Log message:
*: bump for openssl 3

Log message:
monit: Update to 5.33.0

Changes:
5.33.0
------
 - New: Added click-jacking protection headers to Monit HTTP GUI (the
   SAMEORIGIN iframe is allowed).
 - Fixed: Issue #1035: If the start, stop or restart program statement
   contains the equal sign, which is not followed by a space character,
   the configuration is not parsed correctly.
 - Fixed: Issue #1047: If the MariaDB server doesn't allow access to
   the host, from which Monit test is running, Monit reported: Invalid
   handshake packet sequence id -- not MySQL protocol.
 - Fixed: Add the missing responsetime option to the ping test.

Log message:
monit: Update to 5.32.0

Changes:
5.32.0
------
  * Fixed: Issue #1028: If the Monit statefile was removed, the monit start
    <service> action for services with onreboot nostart option started the
    service, but did not enable monitoring of said service. The same problem
    occurred if a new onreboot nostart service was added, even if the statefile
    did exist.
  * Fixed: Issue #1029: The generic protocol test truncated received data if
    the response contained zeros.
  * Fixed: PAM authentication: Users with a valid password for a disabled
    account could still login to Monit. Thanks to Youssef Rebahi-Gilbert.
  * Fixed: The Monit HTTP interface could be blocked by sending a request with
    an infinite stream of HTTP headers. Thanks to Youssef Rebahi-Gilbert for
    report.

5.31.0
------
  * New: Issue #1021: Add support for Linux OpenZFS 2.x I/O statistics.
  * New: Issue #555: Add support for FreeBSD ZFS I/O statistics for FreeBSD
    12.x or later.
  * Fixed: Issue #1025: If Monit 5.30.0 CLI action was executed for a
    non-existent service name, the error message was not reported properly.
    Thanks to Lutz Mader for fix.
  * Fixed: Issue #1026: If Monit reload was requested during the optional start
    delay interval, Monit still waited for the delay to pass and performed one
    test cycle with the old configuration, before the reload was performed.
    Monit will reload the configuration immediately now.

5.30.0
------
  * New: Add a read-only option to the set httpd statement. The option can be
    used on the TCP socket, the unix socket, or both. Example for setting the
    TCP socket in the read-only mode (for connections from other hosts) and the
    unix socket in the read-write mode (for local Monit CLI actions, like
    service restart, status, etc.):

    set httpd
        port 2812
            read-only
            allow 192.168.1.0/24
        unixsocket /run/monit.socket

    Thanks to Christian Goettsche for contributing this feature.
  * Changed: Issue #1011: The include statement was limited to 512 files,
    increase the limit to 1024 files.
  * Fixed: The disk read and write bytes didn't show up in M/Monit for Monit
    5.27.0 or later.
  * Fixed: Issue #998: Monit 5.29.0 may fail to compile on platforms without
    the monotonic clock support. Thanks to Lutz Mader.
  * Fixed: Issue #1002: 32-bit Linux machines with more then 4GB of RAM
    reported wrong system memory size and swap size values.
  * Fixed: Issue #1005: When the port statement was used with the generic
    protocol test and the target server returned zeros in response, Monit >=
    5.20.0 may crash.
  * Fixed: Issue #1009: When one executes an action via the Monit HTML GUI
    (uses a POST request), the Monit HTTP server will redirect the browser back
    to the base URL, so the browser won't perform the POST request again on an
    automatic page refresh, which is performed to poll for status changes.
  * Fixed: Issue #1015: The set httpd statement supports only one address
    option. Display warning if multiple address options are used.

5.29.0
------
  * New: Issue #715: The PostgreSQL protocol test has been improved and now
    supports authentication with username, password and database when testing
    connection. Example:

    if failed port 5432
        protocol pgsql username "username" password "12345" \ 
database "test"
    then alert

    Previous Monit versions used hardcoded credentials when testing connection
    to postgresql (user=root and database=root). This could trigger thousands
    of messages like this in the postgresql log:

    root@root FATAL:  password authentication failed for user "root"
    root@root DETAIL:  Role "root" does not exist.

    Note: Monit will continue to use the hardcoded credentials (for backward
    compatibility) unless username and password are set.
  * New: Issue #973: You can now test program output using a regular
    expression. Syntax:

    IF CONTENT [!]= <regex> THEN action

    Example:

    check program disk0_smart with path "/usr/sbin/nvme smart-log \ 
/dev/nvme0"
        if content != "critical_warning[ ]+: 0" then alert

  * New: Issue #974: Monit CLI: Added support for the -g (group) option to the
    report command. Example:

    monit -g database report

  * Fixed: Issue #991 (Monit 5.28.1 regression): MacOS: Monit didn't compile on
    MacOS 10.13 or older. Thanks to Lutz Mader.
  * Fixed: Issue #994 (Monit 5.28.1 regression): The check program statement
    with every did not work properly.
  * Fixed: Issue #995: Monit start delay was vulnerable to time jumps when
    Monit is waiting for the delay to pass. Thanks to Daniel Crowe.
  * Fixed: Issue #975: Monit CLI: Monit did not report a warning if -s, -p, -l,
    -g or -c command-line options were specified multiple times and silently
    used the last value only. Monit will generate a warning now.
  * Fixed: Issue #972: Monit GUI: The log view had no size limit when reading
    the Monit log file and could block the browser if the log file was large.
  * Fixed: Issue #955: If more than one every statement is used in a
    check-service context only the last value is (silently) used. We now report
    a warning in this case.

5.28.1
------
  * New: Issue #979: If filesystem mount flags changed, show both old and new
    value. Originally only the new value was reported.
  * Fixed: Issue #960: The memory usage may report wrong value if system memory
    size changed after Monit start. The problem was frequent on KVM/LXC
    containers where MemTotal is dynamicaly updated.
  * Fixed: Issue #965: Monit CLI: if a custom configuration file was used with
    the -c option, and the file cannot be read by Monit, an AssertException was
    thrown. Monit will report normal error instead of the exception now.
  * Fixed: Issue #966: Monit CLI: The service name pattern was changed to
    case-sensitive in Monit 5.28.0. Revert the behaviour back to
    case-insensitive.
  * Fixed: Issue #971: The LINK UP and LINK DOWN tests now support short form
    of the optional ELSE condition, in addition to the verbose ELSE IF
    <SUCCEEDED|FAILED> form.
  * Fixed: Issue #976: The space free test recovery always reported value in
    percent, regardless of the test setting. If the test uses absolute limit,
    Monit will report absolute space usage now.
  * Fixed: Issue #986: Services checks with custom schedule (the EVERY
    statement) did set the data collection timestamp even if the monitoring was
    skipped in the given cycle. The timestamp is now updated only when the
    check was performed.
  * Fixed: Issue #990: Monit built with libressl may crash during verification
    of the expired SSL certificate.
  * Fixed: Issue #968: Systemd and upstart templates: templates used to set the
    path to the configuration file in the sysconfdir, which is optionally set
    via the configure script during the compilation. The path wasn't fully
    expanded in the template though, so it was invalid. The template doesn't
    specify the explicit path now and lets Monit search for the configuration
    file in all supported locations (including the sysconfdir).
  * Changed: Issue #984: The permission check of the SSL PEM key file allows
    group read permissions now (originally Monit enforced that the file is
    readable only by the file owner).

5.28.0
------
  * Deprecated: Monit IF FAILED LINK test was renamed to IF LINK DOWN. The old
    syntax is deprecated, but still works for backward compatibility.
  * New: Added IF LINK UP network interface test, which allows to monitor
    network interface that is by default down, and trigger action, when the
    interface is enabled. Example:

    if link up then "/usr/bin/monit start backup"

    Notes: When link up test is used, the link errors tests are ignored, as
    these tests share the same event type and would reset the status. Also,
    mixing link up and link down in the same check network is not supported.
  * New: Monit can now watch offline TCP/UDP ports and perform action on
    successful connection. It can be used as a security check, e.g. if a
    service like mysql should not be publicly available, or to perform custom
    actions to initialize the service that depends on the one that was just
    started. Thanks to Christian Goettsche for patch. Example:

    if succeeded port 443 protocol https then exec "/bin/monit start \ 
myclient"
    if succeeded host example.org port 3306 protocol mysql then alert

  * New: Monit can watch unix sockets that doesn't exist or are offline and
    perform action on successful connection. Example:

    if succeeded unixsocket /var/run/mysql.sock protocol mysql then exec \ 
"/bin/myscript.sh initdb"

  * New: Monit can ping hosts that are supposed to be offline and perform
    action when they become available. Example:

    if succeeded ping then alert

  * New: Issue #915: Add support for sevice name regular expressions in monit
    CLI status, summary, start, stop, restart, unmonitor, monitor commands.
    Examples:

    monit status myservice  # exact match
    monit status "data.*"   # pattern which will match all services \ 
whos name contain "data" substring

  * New: Issue #718: Add support for response time monitoring to TCP/UDP ports,
    unix sockets and ping. Example for ping and port test:

    if failed ping responsetime < 50 ms then alert
    if failed port 443 protocol https and responsetime < 50 ms then alert
    if failed port 443 protocol https and responsetime < 50 ms then alert

  * Fixed: Issue #961: If a service depends on some other service, which is
    member of the same service group, the service group restart would restart
    the child service twice.
  * Fixed: Minor memory leak when uptime test is used an monit is reloaded.

5.27.2
------
  * Fixed: Issue #931. The "if does exist" test with unmonitor or stop \ 
action
    did not work properly
  * Fixed: Issue #937: If the filesystem check uses mountpoint instead of
    device and multiple devices are defined for the same filesystem with
    mismatch between /etc/mtab and device name in path, Monit reported error
    and disk activity was not reported.
  * Fixed: Issue #948. Cookie validation problem, Invalid CSRF Token, if the
    request was more then 1024 bytes. Increased request size to 8kB.
  * Fixed: Disk activity statistics if procfs fallback was used instead of
    sysfs
  * Fixed: LXC container: Monit could ignore the "start delay" option \ 
of the
    set daemon statement when the container was rebooted, but not the host (the
    LXC container's boot time is not virtualized and inherited from the host).
  * Changed: Monit in debug mode no longer logs open errors about procfs /proc/
    /io and /proc//fd if monit is not running as root. These errors are common
    as linux doesn't allow to read such files if the process belongs to a
    different user. These errors are now only logged in extra verbose mode (-vv
    option).

5.27.1
------
  * Fixed: Issue #932. Require that the program in a 'check program' statement
    exist on Monit startup.
  * Fixed: Issue #916: Linux: Monit procmatch failed to show all matching
    processes if a non-root user ran Monit. Thanks to Lutz Mader for fix.
  * Fixed: Linux: The CAP_SYS_RESOURCE capability was needed to be able to
    monitor filedescriptors usage of other processes if Monit was not started
    as root. Thanks to Christian Goettsche for report.
  * Fixed: Issue #920: On AIX, NetBSD, Solaris, Monit 5.27.0 logged "Cannot
    test filesdescriptors usage as the statistics is not available on this
    system" every cycle even if no filedescriptors test was used in Monit's
    configuration.
  * Fixed: Issue #926: Linux: Remove trailing white space from collected
    process name
  * Fixed: Issue #928: Fixed a race condition in Monit's HTTP interface on
    reload when SIGHUP were sent many times to the Monit process . Thanks to
    Andy Spitzer for patch.
  * Fixed: Improved cross-compile support. Thanks to Christian Goettsche and
    Helmut Grohne for patch.
  * Fixed: Monit could crash when sending heartbeat status to M/Monit.
  * Fixed: If SSL certificate verification failed and certificate valid days
    test was enabled, Monit could report the following false positive:
    certificate expiry in 0 days matches check limit
  * Changed: Use ISO 8601 format timestamp in log files

5.27.0
------
  * New: The SSL version: auto now defaults to TLSv1.2 and TLSv1.3 only. If you
    need to enable TLSv1.0 or TLSv1.1, you have to explicitly enable it via the
    SSL option, example:

    set ssl {
        version: tlsv11
    }

  * New: Support for MySQL TLS encryption. Example:

    if failed port 3306 protocol mysqls then alert

  * New: Issue #839: Support for MySQL 8.x default authentication method,
    caching_sha2_password. If unsecure (non-TLS) connection is used, it is also
    possible to verify the server's RSA key checksum to protect against
    man-in-the-middle attacks. Example:

    check host mymachine with address 127.0.0.1
        if failed
            port 3306
            protocol mysql
            username monit
            password mypassword123
            rsakey checksum 29e512c06275a1b3f4617f8cb9ca583d642386fe
        then alert

  * New: The username in the mysql protocol test was limited to 16 bytes, this
    limit was removed.
  * New: Linux: Support for monitoring a process's filedescriptor usage. Thanks
    to Marcel Baur and Lutz Mader. Example:

    check process myproc with pidfile /var/run/myproc.pid
        if filedescriptors >= 90% then alert
        if filedescriptors >= 99% then restart
        if total filedescriptors > 5000 then alert

  * New: Linux, OpenBSD, FreeBSD, DragonflyBSD, MacOS: Added support for
    monitoring of system-wide filedescriptors usage. Example:

    check system $HOST
        if filedescriptors >= 90% then alert

  * New: You can now set a list of allowed TLS protocols (originally only one
    was allowed). Also added an option to exclude protocols (put - in front of
    the protocol name to disable it). Exclude list example:

     set ssl {
        version: auto -sslv2 -sslv3 -tlsv1 -tlsv11
     }

  * New: Optionally split certificate chain and key for the Monit HTTPS
    interface. Thanks to Lutz Mader for patch. (The original pemfile with all
    certificates in one pem file is still supported). Example:

    set httpd
        port 2812
        with ssl {
            pemchain: /etc/ssl/certs/monit.chain.pem
            pemkey: /etc/ssl/certs/monit.key.pem
        }
        allow myuser:mypassword

  * New: Linux: Enable monitoring of per-process disk read and write I/O
    operations. Example:

    check process foobar matching "myprocess"
        if disk read activity > 500 operations/s then alert
        if disk write activity > 500 operations/s then alert

  * New: Linux: Added generic per-process I/O activity monitoring. Example:

    if read activity > 1 mb/s then alert
    if write activity > 1 mb/s then alert

  * New: Issue #889: Linux: monitor detailed CPU statistics for nice, hardirq,
    softirq, steal, guest, guestnice. The statistics for nice was originally
    included in the cpu (user) statistics, but it now has its own counter.
  * New: FreeBSD, OpenBSD, NetBSD, DragonflyBSD MacOS: Added CPU nice and
    interrupt usage statistics.
  * New: Issue #877: Linux: Added support for VxFS filesystem statistics.
    Thanks to Lutz Mader for patch.
  * New: Issue #894: Added year to the timestamp when monit logs to its own log
    file.
  * New: Issue #908: Add STARTTLS support to the IMAPS protocol test on port
    143. Example:

    if failed port 143 protocol imaps then alert

  * Fixed: Issue #519: Monit could crash if a file check with restart on
    content match was used and this file had dependant services.
  * Fixed: Issue #867: If Monit was linked with musl libc, it could crash when
    executing programs. Thanks to Rich Felker for report.
  * Fixed: Monit incorrectly added CPU wait% to system CPU usage (the CPU is
    idle when it's in the wait state, waiting for the I/O to complete).
  * Fixed: The per-process I/O statistics on Linux, AIX, DragonflyBSD, NetBSD
    and Solaris always displayed 0 activity.
  * Fixed: Issue #843: Linux: Monit reported wrong memory usage in LXC
    container if the ZFS filesystem was used. Monit now use MemAvailable on
    Linux when calculating memory usage for more accurate statistics. Thanks to
    Joe LeVeque for patch.
  * Fixed: Issue #831: The HTTP protocol test returned unknown transfer
    encoding HTTP error if either the content or checksum test was used and the
    HTTP server didn't set the Content-Length header nor used chunked transfer
    encoding.
  * Fixed: Issue #880: If Monit was linked with AddresSanitizer, it could crash
    when it generates an MD5 hash. Thanks to Lutz Mader for patch.
  * Fixed: Issue #879: The HTML interface didn't escape strings that are part
    of Monit's configuration file. Thanks to Hanno Boeck for report.
  * Fixed: Issue #872: Monit's procmatch table can now display pids with up to
    8 digits. Previously, pids where truncated after 5 digist.
  * Fixed: Issue #891: The repeat option to an action was limited to 256
    cycles.
  * Fixed: Issue #851: Linux and AIX: The length of the string that describes
    the process name and its arguments was limited to 4kB, so monit procmatch
    might not find the process if the string was longer and unique after 4Kb.
    This limit has been removed on Linux and raised on AIX to 8kB.
  * Fixed: Issue #840: Network check: superfluous alerts if link is down.
    Thanks to Lonnie Abelbeck.
  * Fixed: MacOS: Only the first 16 characters of the process name was
    displayed for privileged processes, so the pattern based process check and
    Monit's procmatch could miss some processes.
  * Fixed: Issue #886: Monit's command-line options are now position
    independent.
  * Fixed: If Monit is linked with AddresSanitizer and a custom configuration
    file was passed via the -c option, monit could crash.
  * Fixed: MQTT protocol test.
  * Fixed: Issue #907: The onreboot nostart had no effect when a service was
    newly added to Monit's configuration or the statefile was removed.
  * Fixed: The PostgreSQL test was flapping with the following error if
    connection via unix socket was used: PGSQL: connection terminator write
    error -- Broken pipe
  * Plus many more internal fixes and improvements

Log message:
sysutils: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Log message:
sysutils: Remove SHA1 hashes for distfiles

Log message:
monit: needs pam

Log message:
*: Recursive revision bump for openssl 1.1.1.

Log message:
monit: Update to 5.26.0

- Fix build with OpenSSL 1.1
- Fix CVE-2016-7067
- ... many others, see https://mmonit.com/monit/changes/