* Change bugtracker address.

	  

	- Change bugtracker address.
	  

* Change bugtracker address.

	  

	- New domain source: pound.
	  

** New operation mode: proxy

** Command line option precedence

Command line options take precedence over configuration file
statements.

** elif statement

A familiar `elif' statement is supported, e.g.:

if condition-1
  action-list-1
elif condition-2
  action-list-2
elif condition-3
  action-list-3
else
  action-list-4
fi
  
** New CONTROL statement esmtp-auth-delayed.

When set to `yes', this statement instructs Anubis to postpone ESMTP
authentication until MAIL command is issued by the client.  This
allows to change authentication credentials in the SMTP section (see
below).

** SMTP section

The new section "SMTP" is invoked each time an SMTP command
is received. This section may alter the command's argument, using the
"modify command", e.g.:

BEGIN SMTP
regex :extended
modify command [ehlo] "foo.bar.net"
if command ["mail from:"] "<(.*)>(.*)"
  modify command ["mail from:"] "<root@bar.net>\2"
fi
END

It is also allowed to use esmtp-* keywords in this section, provided
that `esmtp-auth-delayed yes' is set in the CONTROL section. Changes
in the ESMTP authentication credentials take effect if they occur
either before receiving MAIL command from the client, or when handling
this command, e.g.:

BEGIN SMTP
if command ["mail from:"] "<smith(\+.*)?@@example.net>"
  esmtp-auth-id smith
  esmtp-password guessme
else
  esmtp-auth no
fi
END

** New keywords: log-facility and log-tag

** Guile output

By default Scheme's standard error and output ports are redirected to
syslog, using priorities `err' and `warning' correspondingly.

** MySQL options file

When using MySQL for Anubis user database, the database parameters and
access credentials are read from the file /etc/my.cnf, section
"anubis".  Additionally, two URL parameters are provided:
"options-file", which sets the name of the options file, and
"options-group", which sets the name of the group.

	  

* New configuration keyword <item>_alldb

This keyword is valid for backup items of mysql type.  If dumping all
databases is requested (i.e. the <item>_database variable is not
defined), it configures whether to dump each database into a separate
file (named after it), or to dump all databases to a singe file.

* Fix restoring from remote archives
	  

Initial release.
	  

* New command line option --done (-d)

This option is a counterpart of --init and supplies a cleanup
expression, i.e. an expression that will be evaluated when the
main loop has iterated over all nodes in the tree.

* New parser: DHCPD

A parser for dhcpd.conf file.

* Drop support for Guile versions prior to 2.2.0

	  

* New option --ignore-dirnlink

Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.

* Changes in --reproducible option

The --reproducible option implies --ignore-dirlink.  In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.

* Use GNU ls algorithm for deciding timestamp format in -tv mode

* Bugfixes

** Fix cpio header verification.

** Fix handling of device numbers on copy out.

** Fix calculation of CRC in copy-out mode.

** Rewrite the fix for CVE-2015-1197.

** Fix combination of --create --append --directory.

** Fix appending to archives bigger than 2G.
	  

* Bugfixes in the gcide module

* Fix searches in the gcider utility

* Support for Python 2 has been withdrawn

	  

* Introduce compound events

The "change" event is implemented on GNU/Linux and FreeBSD.  This
event is delivered when a file was modified and closed.

* New configuration statement for manipulating the environment.

The "environ" statement is now a compound statement. It can contain
five kinds of substatements: "clear" to clear the environment, "keep"
to retain certain variables while clearing the environment, "set" to
set a variable, "unset" to unset a variable or variables, and "eval"
to evaluate a variable reference for side effects.

Both "keep" and "unset" can take globbing pattern as their argument,
in which case they affect all variables matching that pattern. 

The value part in the "set" statement is subject to variable
expansion.

The "environ" block can appear in global context as well.  In this
case it applies to all watchers.

The support for the old one-line "environ" syntax is retained for
backward compatibility.

* Variable expansion in arguments to some configuration statements.

Both macro and environment variables are expanded in arguments to all
substatements of the new "environ" block statement and in the argument
to the "command" statement.  In the latter case, expansion of the
environment variables is controlled by the "shell" option.  If the
option is set, the variable will be expanded by the shell.  Otherwise,
they are expanded by direvent prior to invoking the command.

* Rewrite the recursive watching support

In particular, this fixes the bug where recursive watchers silently
assumed that the "create" generic event was configured for the
watcher.

* Change interface for bulk closing of file descriptors

To speed up launching of the user commands, system-dependent
interfaces for closing the file descriptors above the given one are
used, if available.
	  

* Implement the terminate-instances command.
* Implement MoveAddressToVpc (addr2vpc) and RestoreAddressToClassic (addr2ec2).
* Fix rmaddr -v.
* Document chvol and lschvol commands.
* Implement ModifyVolume and DescribeVolumesModifications.

	  

* Bugfixes and organizational changes

	  

* Fix the --timeout option

	  

* Use explicit DESTROY with AUTOLOADs

	  

Initial release.

	  

Fix deadlock.
	  

* ftp

An old inability to allow other names than the canonical name has
been corrected.  This means that a machine entry in the .netrc file
will now be used as expected.  Previously any alias name was replaced
by the corresponding canonical name, before reading the .netrc file.

The internal command `hash' accepts a suffixed letter to the size
argument, like `12k', instead of 12288.  Made a minor change to the
syntax of the command itself, allowing size changes independently
of activation of hash markings.  After a transfer the summary gives
the speed as `Mbytes/s', `kbytes/s', or `bytes/s'.

The .netrc file can be overridden by the environment variable NETRC.
Of even higher precedence is the new option `-N/--netrc'.  The access
to the resulting file, whatever method, is now denied unless it is a
regular file.

* ifconfig

Better command line parsing on BSD and Solaris systems.  Touch only
changeable flags on all systems.

* logger

The ability to use numerical facilities is restored to full range.

* ping, ping6

The ability to specify a pattern as payload is corrected.

* syslogd

A new switch `-T/--local-time' makes the service ignore a time
stamp passed on by the remote host, recording instead the local
time at the moment the message was received.  As a short form of
`--pidfile', the switch `-P' is new.

In common with other syslogd implementations, rsyslogd and sysklogd,
there has for a long time existed an attack vector based on large
facility numbers, made public in CVE-2014-3684.  This is now mended
in our code base.

* telnetd

The ability to autologin a client, without using authentication,
is now functional in the expected manner, i.e., the prompt for a
user name is suppressed in favour of an immediate password prompt.

In a setting where the client is using a UTF-8 encoding, it was
common to observe strange characters in most responses.  This was
caused by the server daemon, due to incomplete purging of internal
protocol data.  The issue should now be resolved.

* whois

Improved cooperation with servers like `whois.arin.net', `whois.eu',
and `whois.ripe.net'.
	  

* Implement heartbeat event

* Add auxiliary program: ifactive

* Fix file descriptor leak

	  

* The program is installed in /usr/bin

Prior versions went to /usr/sbin, you will need to remove them
manually.

* Print /etc/issue before the prompt
* Sleep after incorrect password is input
* New options: -i (--issue), -s (--sleep), -c (--clear)
* Add a manpage
* Improve error checking and reporting
	  

* Support for keyfiles in PKCS#8 format

* Bugfixes

** Fix line numbers in MFL stack trace

** Fix printing of octal numbers (%o) in sprintf

** Fix endless loop in cname chain resolver

The bug would be triggered by cname loops that end in NXDOMAIN.

** Fix out-of-range memory access in dkim_verify

The bug would cause sporadic segmentation violations if the obtained
DNS record was invalid.
	  

* Support for Berkeley DB version 2 withdrawn

* Bugfixes
** rdcache streams: fix stream size computation
** tlsfdstr streams: fix error handling
** wordwrap streams: fix handling of overflowing lines
	  

* Appending cronjob output to a file

Output of a cronjob can be captured and appended to a disk file,
instead of sending it via email or logging it using syslog.  This is
controlled by the _MICRON_OUTFILE (global) and _JOB_OUTFILE (per-job)
built-in variables.

* New option -P FILE

Writes PID of the running process to FILE.  The file will be removed
when the program terminates.

* Option -v replaces -o

To set initial value of a built-in variable, use the "-v NAME=VALUE"
option.

* The -V option

To obtain the micrond version, use the -V option.

* Bugfixes

** Fix allocation of environment and built-in variables defined in crontabs.
	  

* Minor fixes in mysqlstat-setup
* Provide default values for NULL columns
	  

First actual release.

	  

* pam_fshadow: skip-password option

Based on the proposal of Mirsad Goran Todorovac, the new option
skip-password instructs pam_fshadow to check whether the user
being authenticated is present in the passwd and/or shadow files,
without verifying his password.  This way pam_fshadow can be used as
an auxiliary module in the stack, actual authentication being
performed by one of the modules before it.
	  

* New configuration keywords

** sigterm SIG

Available for use in "component" sections.  This statement defines
signal which pies should send to the running component instance in
order to terminate it.  Defaults to SIGTERM.

* Fix the component shutdown sequence

The shutdown sequence is determined taking into account dependencies
between components, so that all dependent components are stopped
before their prerequisite components.

* Fallback log file

Fallback log file is a place where pies writes out of band log messages,
i.e. messages about not being able to open syslog socket or send logs
to it.  Regular log messages are diverted to this file if syslog was
requested, but cannot be used because of a permanent error.

* Bugfixes

** Fix piesctl config reload

** Fix configuration preprocessing.

** Varios fixes in REST API server.
	  

* Fix handing of the Connection: HTTP handler (both server and client)
	  

* Support for libpcre2-posix

* Fix coredump on -c -v

* poundctl: ignore empty lines in pound.cfg
	  

* Configuration file raddb/config

The syslog statement takes an optional 4th argument specifying syslog
tag to use, e.g.:

    channel default {
	    syslog local1.info radiusd;
    };

* New attributes

** GNU-Server-Address

Holds IP address of the RADIUS server that recieved the
request. Notice, that the value of this attribute is "0.0.0.0" if
there are no `listen' statement in your `raddb/config'.
    
** GNU-Server-Port

Holds UDP port number of the RADIUS server that recieved the request.

* Automake function AM_GNU_RADIUS is provided, for checking if
GNU Radius is installed from configure.ac scripts.

* Guile support requires Guile version 1.8 or later.

* Bugfixes
** Pass NAS-IP-Address to mlc_stop_query	
	
	  

* Hostgroup stack

Rex now maintains a stack of hostgroups.  Once you push a hostgroup
name on stack, that hostgroup will be used by any subsequent rex
command, unless it is given the -g option.  The new command "group"
(see below) provides ways to pop items off the stack, swap arbitrary
element with the top of stack, select new hostgroups on the fly, etc.

* New command: rex group

The "rex group" command has the following forms:

  rex group push GROUP
    Push GROUP on stack.

  rex group pop
    Pop the topmost group off the stack.

  rex group swap N
    Exchange top of the stack with the Nth element (0-based).

  rex group drop N
    Remove Nth element from the stack.

  rex group select COMMAND ARGS...
    Create on top of the stack a temporary group that contains
    those hosts from the current hostgroup where the supplied
    shell command returns success, i.e. exits with code 0.

  rex group show
    List the contents of the hostgroup stack.

* Add configuration function for overriding PTR records from rc files
	  

* Syslog support

New option '-S FACILITY' switches diagnostic output to the given
syslog facility.

	  

* Fix invalid memory addressing in remopt command

* Fix building with flex >= 2.6.1 (EOF check)
	  

* Support for Slackware 15.0
	  

* Support SNMPv3
* Default SNMP version is 2c
* Use newer Grecs
* Drop unneeded dependencies
* Variable assignments in expressions
* Detection of SNMP counter overflows
* Comma operator
* Support for indexed MIBs

This feature allows you to use symbolic names instead of the fixed MIBs
for MIBs that are part of SNMP subtrees.  For example, to get number of
packets sent over eth0 into variable "out", you would do the following:

    table iftable IF-MIB::ifDescr;
    variable out "IF-MIB::ifOutUcastPkts.$iftable[eth1]";

The first statement converts the subtree into a "table" named "iftable".
The second statement references an entry in this table that has
the value "eth1".  For example, if the SNMP tree has the following MIB

    IF-MIB::ifDescr.10: eth0

then the expression "$iftable[eth]" yields "10"

* Assertion syntax changed.

The assertion statement takes a single argument, which must be a
string consisting of the following three parts:

   <oid: string> [!]<opcode>[/i] <value: string>

The <opcode> part can be either an arithmetical operator (=, <, <=, >,
>=), or any of the following string operators:

    eq          string equality
    ne          string inequality
    prefix      oid value must begin with <value>
    suffix      oid value must end with <value>
    glob        <value> is a glob(7) pattern that oid value must match
    
Each of these can be suffixed with "/i" to request case-insensitive comparison.

A "!" in front of opcode reverts its meaning.   

The <value> part must not include the type prefix.

	  

* Support for Guile 2.2

* Bugfixes

* Improved testsuite

	  

Initial release.

	  

* Handling of control characters in syslog messages

If the message text contains ASCII control characters (ASCII 0 to 31),
these are replaced with their "caret notation", i.e. a caret
character followed by the character value XORed with 0100.  Thus,
horizontal tabulation (ASCII 9) becomes ^I, carriage return
(ASCII 13) becomes ^M, etc.  By default the newline character is
exempt from this translation.  Instead, it is substituted with
horizontal space (ASCII 32).

The "-Wcontrol_chars=MODE" option can be used to alter this
processing. Possible values for MODE are:

 caret
    Replace all control characters with their caret notation.  The newline
    character is represented as ^J.

 caretnl
    The default algorithm as described above.

 octal
    Replace control characters with their octal representation.

 raw
    Reproduce control characters verbatim.

* New option -s: set input buffer size

The -s option changes the default input buffer size.  Its argument is
the desired size in bytes.  For UDP input, values of up to 4096 are
allowed.  The default is 1024.

* New output channel: pri:///DIR

  Distributes messages to two disk files located in directory DIR.
  The name of the file to write to is selected depending on the message
  severity.  Messages with severity greater than LOG_ERR are directed
  to file "1" ("out" file), messages with severity less than or equal
  to LOG_ERR are directed to file "2" ("err" file).

  This channel understands the following parameters:

    severity=SEVERITY
       Gives name of the delimiter severity.  Messages with severity
       less than or equal to that value will be directed to "err" file.
       (DIR/2, by default).

    errfile=NAME
       Sets the name of the "err" file.

    outfile=NAME
       Sets the name of the "out" file.

    prio=none|keep|decode
       Controls whether and how the message priority is reflected on
       the output.  See the channel "file:" for details.

  Default settings correspond to:

      -Wseverity=err -Werrfile=2 -Woutfile=1 -Wprio=none
	  

* tallyman: if passed empty service ID, don't attempt to contact the collector

	  

* Fix extraction over pipe (savannah bug #60002)

* Fix memory leak in read_header (savannah bug #59897)

* Fix extraction when . and .. are unreadable

See https://lists.gnu.org/archive/html/bug-tar/2021-01/msg00012.html

* Gracefully handle duplicate symlinks when extracting

See https://lists.gnu.org/archive/html/bug-tar/2021-01/msg00026.html

* Re-initialize supplementary groups when switching to user privileges
	  

Rewrite as a stand-alone snmpd agent.

	  

* New configuration statement: sentinel

The "sentinel" statement declares the name of a file which, when
present in the destination directory, informs vcsync that this
directory is exempt from the normal synchronization process.  The
presense of the sentinel file is an indication that the destination
directory is updated by other means.

* Full documentation added

	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
* Drop support for Varnish versions prior to 6.0.0.
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

Fix handling of archivation requests.

	  

* Fix parsing of po header fields

* Use the Language header instead of Language-Team.

Support for Language-Team and language tables is retained for
backward compatibility.

* Organizational change: repository moved to git

The repository along with links for cloning can be viewed online at
http://git.gnu.org.ua/cgit/wyslij-po.git.

See https://puszcza.gnu.org.ua/git/?group=wyslij-po for instructions.
	  

* Diagnostic directives: $$warning and $$error

The $$warning directive emits warning message.  It does not alter exit
status in any way.

The $$error directive reports a fatal error and sets exit status to
65.

After both directives, processing is resumed at the next line.

* $$exit

New directive $$exit causes immediate termination of the program.
Decimal exit code may be supplied as argument.

* New directive: $$eval

The text between $$eval and $$end is expanded and the resulting
expansion is scanned again, producing the actual output.  This makes
it possible to create variable names on the fly and get their values.
Useful in loops, e.g.:

  $$loop I 0 1 2 3 4 5 6 7
  $$  eval
  \$\$ ifset VAR_$I
  Expand \$VAR_$I;
  \$\$ endif
  $$ end
  $$end

* Bugfixes

** Fix closing the $$range loop.