Merge pull request #3148 from larsewi/changelog-3.24.x

CHANGELOG.md: updated changelog entries for 3.24.4

Author: olehermanse

CHANGELOG.md

@@ -1,4 +1,5 @@
 ## 3.24.4:
+
 - Added dnf package module (ENT-11784)
 - Added workaround for set_variable_values_ini with missing sections
   (CFE-3866)
@@ -8,8 +9,14 @@
 - Inhibit management of share config.php file when mpf_disable_mission_portal_docroot_sync_from_share_gui is defined
   (ENT-12658)
 - Made system_log_level configurable via Augments (CFE-4452)
+- Fixed maximum recursion errors in modules_presence for CFEngine versions
+  unaffected by CFE-4623 (CFE-2852)
+- Added dnf_group package module for managing DNF package groups (CFE-2852)
+- `standard_services` bundle no longer invokes `systemctl` with `--global`
+  which is mutually exclusive from `--system` (CFE-4639)
 
 ## 3.24.3
+
 - Fixed cfruncommand for Windows causing "Too many arguments" error (ENT-13530)
 - Added dmidecode to well known paths for Red Hat (ENT-12988)
 - Added recommendation about nfs server and consistent use of root dot
@@ -30,6 +37,7 @@
   (CFE-3429)
 
 ## 3.24.2
+
 - Added paths for the dmsetup, fdisk, and lshw commands (ENT-12560)
 - Fixed issue loading images from raw.github.com in Mission Portal Build application(ENT-12531)
 - Fixed issue with yum package module regarding packages with epoch not
@@ -38,6 +46,7 @@
   (ENT-12556)
 
 ## 3.24.1
+
 - Added inline docs showing valid values for method (field_operation) in body edit_field quoted_var
   (CFE-4426)
 - Added support for AIX System Resource Controller services promises
@@ -51,6 +60,7 @@
   (CFE-4445)
 
 ## 3.24.0
+
 - AIX watchdog now handles stale pids (CFE-4335)
 - Added ability to configure Mission Portal Apache SSLCACertificateFile via Augments
   (ENT-11421)
@@ -74,7 +84,7 @@
 - Federated reporting policy now properly fixes SELinux context of the
   ~cftransport/.ssh directory and its contents in a single agent
   run. (ENT-11136)
-- Fixed comparison that caused control_executor_mailfilter_*_configured to never be set
+- Fixed comparison that caused `control_executor_mailfilter_*_configured` to never be set
   (CFE-4374)
 - Fixed distributed_cleanup policy for feeders and rhel-8 superhubs
   (ENT-10960)
@@ -103,6 +113,7 @@
   defaults to PRETTY_NAME from os-release as a fallback (CFE-4342)
 
 ## 3.23.0
+
 - Added ability to disable plain http for CFEngine Enterprise Mission Portal
   (ENT-10411)
 - Added ability to enable backup archives during policy update
@@ -150,6 +161,7 @@
   (ENT-10951)
 
 ## 3.22.0
+
 - Added inventory for policy version (ENT-9806)
 - Added condition to runalerts service to require stamp directory
   (ENT-9711)
@@ -205,6 +217,7 @@
   - body package_method pacman
   - body package_method zypper
   - body package_method generic
+
   Additionally note that the package related bundles use the package_method bodies
   mentioned above and are similarly influenced.
   - bundle agent package_present(package)
@@ -213,7 +226,9 @@
   - bundle agent package_specific_absent(packageorfile, package_version, package_arch)
   - bundle agent package_specific_latest(packageorfile, package_version, package_arch),
   - bundle agent package_specific(package_name, desired, package_version, package_arch)
+
   (CFE-4178)
+
 - Prevented management of runagent socket users when no users are listed
   (ENT-9535)
 - Removed specific old CFEngine version package module handling for windows
@@ -222,6 +237,7 @@
   (ENT-8338)
 
 ## 3.21.0
+
 - Added inventory for Raspberry Pi and DeviceTree devices (ENT-8628)
 - Added policy to enforce proper permissions on Mission Portal ldap directory (ENT-9693)
 - Added check to make sure cf-execd is running after attempting self upgrade on Windows
@@ -263,6 +279,7 @@
 - Ensured manual edits to httpd.conf are reverted (ENT-9686)
 
 ## 3.20.0
+
 - Renamed bundle agent main to bundle agent mpf_main (CFE-3947)
 - Added prelink to paths.cf
 - Added Enterprise Hub postgresql.conf to files monitored for diffs by default
@@ -315,6 +332,7 @@
 - Now clean_when_off FR bundle is only run when needed (ENT-8294)
 
 ## 3.19.0
+
 - Added interpreter attribute to standalone self upgrade package_module bodies
   (CFE-3703, ENT-5752)
 - Added almalinux as a know derivative of rhel (ENT-7644)
@@ -335,7 +353,7 @@
   This change adds the classes services_autorun_inputs and
   services_autorun_bundles for independently enabling addition of .cf files in
   services/autorun and automatic execution of bundles tagged with autorun
-  respectively.  (CFE-3715)
+  respectively. (CFE-3715)
 - Added support for downloading community packages on hub in preparation for binary upgrades
 - Added variable for excluding files from Policy Analyzer (ENT-7684)
 - Adjusted badges for 3.18.0 release (ENT-6713)
@@ -346,11 +364,11 @@
   effect of this is that agent runs that happen close together would skip running
   bundles run within the last minute. Now autorun bundles no longer wait for a
   lock to expire, they will be actuated each agent execution. Note, promises
-  within those bundles have their own locks which still apply.  (CFE-3795)
+  within those bundles have their own locks which still apply. (CFE-3795)
 - Dropped un-necessary local variable
   The use of this local variable triggers a bug that prevents datastate() from
   printing. Since the variable is un-necessary, it's been removed and the
-  parameter is used directly.  (CFE-3776)
+  parameter is used directly. (CFE-3776)
 - Enforced permissions for Postgres log (ENT-7961)
 - Fixed package module augments settings usage for pre 3.15.3 binaries
   (ENT-7356, ENT-7358)
@@ -368,7 +386,7 @@
   (ENT-7714)
 - Promised permissions for Mission Portal application and Apache log files
   This change ensures that both Mission Portal and Apache log files have
-  restrictive permissions. Previously this was un-managed.  (ENT-7730)
+  restrictive permissions. Previously this was un-managed. (ENT-7730)
 - Reduced scope of report informing of missing systemd service
   (CFE-290, ENT-7360)
 - Removed build dir from install/dist targets (ENT-7359)
@@ -382,7 +400,7 @@
   permissions (600). The previous explicit permissions (755) are un-necessary as
   modules are not executed from within the inputs directory and have resulted in
   permission flip-flopping in some environments. Permissions on modules in the
-  modules dir (sys.workdir)/modules are still enforced.  (ENT-7733)
+  modules dir (sys.workdir)/modules are still enforced. (ENT-7733)
 - Switched from using package_method generic to default package_module
   for windows software inventory (ENT-2589)
 - Improved the reliability when detecting a Red Hat system.
@@ -401,6 +419,7 @@
   (ENT-7967)
 
 ## 3.18.0
+
 - Added .ps1 to list of file patterns considered during policy update
   (ENT-4094)
 - Added ability to specify additional directories to add autorun policy from
@@ -469,6 +488,7 @@
 - Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628)
 
 ## 3.17.0
+
 - Added .csv to the list of file extensions considered by default during
   policy update (CFE-3425)
 - Added ability to extend known paths without modifying vendored policy
@@ -505,6 +525,7 @@
 - Replaced @ignore with useful doc strings (CFE-3378)
 
 ## 3.16.0
+
 - /var/cfengine/bin/python symlink creation on SLES was fixed
 - Added `data` shortcut to cf-serverd, defaults to sys.workdir/data
 - Added inventory for CFEngine Enterprise License information
@@ -527,17 +548,17 @@
 - Changed m_inventory dumping behavior to exclude when values is null
   (ENT-5562)
 - Corrected application/logs path to outside of docroot (ENT-5255)
-- Deleted deprecated __PromiseExecutionsLog from process that cleans
+- Deleted deprecated `__PromiseExecutionsLog` from process that cleans
   log tables (ENT-5170)
 - Fixed dmi inventory to prefer sysfs to dmidecode for most variables
   for improved performance and to handle CoreOS hosts that don't
-  have dmidecode.  (CFE-3249)
+  have dmidecode. (CFE-3249)
 - Fixed permission flipping when policy analyzer is enabled (ENT-5235)
 - Fixed runalerts processes promise on non-systemd systems (ENT-5432)
 - Fixed selection of standard_services when used from non-default
   namespace (ENT-5406)
 - Fixed system UUID inventory for certain VMWare VMs where dmidecode
-  gives UUID bytes in wrong order.  (CFE-3249)
+  gives UUID bytes in wrong order. (CFE-3249)
 - Fixed typo preventing recommendation bundles from running (CFE-3305)
 - HA setups no longer have flipping permissions on
   /opt/cfengine/notification_scripts
@@ -568,6 +589,7 @@
 - apt_get package module now checks package state (CFE-3233)
 
 ## 3.15.0
+
 - Added package_module for snap (CFE-2811)
 - Fixed pkgsrc in case where multiple Prefix paths are returned for pkg_install (CFE-3152)
 - Fixed pkgsrc module on Solaris/NetBSD (CFE-3151)
@@ -593,7 +615,7 @@
 - Added brief descriptions to bodies and bundles in cfe_internal/CFE_cfengine.cf
   (CFE-3220)
 - Added support for SUSE 11, 12 in standalone self upgrade (ENT-5045, ENT-5152)
-- Changed policy triggering cleanup of __lastseenhostlogs to target only
+- Changed policy triggering cleanup of `__lastseenhostlogs` to target only
   3.12.x, 3.13.x and 3.14.x. From 3.15.0 on the table is absent. (ENT-5052)
 - Fixed agent disabling on systemd systems (CFE-2429, CFE-3416)
 - Ensured directory for custom action scripts is present (ENT-5070)
@@ -604,10 +626,11 @@
   (ENT-4331, ENT-4992)
 - Fixed re-spawning of cf-execd or cf-monitord after remediating duplicate concurrent processes
   (CFE-3150)
-- Replaced /var/cfengine with proper $(sys.*) vars (ENT-4800)
-    - Fixed selection of standard_services when used from non-default namespace (ENT-5406)
+- Replaced /var/cfengine with proper `$(sys.*)` vars (ENT-4800)
+  - Fixed selection of standard_services when used from non-default namespace (ENT-5406)
 
 ## 3.15.0b1
+
 - Added continual checking for policy_server state (CFE-3073)
 - Added monitoring for PostgreSQL lock acquisition times (ENT-4753)
 - Added support for `awk` filters in the FR dump-import process (ENT-4839)
@@ -631,12 +654,13 @@
 - Added ssh_home_t type to cftransport .ssh dir (ENT-4906)
 - fix use of _stdlib_path_exists_<command> in FR transport_user policy
   bundle (ENT-4906)
-- partitioned __inventory table for federated reporting (ENT-4842)
+- partitioned `__inventory` table for federated reporting (ENT-4842)
 - psql_wrapper needed full path to psql binary (ENT-4912)
 - yum package_module gets updates available from online repos if local
   cache fails (CFE-3094)
 
 ## 3.14.0
+
 - Fixed isvariable syntax error in update_def.cf (CFE-2953)
 - Added path support for setfacl, timedatectl and journalctl (CFE-3013)
 - Added trailing slash to access promises expecting directories
@@ -684,6 +708,7 @@
 - redhat_pure is no longer defined on Fedora hosts (CFE-3022)
 
 ## 3.13.0
+
 - Added Debian 9 to the self upgrade package map (ENT-4255)
 - Added `system-uuid` to default dmidecode inventory (CFE-2925)
 - Added inventory of AWS EC2 linux instances (CFE-2924)
@@ -744,6 +769,7 @@
   (CFE-2855)
 
 ## 3.12.0b1
+
 - Avoid executing self upgrade policy unnecessarily (ENT-3592)
 - Added amazon_linux class to yum package module
 - Introduce ability to set policy update bundle via augments (CFE-2687)
@@ -813,10 +839,11 @@
 - Avoid self upgrade from triggering during bootstrap (ENT-3394)
 - Added json templates for rendering serial and multiline data (CFE-2713)
 - Removed unused libraries and controls
-- Fixed an error in the file_make_mustache_*, incorrect variable name used
+- Fixed an error in the `file_make_mustache_*`, incorrect variable name used
   (CFE-2714)
 
 ## 3.11.0
+
 - Renamed enable_client_initiated_reporting to client_initiated_reporting_enabled
 - Directories for ubuntu 16 and centos 7 should exist in master_software_updates
   (ENT-3136)
@@ -868,6 +895,7 @@
 - Ensure MP SSL Cert is readable (ENT-3050)
 
 ## 3.10.0
+
 - Added: Classes body tailored for use with diff
 - Changed: Session Cookies use HTTPOnly and secure attributes (ENT-2781)
 - Changed: Verify transferred files during policy update
@@ -905,6 +933,7 @@
   (CFE-2466)
 
 ## 3.7.0
+
 - Support for user specified overriding of framework defaults without modifying
   policy supplied by the framework itself (see example_def.json)
 - Support for def.json class augmentation in update policy
@@ -939,13 +968,13 @@
 - Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf
   and load them only if policy_server policy if set.
 - Re-organized lib/VER/stdlib.cf from lists into classic array for use with getvalues
-- inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191)
+- `inform_mode` classes changed to `DEBUG|DEBUG_$(this.bundle)::` (Redmine: #7191)
 - Enabled limit_robot_agents in order to work around multiple cf-execd
   processes after upgrade. (Redmine #7185)
 - Removed Diff reporting on /etc/shadow (Enterprise)
 - Update policy from promise.cf inputs. There is no reason to include the
   update policy into promises.cf, update.cf is the entry for the update policy
-- _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022)
+- `_not_repaired` outcome from classes_generic and scoped_classes generic (Redmine: #7022)
 - standard_services now restarts the service if it was not already running
   when using service_policy => restart with chkconfig (Redmine #7258)
 - Fixed process_result logic to match the purpose of body process_select