** New operation mode: proxy

** Command line option precedence

Command line options take precedence over configuration file
statements.

** elif statement

A familiar `elif' statement is supported, e.g.:

if condition-1
  action-list-1
elif condition-2
  action-list-2
elif condition-3
  action-list-3
else
  action-list-4
fi
  
** New CONTROL statement esmtp-auth-delayed.

When set to `yes', this statement instructs Anubis to postpone ESMTP
authentication until MAIL command is issued by the client.  This
allows to change authentication credentials in the SMTP section (see
below).

** SMTP section

The new section "SMTP" is invoked each time an SMTP command
is received. This section may alter the command's argument, using the
"modify command", e.g.:

BEGIN SMTP
regex :extended
modify command [ehlo] "foo.bar.net"
if command ["mail from:"] "<(.*)>(.*)"
  modify command ["mail from:"] "<root@bar.net>\2"
fi
END

It is also allowed to use esmtp-* keywords in this section, provided
that `esmtp-auth-delayed yes' is set in the CONTROL section. Changes
in the ESMTP authentication credentials take effect if they occur
either before receiving MAIL command from the client, or when handling
this command, e.g.:

BEGIN SMTP
if command ["mail from:"] "<smith(\+.*)?@@example.net>"
  esmtp-auth-id smith
  esmtp-password guessme
else
  esmtp-auth no
fi
END

** New keywords: log-facility and log-tag

** Guile output

By default Scheme's standard error and output ports are redirected to
syslog, using priorities `err' and `warning' correspondingly.

** MySQL options file

When using MySQL for Anubis user database, the database parameters and
access credentials are read from the file /etc/my.cnf, section
"anubis".  Additionally, two URL parameters are provided:
"options-file", which sets the name of the options file, and
"options-group", which sets the name of the group.

* Fix threshold calculation in the cleaner module.
* Refuse to start if another copy is already running.

* New command line option --init (-i)

* New format flags: down=N, child=S, sibling=S

* New guile primitives:

- (grecs-node-ident-locus node [full])

Returns the location of the node's identifier.  See below for the meaning
of [full].

- (grecs-node-value-locus node [full])

Returns the location of the node's value.

* Full vs. simplified locations.

There are two flavors of source locations: simplified and full ones.  A
simplified location consists of a file name and line number.  When returned
from a Guile primitive, they are packed in a cons.  A simplified location
shows an approximate location of the object in the configuration file.

A full location provides the exact location of the object.  It consists of
a pair of triplets, which mark the beginning and end of the object.  Each
triplet consists of a file name, line number and column number.  When 
returned from a Guile primitive, each triplet is represented as a list of 
three elements and both triplets are packed in a cons, the start location 
being its car, and the end location being its cdr.

The three functions that return node locations, grecs-node-locus,
grecs-node-ident-locus and grecs-node-value-locus, return simplified
locations by default.  If #t is supplied as the optional second
argument, these functions return full locations.

* Improved documentation.
* Manpages are installed by make install.
* New options for copy-out mode:

** --ignore-devno
Store 0 in the device number fields, instead of the actual device
number.

** --renumber-inodes
Renumber inodes when storing them in the archive.

** --device-independent or --reproducible
Create reproducible archives.  This is equivalent to 
--ignore-devno --renumber-inodes.

* Fix out-of-boundary memory access in metaphone2 encoder

* Fix eventual access to freed memory block

* Rewrite utf8_iterator to work with non zero terminated strings.

* Fix the build on OpenBSD

* Globbing patterns in #include statement

If argument to the #include statement contains wildcard characters (*, [,
], or ?), it is interpreted as shell globbing pattern and all files
matching that pattern are included, in lexicographical order.  If no
matching files are found, the directive is replaced with an empty
line.

* New watcher option 'shell'

The 'shell' option causes watcher command to be executed via
'/bin/sh' (by default it is invoked directly, using the 'execve'
function).  For example:

  watcher {
     path "/etc/httpd/vhosts";
     command "/usr/bin/scanhosts && service httpd restart";
     option (shell);
  }

* Include path

If the argument to the #include (#include_once) statement is not an
absolute file name or globbing pattern, it is looked up in the include
search path.  The order of look up is as follows.  First, directories 
given with '-I' options (see below) are scanned, in the same order as
given on the command line.  If no matching file is found in any of
them, directories in the standard include search path are scanned.

By default, the standard include search path contains two directories:
'$(pkgdatadir)/$(VERSION)' and '$(pkgdatadir)/include', where
$(pkgdatadir) and $(VERSION) stand for the package data directory, and
package version, correspondingly.  It can be redefined at compile time using
the '--with-include-path' to configure, e.g.:

 ./configure --with-include-path='$(sysconfdir)/direvent.d:$(pkgdatadir)/$(VERSION):$(pkgdatadir)/include'

(see the file INSTALL, section "Building and Configuring", for a
detailed discussion of this option).
 
To inspect the actual path at runtime, run 'direvent --help',
and look for the string 'Include search path:' in its output.
  
* New command line option -I (--include)

The '-I DIR' command line option adds DIR to the include search path.
When looking for include files, directories given with '-I' options
are scanned first.  If the file is not found, the directories in the
standard include path are scanned.

* Exponential backoff with jitter

If AWS responds with a RequestLimitExceeded code, eclat retries the
request using exponential backoff with jitter algorithm. The algorithm
is controlled by two values: max-retry-interval and total-retry-timeout.
When the RequestLimitExceeded error is returned, eclat will sleep for
2 seconds and then retry the request. For each subsequent
RequestLimitExceeded error, it will calculate the timeout using the
following formula:

   t = rand(0, min(M, 2 ** N)) + 1

where N is the attempt number, M is the value of max-retry-interval
parameter, 'rand(a,b)' selects the integer random number X such that
0 <= X <= b, and '**' denotes the power operator. The attempts to resend
the request will continue until either a response other than
RequestLimitExceeded is received (be it a response to the query or
another error response), or the total time spent in the retry loop
becomes equal to or greater than total-retry-timeout, whichever occurs
first.

* VPC Support

The following new commands provide full support for manipulating
the EC2 VPC objects:

 lsvpc	        describe-vpcs
 lsvpcattr      describe-vpc-attribute
 mkvpc          create-vpc
 setvpcattr     modify-vpc-attribute
 rmvpc          delete-vpc

* Route table support

The following new commands provide full support for manipulating
the EC2 Route Table objects:

 assocrtab      AssociateRouteTable
 mkrtab         CreateRouteTable
 rmrtab         DeleteRouteTable
 lsrtab         DescribeRouteTables
 disasrtab      DisassociateRouteTable

* Route support

The route subcommand allows you to add, delete and modify routes in
route tables.

** Create route:

 eclat route rtb-12345678 add CIDR gw ID

** Delete route:

 eclat route rtb-12345678 del CIDR

** ReplaceRoute

 eclat route rtb-12345678 repl CIDR gw ID
 
* Subnet support

The following new commands provide full support for manipulating
the EC2 Subnet objects:

 mksubnet       create-subnet 
 rmsubnet       delete-subnet
 lssubnet       describe-subnets
 setsubnetattr  modify-subnet-attribute

* Internet Gateway support
 
The following new commands provide full support for manipulating
the EC2 Internet Gateway objects:

 lsigw          describe-internet-gateways
 mkigw          create-internet-gateway
 rmigw          delete-internet-gateway
 atigw          attach-internet-gateway
 deigw          detach-internet-gateway

Initial release.

* Implement heartbeat event

* Add auxiliary program: ifactive

* Fix file descriptor leak

* The program is installed in /usr/bin

Prior versions went to /usr/sbin, you will need to remove them
manually.

* Print /etc/issue before the prompt
* Sleep after incorrect password is input
* New options: -i (--issue), -s (--sleep), -c (--clear)
* Add a manpage
* Improve error checking and reporting

* The --callout-socket option

New option --callout-socket=URL instructs mailfromd to use URL to pass
callout requests to the callout server listening on URL. It is
equivalent to the callout-url configuration statement, which it
overrides.

This option is used by mtasim to avoid clobbering the existing callout
sockets when starting new mailfromd instance.

* NS lookup NFL functions

This release implements the following new MFL functions:

number primitive_hasns (string DOM)
  Returns 1 if the domain DOM has at least one NS record and 0
  otherwise. Throws an error if DNS lookup fails.

require 'dns'
number hasns (string DOM)
  Same as above, but returns 0 on DNS lookup failures.

string getns (string DOM ; number RESOLVE, number SORT)

  Returns a whitespace-separated list of all the NS records for
  the domain DOM. If optional parameter RESOLVE is 1, the returned list
  contains IP addresses. Optional SORT controls whether the entries are
  sorted.

* Bugfixes
** Callout functions return true on checking the null return address (<>)
** Arguments in transaction between mailfromd and calloutd are quoted
** Avoid false failures in testsuite due to libadns warnings
** configure --with-dbm=T accepts any T supported by mailutils
** The 'dbdel' built-in silently ignores non-existing keys

* Rewrite mailcap (RFC1524) support

* imap4d: SEARCH command

** Implemented SEARCH CHARSET

This requires libiconv and libunistring.

** Improved SEARCH BODY and SEARCH TEXT commands

Both commands now properly descend into multipart message parts and
decode messages, if necessary.

* Fixes in the 'mail' utility

** New mailbox notation @

@ can be used with any command requring a mailbox name to refer to the
file given with the -f option.

** Sender addresses in message sets

Arbitrary string in message set is treated as sender address. It
expands to all messages whose sender addresses as displayed in a header
summary match the string.

** showenvelope

With the showenvelope variable set, mail incorrectly displayed
envelope on the stdout, instead of using the current output stream.

** pipe command

Last argument always specifies the command to pipe messages to.

** echo command

The echo command behaves similarly to its shell equivalent. In
particular, variable and command expansions are performed.

** fixed / and :/ searches in message sets

** Fix and improve argument completion

** Don't print original file name, use postprocessed URL representation

The original file name might contain passwords (if it refers to a
remote mailbox).

** Improve folder handling and name expansion

** Fix header display after deletions

* Fixes in IMAP client library

** Speed up opening IMAP mailboxes

Initial scan of an imap mailbox retrieves, among other data, message headers.
This considerably speeds up the operation of such tools as mail
(initial loading), frm or from.

** handle EXPUNGE response

This fixes interoperation with Dovecot imap daemon.

** fix incorporation of new messages

* Improved documentation

Initial release.

* Add README, improve meta-data

First actual release.

* Add missing symbol

pam_innetgr lacked pam_sm_setcred

* SysV-style Init 

GNU Pies can now be used as init process daemon - the first process
started during booting.  The configuration can be supplied both as
a traditional /etc/inittab file or as a native GNU Pies configuration
file.  The control interface provides extensive monitoring and
management capabilities.

* Control interface

The running GNU Pies instance can be queried and reconfigured on the
fly via a TCP socket (either UNIX or INET).  Special utility, piesctl,
is included, which provides  command line interface for inspecting
the state of components, reloading configuration (including addition
or removal of configuration files on the fly), stopping and restarting
components, etc.

* Changes in configuration

Two new flags are provided:

- siggroup

This flag instructs pies to send termination signal to the process
group of the process being stopped.

- nullinput

Do not close standard input.  Redirect it from /dev/null
instead.   Use this option with commands that require their standard
input to be open (e.g. pppd nodetach).

** String concatenation

The adjacent string concatenation feature proved to create more
problems than solutions (in particular, with the "env" statement)
and was removed.

* Configuration file raddb/config

The syslog statement takes an optional 4th argument specifying syslog
tag to use, e.g.:

    channel default {
	    syslog local1.info radiusd;
    };

* New attributes

** GNU-Server-Address

Holds IP address of the RADIUS server that recieved the
request. Notice, that the value of this attribute is "0.0.0.0" if
there are no `listen' statement in your `raddb/config'.
    
** GNU-Server-Port

Holds UDP port number of the RADIUS server that recieved the request.

* Automake function AM_GNU_RADIUS is provided, for checking if
GNU Radius is installed from configure.ac scripts.

* Guile support requires Gule version 1.8 or later.

* Bugfixes
** Pass NAS-IP-Address to mlc_stop_query	
	

* rushlast and rushwho

Select the most suitable time representation for the duration field,
depending on the requested width.

* chroot handling

If chroot is requested, re-read the password database after chrooting.

* Supplementary user groups

Set supplementary groups when switching to user privileges.

* Change provisions for interactive shell usage

Interactive rules are marked with the keyword "interactive".  Only
such rules are considered when rush is invoked without the -c option.
The support of the old (global) "interactive" keyword is discontinued.

* The env statement

The env statement can contain references to the unmodified environment
variables.  E.g. this is now valid:

  env PATH=/sbin:$PATH

* Testsuite is provided
  
* Minor fix in TXPMUX code.

* Fix CVE-2013-6889

* Manpages are provided

* Support SNMPv3
* Default SNMP version is 2c
* Use newer Grecs
* Drop unneeded dependencies
* Variable assignments in expressions
* Detection of SNMP counter overflows
* Comma operator
* Support for indexed MIBs

This feature allows you to use symbolic names instead of the fixed MIBs
for MIBs that are part of SNMP subtrees.  For example, to get number of
packets sent over eth0 into variable "out", you would do the following:

    table iftable IF-MIB::ifDescr;
    variable out "IF-MIB::ifOutUcastPkts.$iftable[eth1]";

The first statement converts the subtree into a "table" named "iftable".
The second statement references an entry in this table that has
the value "eth1".  For example, if the SNMP tree has the following MIB

    IF-MIB::ifDescr.10: eth0

then the expression "$iftable[eth]" yields "10"

* Assertion syntax changed.

The assertion statement takes a single argument, which must be a
string consisting of the following three parts:

   <oid: string> [!]<opcode>[/i] <value: string>

The <opcode> part can be either an arithmetical operator (=, <, <=, >,
>=), or any of the following string operators:

    eq          string equality
    ne          string inequality
    prefix      oid value must begin with <value>
    suffix      oid value must end with <value>
    glob        <value> is a glob(7) pattern that oid value must match
    
Each of these can be suffixed with "/i" to request case-insensitive comparison.

A "!" in front of opcode reverts its meaning.   

The <value> part must not include the type prefix.

* new module: ldap

* mailutils: Requires 2.99.98 or later

* Fix the use of --checkpoint without explicit --checkpoint-action

* Fix extraction with the -U option

See http://lists.gnu.org/archive/html/bug-tar/2019-01/msg00015.html,
for details

* Fix iconv usage on BSD-based systems

* Fix possible NULL dereference (savannah bug #55369)

* Improve the testsuite

Rewrite as a stand-alone snmpd agent.

* Minor change

* Support for Varnish 6.0.2

* req.http.X-VMOD-DBRW-Error

This header is set to 1 by dbrw.rewrite to indicate that an error
occurred during the rewrite.

* New flags: regex and eq

One of this flags can appear in the fourth column of the returned data
set. The 'eq' flag instructs dbrw.rewrite to use exact string match,
instead of regular expressions. The 'regex' flag instructs it to use
regular expression matching. It is the default.

* Improve error handling in mysql submodule

Previously, error codes ER_PARSE_ERROR and ER_EMPTY_QUERY were treated
as permanent conditions, causing mysql connection to be closed and
disabled. This is no longer the case, as they both can well mean a
transient condition (e.g. ER_PARSE_ERROR returned for the 'Illegal mix
of collations' error).

* Support for Varnish 6.0.2

* Support for Varnish 6.0.2

* Support for Varnish 6.0.2

* Implements upload protocol version 1.2

* Input file locations include start and end columns.

* When available, uses inotify(7) to watch the input spools.

The use of inotify allows wydawca to act immediately upon finished
uploads without the need of external notifications.  This makes the
TCP-based notification unnecessary on GNU/Linux systems.

* Requires Mailutils 3.4

* The "periodic" subcommand

The new subcommand "periodic" is responsible for maintaining the job database.
It finishes up pending glacier jobs, dowloading the results (both inventory
listings and requested files) and removes expired jobs. It should be run as a
cronjob.

* When run on an EC2 instance, credentials can be obtained from the EC2 metadata

* Directory validity is controlled using the LastInventoryDate field

Implements restart mode.

The restart mode is a special feature of sentinel mode, controlled by
the new options --restart-on-exit and --restart-on-signal. In this
mode genrc will restart the subsidiary program if it exits with a
predefined status code or terminates on a predefined signal. Use this
feature to ensure the service provided by the program controlled by
genrc won't get terminated because of hitting a bug or encountering an
unforeseen external condition.

For example:

  genrc --command=COMMAND \
        --sentinel \
	--restart-on-exit='!0' --restart-on-signal='!TERM,QUIT' start

This will ensure that the COMMAND will be restarted immediately after
it terminates, unless it exits with the status 0 or terminates on
SIGTERM or SIGQUIT.

        - Support for multiple 'source' statements.

	- Prefer apachectl over invoking httpd directly.

* Fix cyclic inclusion detection