2005-10-09  Dominik Vogt  <dominik.vogt@gmx.de>

	* doc/ANNOUNCE:
	* configure.ac:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.6 release

2005-09-18  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/testgg.c (__test_run_command1):
	(__test_run_command2):
	new test code

	* README:
	documented new functions

	* src/gateguardian.c.in (__gateg_safe_run_command):
	(gateg_safe_run_command):
	(gateg_safe_run_command_with_cfg):
	new functions for running an external command

2005-08-13  Dominik Vogt  <dominik.vogt@gmx.de>

	* doc/ANNOUNCE:
	* configure.ac:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.5 release

	* TestLog:
	* INSTALL.gateguardian:
	* README:
	updated

2005-07-10  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/inputguardian.c.in (inputg_is_simple_email_address):
	new interface function

2005-07-09  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/inputguardian.c.in (inputg_escape_html_with_tag_table):
	(inputg_escape_all_html):
	(inputg_escape_html):
	new interface functions

2005-05-15  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	* NEWS:
	updated for 0.9.5 release

	* doc/ANNOUNCE:
	* configure.ac:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.4 release

	* src/testfg.c (__test_path_tests):
	fixed buffer overflow and core dump in test code

	* src/testgg.c (main):
	fixed invalid test return code

	* src/testgg.c:
	* src/gateguardian.c.in:
	* src/testig.c:
	compile fixes

	* src/testfg.c (__usage):
	(__cleanup_test_env):
	(__setup_test_env):
	(__parse_options):
	added option to skip tests that need root

	* src/testgg.c:
	added dirfd() feature test

2005-04-17  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/fileguardian.c.in (fileg_is_filename):
	(fileg_is_path):
	(fileg_is_local_relative_path):
	(fileg_is_relative_path):
	(fileg_is_absolute_path):
	(fileg_remove_fuzz_from_path):
	new functions

2005-04-13  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/fileguardian.c.in:
	added comment on portability

	* src/gateguardian.c.in:
	removed unused dirfd-test

2005-04-11  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	fixed handling of inputguardin_if.h
	updated version and library version

	* src/testig.c:
	* src/inputguardian.c.in:
	rewrote interfaces

	* src/inputguardian.c.in:
	rewrote some code

	* src/testgg.c (main):
	* src/testfg.c (main):
	fixed a bug in the test code

	* src/testig.c:
	* src/testig_cpp.cpp:
	* src/inputguardian.c.in:
	* src/inputguardian_headers.h:
	* src/fileguardian_if.h:
	* src/inputguardian.h.in:
	new files

	* src/Makefile.am:
	* configure.ac:
	added inputguardian module

2005-02-28  Dominik Vogt  <dominik.vogt@gmx.de>

	* doc/ANNOUNCE:
	* configure.ac:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.3 release

2005-02-27  Dominik Vogt  <dominik.vogt@gmx.de>

	* README:
	describe new fileguardian features

	* src/testfg.c:
	* src/fileguardian.c.in:
	finalized fileguardian code

	* src/features/FILE_PERMISSIONS:
	new file
	* src/features/HAVE_S_ISVTX:
	* src/features/HAVE_S_IRWXO:
	* src/features/HAVE_S_IWGRP:
	* src/features/HAVE_S_IWOTH:
	* src/features/HAVE_S_IRWXU:
	removed files

2005-02-22  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/fileguardian.c.in:
	bugfixes

	* src/testfg.c:
	test cases

2005-01-19  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/fileguardian.c.in (__fileg_check_path_safety):
	(__fileg_safe_opendir_with_mode):
	(__fileg_check_dir_safety_with_mode):
	(fileg_safe_opendir_with_mode):
	(fileg_check_dir_safety_with_mode):
	allow write access for group / others if sticky bit is set when
	generating temporary files.
	(__fileg_check_forbidden_mode):
	new function

	* configure.ac:
	* src/features/HAVE_S_ISVTX:
	new file

	* src/fileguardian.c.in (__fileg_check_path_safety):
	check permissions of starting directory too

	* src/libgateguardian.c:
	fixed compile error

	* src/gateguardian_headers.h:
	* src/fileguardian_headers.h:
	new files

	* src/gateguardian_if.h:
	* src/fileguardian_if.h:
	updated

2005-01-18  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/features/HAVE_LIMITS_H_1:
	* src/features/HAVE_LIMITS_H_0:
	* src/fileguardian.c.in:
	* configure.ac:
	include limits.h if it exists

2005-01-13  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/version.h:
	* src/version.c.in:
	* README:
	renamed version functions

2005-01-09  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	* src/Makefile.am:
	* doc/DEVELOPERS:
	* INSTALL.gateguardian:
	new features:
	 - build a static and a shared libgateguardian
	 - split interface definitions into separate files
	 - script gateguardian-version that sets environment variables with the
	   version of gateguardian
	 - header files version.h, gateguardian.h and fileguardian.h with the
	   declarations of the library interface

	* src/gateguardian-version.in:
	source for gateguardian-version script
	* src/libgateguardian.c:
	source file for libgataguardian
	* src/version.h:
	file with library version function
	* src/version.c.in:
	sources of library version function
	* src/fileguardian.c.in:
	use fileguardian_if.h
	* src/gateguardian.c.in:
	use gateguardian_if.h
	* src/fileguardian_if.h:
	* src/gateguardian_if.h:
	basic interface definitions to generate gateguardian.h and
	fileguardian.h from.

2004-12-20  Dominik Vogt  <dominik.vogt@gmx.de>

	* Makefile.am:
	added INSTALL.gateguardian to distribution

2004-12-19  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	* NEWS:
	released 0.9.2

	* doc/ANNOUNCE:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.2 release

	* src/testgg.c (__run_test):
	(main):
	use stderr instead of stdout
	(__check_core_file):
	(__run_test):
	support for freebsd core file naming scheme

	* src/gateguardian.c.in:
	include paths.h only on platforms that have it

	* src/features/Makefile.am (EXTRA_DIST):
	* src/features/HAVE_PATHS_H_1:
	* src/features/HAVE_PATHS_H_0:
	new files

	* src/testgg.c (__test_umask):
	fixed compile warnings
	(__test_evar1):
	use putenv instead of setenv

	* src/Makefile.am:
	* src/fileguardian.c:
	* src/gateguardian.c:
	removed files

2004-12-17  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	more verbose configure summary

	* src/testgg.c:
	fixed core dump test

	* src/gateguardian.c.in (__gateg_priv_set_drop_credentials):
	removed "to do" from a comment
	renamed "magic" to "identifier_token"
	* src/gateguardian.c.in (__gateg_chroot_verify):
	do not call multiple functions on a single line

2004-12-16  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/testgg.c:
	* src/gateguardian.c.in:
	* src/fileguardian.c.in:
	use new feature test handling

	* src/features/NSIG:
	* src/features/FD_SETSIZE:
	* src/features/OPEN_MAX:
	* src/features/_PATH_DEVNULL:
	* src/features/_PATH_STDPATH:
	* src/features/RLIMIT_CORE:
	* src/features/SYSCONF:
	* src/features/SETRLIMIT:
	* src/features/GATEG_DEBUG:
	* src/features/PATHCONF:
	* src/features/_PC_PATH_MAX:
	* src/features/PATH_MAX:
	* src/features/HAVE_O_NOFOLLOW:
	* src/features/HAVE_S_IRWXO:
	* src/features/HAVE_S_IWGRP:
	* src/features/HAVE_S_IWOTH:
	* src/features/HAVE_S_IRWXU:
	* src/features/HAVE_DIRFD_1:
	* src/features/HAVE_DIRFD_0:
	* configure.ac:
	new way of handling feature tests

2004-12-15  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/testgg.c:
	* src/testfg.c:
	* src/gateguardian.c.in (gateg_safe_init):
	use NULL instead of 0

2004-12-14  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/testgg.c (__test_cwd):
	(__test_chroot):
	(__test_fds):
	do not use dirfd if not available
	(__test_fds):
	fixed testgg reporting thet fd 2 was not closed

2004-10-25  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/gateguardian.c.in (gateg_safe_init):
	always abort with rc == -1

	* src/testgg.c (test_table):
	(__test_delay):
	added test for delay code

	* README:
	explain gateg_safe_init return codes

	* src/gateguardian.c.in (__gateg_update_ops):
	(gateg_safe_init):
	Returns 0 = init complete, 1 = init incomplete

2004-10-12  Dominik Vogt  <dominik.vogt@gmx.de>

	* Makefile.am (doc_DATA):
	* README:
	* TestLog:
	added TestLog

	* src/testgg.c:
	BSD compile fix
	(__run_test):
	improved failure detection
	(__test_stdfds2):
	take into account that fopen may work like freopen on some platforms
	(__check_core_file):
	(__run_test):
	do not test core dumps if machine does not generate them
	(__test_evar1):
	(__str_equal):
	don't use strcmp

	* configure.ac:
	disable -Werror

2004-10-10  Dominik Vogt  <dominik.vogt@gmx.de>

	* configure.ac:
	* NEWS:
	released 0.9.1

	* doc/ANNOUNCE:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.1 release

2004-10-09  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/fileguardian.c.in:
	* src/gateguardian.c.in:
	added bug report mail address

	* src/testgg.c:
	* src/gateguardian.c.in:
	renamed ..._OP_KEEP to ..._OP_NOP
	and ..._INIT_KEEP to ..._INIT_NOP

	* src/gateguardian.c.in (__gateg_handle_delay):
	fixed handling of delayed calls

	* configure.ac:
	* NEWS:
	released 0.9.0

	* doc/ANNOUNCE:
	* configure.ac:
	* NEWS:
	* doc/gateguardian.lsm.in:
	updated for 0.9.0 release

	* doc/DEVELOPERS:
	updated

	* src/testfg.c (main):
	add a warning

	* configure.ac:
	* src/fileguardian.c.in:
	* src/gateguardian.c.in:
	* src/fileguardian.c:
	* src/gateguardian.c:
	.c files are built automatically from .in files

	* src/fileguardian.c.in:
	* src/gateguardian.c.in:
	added files

	* src/gateguardian.c (__gateg_fds_close):
	(__gateg_fds_get_max_fds):
	(__gateg_fds_check_reopen_fd):
	(__gateg_fds_std_clean_up):
	(__gateg_core_disable):
	(__gateg_sighand_reset):
	(__gateg_priv_set_drop_credentials):
	(__gateg_umask_set):
	(__gateg_chroot_verify):
	(__gateg_chroot):
	(__gateg_cwd_set):
	(__gateg_evars_clean_up):
	(__gateg_evars_make_env):
	(__gateg_evars_get_envsize):
	(__gateg_evars_handle_one_entry):
	(__gateg_evars_handle_filters):
	(__gateg_evars_get_homedir):
	(__gateg_evars_get_username):
	(__gateg_evars_reset_handlers):
	renamed functions

	* src/gateguardian.c (gateg_cfg_t):
	* src/testgg.c:
	renamed structure elements:
	gateg_args_t to gateg_cfg_t
	a_op to ops
	env_vars to evars_clean
	close_fds to fds_close
	std_fds to fds_std
	set_workdir to cwd_set
	call_chroot to chroot_call
	verify_chroot to chroot_verify
	set_umask to umask_set
	set_privileges to priv_set
	drop_privileges to priv_drop
	signal_handlers to sighand_reset
	verify_signal_handlers to sighand_verify
	disable_core_dump to core_disable
	a_evarhandlers to evars_handlers
	a_workdir to cwd
	a_chroot_path to chroot_dir
	a_umask to umask
	a_uid to priv_uid
	a_gid to priv_gid

2004-10-07  Dominik Vogt  <dominik.vogt@gmx.de>

	* README:
	add contact information

	* INSTALL.gateguardian:
	add installation and security information

2004-10-06  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/testgg.c:
	implemented test cases

	* src/gateguardian.c (__gateg_sh_signal_handlers_stage2):
	(__gateg_sh_verify_signal_handlers):
	renamed function
	(__gateg_cr_safe_chroot_stage2):
	(__gateg_cr_verify_chroot):
	renamed function
	(__gateg_cr_safe_chroot):
	(__gateg_cr_chroot):
	renamed function
	(__gateg_cr_chroot):
	(__gateg_cr_chroot_internal):
	renamed function
	(gateg_safe_init):
	(gateg_init_args):
	introduced separate steps for above functions
	(gateg_safe_init):
	(gateg_chroot):
	(__gateg_cr_chroot):
	use new function names
	(__gateg_decrement_delay):
	(__gateg_update_ops):
	(__gateg_handle_delay):
	(__gateg_get_real_ops):
	(gateg_safe_init):
	introduced delaying the individual ops to a later call
	(__gateg_ev_clean_up_vars):
	(__gateg_fd_close_fds):
	(__gateg_fd_clean_up_std_fds):
	(__gateg_di_set_workdir):
	(__gateg_cr_chroot):
	(__gateg_cr_verify_chroot):
	(__gateg_um_set_umask):
	(__gateg_cr_safe_set_credentials):
	(__gateg_cr_safe_set_credentials):
	(__gateg_sh_clean_up_signal_handlers):
	(__gateg_sh_verify_signal_handlers):
	(__gateg_cd_disable_core_dump):
	(gateg_init_args):
	use unsigned int instead of gateg_op_t to make compiler happy
	(__gateg_check_order):
	new function
	(__gateg_ev_handle_one_entry):
	fixed use of getenv()

2004-10-04  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/gateguardian.c (GATEG_VAR_SET_USER_EFFECTIVE):
	(GATEG_VAR_SET_LOGINDIR_EFFECTIVE):
	new macros
	(gateg_defvarhandlers):
	(__gateg_ev_handle_filters):
	HOME, LOGNAME and LOGINDIR use the effective uid/gid
	ORIG_... use the real uid/gid
	(gateg_safe_init):
	reset signal handlers early
	added comment about execution order
	(__gateg_cr_safe_set_credentials):
	tried to clean up setuid, seteuid, setreuid mess
	(__gateg_fd_get_max_fds):
	(__gateg_cd_disable_core_dump):
	handle setrlimit() and sysconf() portability in a central place at
	beginning of file
	(__gateg_fd_get_max_fds):
	require getdtablesize for the moment

	* src/gateguardian.c:
	several bugfixes

	* README:
	wrote basic documentation

	* src/gateguardian.c (gateg_safe_init):
	fixed configuration of std fds

	* src/testgg.c (main):
	simplified code

2004-10-01  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/gateguardian.c (__gateg_cr_safe_chroot_stage2):
	(__gateg_sh_signal_handlers_stage2):
	new functions to verify correct operations of "chroot" and "reset
	signal handlers"
	(__gateg_cd_disable_core_dump):
	cleaned up
	(__gateg_sh_clean_up_signal_handlers):
	reset the last signal handler too, try signal 0 just in case it exists
	on some obscure platform
	fixed handling of signal() return code
	(__gateg_cr_safe_set_credentials):
	some fixes
	(__gateg_fd_check_reopen_fd):
	cleaned up
	(__gateg_ev_handle_one_entry):
	fixed keeping variable values.
	(__gateg_ev_get_username):
	(__gateg_ev_get_homedir):
	call endpwent at end of function
	call setpwent at beginning of function

	* src/testgg_cpp.cpp:
	fixed inclusion of testgg.c

	* src/gateguardian.c:
	split off fileguardian.c

	* src/testfg.c:
	* src/testfg_cpp.cpp:
	* src/fileguardian.c:
	new files

	* src/gategtest_cpp.cpp:
	removed file

2004-09-30  Dominik Vogt  <dominik.vogt@gmx.de>

	* src/gateguardian.c (__gateg_cr_safe_set_credentials):
	fixed potential integer underflow
	(__gateg_fd_get_max_fds):
	properly use the return code of sysconf() and getdtablesize()

2004-09-29  Dominik Vogt  <dominik.vogt@gmx.de>

	* **/*:
	initial checkin
