* New configuration keyword <item>_alldb

This keyword is valid for backup items of mysql type.  If dumping all
databases is requested (i.e. the <item>_database variable is not
defined), it configures whether to dump each database into a separate
file (named after it), or to dump all databases to a singe file.

* Fix restoring from remote archives
	  

* Licensed under GPLv3 or later.

* mixal

** Location of listing file

By default, mixal creates listing file in the current working directory.

* mixsim

** The .mixsim file
When started in terminal mode, the utility searches for file `.mixsim'
in the current working directory and reads it, if present. The file
may contain any mixsim commands.

** The set of terminal commands is improved to make it compatible with GDB.

** New command, PASSCOUNT
Set the number of crossings after whcih to clear the breakpoint.

** Removed optional second argument to BREAK.
The functionality of `BREAK <ADDR> <COUNT>' is now obtained by two
commands:

BREAK <ADDR>
PASSCOUNT <N> <COUNT>

** New command DELETE.
An alias to CLEAR.

** New command IGNORE
Sets the number of hits to ignore before enabling the breakpoint.

** New commands ENABLE and DISABLE
Enable or disable the breakpoint with the given number.

** New command RUN
It is an alias for GO.

** New command SOURCE
Execute a file of mixsim commands.

** New command ADDRESS.
This command takes as its argument a breakpoint manipulation command
(DELETE, IGNORE, ENABLE, DISABLE, PASSCOUNT) with arguments
appropriate for the associated command.  However, the first argument
of the corresponding command is treated as MIX address, instead of a
breakpoint number.

** New command INFO.
An alias to LIST.

** New command SHELL.
Executes a subordinate shell or a shell command. Abbreviated to !.

** NEXT and STEP take optional argument.
The argument, if given, specifies number of instructions to
execute. Default is 1.

** INFO BREAK takes an optional argument specifying breakpoint number to list.
If prefixed with ADDRESS, it treats the argument as a MIX location and
lists all breakpoints set on that location.

	  

* Configuration file raddb/config

The syslog statement takes an optional 4th argument specifying syslog
tag to use, e.g.:

    channel default {
	    syslog local1.info radiusd;
    };

* New attributes

** GNU-Server-Address

Holds IP address of the RADIUS server that recieved the
request. Notice, that the value of this attribute is "0.0.0.0" if
there are no `listen' statement in your `raddb/config'.
    
** GNU-Server-Port

Holds UDP port number of the RADIUS server that recieved the request.

* Automake function AM_GNU_RADIUS is provided, for checking if
GNU Radius is installed from configure.ac scripts.

* Guile support requires Guile version 1.8 or later.

* Bugfixes
** Pass NAS-IP-Address to mlc_stop_query	
	
	  

Initial release.

	  

* Use IPv6 URLs as proposed by RFC 2732

The address part of an IPv6 URL must be either an IPv6 address in
numeric notation *enclosed in square brackets* or a host name, e.g.:

  inet6://[::1]:1100

  
	  

First actual release.

	  

* Support SNMPv3
* Default SNMP version is 2c
* Use newer Grecs
* Drop unneeded dependencies
* Variable assignments in expressions
* Detection of SNMP counter overflows
* Comma operator
* Support for indexed MIBs

This feature allows you to use symbolic names instead of the fixed MIBs
for MIBs that are part of SNMP subtrees.  For example, to get number of
packets sent over eth0 into variable "out", you would do the following:

    table iftable IF-MIB::ifDescr;
    variable out "IF-MIB::ifOutUcastPkts.$iftable[eth1]";

The first statement converts the subtree into a "table" named "iftable".
The second statement references an entry in this table that has
the value "eth1".  For example, if the SNMP tree has the following MIB

    IF-MIB::ifDescr.10: eth0

then the expression "$iftable[eth]" yields "10"

* Assertion syntax changed.

The assertion statement takes a single argument, which must be a
string consisting of the following three parts:

   <oid: string> [!]<opcode>[/i] <value: string>

The <opcode> part can be either an arithmetical operator (=, <, <=, >,
>=), or any of the following string operators:

    eq          string equality
    ne          string inequality
    prefix      oid value must begin with <value>
    suffix      oid value must end with <value>
    glob        <value> is a glob(7) pattern that oid value must match
    
Each of these can be suffixed with "/i" to request case-insensitive comparison.

A "!" in front of opcode reverts its meaning.   

The <value> part must not include the type prefix.

	  

* The program is installed in /usr/bin

Prior versions went to /usr/sbin, you will need to remove them
manually.

* Print /etc/issue before the prompt
* Sleep after incorrect password is input
* New options: -i (--issue), -s (--sleep), -c (--clear)
* Add a manpage
* Improve error checking and reporting
	  

** New operation mode: proxy

** Command line option precedence

Command line options take precedence over configuration file
statements.

** elif statement

A familiar `elif' statement is supported, e.g.:

if condition-1
  action-list-1
elif condition-2
  action-list-2
elif condition-3
  action-list-3
else
  action-list-4
fi
  
** New CONTROL statement esmtp-auth-delayed.

When set to `yes', this statement instructs Anubis to postpone ESMTP
authentication until MAIL command is issued by the client.  This
allows to change authentication credentials in the SMTP section (see
below).

** SMTP section

The new section "SMTP" is invoked each time an SMTP command
is received. This section may alter the command's argument, using the
"modify command", e.g.:

BEGIN SMTP
regex :extended
modify command [ehlo] "foo.bar.net"
if command ["mail from:"] "<(.*)>(.*)"
  modify command ["mail from:"] "<root@bar.net>\2"
fi
END

It is also allowed to use esmtp-* keywords in this section, provided
that `esmtp-auth-delayed yes' is set in the CONTROL section. Changes
in the ESMTP authentication credentials take effect if they occur
either before receiving MAIL command from the client, or when handling
this command, e.g.:

BEGIN SMTP
if command ["mail from:"] "<smith(\+.*)?@@example.net>"
  esmtp-auth-id smith
  esmtp-password guessme
else
  esmtp-auth no
fi
END

** New keywords: log-facility and log-tag

** Guile output

By default Scheme's standard error and output ports are redirected to
syslog, using priorities `err' and `warning' correspondingly.

** MySQL options file

When using MySQL for Anubis user database, the database parameters and
access credentials are read from the file /etc/my.cnf, section
"anubis".  Additionally, two URL parameters are provided:
"options-file", which sets the name of the options file, and
"options-group", which sets the name of the group.

	  

* ftp

An old inability to allow other names than the canonical name has
been corrected.  This means that a machine entry in the .netrc file
will now be used as expected.  Previously any alias name was replaced
by the corresponding canonical name, before reading the .netrc file.

The internal command `hash' accepts a suffixed letter to the size
argument, like `12k', instead of 12288.  Made a minor change to the
syntax of the command itself, allowing size changes independently
of activation of hash markings.  After a transfer the summary gives
the speed as `Mbytes/s', `kbytes/s', or `bytes/s'.

The .netrc file can be overridden by the environment variable NETRC.
Of even higher precedence is the new option `-N/--netrc'.  The access
to the resulting file, whatever method, is now denied unless it is a
regular file.

* ifconfig

Better command line parsing on BSD and Solaris systems.  Touch only
changeable flags on all systems.

* logger

The ability to use numerical facilities is restored to full range.

* ping, ping6

The ability to specify a pattern as payload is corrected.

* syslogd

A new switch `-T/--local-time' makes the service ignore a time
stamp passed on by the remote host, recording instead the local
time at the moment the message was received.  As a short form of
`--pidfile', the switch `-P' is new.

In common with other syslogd implementations, rsyslogd and sysklogd,
there has for a long time existed an attack vector based on large
facility numbers, made public in CVE-2014-3684.  This is now mended
in our code base.

* telnetd

The ability to autologin a client, without using authentication,
is now functional in the expected manner, i.e., the prompt for a
user name is suppressed in favour of an immediate password prompt.

In a setting where the client is using a UTF-8 encoding, it was
common to observe strange characters in most responses.  This was
caused by the server daemon, due to incomplete purging of internal
protocol data.  The issue should now be resolved.

* whois

Improved cooperation with servers like `whois.arin.net', `whois.eu',
and `whois.ripe.net'.
	  

* Convert textual frames to/from the currently used character set

The character set is deduced from the locale settings.  It can also be
set explicitly using the --charset option.

* New option --broken-8bit-encoding

Use this option for files where textual frames are stored as
ISO-8859-1, but are actually using another 8-bit encoding.  The
argument to this option is the name of the enchoding actually used.

In query mode, this option helps display such frames properly.

Use it with the --fixup option to fix such frames in the file.

* New option --encoding

Specifies encoding to store textual frames in ID3 tags.

* New option --fixup

Modifies the ID3 v2 tag so that it can be understood by most devices.

* The --convert option can be used to remove unnecessary ID3 formats.

For example, if the file input.mp3 contains both version 1 and 2 tags,
the following will remove version 1 tags:

  idest --convert=2 input.mp3

* Fix processing of unknown frames.

* Fix operation of setpic and pic modules with Guile 2.x.

* Improve documentation

	  

Don't throw exception on invalid tokens.
  Fix python 3 compatibility
	  

* Implement heartbeat event

* Add auxiliary program: ifactive

* Fix file descriptor leak

	  

Convert byte-like objects to UTF-8 strings.
	  

Rewrite as a stand-alone snmpd agent.

	  

* Bugfixes and organizational changes

	  

Initial release.

	  

Initial release.

	  

Initial release.

=========================================================================
Copyright information:

Copyright (C) 2016-2019 Sergey Poznyakoff

   Permission is granted to anyone to make or distribute verbatim copies
   of this document as received, in any medium, provided that the
   copyright notice and this permission notice are preserved,
   thus giving the recipient permission to redistribute in turn.

   Permission is granted to distribute modified versions
   of this document, or of portions of it,
   under the above conditions, provided also that they
   carry prominent notices stating who last changed them.

Local variables:
mode: outline
paragraph-separate: "[  ]*$"
eval: (add-hook 'write-file-hooks 'time-stamp)
time-stamp-start: "changes. "
time-stamp-format: "%:y-%02m-%02d"
time-stamp-end: "\n"
end:
	  

Initial release.
	  

* Minor fixes in mysqlstat-setup
* Provide default values for NULL columns
	  

* Drop support for Varnish versions prior to 6.0.0

	  

Fix handling of archivation requests.

	  

* New command line option --done (-d)

This option is a counterpart of --init and supplies a cleanup
expression, i.e. an expression that will be evaluated when the
main loop has iterated over all nodes in the tree.

* New parser: DHCPD

A parser for dhcpd.conf file.

* Drop support for Guile versions prior to 2.2.0

	  

* Change bugtracker address.

	  

	- Change bugtracker address.

	  

	- Change bugtracker address.

	  

	- Change bugtracker address.
	  

* Fix parsing of po header fields

* Use the Language header instead of Language-Team.

Support for Language-Team and language tables is retained for
backward compatibility.

* Organizational change: repository moved to git

The repository along with links for cloning can be viewed online at
http://git.gnu.org.ua/cgit/wyslij-po.git.

See https://puszcza.gnu.org.ua/git/?group=wyslij-po for instructions.
	  

	- Change bugtracker address.
	
	  

* Change bugtracker address.

	  

	- Change bugtracker address.

	  

	- Change bugtracker address
	
	  

* Change bugtracker address.

	  

	- Change bugtracker address
	  

* New configuration statement: sentinel

The "sentinel" statement declares the name of a file which, when
present in the destination directory, informs vcsync that this
directory is exempt from the normal synchronization process.  The
presense of the sentinel file is an indication that the destination
directory is updated by other means.

* Full documentation added

	  

	- Fix packaging
	
	  

* Use explicit DESTROY with AUTOLOADs

	  

* Bugfixes in the gcide module

* Fix searches in the gcider utility

* Support for Python 2 has been withdrawn

	  

* Syslog support

New option '-S FACILITY' switches diagnostic output to the given
syslog facility.

	  

* Support for Guile 2.2

* Bugfixes

* Improved testsuite

	  

* Fix the --timeout option

	  

	- Fix operation without -d option
	
	  

* Appending cronjob output to a file

Output of a cronjob can be captured and appended to a disk file,
instead of sending it via email or logging it using syslog.  This is
controlled by the _MICRON_OUTFILE (global) and _JOB_OUTFILE (per-job)
built-in variables.

* New option -P FILE

Writes PID of the running process to FILE.  The file will be removed
when the program terminates.

* Option -v replaces -o

To set initial value of a built-in variable, use the "-v NAME=VALUE"
option.

* The -V option

To obtain the micrond version, use the -V option.

* Bugfixes

** Fix allocation of environment and built-in variables defined in crontabs.
	  

* tallyman: if passed empty service ID, don't attempt to contact the collector

	  

* Multiple start functions are allowed

The '--main' option can be given multiple times.  A separate graph
will be drawn for each function given as its argument.

* New option --target=FUNCTION

If this option is given, the produced graph will contain only paths
leading from start function (or functions) to the given FUNCTION.

Multiple '--target' options are allowed.

* New output format: dot

The '-f dot' (or '--format=dot') option instructs cflow to output
graph as a description in DOT language, suitable as input to graphviz
programs.

* cflow-mode: new commands for navigating in the graph:

  c   go to the calling function
  n   go to the next function at the same nesting level
  p   go to the previous function at the same nesting level

* Bugfixes:

** CVE-2019-16165
** CVE-2019-16166
** Fix parsing of K&R style function declarations
** Improve parsing of typecasts
** Fix recursive call detection

	  

* Introduce compound events

The "change" event is implemented on GNU/Linux and FreeBSD.  This
event is delivered when a file was modified and closed.

* New configuration statement for manipulating the environment.

The "environ" statement is now a compound statement. It can contain
five kinds of substatements: "clear" to clear the environment, "keep"
to retain certain variables while clearing the environment, "set" to
set a variable, "unset" to unset a variable or variables, and "eval"
to evaluate a variable reference for side effects.

Both "keep" and "unset" can take globbing pattern as their argument,
in which case they affect all variables matching that pattern. 

The value part in the "set" statement is subject to variable
expansion.

The "environ" block can appear in global context as well.  In this
case it applies to all watchers.

The support for the old one-line "environ" syntax is retained for
backward compatibility.

* Variable expansion in arguments to some configuration statements.

Both macro and environment variables are expanded in arguments to all
substatements of the new "environ" block statement and in the argument
to the "command" statement.  In the latter case, expansion of the
environment variables is controlled by the "shell" option.  If the
option is set, the variable will be expanded by the shell.  Otherwise,
they are expanded by direvent prior to invoking the command.

* Rewrite the recursive watching support

In particular, this fixes the bug where recursive watchers silently
assumed that the "create" generic event was configured for the
watcher.

* Change interface for bulk closing of file descriptors

To speed up launching of the user commands, system-dependent
interfaces for closing the file descriptors above the given one are
used, if available.
	  

* Bucket cache switched from balanced tree to hash table

Change suggested by Terence Kelly.

* Speed up flushing the changed buckets on disk

* New option codes for gdbm_setopt

** GDBM_GETDBFORMAT

Return the database format.

** GDBM_GETDIRDEPTH

Return the directory depth, i.e. the number of initial (most significant)
bits in hash value that are interpreted as index to the directory.

** GDBM_GETBUCKETSIZE

Return maximum number of keys per bucket.

** GDBM_GETCACHEAUTO

Return the status of the automatic cache adjustment.

** GDBM_SETCACHEAUTO

Enable or disable automatic cache adjustment.
	  

* Implement the terminate-instances command.
* Implement MoveAddressToVpc (addr2vpc) and RestoreAddressToClassic (addr2ec2).
* Fix rmaddr -v.
* Document chvol and lschvol commands.
* Implement ModifyVolume and DescribeVolumesModifications.

	  

* Hostgroup stack

Rex now maintains a stack of hostgroups.  Once you push a hostgroup
name on stack, that hostgroup will be used by any subsequent rex
command, unless it is given the -g option.  The new command "group"
(see below) provides ways to pop items off the stack, swap arbitrary
element with the top of stack, select new hostgroups on the fly, etc.

* New command: rex group

The "rex group" command has the following forms:

  rex group push GROUP
    Push GROUP on stack.

  rex group pop
    Pop the topmost group off the stack.

  rex group swap N
    Exchange top of the stack with the Nth element (0-based).

  rex group drop N
    Remove Nth element from the stack.

  rex group select COMMAND ARGS...
    Create on top of the stack a temporary group that contains
    those hosts from the current hostgroup where the supplied
    shell command returns success, i.e. exits with code 0.

  rex group show
    List the contents of the hostgroup stack.

* Add configuration function for overriding PTR records from rc files
	  

* Support for Slackware 15.0
	  

* pam_fshadow: skip-password option

Based on the proposal of Mirsad Goran Todorovac, the new option
skip-password instructs pam_fshadow to check whether the user
being authenticated is present in the passwd and/or shadow files,
without verifying his password.  This way pam_fshadow can be used as
an auxiliary module in the stack, actual authentication being
performed by one of the modules before it.
	  

	- Handle the 'resolvers' section.
	- New class methods for declaring (and undeclaring) sections.
	- Fix changing the argv of a Node.
	  

* Support for Varnish 7.1
	  

* Fix invalid memory addressing in remopt command

* Fix building with flex >= 2.6.1 (EOF check)
	  

* New configuration keywords

** sigterm SIG

Available for use in "component" sections.  This statement defines
signal which pies should send to the running component instance in
order to terminate it.  Defaults to SIGTERM.

* Fix the component shutdown sequence

The shutdown sequence is determined taking into account dependencies
between components, so that all dependent components are stopped
before their prerequisite components.

* Fallback log file

Fallback log file is a place where pies writes out of band log messages,
i.e. messages about not being able to open syslog socket or send logs
to it.  Regular log messages are diverted to this file if syslog was
requested, but cannot be used because of a permanent error.

* Bugfixes

** Fix piesctl config reload

** Fix configuration preprocessing.

** Varios fixes in REST API server.
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
* Drop support for Varnish versions prior to 6.0.0.
	  

* Support for Varnish 7.1
* Drop support for Varnish versions prior to 6.0.0
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Support for Varnish 7.1
	  

* Fix https://puszcza.gnu.org.ua/bugs/?562
	  

Fix deadlock.
	  

* Handling of control characters in syslog messages

If the message text contains ASCII control characters (ASCII 0 to 31),
these are replaced with their "caret notation", i.e. a caret
character followed by the character value XORed with 0100.  Thus,
horizontal tabulation (ASCII 9) becomes ^I, carriage return
(ASCII 13) becomes ^M, etc.  By default the newline character is
exempt from this translation.  Instead, it is substituted with
horizontal space (ASCII 32).

The "-Wcontrol_chars=MODE" option can be used to alter this
processing. Possible values for MODE are:

 caret
    Replace all control characters with their caret notation.  The newline
    character is represented as ^J.

 caretnl
    The default algorithm as described above.

 octal
    Replace control characters with their octal representation.

 raw
    Reproduce control characters verbatim.

* New option -s: set input buffer size

The -s option changes the default input buffer size.  Its argument is
the desired size in bytes.  For UDP input, values of up to 4096 are
allowed.  The default is 1024.

* New output channel: pri:///DIR

  Distributes messages to two disk files located in directory DIR.
  The name of the file to write to is selected depending on the message
  severity.  Messages with severity greater than LOG_ERR are directed
  to file "1" ("out" file), messages with severity less than or equal
  to LOG_ERR are directed to file "2" ("err" file).

  This channel understands the following parameters:

    severity=SEVERITY
       Gives name of the delimiter severity.  Messages with severity
       less than or equal to that value will be directed to "err" file.
       (DIR/2, by default).

    errfile=NAME
       Sets the name of the "err" file.

    outfile=NAME
       Sets the name of the "out" file.

    prio=none|keep|decode
       Controls whether and how the message priority is reflected on
       the output.  See the channel "file:" for details.

  Default settings correspond to:

      -Wseverity=err -Werrfile=2 -Woutfile=1 -Wprio=none
	  

	- New domain source: pound.
	  

* Fix handing of the Connection: HTTP handler (both server and client)
	  

* Diagnostic directives: $$warning and $$error

The $$warning directive emits warning message.  It does not alter exit
status in any way.

The $$error directive reports a fatal error and sets exit status to
65.

After both directives, processing is resumed at the next line.

* $$exit

New directive $$exit causes immediate termination of the program.
Decimal exit code may be supplied as argument.

* New directive: $$eval

The text between $$eval and $$end is expanded and the resulting
expansion is scanned again, producing the actual output.  This makes
it possible to create variable names on the fly and get their values.
Useful in loops, e.g.:

  $$loop I 0 1 2 3 4 5 6 7
  $$  eval
  \$\$ ifset VAR_$I
  Expand \$VAR_$I;
  \$\$ endif
  $$ end
  $$end

* Bugfixes

** Fix closing the $$range loop.
	  

This is a bug-fix release with minimal changes.

* texi2any
  . fix performance regression when Perl binary extension (XS) modules
    are not being used (e.g. with TEXINFO_XS=omit)

* info
  . further fix of recoding of UTF-8 files to ASCII to avoid text
    disappearing from nodes
  . avoid possible freeze at start of a file with `-v nodeline=pointers'
	  

* New option --ignore-dirnlink

Valid in copy-out mode, it instructs cpio to ignore the actual number
of links reported for each directory member and always store 2
instead.

* Changes in --reproducible option

The --reproducible option implies --ignore-dirlink.  In other words,
it is equivalent to --ignore-devno --ignore-dirnlink --renumber-inodes.

* Use GNU ls algorithm for deciding timestamp format in -tv mode

* Bugfixes

** Fix cpio header verification.

** Fix handling of device numbers on copy out.

** Fix calculation of CRC in copy-out mode.

** Rewrite the fix for CVE-2015-1197.

** Fix combination of --create --append --directory.

** Fix appending to archives bigger than 2G.
	  

* Support for Berkeley DB version 2 withdrawn

* Bugfixes
** rdcache streams: fix stream size computation
** tlsfdstr streams: fix error handling
** wordwrap streams: fix handling of overflowing lines
	  

Bootstrapped with mailfromd 8.16.93. This fixes configure failure
on FreeBSD.
	  

Bootstrapped with mailfromd 8.16.93. This fixes configure failure
on FreeBSD.
	  

* Multiple handler definitions

Multiple "prog" declarations with the same handler name are now
allowed.  Such declarations are processed the same way multiple
"begin" and "end" sections were processed in prior versions:
when compiling the filter program, the code from all "prog"
declarations having the same handler name is combined into one code
block, in the same order the declarations appear in the source
file(s).

This allows MFL modules to define handler snippets.

* New special handler: action

The "action" special handler is executed before communicating the reply
action (accept, reject, etc.) to the server.  The handler takes four
arguments: numeric identifier of the action that is about to be
returned, SMTP response code, extended response code, and textual
message passed along with the action.  The last three arguments are
meaningful only for reject and tempfail actions.

Action handlers can be used for logging or accounting of the executed
actions.

* New variable: milter_state

The milter_state variable is initialized with the numeric code of
the current milter state.  Using this variable a function can execute
code depending on the handler it was called from.

The new module "milter.mfl" defines numeric constants for milter
states.  The functions milter_state_name and milter_state_code can
be used to convert this code to symbolic name and vice versa.

* New functions

The following new functions are provided to convert numeric
identifiers of various MFL entities to strings and vice-versa:

** string milter_state_name (number code)

Returns symbolic name of the milter state identified by its code.

** number milter_state_code (string name)

Returns numeric code of the state identified by its name.

** string milter_action_name (number code)

Returns symbolic name of the reply action identified by its code.

** number milter_action_name (string name)

Returns numeric code of the action identified by its name.

** void dbbreak (number @var{dbn})

Stop sequential access to the database and deallocate all associated
resources.  Use this function if you need to break from the sequential
access loop, e.g.:

  loop for number dbn dbfirst(dbname)
  do
    if some_condition
      dbbreak(dbn)
      break
    fi
  done while dbnext(dbn)

* New module: cdb

The "cdb" (control database) module provides functions for deciding
what MFL action to take depending on the result of a look up in a DBM
file.  Keys in the database have the format "PREFIX:KEY", where PREFIX
is one of:

  email		match sender email
  ip            match sender IP address
  domain        match sender domain part
  subdomain     search for a match among the domain part and its parent
                domains
  mx            match MX of the sender domain part

Values are (case-insensitive):

  OK            continue executing the MFL code
  ACCEPT        accept the mail
  REJECT	reject the mail (550)
  TEMPFAIL      return a temporary failure (451)
  GREYLIST      greylist the mail

or action specification in the form

  [code [xcode]] text

where code is 3-digit SMTP response code, xcode is extended SMTP code,
and text is explanatory reason text.  Both code and xcode must begin
with '4' or '5'.  If code and xcode are missing, reject the mail with
550 5.1.0 and the given text.

This module exports one function:

  func cdb_check(string prefix, string key)

Depending on the value of the prefix argument it does the following:

  ip
      Look up the "ip:KEY" in the database.  If found, take the action
      as described above.
  email
      Key is an email address.  Obtain its canonical form by
      splitting it into local and domain parts, converting the latter
      to lower case, reassembling the parts back into an email address
      and prefixing it with the string "email:".  Look up the resulting
      string in the database.  Take action indicated by the value.
  domain
      Key is an email address.  Extract its domain part, convert it
      to lower case and prefix it with "domain:".  Look up resulting
      string in the database.  If the look up succeeds, take action
      indicated by the value found.
  subdomain
      Same as above, but in case of failure, strip the shortest
      hostname prefix (everything up to the first dot, inclusively)
      from the domain and restart with the resulting value.  Continue
      process until a match is found or the argument is reduced to empty
      string.
  mx
      Key is an email address.  Extract its domain part.  For each of
      its MX servers, look up the key "mx:SERVER" and, if found, take
      action indicated by the value found.

The cdb_check function returns to caller only if the key was not
found in the database, or the lookup returned "OK" (case-insensitive)
or an empty string.  Otherwise, if the lookup returns an action, this
action will be performed and further execution of the filter code will
stop.

If the looked up value was "GREYLIST" while the function was called
from the handler prior to "envrcpt" (i.e. "connect", "helo", or
"envfrom"), the current handler will return and normal control flow
will resume from the next handler (as if by "continue" action). Actual
greylisting will be performed later, on entry to "envrcpt" handler.

The following global variables control the functionality of the
module:

  cdb_name    Name of the control database file.  Defaults to
              /etc/mail/mfctl.db
  cdb_greylist_interval
              Greylisting time.  Defaults to 900 seconds.

* mtasim: check expected textual replies

The "\E" command accepts optional second argument.  If supplied,
it is treated as an extended regular expression.  The subsequent
command will then succeed if its return code matched the one supplied
as the first argument, and its extended SMTP code and textual message
match the supplied regular expression.

* Bugfixes

** mtasim: correctly pass final body chunk to the milter

** Fix discrepancy between $N and $(N)

Both terms now mean exactly the same: Nth variadic argument.

** fix type conversions of typed variadic arguments

** Milter library: eliminate trailing space from arguments passed to handlers

** Milter server: don't pass extra \0 when sending multiple strings

** Fix handling of reply actions without explicit message text

In previous versions, the reject and tempfail actions would use the
default reply code if called without explicit message text (3rd
argument).
	  

Bugfixes
	  

* Fail when building GNU tar, if the platform supports 64-bit time_t
  but the build uses only 32-bit time_t.

* Leave the devmajor and devminor fields empty (rather than zero) for
  non-special files, as this is more compatible with traditional tar.

* Bug fixes

** Fix interaction of --update with --wildcards.

** When extracting archives into an empty directory, do not create
   hard links to files outside that directory.

** Handle partial reads from regular files.

** Warn "file changed as we read it" less often.
   Formerly, tar warned if the file's size or ctime changed.
   However, this generated a false positive if tar read a file
   while another process hard-linked to it, changing its ctime.
   Now, tar warns if the file's size, mtime, user ID, group ID,
   or mode changes.  Although neither heuristic is perfect,
   the new one should work better in practice.

** Fix --ignore-failed-read to ignore file-changed read errors
   as far as exit status is concerned.  You can now suppress file-changed
   issues entirely with --ignore-failed-read --warning=no-file-changed.

** Fix --remove-files to not remove a file that changed while we read it.

** Fix --atime-preserve=replace to not fail if there was no need to replace,
   either because we did not read the file, or the atime did not change.

** Fix race when creating a parent directory while another process is
   also doing so.

** Fix handling of prefix keywords not followed by "." in pax headers.

** Fix handling of out-of-range sparse entries in pax headers.

** Fix handling of --transform='s/s/@/2'.

** Fix treatment of options ending in / in files-from list.

** Fix crash on 'tar --checkpoint-action exec=\"'.

** Fix low-memory crash when reading incremental dumps.

** Fix --exclude-vcs-ignores memory allocation misuse.
	  

Initial release

=========================================================================
Copyright information:

Copyright (C) 2023 Sergey Poznyakoff

   Permission is granted to anyone to make or distribute verbatim copies
   of this document as received, in any medium, provided that the
   copyright notice and this permission notice are preserved,
   thus giving the recipient permission to redistribute in turn.

   Permission is granted to distribute modified versions
   of this document, or of portions of it,
   under the above conditions, provided also that they
   carry prominent notices stating who last changed them.

Local variables:
mode: outline
paragraph-separate: "[ 	]*$"
eval: (add-hook 'write-file-hooks 'time-stamp)
time-stamp-start: "changes. "
time-stamp-format: "%:y-%02m-%02d"
time-stamp-end: "\n"
end:
	  

* HTTP request logging

In addition to six built-in log formats, you can define your own
"named" formats and use them in the LogLevel directive.  Log format is
defined using the following statement:

  LogFormat "name" "format_string"

The "name" argument specifies a string uniquely identifying this
format.  "Format_string" is the format specification.  It is
modelled after Apache's mod_log_config LogFormat string.  For example,
the built-in format 3 is defined as:

  "%a - %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-Agent}i\""

The LogLevel directive has been extended to take symbolic format name
as argument.  For example:

  LogLevel "my_format"

The traditional built-in formats are assigned the following symbolic names:

  0 - "null"
  1 - "regular"
  2 - "extended"
  3 - "vhost_combined"
  4 - "combined"
  5 - "detailed"

So, instead of

  LogLevel 3

one may write

  LogLevel "vhost_combined"

* New statements: ForwardedHeader and TrustedIP

These statements control how the %a log format conversion specifier
determines the originator IP address:

  ForwardedHeader "name"
    Defines the name of HTTP header that carries the list of
    proxies the request has passed through.  It is used to
    report the originator IP address when logging.

    The default is "X-Forwarded-For".  This statement can be
    used in global, listener, and service scope.

  TrustedIP
    Defines a list of trusted proxy IP addresses, which is used to
    determine the originator IP.  This is a special form of the ACL
    statement and, as the latter, it can appear in two forms: directive
    and section.

    In directive form, it takes a single argument referring to a
    named access control list, which must have been defined previously
    using the ACL statement.

    In section form, it is followed by a list of one or more CIDRs
    each appearing on a separate line.  The End directive on a
    separate line terminates the statement.

    This statement can be used in global, listener, and service scope.

* New service statement: LogSuppress

Suppresses HTTP logs for requests that resulted in response status
codes from a particular group or groups.  The statement takes one or more
arguments specifying status code groups to suppress log messages for:

  info or 1      1xx status codes
  success or 2   2xx status codes
  redirect or 3  3xx status codes
  clterr or 4    4xx status codes
  srverr or 5    5xx status codes
  all            all status codes

Suggested usage is for special services that are likely to accept
large numbers of similar requests, such as Openmetrics services.  For
example:

   Service "metrics"
       URL "/metrics"
       Metrics
       LogSuppress success
   End

* New request matching directive: StringMatch

The syntax is:

  StringMatch "SUBJECT" [OPTIONS] "PATTERN"

OPTIONS are usual matcher options.  The directive matches if SUBJECT,
after backreference expansion and accessor interpretation, matches
PATTERN.

This directive allows you to build complex service selection criteria.
For example:

  Service
      Host "^foobar\.(.+)$"
      StringMatch "$1" -file "domain.list"
      ...
  End

The service above will be used for requests whose Host header value is
"foobar." followed by a domain name from the file "domain.list".

* New request accessors: host and port

The %[host] accessor returns the hostname part of the Host header
value.  The %[port] accessor returns port number with leading
column character.  If no explicit port number is given in the Host
value, %[port] returns empty string.

* Bugfixes

** Fix the QueryParam statement.

** Improve testsuite and documentation.