1688 	- Run vacuum operation on postgresql every night as a part of
 1689 	  maintenance.
 1690 	- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
 1691 	- New negative class guard cfengine_internal_disable_agent_email so
 1692 	  that agent email can be easily disabled by augmenting def.json
 1693 
 1694 	Changed:
 1695 	- Relocate def.cf to controls/VER/
 1696 	- Relocate update_def to controls/VER
 1697 	- Relocate all controls to controls/VER
 1698 	- Only load cf_hub and reports.cf on CFEngine Enterprise installs
 1699 	- Relocate acls related to report collection from bundle server
 1700 	  access_rules to controls/VER/reports.cf into bundle server
 1701 	  report_access_rules
 1702 	- Re-organize cfe_internal splitting core from enterprise specific
 1703 	  policies and loading the appropriate inputs only when necessary
 1704 	- Moved update directory into cfe_internal as it is not generally
 1705 	  intended to be modified
 1706 	- services/autorun.cf moved to lib/VER/ as it is not generally intended
 1707 	  to be modified
 1708 	- To improve predictibility autorun bundles are activated in
 1709 	  lexicographical order
 1710 	- Relocate services/file_change.cf to cfe_internal/enterprise. This
 1711 	  policy is most useful for a good OOTB experience with CFEngine
 1712 	  Enterprise Mission Portal.
 1713 	- Relocate service_catalogue from promsies.cf to services/main.cf. It is
 1714 	  intended to be a user entry. This name change correlates with the main
 1715 	  bundle being activated by default if there is no bundlesequence
 1716 	  specified.
 1717 	- Reduce benchmarks sample history to 1 day.
 1718 	- Update policy no longer generates a keypair if one is not found.
 1719 	  (Redmine: #7167)
 1720 	- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
 1721 	- Set postgresql_monitoring_maintenance only for versions 3.6.0 and
 1722 	  3.6.1
 1723 	- Move hub specific bundles from lib/VER/cfe_internal.cf into
 1724 	  lib/VER/cfe_internal_hub.cf and load them only if policy_server policy
 1725 	  if set.
 1726 	- Re-organize lib/VER/stdlib.cf from lists into classic array for use
 1727 	  with getvalues
 1728 
 1729 	Removed:
 1730 	- Diff reporting on /etc/shadow (Enterprise)
 1731 	- Update policy from promise.cf inputs. There is no reason to include
 1732 	  the update policy into promsies.cf, update.cf is the entry for the
 1733 	  update policy
 1734 	- _not_repaired outcome from classes_generic and scoped_classes generic
 1735 	  (Redmine: # 7022)
 1736 
 1737 	Fixes:
 1738 	- standard_services now restarts the service if it was not already
 1739 	  running when using service_policy => restart with chkconfig (Redmine
 1740 	  #7258)
 1741 
 1742 
 1743 3.6.5:
 1744 	Features:
 1745 	- Introduced "systemd" hard class. (Redmine #6995)
 1746 	- Added paths to dtrace, zfs and zpool on FreeBSD in masterfiles.
 1747 
 1748 	Bug fixes:
 1749 	- Fixed build error on certain RHEL5 and SLES10 setups. (Redmine #6841)
 1750 	- Fixed a bug which caused dangling symlinks not to be removed.
 1751 	  (Redmine #6582)
 1752 	- Fixed data_readstringarrayidx function not preserving the order of the
 1753 	  array it's producing. (Redmine #6920)
 1754 	- Fixed a bug which sometimes caused CFEngine to kill the wrong daemon
 1755 	  if both the host and a container inside the host were running
 1756 	  CFEngine. (Redmine #6906)
 1757 	- Made sure the rm_rf_depth bundle also deletes the base directory.
 1758 	  (Redmine #7009)
 1759 	- Fixed monitord reporting wrongly on open ports. (Redmine #6926)
 1760 	- Skip adding the class when its name is longer than 1024 characters.
 1761 	  Fixed core dump when the name is too large. (Redmine #7013)
 1762 	- Fixed detection of stopped process on Solaris. (Redmine #6946)
 1763 	- Fixed infinite loop (Redmine #6992) plus a couple more minor
 1764 	  bugs in edit_xml promises.
 1765 
 1766 3.6.4:
 1767 	Features:
 1768 	- Introduced users promises support on HP-UX platform.
 1769 	- Introduced process promises support on HP-UX platform.
 1770 
 1771 	Bug fixes:
 1772 	- Fixed bug on FreeBSD which sometimes led to the wrong process being
 1773 	  killed (Redmine #2330)
 1774 	- Fixed package version comparison sometimes failing with rpm package
 1775 	  manager (Redmine #6807)
 1776 	- Fixed a bug in users promises which would sometimes set the wrong
 1777 	  password hash if the user would also be unlocked at the same time.
 1778 	- Fixed a bug on AIX which would occasionally kill the wrong process.
 1779 	- Improved error message for functions that require an absolute path.
 1780 	  (Redmine #6877)
 1781 	- Fixed some spelling errors in examples.
 1782 	- Fixed error in out-of-tree builds when building cf-upgrade.
 1783 	- Fixed a bug which would make cf-agent exit with an error if it was
 1784 	  built with a custom log directory, and that directory did not exist.
 1785 	- Fixed ordering of evaluating promises when depends_on is used.
 1786 	  (Redmine #6484, Redmine #5462)
 1787 	- Skip non-empty directories silently when recursively deleting.
 1788 	  (Redmine #6331)
 1789 	- Fix memory exhaustion with list larger than 4994 items.
 1790 	  (Redmine # 6672)
 1791 	- Fix cf-execd segfault on IP address detection (Redmine #6905).
 1792 	- Fix hard class detection of RHEL6 ComputeNode (Redmine #3148).
 1793 
 1794 3.6.3
 1795 	New features:
 1796 	- support for HP-UX 11.23 and later
 1797 	- experimental support for Red Hat Enterprise Linux 7
 1798 
 1799 	Bug fixes:
 1800 	- fix getindices on multi-dimensional arrays (Redmine #6779)
 1801 	- fix mustache template method to run in dryrun mode (Redmine #6739)
 1802 	- set mailto and mailfrom settings for execd in def.cf (Redmine #6702)
 1803 	- fix conflation of multi-index entries in arrays (Redmine #6674)
 1804 	- fix promise locking when transferring using update.cf (Redmine #6623)
 1805 	- update JSON parser to return an error on truncation (Redmine #6608)
 1806 	- fix sys.hardware_addresses not expanded (Redmine #6603)
 1807 	- fix opening database txn /var/cfengine/cf_lastseen.lmdb:
 1808 	  MDB_READERS_FULL when running cf-keys --show-hosts (Redmine #6602)
 1809 	- fix segfault (Null pointer dereference) when select_end in
 1810 	  delete_lines never matches (Redmine #6589)
 1811 	- fix max_file_size => "0" not disabling or allowing any size
 1812 	  (Redmine #6588)
 1813 	- fix ifvarclass, with iteration over list, failing when deleting
 1814 	  files with time condition (Redmine #6577)
 1815 	- fix classes defined with "or" constraint are never set if any value
 1816 	  doesn't evaluate to a scalar (Redmine #6569)
 1817 	- update "mailfrom" default in default policy (Redmine #6567)
 1818 	- fix logrotate ambiguity of filename (Redmine #6563)
 1819 	- fix parsing JSON files (Redmine #6549)
 1820 	- reduce write count activity to /var partition (Redmine #6523)
 1821 	- fix files delete attribute incorrectly triggering promise_kept
 1822 	  (Redmine #6509)
 1823 	- update services bundle output related to chkconfig when run in
 1824 	  inform mode. (Redmine #6492)
 1825 	- fix Solaris serverd tests (Redmine #6406)
 1826 	- fix broken bechaviour of merging arrays with readstringarray
 1827 	  (Redmine #6369)
 1828 	- fix ifelapsed bug with bundle nesting (Redmine #6334)
 1829 	- fix handling cf_null in bundlesequence (Redmine #6119)
 1830 	- fix maparray reading whole input array when using subarray
 1831 	  (Redmine #6033)
 1832 	- fix directories being randomly changed to files (Redmine #6027)
 1833 	- update defaults promise type to work with classes (Redmine #5748)
 1834 	- systemd integration in services promises (Redmine #5415)
 1835 	- fix touch attribute ignoring action = warn_only (Redmine #3172)
 1836 	- fix 4KB string limit in functions readfile, string_downcase,
 1837 	  string_head, string_reverse, string_length, string_tail,
 1838 	  string_upcase (Redmine #2912)
 1839 
 1840 3.6.2
 1841 	Bug fixes:
 1842 	- don't regenerate software_packages.csv every time (Redmine #6441)
 1843 	- improve verbose message for package_list_command
 1844 	- fix missing log output on AIX (Redmine #6434)
 1845 	- assorted fixes to dirname() esp on Windows (Redmine #4716)
 1846 	- fix package manager detection
 1847 	- fix build issues on FreeBSD
 1848 	- allow copying of dead symbolic links (Redmine #6175)
 1849 	- preserve order in readstringarrayidx (Redmine #6466)
 1850 	- fix passing of unexpanded variable references to arrays
 1851 	  (Redmine #5893)
 1852 	- use entries for new {admin,deny}_{ips,hostnames} constraints in
 1853 	  the relevant legacy lists (Redmine #6542)
 1854 	- cope with ps's numeric fields overflowing to the right
 1855 	- interpret failing function calls in ifvarclass as class not set
 1856 	  (Redmine #6327)
 1857 	- remove unexpanded lists when extending lists (Redmine #6541)
 1858 	- infer start-time of a process from elapsed when needed
 1859 	  (Redmine #4094)
 1860 	- fix input range definition for laterthan() function (Redmine #6530)
 1861 	- don't add trailing delimiter when join()'ing lists ending with a
 1862 	  null-value (Redmine #6552)
 1863 	- 9999999999 (ten 9s) or higher has been historically used as an upper
 1864 	  bound in CFEngine code and policy but because of overflow on 32-bit
 1865 	  platforms it caused problems with big numbers. Fixed in two ways:
 1866 	  first change all existing policy uses to 999999999 (nine 9s instead
 1867 	  of eleven 9s), second fix the C code to not wrap-around in case of
 1868 	  overflow, but use the LONG_MAX value (Redmine #6531).
 1869 	- cf-serverd and other daemons no longer reload their configuration
 1870 	  every minute if CFEngine is built with an inputs directory outside
 1871 	  of the work directory (not the default). (Redmine #6551)
 1872 
 1873 3.6.1
 1874 	New features:
 1875 	- Introduced Solaris and AIX support into the 3.6 series, with many associated build and
 1876 	  bug fixes.
 1877 
 1878 	Changes:
 1879 	- Short-circuit evaluation of classes promises if class is already set (Redmine #5241)
 1880 	- fix to assume all non-specified return codes are failed in commands promises (Redmine #5986)
 1881 	- cf-serverd logs reconfiguration message to NOTICE (was INFO) so that it's always logged in syslog
 1882 
 1883 	Bug fixes:
 1884 	- File monitoring has been completely rewritten (changes attribute in files promise), which
 1885 	  eliminates many bugs, particularly regarding files that are deleted. Upgrading will keep
 1886 	  all monitoring data, but downgrading again will reinitialize the DB, so all files will be
 1887 	  reported as if they were new. (Redmine #2917)
 1888 	- $(this.promiser) expands in files promises for 'transformer', 'edit_template',
 1889 	  'copy_from.source', 'file_select.exec_program', 'classes' and 'action' bodies
 1890 	  (Redmine #1554, #1496, #3530, #1563)
 1891 	- 'body changes' notifies about disappeared files in file monitoring (Redmine #2917)
 1892 	- Fixed CFEngine template producing a zero sized file (Redmine #6088)
 1893 	- Add 0-9 A-Z _ to allowed context of module protocol (Redmine #6063)
 1894 	- Extend ps command column width and prepend zone name on Solaris
 1895 	- Fixed strftime() function on Solaris when called with certain specifiers.
 1896 	- Fixed users promise bug regarding password hashes in a NIS/NSS setup.
 1897 	- Fixed $(sys.uptime), $(sys.systime) and $(sys.sysday) in AIX. (Redmine #5148, #5206)
 1898 	- Fixed processes_select complaining about "Unacceptable model uncertainty examining processes" (Redmine #6337)
 1899 	- ps command for linux has been changed to cope with big rss values (Redmine #6337)
 1900 	- Address ps -axo shift on FreeBSD 10 and later (Redmine #5667)
 1901 	- methods and services promises respect action_policy => "warn" (Redmine #5924)
 1902 	- LMDB should no longer deadlock if an agent is killed on the hub while holding the DB lock.
 1903 	  Note that the change only affects binary packages shipped by CFEngine, since the upstream
 1904 	  LMDB project has not yet integrated the change. (Redmine #6013)
 1905 
 1906 3.6.0
 1907 
 1908 	Changes:
 1909 	- Changes to logging output
 1910 	    - add process name and pid in syslog message (GitHub #789)
 1911 	    - cf-serverd logging levels are now more standardised:
 1912 		  - INFO logs only failures
 1913 		  - VERBOSE logs successful requests as well
 1914 		  - DEBUG logs actual protocol traffic.
 1915 	    - cf-serverd now logs the relevant client IP address on
 1916 	      each message.
 1917 	    - Logging contexts to local database (cf_classes.tcdb) has been deprecated.
 1918 	    - 'usebundle' promisees are logged for all the bundle promises
 1919 	    - output from 'reports' promises has nothing prefixed except 'R: '
 1920 	    - a log line with stack path is generated when the promise type evaluated changes
 1921 	- LMDB (symas.com/mdb) is the default database for local data storage : use version 0.9.9 or later
 1922 	  cf-agent --self-diagnostics (-x) is only implemented for TCDB, not for LMDB
 1923 	- port argument in readtcp() and selectservers() may be a
 1924 	  service name (e.g. "http", "pop3").
 1925 	- Enable source file in agent copy_from promises to be a relative path.
 1926 	    - file "changes" reporting now reports with log level "notice", instead of "error".
 1927 	- process_results default to AND'ing of set attributes if not specified (Redmine #3224)
 1928 	- interface is now canonified in sys.hardware_mac[interface] to align with
 1929 	  sys.ipv4[interface] (Redmine #3418)
 1930 	- cf-promises no longer errors on missing bodies when run without --full-check (-c)
 1931 	- Linux flavor "SUSE" now correctly spelled with all uppercase in variables and class names
 1932 	  (Redmine #3734).  The "suse" lowercase version is also provided for convenience (Redmine #5417).
 1933 	- $(this.promise_filename) and $(..._dirname) variables are now absolute paths. (Redmine #3839)
 1934 	- including the same file multiple times in 'body control inputs' is not an error
 1935 	- portnumber in body copy_from now supports service names like
 1936 	  "cfengine", "pop3" etc, check /etc/services for more.
 1937 	- The failsafe.cf policy, run on bootstrap and in some other
 1938 	  unusual cases, has been extracted from C code into libpromises/failsafe.cf
 1939 	- masterfiles
 1940 	    - cf_promises_validated is now in JSON format
 1941 	    - timestamp key is timestamp (sec since unix epoch) of last time validated
 1942 	    - the masterfiles now come from https://github.com/cfengine/masterfiles and are
 1943 	      not in the core repository
 1944 	- cf-serverd calls cf-agent with -Dcfruncommand when executing cf-runagent requests
 1945       - Mark as removed: promise_notkept_log_include, promise_notkept_log_exclude, promise_repaired_log_include,
 1946 	promise_repaired_log_exclude, classes_include, classes_exclude, variables_include,
 1947 	variables_exclude attributes from report_data_select body (syntax is valid but not functional).
 1948 	They have been replaced by the following attributes: promise_handle_include,
 1949 	promise_handle_exclude, metatags_include, metatags_exclude.
 1950 
 1951 	New features:
 1952 	- New promise type "users" for managing local user accounts.
 1953 	- TLS authentication and fully encrypted network protocol.
 1954 	  Additions specific to the new type of connections:
 1955 	    - New attribute "allowlegacyconnects" in body server control,
 1956 	      which enables serving policy via non-latest cfengine protocol,
 1957 	      to the given list of hosts. If the option is absent, it
 1958 	      defaults to allow all hosts. To refuse non-TLS connections,
 1959 	      specify an empty list.
 1960 	    - New attribute "protocol_version" in body copy_from, and body
 1961 	      common control, which defines the preferred protocol for
 1962 	      outgoing connections.. Allowed values at the moment: "0" or
 1963 	      "undefined", "classic" or "1", "latest" or "2". By leaving the
 1964 	      copy_from option as undefined the common control option is
 1965 	      used, and if both are undefined then classic protocol is used
 1966 	      by default.
 1967 	    - The new networking protocol uses TLS for authentication,
 1968 	      after which all dialog is encrypted within the established
 1969 	      TLS session.  cf-serverd is still able to speak the legacy
 1970 	      protocol with old agents.
 1971 	    - The 'skipverify' option in 'body server control' is
 1972 	      deprecated and only left for compatibility; it does
 1973 	      nothing
 1974 	    - cf-serverd does not hang up the connection if some request
 1975 	      fails, so that the client can add more requests.
 1976 	    - For the connections using the new protocol, all of the
 1977 	      paths in bundle server access_rules now differentiate
 1978 	      between a directory and a file using the trailing
 1979 	      slash. If the path exists then this is auto-detected and
 1980 	      trailing slash appended automatically. You have to append
 1981 	      a trailing slash manually to an inexistent or symbolic
 1982 	      path (e.g. "/path/to/$(connection.ip)/") to force
 1983 	      recursive access.
 1984 	- New in 'access' promises for 'bundle server access_rules'
 1985 	    - Attributes "admit_ips", "admit_hostnames", "admit_keys",
 1986 	      "deny_ips", "deny_hostnames", "deny_keys"
 1987 	    - "admit_keys" and "deny_keys" add the new functionality
 1988 	      of controlling access according to host identity,
 1989 	      regardless of the connecting IP.
 1990 	    - For these new attributes, regular expressions
 1991 	      are not allowed, only CIDR notation for "admit/deny_ips", exact
 1992 	      "SHA=..." strings for "admit/deny_keys", and exact hostnames
 1993 	      (e.g. "cfengine.com") or subdomains (starting with dot,
 1994 	      e.g. ".cfengine.com") for "admit/deny"_hostnames. Same rules
 1995 	      apply to 'deny_*' attributes.
 1996 	    - These new constraints and the paths in access_rules, can contain
 1997 	      special variables "$(connection.ip)", "$(connection.hostname)",
 1998 	      "$(connection.key)", which are expanded dynamically for every
 1999 	      received connection.
 2000 	    - For connections using the new protocol, "admit" and "deny"
 2001 	      constraints in bundle server access_rules are being phased
 2002 	      out, preferred attributes are now "admit_ips", "deny_ips",
 2003 	      "admit_hostnames", "deny_hostnames", "admit_keys",
 2004 	      "deny_keys".
 2005 	    - New "shortcut" attribute in bundle server access_rules used to
 2006 	      dynamically expand non-absolute request paths.
 2007 	- masterfiles
 2008 		- standard library split: lib/3.5 (compatibility) and lib/3.6 (mainline)
 2009 		- many standard library bundles and bodies, especially packages- and file-related,
 2010 		  were revised and fixed
 2011 		- supports both Community and Enterprise
 2012 		- new 'inventory/' structure to provide OS, dmidecode, LSB, etc. system inventory
 2013 		  (configured mainly in def.cf)
 2014 		- cf_promises_release_id contains the policy release ID which is the GIT HEAD SHA
 2015 		  if available or hash of tree
 2016 		- a bunch'o'bundles to make starting with CFEngine easier:
 2017 		- file-related: file_mustache, file_mustache_jsonstring, file_tidy, dir_sync, file_copy,
 2018 	      file_link, file_hardlink, file_empty, file_make
 2019 		- packages-related: package_absent, package_present, package_latest,
 2020 	      package_specific_present, package_specific_absent, package_specific_latest, package_specific
 2021 		- XML-related: xml_insert_tree_nopath, xml_insert_tree, xml_set_value, xml_set_attribute
 2022 		- VCS-related: git_init, git_add, git_checkout, git_checkout_new_branch,
 2023 	      git_clean, git_stash, git_stash_and_clean, git_commit, git
 2024 		- process-related: process_kill
 2025 		- other: cmerge, url_ping, logrotate, prunedir
 2026 	- New command line options for agent binaries
 2027 	    - New options to cf-promises
 2028 		- '--show-classes' and '--show-vars'
 2029 		- '--eval-functions' controls whether cf-promises should evaluate functions
 2030 	    - Colorized output for agent binaries with command line option '--color'
 2031 	      (auto-enabled if you set CFENGINE_COLOR=1)
 2032 	- New language features
 2033 	    - New variable type 'data' for handling of structured data (ie JSON),
 2034 	      including supporting functions:
 2035 		- 'data_readstringarray' - read a delimited file into a data map
 2036 		- 'data_readstringarrayidx' - read a delimited file into a data array
 2037 		- 'datastate' - create a data variable with currently set classes and variables
 2038 		- 'datatype' - determine the type of the top element of a container
 2039 		- 'format' - %S can be used to serialize 'data' containers into a string
 2040 		- 'mergedata' - merge two data containers, slists/ilists/rlists, or "classic"
 2041 		  arrays into a data container
 2042 		- 'parsejson' - create a data container from a JSON string
 2043 		- 'readjson' - create a data container from a file that contains JSON
 2044 		- 'storejson' - serialize a data container into a string
 2045 		- Most functions operating on lists can also operate on data containers
 2046 		- pass a data container to a bundle with the @(container) notation
 2047 		- the module protocol accepts JSON for data containers with the '%' sigil
 2048 	    - Tagging of classes and variables allows annotating of language construct with
 2049 	      meta data; supporting functionality:
 2050 		- The module protocol in 'commands' promises has been extended to allow setting
 2051 		  of tags of created variables and classes, and the context of created variables
 2052 		- 'getclassmetatags' - returns list of meta tags for a class
 2053 		- 'getvariablemetatags' - returns list of meta tags for a variable
 2054 	    - 'body file control' has an 'inputs' attribute to include library files and other
 2055 	      dependencies
 2056 	    - bundlesequences can be built with bundlesmatching() based on bundle name and tags
 2057 	- New attributes in existing promise types and bodies
 2058 	    - New option 'preserve_all_lines' for insert_type in insert_lines promises
 2059 	    - Caching of expensive system functions to avoid multiple executions of
 2060 	      execresult() etc, can be controlled via cache_system_functions attribute in
 2061 	      body common control
 2062 	    - New option 'mailsubject' in body executor control allows defining the subject
 2063 	      in emails sent by CFEngine
 2064 	    - Support for Mustache templates in 'files' promises; use 'template_method' and
 2065 	      'template_data' attributes.  Without 'template_data' specified, uses datastate().
 2066 	- New and improved functions
 2067 	    - 'bundlesmatching' - returns list of defined bundles matching a regex and tags
 2068 	    - 'canonifyuniquely' - converts a string into a unique, legal class name
 2069 	    - 'classesmatching' - returns list of set classes matching a regex and tags
 2070 	    - 'eval' - evaluates mathematical expressions; knows SI k, m, g quantifiers, e.g. "100k"
 2071 	    - 'findfiles' - list files matching a search pattern; use "**" for recursive searches
 2072 	    - 'makerule' - evaluates whether a target file needs to be rebuilt from sources
 2073 	    - 'max', 'min' - returns maximum and minimum of the numbers in a container or list
 2074 	      (sorted by a 'sort' method)
 2075 	    - 'mean' - returns the mean of the numbers in a container or list
 2076 	    - 'nth' - learned to look up by key in a data container holding a map
 2077 	    - 'packagesmatching' - returns a filtered list of installed packages.
 2078 	    - 'readfile' - learned to read system files of unknown size like those in /proc
 2079 	    - 'sort' - can sort lexicographically, numerically (int or real), by IP, or by MAC
 2080 	    - 'string_downcase', 'string_upcase' - returns the lower-/upper-case version of a
 2081 	      string
 2082 	    - 'string_head', 'string_tail' - returns the beginning/end of a string
 2083 	    - 'string_length' - returns the length of a string
 2084 	    - 'string_reverse' - reverses a string
 2085 	    - 'string_split' - improved implementation, deprecates 'splitstring'
 2086 	    - 'variablesmatching' - returns a list of variables matching a regex and tags
 2087 	    - 'variance' - returns the variance of numbers in a list or container
 2088 	- New hard classes
 2089 	    - Introduced alias 'policy_server' for context 'am_policy_hub' (the latter will
 2090 	      be deprecated)
 2091 	    - all the time-based classes have GMT equivalents
 2092 	- New variables
 2093 	    - 'sys.bindir' - the location of the CFEngine binaries
 2094 	    - 'sys.failsafe_policy_path' - the location of the failsafe policy file
 2095 	    - 'sys.inputdir' - the directory where CFEngine searches for policy files
 2096 	    - 'sys.key_digest' - the digest of the host's cryptographic key
 2097 	    - 'sys.libdir', 'sys.local_libdir' - the location of the CFEngine libraries
 2098 	    - 'sys.logdir' - the directory where the CFEngine log files are saved
 2099 	    - 'sys.masterdir' - the location of masterfiles on the policy server
 2100 	    - 'sys.piddir' - the directory where the daemon pid files are saved
 2101 	    - 'sys.sysday' - the number of days since the beginning of the UNIX epoch
 2102 	    - 'sys.systime' - the number of seconds since the beginning of the UNIX epoch
 2103 	    - 'sys.update_policy_path' - the name of the update policy file
 2104 	    - 'sys.uptime' - the number of minutes the host has been online
 2105 	    - 'this.promise_dirname' - the name of the file in which the current promise
 2106 	      is defined
 2107 	    - 'this.promiser_uid' - the ID of the user running cf-agent
 2108 	    - 'this.promiser_gid' - the group ID of the user running cf-agent
 2109 	    - 'this.promiser_ppid' - the ID of the  parent process running cf-agent
 2110 
 2111 	Deprecations:
 2112 	- 'splitstring' - deprecated by 'string_split'
 2113 	- 'track_value'
 2114 	- 'skipverify'
 2115 
 2116 	Bug fixes: for a complete list of fixed bugs, see Redmine at https://cfengine.com/dev
 2117 	- various fixes in evaluation and variable resolution
 2118 	- Improve performance of list iteration (Redmine #1875)
 2119 	- Removed limitation of input length to internal buffer sizes
 2120 	    - directories ending with "/" are not ignored
 2121 	    - lsdir() always return a list now, never a scalar
 2122 	- 'abortclasses' fixed to work in common bundles and other cases
 2123 	- namespaced 'edit_line' bundles now work (Redmine#3781)
 2124 	- lists are interpolated in correct order (Redmine#3122)
 2125 	- cf-serverd reloads policies properly when they change
 2126 	- lots of leaks (memory and file descriptor) fixed
 2127 
 2128 3.5.3
 2129        Changes:
 2130        - Improved security checks of symlink ownership. A symlink created by a user pointing
 2131 	 to resources owned by a different user will no longer be followed.
 2132        - Changed the way package versions are compared in package promises. (Redmine #3314)
 2133 	 In previous versions the comparison was inconsistent. This has been fixed, but may
 2134 	 also lead to behavior changes in certain cases. In CFEngine 3.5.3, the comparison
 2135 	 works as follows:
 2136 	   <package-being-considered> <package_select> <package_version>
 2137 	 For instance:
 2138 		 apache-2.2.31              ">="            "2.2.0"
 2139 	 will result in the package being installed.
 2140 
 2141        Bug fixes:
 2142        - fix cf-monitord crash due to incorrect array initialization (Redmine #3180)
 2143        - fix cf-serverd stat()'ing the file tree every second (Redmine #3479)
 2144        - correctly populate sys.hardware_addresses variable (Redmine #2936)
 2145        - add support for Debian's GNU/kfreebsd to build system (Redmine #3500)
 2146        - fix possible stack corruption in guest_environments promises (Redmine #3552)
 2147        - work-around hostname trunctation in HP-UX's uname (Redmine #3517)
 2148        - fix body copy purging of empty directories (Redmine #3429)
 2149        - make discovery and loading of avahi libraries more robust
 2150        - compile and packaging fixes for HP-UX, AIX and Solaris
 2151        - fix fatal error in lsdir() when directory doesn't exist (Redmine #3273)
 2152        - fix epoch calculation for stime inrange calculation (Redmine #2921)
 2153 
 2154 3.5.2
 2155        Bug fixes:
 2156        - fix delayed abortclasses checking (Redmine #2316, #3114, #3003)
 2157        - fix maplist arguments bug (Redmine #3256)
 2158        - fix segfaults in cf-pomises (Redmine #3173, 3194)
 2159        - fix build on Solaris 10/SmartOS (Redmine #3097)
 2160        - sanitize characters from /etc/issue in sys.flavor for Debian (Redmine #2988)
 2161        - Fix segfault when dealing with files or data > 4K (Redmine #2912, 2698)
 2162        - Don't truncate keys to 126 characters in getindices (Redmine #2626)
 2163        - files created via log_* actions now have mode 600 (Redmine #1578)
 2164        - fix wrong log message when a promise is ignored due to 'ifvarclass' not matching
 2165        - fix lifetime of persistent classes (Redmine #3259)
 2166        - fix segfault when process_select body had no process_result attribute
 2167 	 Default to AND'ed expression of all specified attributes (Redmine #3224)
 2168        - include system message in output when acl promises fail
 2169        - fix invocation of standard_services bundle and corresponding promise compliance (Redmine #2869)
 2170 
 2171 3.5.1
 2172 
 2173        Changes:
 2174        - file changes are logged with log level Notice, not Error
 2175        - the CFEngine Standard Library in masterfiles/libraries is now split into
 2176 	 promise-type specific policy files, and lives in a version-specific directory.
 2177 	 This should have no impact on current code, but allows more granular include of
 2178 	 needed stdlib elements (Redmine #3044)
 2179 
 2180        Bug fixes:
 2181        - fix recursive copying of files (Redmine #2965)
 2182        - respect classes in templates (Redmine ##2928)
 2183        - fix timestamps on Windows (Redmine #2933)
 2184        - fix non-root cf-agent flooding syslog (Redmine #2980)
 2185        - fix email flood from cf-execd due to timestamps in agent output (Redmine #3011)
 2186        - Preserve security context when editing or copying local files (Redmine #2728)
 2187        - fix path for sys.crontab on redhat systems (Redmine #2553)
 2188        - prevent incorrect "insert_lines promise uses the same select_line_matching anchor" warning (Redmine #2778)
 2189        - Fix regression of setting VIPADDRESS to 127.0.0.1 (Redmine #3010)
 2190        - Fix "changes" promise not receiving status when file is missing (Redmine #2820)
 2191        - Fix symlinks being destroyed when editing them (Redmine #2363)
 2192        - Fix missing "promise kept" status for the last line in a file (Redmine #2943)
 2193 
 2194 3.5.0
 2195 
 2196        New features:
 2197        - classes promises now take an optional scope constraint.
 2198        - new built-in functions: every, none, some, nth, sublist, uniq, filter
 2199 	 - every
 2200 	 - none
 2201 	 - some
 2202 	 - nth
 2203 	 - sublist
 2204 	 - uniq
 2205 	 - filter
 2206 	 - classesmatching
 2207 	 - strftime
 2208 	 - filestat
 2209 	 - ifelse
 2210 	 - maparray
 2211 	 - format
 2212        - cf-promises flag --parse-tree is replaced by --policy-output-format=, requiring the
 2213 	  user to specify the output format (none, cf, json)
 2214        - cf-promises allows partial check of policy (without body common control) without integrity check;
 2215 	  --full-check enforces integrity check
 2216        - agent binaries support JSON input format (.json file as generated by cf-promises)
 2217        - cf-key: new options --trust-key/-t and --print-digest/-p
 2218        - Class "failsafe_fallback" is defined in failsafe.cf when main policy contains errors and
 2219 	 failsafe is run because of this
 2220        - add scope attribute for body classes (Redmine #2013)
 2221        - Better diagnostics of parsing errors
 2222        - Error messages from parser now show the context of error
 2223        - new cf-agent option: --self-diagnostics
 2224        - new output format, and --legacy-output
 2225        - warnings for cf-promises.
 2226        - Enable zeroconf-discovery of policy hubs for automatic bootstrapping
 2227 	 if Avahi is present
 2228        - Support for sys.cpus on more platforms than Linux & HPUX
 2229 
 2230        Changes:
 2231        - parser no longer allows ',' after promiser or promisee. must be either ';' or lval
 2232        - Make parser output in GCC compatible format the only supported format
 2233 	 (remove --gcc-brief-format flag)
 2234 
 2235        - Silence license warnings in Enterprise Free25 installations
 2236        - action_policy => "warn" causes not_kept classes to be set on promise needing repair.
 2237        - command line option version (-V) now prints a shorter parsable version without graphic
 2238        - implicit execution of server and common bundles taking arguments is skipped in cf-serverd.
 2239        - WARNING: option --policy-server removed, require option to --bootstrap instead
 2240        - process promises don't log if processes are out of range unless you
 2241 	 run in verbose mode
 2242        - reports promises are now allowed in any context (Redmine #2005)
 2243        - cf-report has been removed
 2244        - cf-execd: --once implies --no-fork
 2245        - Version info removed from mail subject in the emails sent by cf-execd.
 2246 	 The subject will only contain "[fqname/ipaddress]" instead of "communnity/nova [fqname/ipaddress]"
 2247 	 Please change your email filters accordingly if necessary.
 2248        - "outputs" promise type is retired. Their semantics was not clear, and the functionality
 2249 	 is better suited for control body setting, not a promise.
 2250        - Tokyo Cabinet databases are now automatically checked for
 2251 	 correctness during opening. It should prevent a number of issues
 2252 	 with corrupted TC databases causing binaries to hang.
 2253        - Improved ACL handling on Windows, which led to some syntax changes. We now consistently
 2254 	 use the term "default" to describe ACLs that can be inherited by child objects. These
 2255 	 keywords have received new names:
 2256 	   acl_directory_inherit -> acl_default
 2257 	    specify_inherit_aces -> specify_default_aces
 2258 	 The old keywords are deprecated, but still valid. In addition, a new keyword
 2259 	 "acl_inherit" controls inheritance behavior on Windows. This feature does not exist on
 2260 	 Unix platforms. (Redmine #1832)
 2261        - Networking code is moved from libpromises to its own library,
 2262 	 libcfnet. Work has begun on making the API more sane and thread-safe.
 2263 	 Lots of legacy code was removed.
 2264        - Add getaddrinfo() replacement in libcompat (borrowed from PostgreSQL).
 2265        - Replace old deprecated and non thread-safe resolver calls with
 2266 	 getaddrinfo() and getnameinfo().
 2267        - Hostname2IPString(), IPString2Hostname() are now thread-safe, and are
 2268 	 returning error when resolution fails.
 2269        - Running cf-execd --once now implies --no-fork, and also does not wait
 2270 	 for splaytime to pass.
 2271        - execresult(), returnszero() and commands promises no longer requires the first word
 2272 	 word to be an absolute path when using the shell. (Part of Redmine #2143)
 2273        - commands promises useshell attribute now accepts "noshell" and "useshell" values. Boolean
 2274 	 values are accepted but deprecated. (Part of Redmine #2143)
 2275        - returnszero() now correctly sets the class name in this scenario  (Part of
 2276 	 Redmine #2143):
 2277 	   classes:
 2278 	     "commandfailed" not => returnszero("/bin/nosuchcommand", "noshell");
 2279 
 2280        Bugfixes:
 2281        - bundles are allowed to be empty (Redmine #2411)
 2282        - Fixed '.' and '-' not being accepted by a commands module. (Redmine #2384)
 2283        - Correct parsing of list variables by a command module. (Redmine #2239)
 2284        - Fixed issue with package management and warn. (Redmine #1831)
 2285        - Fixed JSON crash. (Redmine #2151)
 2286        - Improved error checking when using fgets(). (Redmine #2451)
 2287        - Fixed error message when deleting nonexistent files. (Redmine #2448)
 2288        - Honor warn-only when purging from local directory. (Redmine #2162)
 2289        - Make sure "restart" and "reload" are recognized keywords in packages. (Redmine #2468)
 2290        - Allocate memory dynamically to avoid out-of-buffer or out-of-hash
 2291 	 situations
 2292        - fix edit_xml update of existing attributes  (Redmine #2034)
 2293        - use failsafe policy from compile-time specified workdir (Redmine #1991)
 2294        - ifvarclass checked from classes promises in common bundles
 2295        - do not wait for splaytime when executing only once
 2296        - disable xml editing functionality when libxml2 doesn't provide necessary APIs (Redmine #1937)
 2297        - Out-of-tree builds should work again, fixed a bunch of related bugs.
 2298        - Fixed race condition in file editing. (Redmine #2545)
 2299        - Fixed memory leak in cf-serverd and others (Redmine #1758)
 2300 
 2301 3.4.5   (Bugfix and Stability release)
 2302 
 2303       Bugfixes:
 2304 
 2305       - make qualified arrays expand correcty (Redmine #1998, Mantis #1128)
 2306 
 2307       - correct possible errors in tcdb files when opening
 2308 
 2309       - avoid possible db corruption when mixing read/write and cursor operations
 2310 
 2311       - Allow umask value of 002 (Redmine #2496)
 2312 
 2313 3.4.4   (Bugfix and Stability release)
 2314 
 2315        Bugfixes:
 2316 
 2317        - prevent possible crash when archiving files (GitHub #316)
 2318 
 2319        - don't create symlinks to cf-know in update policy
 2320 
 2321        - don't enable xml support if libxml2 is too old (Redmine #1937)
 2322 
 2323 3.4.3   (Bugfix and Stability release)
 2324 
 2325        Bugfixes:
 2326 
 2327        - Don't flood error messages when processes are out of defined range
 2328 
 2329        - prevent segmentation fault in cf-monitord -x (Redmine #2021)
 2330 
 2331        - when copying files, use same file mode as source file, rather than 0600 (Redmine #1804)
 2332 
 2333        - include xpath in messages generated by edit_xml operations (Redmine #2057)
 2334 
 2335 3.4.2   (Bugfix and Stability release)
 2336 
 2337        Bugfixes:
 2338 
 2339        - Fixes to policies in masterfiles (see masterfiles/Changelog for details)
 2340 
 2341        - Fixes for OpenBSD (GitHub #278)
 2342 
 2343        - Do not canonify values specified in abortbundleclasses/abortclasses (Redmine #1786)
 2344 
 2345        - Fix build issues on NetBSD, SLES 12.2
 2346 
 2347        - Improve error message when libxml2 support is not compiled (Redmine #1799)
 2348 
 2349        - fix potential segmentation fault when trimming network socket data (GitHub #233)
 2350 
 2351        - fix potential segmentation fault when address-lookups in lastseen db failed (GitHub #233)
 2352 
 2353        - execute background promise serially when max_children was reached, rather
 2354 	 than skipping them (GitHub #233)
 2355 
 2356        - fix segmentation fault in cf-promises when invoked with --reports (Redmine #1931)
 2357 
 2358        - fix compilation with Sun Studio 12 (Redmine #1901)
 2359 
 2360        - silence type-pun warning when building on HP-UX (GitHub #287)
 2361 
 2362 3.4.1   (Bugfix and Stability release)
 2363 
 2364 	New feature/behavior:
 2365 
 2366 	- cf-execd terminates agent processes that are not responsive
 2367 	  for a configurable amount of time (see agent_expireafter in body
 2368 	  executor control), defaulting to 1 week
 2369 
 2370 	Bugfixes:
 2371 
 2372 	- fix regression of classmatch() failing with hard classes (Redmine #1834)
 2373 
 2374 	- create promise-defined and persistent classes in correct
 2375 	  namespace (Redmine #1836)
 2376 
 2377 	- several fixes to namespace support
 2378 
 2379 	- fix several crash bugs caused by buffer overflow and race
 2380 	  conditions in cf-serverd
 2381 
 2382 	- regenerate time classes in cf-execd for each run (Redmine #1838)
 2383 
 2384 	- edit_xml: fix select_xpath implementation and update documentation
 2385 	  NOTE: code that uses select_xpath_region needs to be changed to
 2386 	  select_xpath
 2387 
 2388 	- edit_xml: make sure that text-modification functions don't overwrite
 2389 	  child nodes
 2390 
 2391 	- edit_xml: improve error logging
 2392 
 2393 3.4.0
 2394 
 2395 	New features:
 2396 
 2397 	- Added rpmvercmp utility to compare versions of RPM packages for
 2398 	  accurate sorting of RPM packages for packages promises.
 2399 
 2400 	- Implement network timeout on server side to avoid keeping stale
 2401 	  connections for hours.
 2402 
 2403 	- XML editing capabilities. See the documentation for edit_xml
 2404 	  body. Note the new dependency: libxml2.
 2405 
 2406 	- Implement inheritance of local classes by bundles called using
 2407 	  "usebundle". By default classes are not inherited. See the
 2408 	  examples/unit_inherit.cf for an example.
 2409 
 2410 	- Moved from Nova/Enterprise:
 2411 	  - POSIX ACL support,
 2412 	  - "outputs" promise type,
 2413 	  - remote syslog support.
 2414 
 2415 	- packages_default_arch_command hook in packages promises, to
 2416 	  specify default architecture of the packages on the system.
 2417 
 2418 	- packages_version_less_command / packages_version_equal_command hooks
 2419 	  in packages promises, to specify external command for native package
 2420 	  manager versions comparison
 2421 
 2422 	- agent_expireafter in body executor control allows you to set a
 2423 	  timeout on all cf-agent runs, to enforce a threshold on the
 2424 	  number of concurrent agents
 2425 
 2426 	- Running in Solaris zone is now detected and classes "zone" and
 2427 	  "zone_<name>" are created in this case.
 2428 
 2429 	- VirtualBox support added to guest_environment promises.
 2430 
 2431 	- guest_environment promises are supported under OS X.
 2432 
 2433 	- The "depends_on" attribute is now active, for the partal ordering
 2434 	  of promises. If a promise depends on another (referred by handle)
 2435 	  it will only be considered if the depends_on list is either kept
 2436 	  or repaired already.
 2437 
 2438 	  ** WARNING: When upgrading, make sure that any existing use
 2439 		      of depends_on does not make some promises being
 2440 		      unintentionally ignored. This can happen if you are
 2441 		      currently referring to non-existent or never-run handles
 2442 		      in depends_on attributes.
 2443 
 2444 	- methods return values, initial implementation
 2445 
 2446 	- New format for cf-key -s, includes timestamp of last connection
 2447 
 2448 	- cf-promises --parse-tree option to parse policy file and dump it
 2449 	  in JSON format
 2450 
 2451 	- Namespaces support for bundles and bodies. See the
 2452 	  examples/unit_namespace*.cf for the usage.
 2453 
 2454 	- Default arguments for bundles. See the examples/unit_defaults.cf
 2455 
 2456 	- Metadata promise type. See the examples/unit_meta.cf
 2457 
 2458 	New semantics:
 2459 
 2460 	- Methods promises now return the status of promises
 2461 	  kept within them. If any promise was not kept, the method is not
 2462 	  kept, else if any promise is repaired, the method was repaired
 2463 	  else it was kept.
 2464 	- Remote variable access in namespaces by $(namespace:bundle.variable)
 2465 
 2466 	Changed functionality:
 2467 
 2468 	- cf-execd -F switch no longer implies 'run once'. New -O/--once
 2469 	  option is added to achieve this behaviour. This makes cf-execd
 2470 	  easier to run from systemd, launchd and other supervision
 2471 	  systems.
 2472 
 2473 	Misc:
 2474 
 2475 	- Support for the following outdated platforms and corresponding
 2476 	  classes has been removed. De facto those platforms were
 2477 	  unsupported for a long time, as CFEngine codebase uses C99
 2478 	  language features unavailable on old platforms:
 2479 
 2480 	   - SunOS 3.x (sun3)
 2481 	   - SunOS 4.x (sun4)
 2482 	   - Ultrix (ultrix)
 2483 	   - DEC OSF/1 AXP (osf)
 2484 	   - Digital UNIX (digital)
 2485 	   - Sony NEWS (newsos)
 2486 	   - 4.3BSD (bsd4_3)
 2487 	   - IRIX (irix, irix4, irix64)
 2488 	   - IBM Academic Operating System (aos)
 2489 	   - BSD/OS / BSDi / BSD/386 (bsdos)
 2490 	   - NeXTSTEP (nextstep)
 2491 	   - GNU Hurd (gnu)
 2492 	   - NEC UX/4800 (ux4800)
 2493 
 2494 	- (Old news) Since 3.3.0 the layout of CFEngine Community packages
 2495 	  has changed slightly.
 2496 
 2497 	  cf-* binaries have been moved to /var/cfengine/bin, due to the
 2498 	  following reasons:
 2499 
 2500 	   - cf-* binaries are linked to libraries installed to
 2501 	     /var/cfengine/lib, so placing binaries in /usr/local/sbin does not
 2502 	     increase reliability of the CFEngine,
 2503 
 2504 	   - keeping whole CFEngine under single prefix (/var/cfengine)
 2505 	     makes packaging simpler,
 2506 
 2507 	   - it matches the layout of CFEngine Enterprise packages.
 2508 
 2509 	   Please adjust your policies (the recommended ways to deal with
 2510 	   the move are either to adjust $PATH to include /var/cfengine or to
 2511 	   create symlinks in /usr/local/sbin in case you are relying on
 2512 	   binaries to be available in $PATH).
 2513 
 2514 	- Workdir location is properly changed if --prefix or --enable-fhs
 2515 	  options are supplied to configure (Mantis #1195).
 2516 
 2517 	- Added check for broken libmysqlclient implementations (Mantis #1217).
 2518 
 2519 	- Standard library is updated from COPBL repository.
 2520 
 2521 	- cf-know is no longer built in Community releases. The only
 2522 	  functionality useful in Community, namely the reference manual
 2523 	  generation, is provided by new compile-time cf-gendoc tool.
 2524 
 2525     - Filename (for storing filechanges) changed
 2526       from file_change.log -> file_changes.log (in /var/cfengine/state)
 2527 
 2528       New format for storing file changes introduced:
 2529       [timestamp,filename,<N/C/S/R>,Message]
 2530 
 2531       N = New file found
 2532       C = Content Changed
 2533       S = Stats changed
 2534       R = File removed
 2535 
 2536 	- Acceptance test suite passes on Mac OS X.
 2537 
 2538 	- Changed some port numbers to replace old services with imap(s)
 2539 
 2540 	- archlinux hard class on Arch Linux.
 2541 
 2542 	- Detect BSD Make and automatically switch to GNU Make during build.
 2543 
 2544 	Bugfixes:
 2545 
 2546 	- cfruncommand for cf-execd is an arbitrary shell command now (Mantis #1268).
 2547 	- Fixed broken "daily" splayclasses (Mantis #1307).
 2548 	- Allow filenames up to 4096 bytes in network transfers (Redmine #1199).
 2549 	- Fix stale state preserved during cf-serverd reload (Redmine #1487).
 2550 	- Free disk space calculation is fixed (Mantis #1120).
 2551 	- Numerous portability bugfixes (especially OpenBSD, Solaris, AIX-related).
 2552 	- Compatibility fixes for AIX, HP-UX, Solaris (Mantis #1185, Mantis #1177, Mantis #1109).
 2553 	- Fixed broken socklen_t configure check under OpenBSD (Mantis #1168).
 2554 	- Fixed hang in cf-promises under OpenBSD (Mantis #1113).
 2555 	- Fixed endless loop in evaluating "$()" construct (Mantis #1023).
 2556 	- Fixed check for old PCRE versions (Mantis #1262).
 2557 	- Fixed insertion of multi-line blocks at the start of file (Mantis #809).
 2558 	- Fixed numerous memory leaks.
 2559 	- Fixes for metadata that were not resolvable
 2560 	- Fixes for namespaces that would not support metadata and variable expansion
 2561 	- Point-to-point network interfaces are detected and reported by CFEngine (Mantis #1246)
 2562 	- Partial non-GNU userspace support in acceptance testsuite (Mantis #1255)
 2563 
 2564 	Full list of issues fixed is available on
 2565 	https://cfengine.com/bugtracker/changelog_page.php (old bug tracker)
 2566 	and https://cfengine.com/dev/projects/core/versions/34 (new bug tracker)
 2567 
 2568 3.3.9   (Bugfix and Stability release)
 2569 
 2570 	Bugfixes:
 2571 
 2572 	- Do not lose hard classes in cf-serverd during policy reload
 2573 	  (Mantis #1218).
 2574 	- Implement receive network timeout in cf-serverd. Prevents
 2575 	  overloading cf-serverd with stale connections.
 2576 
 2577 3.3.8   (Bugfix and Stability release)
 2578 
 2579 	Versions 3.3.6, 3.3.7 were internal and weren't released.
 2580 
 2581 	Bugfixes:
 2582 
 2583 	- Propery set sys.domain variable if hostname is fully-qualified.
 2584 	- Fixed several small memory leaks.
 2585 	- Make network timeout for network reads configurable. Previously
 2586 	  it was hardcoded to be 30 seconds, which was not enough for
 2587 	  cf-runagent invoking cf-agent on big policies (Mantis #1028).
 2588 
 2589 3.3.5   (Bugfix and Stability release)
 2590 
 2591 	Bugfixes:
 2592 
 2593 	- Fixed cf-execd memory leak on hosts with cf-monitord running.
 2594 	- Robustify against wrongly-sized entires in embedded databases.
 2595 
 2596 	Standard library:
 2597 
 2598 	- Bugfixes from upstream COPBL repository.
 2599 	- standard_services bundle from upstream COPBL repository.
 2600 
 2601 
 2602 3.3.4   (Bugfix and Stability release)
 2603 
 2604 	Evaluation of policies:
 2605 
 2606 	- Fix wrong classes set after installation of several packages
 2607 	  using packages promises (Mantis #829).
 2608 	- Fix segfault using edit_template on existing file (Mantis #1155).
 2609 
 2610 	Misc:
 2611 
 2612 	- Fix memory leak during re-read of network interfaces'
 2613 	  information in cf-execd/cf-serverd.
 2614 
 2615 3.3.3   (Bugfix and Stability release)
 2616 
 2617 	Evaluation of policies:
 2618 
 2619 	- Zero-length files are valid for readfile() and similar functions
 2620 	  (Mantis #1136).
 2621 	- Unchoke agent in case it encounters symlinks in form ./foo
 2622 	  (Similar to Mantis #1117).
 2623 
 2624 	Misc:
 2625 
 2626 	- Fix generation of reference manual on machines with umask more
 2627 	  relaxed than 022.
 2628 	- Use statvfs(3) on OpenBSD to obtain filesystem information
 2629 	  (Mantis #1135).
 2630 
 2631 3.3.2   (Bugfix and Stability release)
 2632 
 2633 	Evaluation of policies:
 2634 
 2635 	- Do not segfault if file copy was interrupted due to network
 2636 	  connectivity or server going away (Mantis #1089).
 2637 	- Do not segfault if log_failed attribute is present in body, but
 2638 	  log_kept is not (Mantis #1107).
 2639 	- Do not mangle relative paths in symlinks during file copy
 2640 	  Previously symlink a -> b was mangled to a -> ./b.
 2641 	  (Mantis #1117)
 2642 	- Properly compare 1.0 and 1.0.1 in packages promises. Previously
 2643 	  only versions with equal amount of "segments" were comparable
 2644 	  (Mantis #890, #1066).
 2645 
 2646 	Base policy:
 2647 
 2648 	- Properly set permissions on files for /var/cfengine/lib on HP-UX
 2649 	  (Mantis #1114).
 2650 	- Standard library (cfengine_stdlib.cf) is synced with COPBL
 2651 	  repository.
 2652 
 2653 	Misc:
 2654 
 2655 	- Do not create huge file in case corrupted TokyoCabinet database
 2656 	  is detected (Mantis #1106).
 2657 	- Fix file descriptor leak on error paths, may have caused crashes
 2658 	  of cf-execd and cf-serverd (Issue #1096).
 2659 	- Fix intermittent segfault in cf-execd (Mantis #1116).
 2660 	- Impose an upper limit on amount of listening sockets reported by
 2661 	  cf-monitord. Huge amounts of listening sockets caused cf-agent to
 2662 	  segfault on next run (Mantis #1098).
 2663 	- Add missing function prototypes caused errors during compilation
 2664 	  on HP-UX (Mantis #1109).
 2665 	- Fix compilation on Solaris 11 (Mantis #1091).
 2666 
 2667 3.3.1   (Bugfix and Stability release)
 2668 
 2669 	Evaluation of policies:
 2670 
 2671 	- Do not cut off name of bundle in variables interpolation (Mantis #975).
 2672 	- Do not segfault in function evaluation guarded by ifvaclass clause (Mantis #1084, #864).
 2673 	- Do not segfault if "classes" promise does not declare any value to be evaluated (Mantis #1074).
 2674 	- Do not segfault in database promises if there is no
 2675 	    database_operation provided (Mantis #1046).
 2676 
 2677 	Built-in functions:
 2678 
 2679 	- Fix countclassesmatching() function which was misbehaving trying
 2680 	    to match classes starting with alphanumeric symbol (Mantis #1073).
 2681 	- Fix diskfree() to return kilobytes, as described in documentation (Mantis #980, #955).
 2682 	- Fix hostsseen() function to avoid treating all hosts as not
 2683 	    being seen since 1970 (Mantis #886).
 2684 	- Do not output misleading error message if readtcp() is unable to connect (Mantis #1085).
 2685 
 2686 	Command-line interface:
 2687 
 2688 	- -d option previously reqired an argument, though help message disagreed (Mantis #1053).
 2689 	- Disable --parse-tree option, not ready for the release (Mantis #1063).
 2690 	- Acept -h as a --help option.
 2691 	- Ensure that cf-execd might be started right after being shut down.
 2692 
 2693 	Misc:
 2694 
 2695 	- Plug file descriptor leak after failed file copy (Mantis #990).
 2696 	- Fix unsafe admit rules in default promises.cf (Mantis #1040).
 2697 	- Fix splaytime to match documentation: it is specified in minutes, not seconds (Mantis #1099).
 2698 
 2699 	Packaging:
 2700 
 2701 	- Fix owner/group of initscript and profile.d snippet in RPM builds (Mantis #1061, #1058).
 2702 	- Fix location of libvirt socket CFEngine uses to connect to libvirtd (Mantis #1072).
 2703 	- Install CoreBase to /var/cfengine/masterfiles during installation (Mantis #1075).
 2704 	- Do not leave old cf-twin around after upgrade (Mantis #1068)
 2705 	- Do not leave rcS.d symlinks after purging .deb package (Mantis #1092).
 2706 
 2707 3.3.0
 2708 
 2709 	New promise types:
 2710 	- Guest environments promises, which allow to manipulate virtual
 2711 	  machines using libvirt.
 2712 	- Database promises, which allow to maintain schema of MySQL and
 2713 	  PostgreSQL databases. Database promises are in "technical preview"
 2714 	  status: this promise type is subject to change in future.
 2715 	- Services promises for Unix, allows abstraction of details
 2716 	  on managing any service
 2717 
 2718 	New built-in functions:
 2719 	- dirname() to complement lastnode()
 2720 	- lsdir()
 2721 	- maplist() to apply functions over lists
 2722 
 2723 	New features:
 2724 	- Allow defining arrays from modules.
 2725 	- Allow both process_stop' and signals' constraints in
 2726 	  processes' promises at the same time.
 2727 	- cf-promises --gcc-brief-format option to output warnings and
 2728 	  errors in gcc-compatible syntax which to ease use "go to next
 2729 	  error" feature of text editors.
 2730 	- Iteration over lists is now allowed for qualified (non-local) lists.
 2731 
 2732 	New built-in variables and classes (Linux):
 2733 	- Number of CPUs: $(sys.cpus), 1_cpu, 2_cpus etc
 2734 
 2735 	New built-in variables and classes (Unices):
 2736 	- $(sys.last_policy_update) - timestamp when last policy change was seen by host
 2737 	- $(sys.hardware_addresses) - list of MAC adresses
 2738 	- $(sys.ip_addresses) - list of IP addresses
 2739 	- $(sys.interfaces) - list of network interfaces
 2740 	- $(sys.hardware_mac[$iface]) - MAC address for network interface
 2741 	- mac_<mac_address>:: - discovered MAC addresses
 2742 
 2743 	Changes:
 2744 
 2745 	- Major cleanup of database handling code. Should radically decrease
 2746 	  amount of database issues experienced under heavy load.
 2747 
 2748 	  *WARNING*: Berkeley DB and SQLite backends are *removed*, use
 2749 	  Tokyo Cabinet or QDBM instead. Both Tokyo Cabinet and QDBM are
 2750 	  faster than Berkeley DB in typical CFEngine workloads.
 2751 
 2752 	  Tokyo Cabinet requires C99 environment, so it should be
 2753 	  available on every contemporary operating system.
 2754 
 2755 	  For the older systems QDBM, which relies only on C89, is a
 2756 	  better replacement, and deemed to be as portable, as Berkeley DB.
 2757 
 2758 	- Change of lastseen database schema. Should radically decrease
 2759 	  I/O contention on lasteen database.
 2760 
 2761 	- Automatic reload of policies by cf-execd.
 2762 	- Documentation is generated during build, PDF and HTML files are
 2763 	  retired from repository.
 2764 	- Rarely used feature retired: peer connectivity intermittency calculation.
 2765 	- Memory and CPU usage improvements.
 2766 	- Testsuite now uses 'make check' convention and does not need root
 2767 	  privileges anymore.
 2768 	- cf_promises_validated now filled with timestamp, allows digest-copy
 2769 	  for policy instead of mtime copy which is safer when clocks are unsynchronised
 2770 	- The bundled failsafe.cf policy now has trustkey=false to avoid IP spoofing
 2771 	  attacks in default policy
 2772 	- See the full list of bugfixes at
 2773 	  https://cfengine.com/bugtracker/changelog_page.php
 2774 
 2775 3.2.4   (Bugfix and Stability release)
 2776 
 2777 	Fixed failure in network transfer in case of misbehaving peer
 2778 
 2779 	A few tiny memory leaks on error paths fixed
 2780 
 2781 3.2.3   (Bugfix and Stability release)
 2782 
 2783 	A few tiny memory leaks fixed
 2784 
 2785 	Improved performance of cf-serverd under heavy load with
 2786 	TokyoCabinet database
 2787 
 2788 	Full list of issues fixed is available on
 2789 	https://cfengine.com/bugtracker/changelog_page.php
 2790 
 2791 3.2.2   (Bugfix and Stability release)
 2792 
 2793 	Enabled compilation in "large files" mode under AIX
 2794 
 2795 	Alleviated problem with broken file transfers over unstable
 2796 	Internet links.
 2797 
 2798 	Full list of issues fixed is available on
 2799 	https://cfengine.com/bugtracker/changelog_page.php
 2800 
 2801 3.2.1   (Bugfix and Stability release)
 2802 
 2803 	Fixed compilation under HP-UX and Solaris
 2804 
 2805 	Enabled compilation using HP ANSI C compiler
 2806 
 2807 	Full list of issues fixed is available on
 2808 	https://cfengine.com/bugtracker/changelog_page.php
 2809 
 2810 3.2.0
 2811 	New bootstrap method with single-command bootstrapping:
 2812 	- cf-agent --bootstrap --policy-server 123.456.789.123
 2813 	- Associated policy template files are added, partially maintained
 2814 	  by CFEngine
 2815 
 2816 	Bug fixes for file-editing, package versioning, and embedded
 2817 	database corruption (We recommend using TokyoCabinet instead of
 2818 	BerkeleyDB if building from source).
 2819 
 2820 	Improved upgrade path for Nova.
 2821 
 2822 	Patches for improved run-agent concurrency
 2823 
 2824 	Reorganization of documentation and community resources
 2825 
 2826 	100% on regression test suite on 3 operating systems
 2827 	(Ubuntu, Debian, SuSE on x86-64 hardware)
 2828 
 2829 	Support for multiple release environments
 2830 
 2831 	package_policy update and addupdate now check if user-supplied
 2832 	version is larger than currently installed - updates only if so
 2833 
 2834 	Help text of cf-report -r corrected - a list of key hashes is
 2835 	required, not ip addresses.
 2836 
 2837 	New Emacs mode for CFEngine policy files (thanks to Ted Zlatanov!)
 2838 
 2839 	Warnings are on edit_line changes can now give greater degree of information
 2840 	without spamming promise logs
 2841 
 2842 	Class expressions parser accepts '||' as an alias for '|' again.
 2843 
 2844 	Invalidation of package list cache on installation/removal of
 2845 	packages.
 2846 
 2847 	New option cf-key -r to remove host key by IP or hostname.
 2848 
 2849 	Added detection of network interfaces which belong to BSD jails.
 2850 
 2851 	Improve robustness of multi-threaded code, in particular fix
 2852 	problems with spurious access denials in server and losing of
 2853 	authentication rules after policy reload.
 2854 
 2855 	cf-promises accepts option -b matching cf-agent, which causes it
 2856 	to do not complain about missing bundlesequence.
 2857 
 2858 	New functions and(), not(), or() and concat() to ease use of
 2859 	ifvarclass() clause.
 2860 
 2861 	Full list of issues fixed is available on
 2862 	https://cfengine.com/bugtracker/changelog_page.php
 2863 
 2864 3.1.5
 2865 	New class parser, '||' is no longer allowed in expressions (use '|').
 2866 
 2867 	Class setting in the promise types insert_lines, delete_lines,
 2868 	replace_patterns, field_edits, vars, classes is restored.
 2869 
 2870 	suspiciousnames implemented.
 2871 
 2872 	New function getvalues().
 2873 
 2874 	New functions parse{read,int,string}array to match read{read,int,string}array.
 2875 
 2876 	Testsuite added to check for core functionality.
 2877 
 2878 	Syslog prefix is fixed to say 'cf3' instead of 'community'.
 2879 
 2880 3.1.4	(Bugfix and Stability release)
 2881 
 2882 	Some urgent patches to 3.1.3.
 2883 	Class validation parse bug fixed.
 2884 	Global zone handling error for solaris fixed.
 2885 	Package architectures handled correctly (bug #456).
 2886 	Reading and writing of key name "root-.pub" eliminated (bug #442, #453).
 2887 	cf-serverd crash because of race condition on SERVER_KEYSEEN fixed.
 2888 	Lock purging to avoid remnant complexity explosion (bug #430).
 2889 	Some copyright notices added that got lost.
 2890 
 2891 3.1.3   (Stability release)
 2892 
 2893 	Major memory leaks in cf-monitord, cf-execd, cf-serverd fixed (bug #427).
 2894 	The daemons now show no growth even with very complex policies.
 2895 
 2896 	cf-serverd crash due to race condition in DeleteScope() fixed (bug #406).
 2897 
 2898 	Added 30 second timeout on recv() on Linux.
 2899 
 2900 	package_noverify_returncode implemented (bug #256).
 2901 
 2902 	A flexible mechanism for setting classes based on return codes of
 2903 	commands has been introduced. Allows for setting promise kept,
 2904 	repaired or failed based on any return codes. This is currently
 2905 	implemented for commands-promises, package-manager commands and
 2906 	transformer in files. In classes body, see attributes
 2907 	kept_returncodes, repaired_returncodes, failed_returncodes (bug
 2908 	#248, #329).
 2909 
 2910 	New function ip2host - reverse DNS lookup (bug #146).
 2911 
 2912 3.1.2   (Scalability/efficiency release)
 2913 
 2914 	Big efficiency improvements by caching output from
 2915 	cf-promises. Can also be used for much more efficient policy
 2916 	deployment (only pull if changed).
 2917 
 2918 	Caching state of ps command for greater efficiency. Reloaded for each bundle.
 2919 
 2920 	Index class lookup improves efficiency of class evaluation for huge configurations.
 2921 
 2922 	Fixed issue where certain promiser strings got corrupted.
 2923 
 2924 	Minor memory access issues fixed.
 2925 
 2926 	Iterator bug introduced in 3.1.0 fixed
 2927 
 2928 3.1.1   (Bugfix release)
 2929 
 2930 	Memory leaks in server tracked down and fixed.
 2931 	List expansion bug (one list items not executed) fixed.
 2932 	Security issue introduced by change of runcommand shell policy fixed. If users defined a runcommand for cf-runagent/cf-serverd communication, possible to execute commands.
 2933 	cf-key -s command for showing key hash/IP address identity pairs
 2934 
 2935 3.1.0
 2936 	Change in storage of public keys. Cfengine now hashes the public key and uses this
 2937 	as the keyname. Keys will be converted automatically.
 2938 
 2939 	The old dynamic addresses lists are deprecated.
 2940 	Caching of dns and key information for greater server speed.
 2941 	Change in last-seen format reflects the public key usage.
 2942 
 2943 	New package policy addupdate - installs package if not there and
 2944 	updates it otherwise.
 2945 
 2946 	Support for package_changes => "bulk" in file repository as well.
 2947 
 2948 	New special function readstringarrayidx, similar to readstringarray,
 2949 	but uses integer indices. Very useful if first row elements are
 2950 	not good identifiers (e.g. contains spaces, non-unique, etc.).
 2951 
 2952 	Change two log formats to use time() instead of date()
 2953 	- filechanges
 2954 	- total compliance
 2955 
 2956 	Change from using md5 to sha256 as default digest for commercial version,
 2957 	community retains md5 for compat.
 2958 
 2959 	Commands not returning 0 in commands-promises are flagged
 2960 	as repair_failed.
 2961 
 2962 	Adjustable timeout on connect(). Defaults to 10 seconds, adjustable
 2963 	with default_timeout in agent control.
 2964 
 2965 	Redesign of the knowledge map infrastructure.
 2966 
 2967 	Now possible to use variables to call methods, e.g
 2968 
 2969 	methods:
 2970 
 2971 	  "name $(list)" usebundle => $(list)("abc");
 2972 
 2973 	See reference manual notes
 2974 
 2975 	Changes to normal ordering to optimize execution.
 2976 
 2977 	Increased stability by always initializing Attribute and Promise
 2978 	structures.
 2979 
 2980 	When running cf-promises in dry-run mode (-n), the user does not need
 2981 	to put binaries in WORKDIR/bin. For example, non-privileged users can verify root
 2982 	policies.
 2983 
 2984 	Source control revision added in version string if run in verbose mode
 2985 	(e.g. "cf-promises -vV"). This needs some refining, uses revision of a header now.
 2986 
 2987 	New semantics in return values of list functions. Null values are now allowed
 2988 	and there is no iteration over empty lists. The value "cf_null" is reserved for
 2989 	use as a null iterator.
 2990 
 2991 3.0.5p1
 2992 	Showing paths allowed/denied access to when cf-serverd is run in verbose mode.
 2993 	Bug in server fixed for dynamic addresses.
 2994 	File handle closure bugfix - too many open databases.
 2995 	Seg fault in mount files fix.
 2996 	Twin used in cf-execd without checking.
 2997 	Check_root set wrong directory permissions at source not destination.
 2998 	Error message degraded in body definition.
 2999 	Undefined body not warned as error.
 3000 	Various build enahncements.
 3001 	Package_list_update called only once per manager, and fixed crash.
 3002 	Version number bug in packages.
 3003 
 3004 3.0.5
 3005 	Encryption problems fixed - client key buffer was uninitialized.
 3006 
 3007 	Classes-promisers are now automatically canonified when class
 3008 	strings are defined, to simplifying the use of variables in classes.
 3009 
 3010 	New scalars sys.cf_version and sys.nova_version that hold Cfengine version information.
 3011 
 3012 	Attribute package_delete_convention added, to allow customizable
 3013 	package name in delete command during update.
 3014 
 3015 	package_list_update_ifelapsed limit added.
 3016 
 3017 	Private variable $(firstrepo) is available in package_name_convention
 3018 	and package_delete_convention in order to expand the full path to
 3019 	a package, which is required by some managers.
 3020 
 3021 	Some of the threading code is rewritten and made more robust. This includes
 3022 	synchronizing access to the lastseen database from the server.
 3023 
 3024 	Bad initialization of BSD flags fixed
 3025 	Multiple variable expansion issues in control fixed for server and agent
 3026 	Allow ignore_missing_bundles to affect methods: bundles too
 3027 	Run agent trust dialogue fixed
 3028 
 3029 	Bug in CPU monitoring, increasing time scale caused linear decay
 3030 	of CPU measurement.
 3031 
 3032 	Bug in Setuid log storage, fix.
 3033 
 3034 	Hooks added for new Nova virtualization promises.
 3035 
 3036 	Multithreading mutex failed to collide during cfservd leading to dropped authentication under heavy load.
 3037 
 3038 
 3039 3.0.4
 3040 	Class cancellation in promises to create better class feedback,
 3041 	allows emulation of switch/case semantics etc
 3042 
 3043 	Value of SA measurement promises
 3044 
 3045 	Special function getenv() which returns the contents of an
 3046 	environment variable (on all platforms).
 3047 	New function translatepath for generic Windows
 3048 	New function escape() to escape literals as regular expressions (like SQL)
 3049 	New function host2ip for caching IP address lookup
 3050 	New function regextract for setting variables with backreferences
 3051 
 3052 	New variables for the components $(sys.cf_agent), $(sys.cf_know) etc
 3053 	pointing to the binaries.
 3054 
 3055 	More robust integrated database implementation; closing all
 3056 	handles when receiving signals, self-healing on corruption.
 3057 
 3058 	Package installation on localhost without a manager like yum completed,
 3059 	multiple repositories searched, and universal methods.
 3060 
 3061 	Numerous bugfixes
 3062 
 3063 
 3064 3.0.3
 3065 	sha256 .. new hashes in openssl included in syntax tree.
 3066 
 3067 	End of line autocropping in readfile (hopefully intelligent)
 3068 
 3069 	hashmatch function incorrectly implemented - old debugging code left behind. Fix.
 3070 
 3071 	sys.crontab variable
 3072 
 3073 	Unknown user is now interpretated as "same user", so that we give cfengine a chance to
 3074 	fix
 3075 
 3076 	Unregistered addresses no longer report "(Non registered IP)", but return as the address
 3077 	itself when doing reverse lookups.
 3078 
 3079 3.0.2
 3080 	IMPORTANT: Change in normal ordering of editing. replace comes
 3081 	after insert lines Much testing and minor bug fixing
 3082 
 3083 	Memory leaks fixed
 3084 	Many hooks added for Nova enterprise extensions.
 3085 
 3086 	promise_output reports now placed in WORKDIR/reports directory
 3087 
 3088 	Initialization correction and self-correx in monitord
 3089 
 3090 	Many new body constraints added.
 3091 
 3092 	Code readied for enterprise version Nova.
 3093 
 3094 	-b option can override the bundlesequence (must not contain parameters yet)
 3095 
 3096 	collapse_destination_dir option added to copy so that files can be
 3097 	aggregated from subdirectories into a single destination.
 3098 
 3099 	Preparation for release:
 3100 	unit_accessed_before.cf           x
 3101 	unit_accumulated_time.cf          x
 3102 	unit_acl.cf                       x
 3103 	unit_acl_generic.cf               x
 3104 	unit_ago.cf                       x
 3105 	unit_arrays.cf                    x
 3106 	unit_backreferences_files.cf      x
 3107 	unit_badpromise.cf                x
 3108 	unit_badtype.cf                   x
 3109 	unit_bsdflags.cf                  x
 3110 	unit_cf2_integration.cf           x
 3111 	unit_changedbefore.cf             x
 3112 	unit_change_detect.cf             x
 3113 	unit_chdir.cf                     x
 3114 	unit_classes_global.cf            x
 3115 	unit_classmatch.cf                x
 3116 	unit_classvar_convergence.cf      x
 3117 	unit_compare.cf                   x
 3118 	unit_controlclasses.cf            x
 3119 	unit_control_expand.cf            x
 3120 	unit_copy.cf                      x
 3121 	unit_copy_edit.cf                 x
 3122 	unit_copylinks.cf                 x
 3123 	unit_createdb.cf                  x
 3124 	unit_create_filedir.cf            x
 3125 	unit_definitions.cf               x
 3126 	unit_deletelines.cf               x
 3127 	unit_disable_and_rotate_files.cf  x
 3128 	unit_dollar.cf                    x
 3129 	unit_edit_column_files.cf         x
 3130 	unit_edit_comment_lines.cf        x
 3131 	unit_edit_deletenotmatch.cf       x
 3132 	unit_edit_insert_lines.cf         x
 3133 	unit_edit_insert_lines_silly.cf   x
 3134 	unit_edit_replace_string.cf       x
 3135 	unit_edit_sectioned_file.cf       x
 3136 	unit_edit_setvar.cf               x
 3137 	unit_edit_triggerclass.cf         x
 3138 	unit-env.cf                       x
 3139 	unit_epimenides.cf                x
 3140 	unit_exec_args.cf                 x
 3141 	unit_execd.cf                     x
 3142 	unit_exec_in_sequence.cf          x
 3143 	unit_execresult.cf                x
 3144 	unit_expand.cf                    x
 3145 	unit_failsafe.cf                  x
 3146 	unit_file_change_detection.cf     x
 3147 	unit_fileexists.cf                x
 3148 	unit_file_owner_list_template.cf  x
 3149 	unit_fileperms.cf                 x
 3150 	unit_filesexist2.cf               x
 3151 	unit_filesexist.cf                x
 3152 	unit_getgid.cf                    x
 3153 	unit_getindices.cf                x
 3154 	unit_getregistry.cf               x
 3155 	unit_getuid.cf                    x
 3156 	unit_global_list_expansion_2.cf   x
 3157 	unit_global_list_expansion.cf     x
 3158 	unit_groupexists.cf               x
 3159 	unit_hash.cf                      x
 3160 	unit_hashcomment.cf               x
 3161 	unit_hashmatch.cf                 x
 3162 	unit_helloworld.cf                x
 3163 	unit_hostrange.cf                 x
 3164 	unit_intarray.cf                  x
 3165 	unit_iprange.cf                   x
 3166 	unit_irange.cf                    x
 3167 	unit_isdir.cf                     x
 3168 	unit_islink.cf                    x
 3169 	unit_isnewerthan.cf               x
 3170 	unit_isplain.cf                   x
 3171 	unit_isvariable.cf                x
 3172 	unit_iteration.cf                 x
 3173 	unit_knowledge_txt.cf             x
 3174 	unit_lastnode.cf                  x
 3175 	unit_ldap.cf                      x
 3176 	unit_linking.cf                   x
 3177 	unit_literal_server.cf            x
 3178 	unit_locate_files_and_compress.cf x
 3179 	unit_log_private.cf               x
 3180 	unit_loops.cf                     x
 3181 	unit_measurements.cf              x
 3182 	unit_method.cf                    x
 3183 	unit_method_validate.cf           x
 3184 	unit_module_exec_2.cf
 3185 	unit_module_exec.cf
 3186 	unit_mount_fs.cf                  x
 3187 	unit_neighbourhood_watch.cf       x
 3188 	unit_null_config.cf               x
 3189 	unit_occurrences.cf               x
 3190 	unit_ordering.cf                  x
 3191 	unit_package_apt.cf               x
 3192 	unit_package_hash.cf              x
 3193 	unit_package_rpm.cf               x
 3194 	unit_package_yum.cf               x
 3195 	unit_package_zypper.cf            x
 3196 	unit_parallel_exec.cf             x
 3197 	unit_pathtype.cf                  x
 3198 	unit_pattern_and_edit.cf          x
 3199 	unit_peers.cf                     x
 3200 	unit_postfix.cf                   x
 3201 	unit_process_kill.cf              x
 3202 	unit_process_matching2.cf         x
 3203 	unit_process_matching.cf          x
 3204 	unit_process_signalling.cf        x
 3205 	unit_readlist.cf                  x
 3206 	unit_readtcp.cf                   x
 3207 	unit_regarray.cf                  x
 3208 	unit_registry.cf                  x
 3209 	unit_regline.cf                   x
 3210 	unit_reglist.cf                   x
 3211 	unit_remove_deadlinks.cf          x
 3212 	unit_rename.cf                    x
 3213 	unit_report_state.cf              x
 3214 	unit_reporttofile.cf              x
 3215 	unit_returnszero.cf               x
 3216 	unit_select_mode.cf               x
 3217 	unit_select_region.cf             x
 3218 	unit_selectservers.cf             x
 3219 	unit_select_size.cf               x
 3220 	unit_server_copy_localhost.cf     x
 3221 	unit_server_copy_remote.cf        x
 3222 	unit_server_copy_purge.cf         x
 3223 	unit_splitstring.cf               x
 3224 	unit_sql.cf                       x
 3225 	unit_storage.cf                   x
 3226 	unit_strcmp.cf                    x
 3227 	unit_stringarray.cf               x
 3228 	unit_syslog.cf                    x
 3229 	unit_template.cf                  x
 3230 	unit_tidy_all_files.cf            x
 3231 	unit_user_edit.cf                 x
 3232 	unit_user_edit_method.cf          x
 3233 	unit_userexists.cf                x
 3234 	unit_varclass.cf                  x
 3235 	unit_vars.cf                      x
 3236 	unit_warnifline.cf                x
 3237 	unit_webserver.cf                 x
 3238 
 3239 
 3240 3.0.1
 3241 	First standalone release, independent of cfengine 2
 3242 	Purge old definitions and check consistency.
 3243 
 3244 	NB: changed search_mode to be a list of matching values
 3245 
 3246 	Reporting rationalized in cf-promises with -r only to avoid
 3247 	leaving output files everywhere.
 3248 
 3249 	Hooks added for upcoming commercial additions to cfengine.
 3250 
 3251 	Added classify() and hostinnetgroup() functions
 3252 	Added additional change management options for change detection
 3253 
 3254 	Package management added - generic mechanisms.
 3255 
 3256 	Limits on backgrounding added to avoid resource contention during cfengine runs.
 3257 	Image type added to cf-know.
 3258 
 3259 	New classes for quartly shifts: Morning,Afternoon,Evening,Night
 3260 
 3261 	Bug fixes in editfiles - line insertion for multiple line objects
 3262 
 3263 	Change the name of the variables and context from the monitord for
 3264 	better separation of data, and shorter names. sys -> mon
 3265 	average -> av, stddev -> dev
 3266 
 3267 	canonical name for windows changed from "nt" to "windows", also version names
 3268 	added "vista","xp" etc..
 3269 
 3270 	License notices updated for dual license editions.
 3271 
 3272 3.0.0
 3273 	First release of cfengine 3. Known omissions:
 3274 	- no support for ACLs
 3275 	- no support for packages
 3276 	- no support for interface configuration
 3277 	These will be added in the next release.