Aug 24, 2018
Version 1.11.0

@lutter lutter released this Jan 29, 2018 · 47 commits to master since this release

Assets 2

This release fixes a symbol versioning problem in libfa, but is otherwise identical to 1.10.0. Use this release instead of 1.10.0

Official tarball available here (signature)

@lutter lutter released this Jan 25, 2018 · 49 commits to master since this release

Assets 2

Do not use this release, use 1.10.1 instead

General changes/additions

  • New CLI utility 'augmatch' to print the tree for a file and select
    some of its contents
  • New command 'count' in augtool
  • New function 'not(bool) -> bool' for path expressions
  • The path expression 'label[. = "value"]' can now be written more
    concisely as 'label["value"]'

API changes

  • libfa has now a function fa_json to export an FA as a JSON file, and
    fa_state_* functions that make it possible to iterate over the FA's
    states and transitions. (Pedro Valero Mejia)
  • Add functions aug_ns_label, aug_ns_value, aug_ns_count, and
    aug_ns_path to get the label (with index), the value, the number of
    nodes, and the fully qualified path for nodes stored in a nodeset in
    a variable efficiently

Lens changes/additions

  • Grubenv: new lens to process /boot/grub/grubenv (omgold)
  • Httpd: also read files from /etc/httpd/conf.modules.d/*.conf
    (Tomas Meszaros) (Issue #537)
  • Nsswitch: allow comments at the end of a line (Philip Hahn) (Issue #517)
  • Ntp: accept 'ntpsigndsocket' statement (Philip Hahn) (Issue #516)
  • Properties: accept empty comments with DOS line endings (Issue #161)
  • Rancid: new lens for RANCiD router databases (Matt Dainty)
  • Resolv: accept empty comments with DOS line endings (Issue #161)
  • Systemd: also process /etc/systemd/logind.conf (Pat Riehecky)
  • YAML: process a document that is just a sequence (John Vandenberg)

@lutter lutter released this Nov 1, 2017 · 92 commits to master since this release

Assets 2
  • General changes/additions
    • several improvements to the error messages when transforming a tree
      back to text fails. They now make it clearer what part of the tree
      was problematic, and what the tree should have looked like.
    • Fixed the pkg-config file, which should now be usable
    • Fix handling of backslash-escaping in strings and regular expressions
      in the lens language. We used to handle constructs like "\" and
      /\\/ incorrectly. (Issue #495)
    • do not unescape the default value of a del on create; otherwise we are
      double unescaping these strings (Issue #507)
    • remove tempfile when saving files because destination is not writable
      (Issue #479)
    • span information is now updated on save (Issue #467)
    • fix lots of warnings generated by gcc 7.1
    • Various changes to reduce bashisms in tests and make them run on
      FreeBSD (Romain Tartière)
    • Fix building on Solaris (Shawn Ferry)
  • API changes
    • add function aug_ns_attr to allow iterating through a nodeset
      quickly. See examples/dump.c for an example of how to use them
      instead of aug_get, aug_label etc. and for a way to measure
      performance gains.
  • Lens changes/additions
    • Ceph: new lens for /etc/ceph/ceph.conf
    • Cgconfig: accept fperm & dperm in admin & task (Pino Toscano)
    • Dovecot: also load files from /usr/local/etc (Roy Hubbard)
    • Exports: relax the rules for the path at the beginning of a line so
      that double-quoted paths are legal, too
    • Getcap: new lens to parse generic termcap-style capability databases
      (Matt Dainty)
    • Grub: accept toplevel 'boot' entry (Pino Toscano)
    • Httpd: handle empty comments with a continuation line (Issue #423);
      handle '>""' in a directive properly (Issue #429); make space between
      quoted arguments optional (Issue #435); accept quoted strings as part
      of bare arguments (Issue #470)
    • Nginx: load files from sites-available directory (Omer Katz) (Issue #471)
    • Nslcd: new lens for nss-pam-ldapd config (Jose Plana)
    • Oz: New lense for /etc/oz/oz.cnf
    • postfix lenses: also load files from /usr/local/etc (Roy Hubbard)
    • Properties: accept DOS line endings (Issue #468)
    • Rtadvd: new lens to parse the rtadvd configuration file (Matt Dainty)
    • Rsyslog: load files from /etc/rsyslog.d (Doug Wilson) (Issue #475);
      allow spaces before the # starting a comment; allow comments inside
      config statements like 'module'
    • Shellvars: load FreeBSD's /etc/rc.conf.d (Roy Hubbard)
    • Ssh: accept '=' to separate keyword from arguments
    • Sshd: split HostKeyAlgorithms into list of values; recognize quoted
      group names with spaces in them (Issue #477)
    • Sudoers: recognize "match_group_by_gid" (Luigi Toscano) (Issue #482)
    • Syslog: allow spaces before the # starting a comment
    • Termcap: new lens to parse termcap capability databases (Matt Dainty)
    • Vsftpd: accept seccomp_sandbox (Denys Stroebel)
    • Xymon: accept 'group-sorted' directive (Issue #462)

@lutter lutter released this Sep 17, 2017 · 155 commits to master since this release

Assets 2
  • General changes/addition
    • Fix error in handling escaped whitespace at the end of path expressions
      (addresses CVE-2017-7555)

@lutter lutter released this Sep 17, 2017 · 155 commits to master since this release

Assets 2
  • General changes/additions
    • augtool: add a 'source' command exposing the aug_source API call
    • augtool: add a 'context' command to make changing into a node more
      discoverable
    • augtool: add an 'info' command to print important information
    • augtool: dramatically reduce memory consumption when all lenses are
      loaded by more aggressively releasing temporary data structures. On
      my machine, maximum memory usage of 'augtool -L' drops from roughly
      90MB to about 20MB. This will not change the amount of memory used
      when only specific lenses are used, only the default behavior of
      loading all lenses, i.e., when -A is not passed.
    • make building augtool statically possible (Jörg Krause)
    • split aug_to_xml into its own source file, so that statically linking
      against libaugeas.a doesn't require also linking against libXml2 and
      its dependencies, provided aug_to_xml is not needed.
  • API changes
    • add aug_source to find the source file for a particular node
    • reduce memory consumption when AUG_NO_MODL_AUTOLOAD is not passed;
      exact same details as described above for augtool
  • Lens changes/additions
    • Chrony: allow floating point numbers (Miroslav Lichvar)
      add new directives from chrony 3.0 and 3.1 (Miroslav Lichvar)
    • Krb5: support include/includedir directives (Jason Smith) (Issue #430)
      support realms that start with numbers (Dustin Wheeler) (Issue #437)
    • Multipath: update to multipath-0.4.9-99.el7 (Xavier Mol)
    • Php: also look for FPM files in /etc/php/*/fpm/pool.d (Daniel Dico)
    • Postfix_virtual: allow underscores in e-mail addresses (Jason Lingohr)
      (Issue #439)
    • Radicale: new lens for config of http://radicale.org/ (James Valleroy)
    • Rsyslog: support multiple options in module statements (Craig Miskell)
    • Ssh: also look for files in in /etc/ssh/ssh_config.d (Ian Mortimer)
    • Tmpfiles: parse 'q'/'Q' modes, parse two-character arguments,
      parse three-digit file modes
    • Xml: support external entity declarations in the doctype (Issue #142)
    • Yum: also read DNF files from /etc/dnf (Pat Riehecky) (Issue #434)

@lutter lutter released this Nov 8, 2016 · 185 commits to master since this release

Assets 2
  • General changes/additions
    • allow multiple transforms handling the same file as long as they
      also use the same lens (reported by Rich Jones)
    • fix a use-after-free in recursive lenses when spans are
      enabled (Issue #397)
    • fix an illegal memory access during put that can be triggered by a
      lens of the form 'del ... | l1 . l2' when the put has to jump
      branches in the union (Issue #398)
    • a large number of fixes based on Coverity scanning and running with
      gcc's address sanitizer. None of the issues uncovered would have lead
      to particularly significant leaks (they were all on the order 100-200
      bytes) and often hard to trigger, but we now have proof that at least
      while running tests there are no leaks at all.
      See #405 for details.
    • The type checker now checks regexes that are involved in
      expressions. For example, it used to be possible to write 'let rx =
      /a/ | /b)/' and not get an error from the syntax checker, even though
      'let rx = /b)/' would result in an error. Such constructs are now
      checked properly. This new check might lead to errors in existing
      lenses, requiring that they be fixed.
  • Lens changes/additions
    • Cron_User: New lens to handle user crontab files in /var/spool/cron
    • Csv: fix failure to load lens on OpenBSD (Issue #396)
    • Grub: also look for UEFI grub files in /boot/efi/EFI/*/grub.conf
      (Rich Jones)
    • Opendkim: new lens for /etc/opendkim.conf (Craig Miskell)
    • Php: look for php.ini where Ubunto 16.04 puts it, too (Michael Wodniok)
    • Splunk: support Splunk Universal Forwarder and underscore-prefixed
      keys for 6.x (Jason Antman)

@lutter lutter released this Nov 8, 2016 · 263 commits to master since this release

Assets 2
  • General changes/additions
    • augtool: add --load-file option, and corresponding load-file command
      to load individual files based on the autoload information in lenses
    • path expressions: numbers in path expressions are now 64 bit integers
      rather than whatever the C compiler decided 'int' would be
  • API changes
    • add aug_load_file to load individual files, bug #135
  • Lens changes/additions
    • Httpd: follow line continuations in comments
    • Nginx: look for nginx.conf in /usr/local/etc, too (Omer Katz)
    • Ntp: allow 'pool' (Craig Miskell) (Issue #378);
      fix restrict to allow also -4 and also fix
      save/store ability (Josef Reidinger) (Issue #386)
    • Pam: use spaces instead of tabs as the separator in new entries
      (Loren Gordon) (Issue #236)
    • Postfix_Passwordmap: New lens to parse Postfix password maps
      (Anton Baranov) (Issue #380)
    • Rsyslog: Support for rsyslog RainerScript syntax
      (Craig Miskell) (Issue #379)
    • Shellvars: Load /etc/lbu/lbu.conf, the config for Alpine's Local
      Backup Utility (Kaarle Ritvanen)
      Load /etc/profile, /etc/profile.d/*, and /etc/byobu
    • Vsftpd: Add allow_writeable_chroot boolead option
      (Robert Moucha) (Issue #376)
May 11, 2016
Release 1.5.0
Jun 2, 2015
Version 1.4.0