2005-11-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* VERSION: bumped to 3.0.8

2005-11-02  Balazs Scheidler  <bazsi@bzorp.balabit>

	* modules/ftp/Ftp.py: removed the call to
	PlugProxy.__pre_shutdown__ as it does not exist (fixes: #7464)

2005-10-25  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Zone.py (Zone): fixed umbrella processing and removed
	permitted/effective/inheritable support as it was never published
	(fixes: #7429)

2005-10-25  Simon Gabor <fules@balabit.hu>

        * modules/imap/imap.c (imap_ready): fixed length checking as the
	line returned by ZStreamLine is not NUL terminated  (fixes #7325)

        * tests/functional/imap/func/too_many_literals.tests: testcase added
        (fixes #7325)

2005-10-25  Balazs Scheidler <bazsi@balabit.hu>

        * pylib/Zorp/Chainer.py: added round_robin option to failover
        chainer (fixes: #7369)

2005-10-25  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/attach.c: fixed timeout conversion to properly handle
	negative values

2005-10-24  Simon Gabor <fules@balabit.hu>

        * modules/imap/imap.c: stricter check on the number of literals
	(fixes #7325)

2005-10-24  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/attach.c: convert timeout value from msec (as expected as in
	parameters) to seconds as expected by ZIOConnect

	* lib/pyattach.c: default timeout is 30000 (instead of 30)

	* lib/pyfastpath.c: default timeout is 30000 (instead of 30)

	* modules/http/httpftp.c: default timeout is 30000 (instead of 30)

	* pylib/Zorp/Auth.py (SatyrAuthentication.__init__): added
	connect_timeout parameter (defaults to 60000)

2005-10-24  Attila SZALAY <sasa@balabit.hu>

        * lib/satyr.c (z_satyr_connect): Use dynamic value for connection
        timeout. (fixes: #7395)

2005-10-24  Simon Gabor <fules@balabit.hu>

        * modules/imap/imapcmd.c: cap filtering added to greeting untagged
        OK (fixes #7362)

	* tests/functional/imap/func/cases/greeting_untagged_ok.tests:
        testcase for #7362

2005-10-24  Balazs Scheidler <bazsi@balabit.hu>

        * modules/pssl2/pssl.c (pssl_register_vars): added handshake_timeout
        attribute,
        (pssl_config_set_defaults): set handshake_timeout to 30 secs,
        (pssl_perform_handshake): fix timeout processing, use a separate
        timeout value during handshake (fixes: #7386)

2005-10-19  Simon Gabor <fules@balabit.hu>

        * modules/ldap/encode/ldap.c: parsing error fixed (fixes #7341)

2005-10-19  Attila SZALAY <sasa@balabit.hu>

        * modules/mime/mime.c (mime_entity_write): Check successful return
        after every write attempt. (fixes: #6882)

2005-10-18  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pysatyr.c (z_py_zorp_satyr_auth): changed "Connection
	terminated before first command" message to "Error or timeout
	reading response from peer"

	* modules/imap/imappolicy.c (imap_policy_capability_allowed):
	fixed loglevels

2005-10-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* VERSION: bumped version to 3.0.7.1

2005-10-13  Simon Gabor <fules@balabit.hu>

        * modules/imap/imap.c, modules/imap/imapauth.c: one sure and one
        possible leak eliminated (fixes #7320)

2005-10-13  Attila SZALAY <sasa@balabit.hu>

        * modules/ftp/Ftp.py (class FtpDataProxy): Moved ftp_data_stop call
        from destroy to shutdown. (fixes: #7322)

2005-10-10  Balazs Scheidler <bazsi@balabit.hu>

	* lib/py*.c: fixed Python type initialization, PyObject_HEAD_INIT
	requires an actual type object (and not a pointer pointing to the
        same type), causes a segfault with Python2.3 whenever
        type(ZorpBuiltin) was referenced (fixes: nobug)

	* pylib/Zorp/Proxy.py (Proxy.__destroy__): fix possible circular
	references through Proxy.__dict__ by removing all elements

2005-10-10  Attila SZALAY <sasa@balabit.hu>

        * modules/vbuster4/vbuster.c (vbuster_engine_init): Read the answer
        of createEngine. (fixes: #6667)

2005-10-10  Attila SZALAY <sasa@balabit.hu>

        * modules/ftp/ftp.c (ftp_data_reset): Fixed the order of unref and
        NULL-ifing. (fixes: #7149)

        * modules/ftp/ftp.c: Do not use the return value of g_string_*
        (fixes: nobug)

	* lib/szig.c: free the listener sockaddr (fixes a one-off leak)
	(fixes: nobug)

2005-10-10  Attila SZALAY <sasa@balabit.hu>

        * modules/imap/imapparse.c (imap_isatomchar): Change parameter from
        signed to unsigned. (fixes: #7227)

2005-09-27  Balazs Scheidler <bazsi@balabit.hu>

        * lib/authprovider.c (z_py_zorp_auth_get_python_from_cmd): added
        g_list_free as the list returned zas_auth_get_all_headers() were not freed,
        (z_py_zorp_auth_get_cmd_from_python): removed unneeded PyObject_Str
        call, the return value was leaked,
        (z_auth_provider_command): consume the cmd parameter as this was
        assumed by all callers, added a short note about this,

        * lib/pysatyr.c (z_py_zorp_satyr_auth): as leaks were fixed, I had
        to make sure no freed memory is referenced, a new last_cmd local was
        introduced to store the last command,
        (z_py_zorp_satyr_auth): send a clean ACCEPT command to satyr, to
        avoid leaking any information (fixes: #6137)

        * lib/pyzasauth.c (z_py_zorp_zasauth_start_session): do not leak
        FAKE command, store it instead as template_cmd,
        (z_py_zorp_zasauth_do): fix memory leak by freeing "answer"

        * lib/satyr.c (z_satyr_session_startup): fix memory leak by freeing
        cmd

        * lib/zasauth.c (z_zas_session_free): instead of freeing headers
        using open code, free template_cmd using zas_auth_command_free,
        (z_zas_session_start): don't use self->receiver_cmd, but use a local
        variable instead,
        (z_zas_do): properly duplicate information in session->template_cmd
        (originally headers), free the temporary list used

2005-09-27  Balazs Scheidler <bazsi@balabit.hu>

        * zorpctl/szig.c (z_szig_context_destroy): handle ctx == NULL case
        (fixes: #6428)

        * lib/packsock.c: added MSG_DONTWAIT to all recv() invocations
        (fixes: #6761)

        * modules/pssl2/Pssl.py: change cipher suites to explicitly disallow
        anon-DH ciphers (fixes: #7032)

        * modules/smtp/Smtp.py: added 500/501/421 as valid responses for all
        commands, changed SMTP_REQ_ACCEPT to SMTP_RSP_ACCEPT for response
        policies (not a numerical change) (fixes: #7222)

        * modules/http/httphdr.c (smuggle_headers): new array, containing
        the list of headers where duplication is not allowed because their value
        is used for some kind of access control decision, (fixes: #7034)
        (http_add_header): if a header is already in the hash, do not add it
        again, unless it is not found in smuggle_headers (fixes: #7034)

        * tests/functional/http/protocol/smuggle.tests: new test file for
        smuggle headers (fixes: #7034)

        * modules/http/http.c (http_add_header): added a log message on
        request smuggling (fixes: #7034)

        * modules/rsh/rsh.c (rsh_accept_server_stderr): wake up every 1 sec
        during the wait for server stderr connection, check every time
        whether the connection was broken, and abort if it was (fixes: #7198)

        * modules/rsh/rsh.c (rsh_connect_client_stderr,
        rsh_accept_server_stderr): do not try to allocate a privileged port
        if require_privileged_port is FALSE (needed by ZTS),
        (rsh_fetch_request): fixed reading incoming commands, previously the
        same area was used for all three protocol elements, therefore it
        might happen that the proxy uses the same value for
        locuser/ruser/command,
        (rsh_accept_server_stderr): fixed timeout checking typo which caused
        the timeout check to wait at most one more second (fixes: #7198)

        * tests/functional/rsh/*.tests: added testcases to verify RSH functionality
        * modules/http/http.c (http_connect_server): check whether
        connection was broken and reconnect in that case (fixes: #6444)

2005-09-26  Simon Gabor <fules@balabit.hu>

        * lib/satyr.c: Satyr connection error is now logged using the
          correct session id (fixes #6933)

        * lib/satyr.c: log message added to log ssl connections towards 
          satyr (fixes #6693)

        * pylib/Zorp/Dispatch.py: log message now handles nonexistent 
          services also (fixes #6381)

        * tools/qc.c: cmdline checks added, constants moved to defines
	  (fixes #6523)

        * modules/smtp/smtp.c: log message for message acceptance added 
          (fixes #6640)

        * modules/ftp/Ftp.py: log message for non-anonymous user login 
          attempt added (fixes #5897)

        * modules/imap/imap.h: missing function declarations added 
          (fixes #6884)

        * modules/imap/imap.c: timeout handling fixed (fixes #6636)

2005-09-19  Balazs Scheidler <bazsi@balabit.hu>

	* bumped to version 3.0.7

2005-09-12  Balazs Scheidler <bazsi@balabit.hu>

	* bumped to version 3.0.6.3

2005-09-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Auth.py (SatyrAuthentication.authorizeUser): added
	error_status argument as it is passed by the C code

	* lib/pyproxy.c (z_py_zorp_proxy_new): fixed deadlock in
	ZR_PYPROXY construction

2005-09-01  Balazs Scheidler <bazsi@balabit.hu>

        * pylib/Zorp/Proxy.py (Proxy.userAuthenticated): fixed possible None
        reference

2005-09-01  SZALAY Attila  <sasa@balabit.hu>

	* Numped to version 3.0.6.2

2005-09-01  Balazs Scheidler <bazsi@balabit.hu>

	* lib/pysatyr.c (z_py_zorp_satyr_auth): construct and return
	error_reason

	* lib/satyr.c: make it possible to return an error reason

	* pylib/Zorp/Auth.py (SatyrAuthentication.performOutbandAuth):
	expect the C function to return error status, include it in the
	information attached to raised exception

2005-08-23  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.6.1

	* modules/mime/mime.c (mime_blob_write): Fixed z_code_get_result
	calling. (Do not reuse encoded_buflem, use sizeof instead. (fixes:
	nobug)
	(mime_blob_write): Added extra safety check to write all the data
	from coder. (fixes: nobug)

2005-08-18  Balazs Scheidler <bazsi@balabit.hu>

	* all Makefile.ams: backported Makefile.am cleanup from 3.1

	* configure.in.in: now it is the same as the 3.1 version (some
	cleanup in naming)

2005-08-17  Balazs Scheidler <bazsi@balabit.hu>

	* VERSION: bumped to version 3.0.6

2005-08-08  Balazs Scheidler <bazsi@balabit.hu>

	* VERSION: bumped to version 3.0.5.5

2005-08-05  Simon Gabor <fules@balabit.hu>

        * modules/telnet/telnet.h: too long suboption negotiations now
	recognised (fixes #7027)

2005-08-04  Simon Gabor <fules@balabit.hu>

        * libproxy/code.c, libproxy/code_base64.c,
	libproxy/zorp/proxy/code.h, libproxy/zorp/proxy/code_base64.h,
	modules/http/http.c, modules/imap/imapauth.c, modules/mime/mime.c,
	modules/mime/mimedata.c, modules/mime/mimehdr.c,
	tests/functional/mime/policy/erroraction.tests,
	tests/functional/mime/policy/bodymanip.tests: ZCode
	re-implementation backported from 3.1 (fixes #6424)

2005-08-04  Balazs Scheidler <bazsi@balabit.hu>

        * modules/pssl2/pssl.c (pssl_verify_peer_cert_cb): fixed an X509
	reference leak leak in CRL verification (fixes: #7031)

2005-08-04  Attila SZALAY <sasa@balabit.hu>

        * lib/pyfastpath.c (z_fp_connect_chainer_chain): Set ToS value to
	-1 (fixes: #6415)

2005-07-29  Balazs Scheidler  <bazsi@bzorp.balabit>

	* VERSION: bumped version to 3.0.5.4

2005-07-28  Balazs Scheidler <bazsi@balabit.hu>

	* modules/pssl2/Pssl.py: added documentation on
	{client|server}_verify_depth (fixes: #6280)

	* modules/http/Http.py: fixed docbug in error_silent attribute
	(fixes: #6461)

	* modules/http/http.c (http_process_base64): fixed possible
	off-by-one problem (fixes: #6880)

	* pylib/Zorp/Chainer.py (FailoverChainer.chainParent): do not give
	a backtrace if self.state is None, as that is the case when
	timeout is not specified (fixes: #6994)

2005-07-22  Sandor Geller  <wildy@balabit.hu>

        * scripts/vbupgrade.sh: redirected stderr to /dev/null in line 374
	when invoking ls (fixes: nobug)

2005-07-20  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/http/httphdr.c (http_filter_headers): unlock the policy
	if HTTP_HDR_POLICY entry cannot be parsed

2005-07-20  Sandor Geller  <wildy@balabit.hu>

        * debian/zorp.postinst: make sure that the zorp user is member of
	the zorp group (fixes: 6998)

2005-07-20  Sandor Geller  <wildy@balabit.hu>

        * debian/zorp.postinst: create the zorp group and change the
	ownership of /etc/zorp/* (fixes: 6998)

        * debian/changelog.in, configure.in.in: added current date to the
	changelog

        * debian/copyright.in-pro: added proprietary note

        * debian/rules.in-pro: added missing dh_installdocs to the binary
	dependent rule to include documentation to the zorp-pro package

        * debian/zorp-pro.docs.in: added NEWS.hu to the list of docfiles

        * debian/zorp.docs: added NEWS.hu to the list of docfiles
	(currently zorp-gpl doesn't contain docfiles) to keep it synced
	with the commercial package

        * debian/zorp.init, debian/zorp-pro.init.in: corrected the test
	for the executable

2005-07-20  Simon Gabor <fules@balabit.hu>

        * modules/telnet.c: command on block boundary bug fixed (fixes
	#7027)

2005-07-20  Simon Gabor <fules@balabit.hu>

        * modules/imap/imapauth.c: misleading name changed (fixes #6881)

2005-07-20 <fules@balabit.hu>

	* modules/lp/lp.c:1271 modules/rsh/rsh.c:748 modules/rsh/rsh.c:755
	  modules/rsh/Rsh.py:76 modules/finger/finger.c:301
	  modules/telnet/telnetoption.c:416: some malformed log messages
	  re-formatted (fixes #6320)

2005-07-20  Balazs Scheidler <bazsi@balabit.hu>

        * modules/http/http.c: changed default value for max_chunk_length
	to 0 (fixes: #7029)

2005-07-18  Balazs Scheidler  <bazsi@bzorp.balabit>

	* modules/vbuster4/VBuster.py: VBUSTER_HEU_PARANOID is not
	supported by vbuster4, change value to VBUSTER_HEU_HIGH

	* modules/vbuster4/vbuster.c: removed "paranoid" as a possible
	heuristic setting from engine initialization code

	* tests/functional/vbuster: renamed to vbuster4 added testcase to
	test policy settings

2005-07-14  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.5.3

2005-07-14  Simon Gabor <fules@balabit.hu>

	* modules/pop3/pop3policy.c: policy locking when processing
	  STK_MIME/STK_DATA added (fixes #6628)

2005-07-14  Balazs Scheidler <bazsi@balabit.hu>

	* modules/mime/mimehdr.c (mime_headers_write): do not free
	current_header->header_key before a possible exit from the
	function without setting it to NULL first, changed the way the
	header list if disposed (fixes: #6923)

	* lib/proxy.c: the fix for interface locking changed so that the
	interfaces_lock is not held when the destructor for the
	ZProxyIface class is called (fixes: #6923)

	* modules/vbuster4/vbuster.c (vbuster_scan): fixed scan_method and
	heu_sensitivity processing to allow changing to all vbuster
	supported methods (fixes: #6342)

2005-07-07  Sandor Geller  <wildy@balabit.hu>

        * scripts/vbupgrade.sh: eliminated a warning message which was
	sent to stderr when VBuster wasn't installed (fixes: nobug)

2005-07-06  Sandor Geller  <wildy@balabit.hu>

        * scripts/vbupgrade.sh: added code to remove the downloaded
	packages (fixes: 6993)

        * doc/man/vbuster.options.5: changed bogus vbuster.conf to
	vbuster.options in the header

        * scripts/vbuster.options: fixed documentation

        * scripts/vbupgrade.sh, scripts/vbuster.options,
	doc/man/vbuster.options.5: added SUBJPREFIX variable, the subject
	of the e-mails will be prefixed with this value (fixes: nobug)

        * scripts/vbupgrade.sh: unified log messages; modified sendlog
	function to use 2 parameters: severity and message (with this
	change it was possible to remove a lot of conditionals from the
	script); modified sendlog invocations; modified the severity of
	the missing engine/database messages to ERROR

2005-06-24  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.5.2

2005-06-24  Balazs Scheidler  <bazsi@balabit.hu>

	* zorpctl/main.c (z_process_stop_instance): clarified error
	message on Zorp timeout

	* modules/http/http.c (http_copy_request): set force_reconnect if
	reattempt_connection was true

	* modules/http/httpfltr.c (http_transfer_dst_write_preamble): only
	set reattempt_connection to TRUE if no data has been buffered so
	far

2005-06-17  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.5.1

2005-06-17  Balazs Scheidler <bazsi@balabit.hu>

	* lib/proxy.c (z_proxy_add_iface_unlocked,
	z_proxy_del_iface_unlocked): new unlocked variants of
	z_proxy_add_iface and z_proxy_del_iface functions,
	(z_proxy_add_iface, z_proxy_del_iface, z_proxy_find_iface,
	z_proxy_destroy_method): added locking of the interfaces list to
	avoid race condition when the child uses an interface while the
	parent is being destroyed (fixes: #6923)

	* modules/http/httpfltr.c (http_data_transfer): handle all
	different verdict codes that might be returned by the stacked
	proxy. (fixes: #6855)

	* modules/smtp/Smtp.py: added 450 response code to the MAIL
	command
	(fixes: #6711)

2005-06-07  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.5

2005-06-01  SZALAY Attila  <sasa@balabit.hu>

	* modules/nnt/Nntp.py: Fixed copy&paste bugs and follow code
	changes too. (fixes: nobug)

2005-05-26  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.4.6

2005-05-26  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/sqlnet/sqlnet.c: changed default value for
	split_connect_threshold to 231 which seems to work better with
	Oracle9 (fixes: #6815)

	* modules/sqlnet/sqlnet.c: added a new attribute called
	"split_connect_threshold" which allows controlling the previously
	hardcoded value for connect packet splitting, default value is 198
	to match original behaviour

2005-05-23  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.4.5

2005-05-23  Balazs Scheidler <bazsi@balabit.hu>

	* AbstractAuthentication instance as they might be used multiple
	times. (fixes: #6743)

2005-05-23  Simon Gabor  <fules@balabit.hu>

	* doc/man/zorpctl.conf.8: Description for PROCESS_LIMIT_THRESHOLD
	added, minor changes in the wording of some descriptions. (fixed:
	#6235) * zorpctl/zorpctl.conf: Default entry for
	PROCESS_LIMIT_THRESHOLD added. (fixed: 6235)

2005-05-21  Simon Gabor  <fules@balabit.hu>

	* Stacking mechanism (copied from module pop3) adapted (fixed:
	#1777)

2005-05-20  Attila SZALAY <sasa@balabit.hu>

	* modules/mime/mimehandler.c: Fixed info replacing code. (fixes:
	#6601)

2005-05-20  Balazs Scheidler <bazsi@balabit.hu>

	* pylib/Zorp/Auth.py: fix logging of PermitGroup and PermitUser,
	its __str__ method did not correctly handle multiple groups/users
	(fixes: #6680)

	* modules/http/httpmisc.c
	(http_string_assign_url_canonicalize_unicode,
	http_string_assign_url_decode_unicode): make sure characters in
	the incoming string are not sign extended as it might produce
	invalid UCS2 characters

	* modules/http/tests/http_canon_url.c: added accented characters
	to URL testcases, fixed testcase testing for file name escaping as
	the set of escaped characters changed

	* modules/http/Makefile.am: added http test programs to TESTS

	* some minor changes to zorpqc(8) manpage (fixes: #6553)

2005-05-20  Simon Gabor  <fules@balabit.hu>

	* testcases/functional/nntp/*, testcases/functional/nntpmime/*:
	testcases for nntp made up a bit (fixes #6329)

	  - cases converted to the .tests format

	  - base class changed to NntpProxy instead of NntpProxyStrict

	  - references to MimeProxy eliminated from nntpmime

	  - tests of nntpmime moved to nntp/transfer

2005-05-20  Sandor Geller  <wildy@balabit.hu>

	* configure.in.in: added check for openssl header file; added
	OPENSSL_MIN_VERSION and PYTHON_MIN_VERSION; exported requisite
	library version numbers; added versioned build dependencies to
	debian/control.in* (fixes: #6273)

2005-05-06  Attila SZALAY  <sasa@balabit.hu>

	* modules/vbuster/vbuster.c: Fixed default max archive size and
	max archive ratio. (fixes: nobug)

	* modules/vbuster/VBuster.py: Fixed the documentation about max
	archive size and max archive ratio. (fixes: nobug)

2005-05-05  Attila SZALAY  <sasa@balabit.hu>

        * modules/mime/mimedata.c: Do not try to decode empty
	lines. (fixes: nobug)

2005-05-04  Simon Gabor  <fules@balabit.hu>

        * lib/streamblob.c (z_stream_blob_prepare): streamblob polling
	fixed which might have caused CPU spinning (fixes #6739)

	* lib/pypolicy.c (z_policy_var_parse_int): fixed integer parsing

2005-04-25  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.4.3

2005-04-22  Simon Gabor <fules@balabit.hu>

        * modules/ftp/ftp.c: copying the ToS field of ftp data channel
	added
        (fixes #6614)

2005-04-10  SZALAY Attila  <sasa@sasa.home>

	* Bumped to test version 3.0.4.1

2005-03-31  Balazs Scheidler <bazsi@balabit.hu>

	* zorp/zorp.c: added --log-escape command line option

	* doc/man/zorp.8: added docs on --log-escape

2005-04-07  Balazs Scheidler <bazsi@balabit.hu>

	* tools/qc.c: added copyright info

2005-04-06  SZALAY Attila  <sasa@balabit.hu>

	* solbuild/Makefile.am (MAINTAINERCLEANFILES): Added pkginfo.dev
	and pkginfo.run to MAINTAINERCLEANFILES. (fixes: #6583)

2005-04-05  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.3.7

2005-04-05  Simon Gabor <fules@balabit.hu>

	* modules/http/http.c: dest port decision semantics cleared a bit
	(fixes #6315)

	* modules/http/http.c: now use_default_port_in_transparent_mode
	can't override parent_proxy_port (fixes #6315)

2005-04-01  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.3.6

2005-03-23  Simon Gabor  <fules@balabit.hu>

	* lib/blob.*, modules/vbuster4/vbuster.*: warnings eliminated
	(fixes #6549)

	* lib/blob.c: made log levels conform to log policy. (fixes #6506)

2005-03-31  Attila SZALAY <sasa@balabit.hu>

	* modules/mime/mime.c: When exchange a mime object with an other
	object exchange all field. (fixes: #6540)

	* modules/mime/mimedata.c: If stacked proxy return with error save
	the mime object to quarantine.

	* modules/mime/mimedata.c: Initialize the stack_decision variable
	before every transfer. (fixes: #6540)

2005-03-30  Balazs Scheidler <bazsi@balabit.hu>

	* modules/http/httpfltr.c (http_data_transfer): initialize
	stack_decision to Z_ACCEPT (fixes: #6533)

2005-03-29  Sandor Geller  <wildy@balabit.hu>

	* solbuild/pkgmaker.sh: added -f to gzip

	* solbuild/prototype-maker.sh: switched to standard grep

	* solbuild/prototype-maker.sh: removed zorp-config, moved *.la
	files to the development package, removed space file from the
	development package

	* solbuild/pkginfo.in: renamed to solbuild/pkginfo.run.in

	* solbuild/pkginfo.dev.in: created

	* solbuild/rules.conf.in: renamed to solbuild/rules.conf, this
	file won't be generated anymore

	* configure.in.in: updated to reflect the above changes

	* solbuild/Makefile.am: added pkginfo.dev, pkginfo.dev.in, pkginfo
	and pkginfo.in to EXTRA_DIST, removed rules.conf.in from
	EXTRA_DIST

	* solbuild/depend: changed libzorpll and libzas descriptions

	* solbuild/pkgmaker.sh: updated to create two packages: zorp-pro
	and zorp-pro-dev

	* solbuild/prototype-maker.sh: updaed to create two packages

	* solbuild/rules: dropped tar.gz package generation, removed the
	removal of the zorp headers

	* scripts/vbupgrade.sh: reworked some parts of the script, this
	version works slightly better than the previus bug-fix version
	(hope this worth to integrate into the #5997 bugfix)

2005-03-29  Balazs Scheidler <bazsi@balabit.hu>

	* pylib/Zorp/Zorp.py: removed old loglevels (Z_INFO etc.) as
	Z_ERROR collided with the Zorp verdict used to indicate errors,
	use the value of Z_ERROR as defined in C (which is currently 7)

	* modules/http/httpfltr.c: Add the contents of the
	'content-length' header to the log message if it is found to be
	invalid

	* modules/mime/mimedata.c, modules/http/httpfltr.c,
	modules/imap/imapcmd.c, modules/smtp/smtp.c,
	modules/radius/radiuspacket.c: fixed various warnings

	* pylib/Zorp/Resolver.py (DNSResolver.resolve): fixed error
	reporting when an IOError exception occurs, proxyLog was not
	imported and a bogus proxy instance was passed (fixes: #6504)

	* modules/http/http.c (http_connect_server): added log message
	about not permitted destination port numbers; fixed testcase as
	well
	(fixes: #6315)

	* modules/http/http.c (http_connect_server): accept any port if a
	parent proxy is present, add a proper error message when the
	target port is not allowed by target_port_range (fixes: #6315)

	* modules/http/http.c: added support for
	use_default_port_in_transparent_mode attribute (fixes: #6315)

	* modules/http/Http.py: added documentation on
	use_default_port_in_transparent_mode attribute (fixes: #6315)

2005-03-25  SZALAY Attila  <sasa@balabit.hu>

	* modules/mime/mime.c: If the very first line couldn't parse as
	 header, take it as body. (fixes: #5088)

	* modules/imap/imapparse.c (imap_data_free): Follow the changes in
	core. Rename z_blob_destroy call to z_blob_unef. (fixes: #6522)

	* modules/mime/mime.c, modules/mime/mime.h: Changed the state
	machine slightly. Moved state changes into one function.

	* modules/mime/mimedata.c: Fixed the stacked proxy decision
	handling.

	* modules/mime/mime.c, modules/mime/mime.h,
	modules/mime/mimehdr.c: Remove MIME_STATE_DROP state.

	* modules/mime/mimehandler.c (mime_canonicalize_entity): New
	function to canonicalize mime object. Now it's only remove dropped
	object, but it will do some other thing in the future (remove
	multipart if there are only one part, etc.)

	* Handle Z_ERROR verdict in various modules.

2005-03-25  Balazs Scheidler <bazsi@balabit.hu>

	* lig/szig.c: the logspec changing code could use a NULL to a %s
	format string argument (fixes: #5392)

2005-03-25  Simon Gabor  <fules@balabit.hu>

	* tools/qc.c: quarantine maintainer added (fixes #4896)

        * Auth.py: authorisation defaults to fail (fixes #5364)

2005-03-22  Attila SZALAY <sasa@balabit.hu>

	* libproxy/base64.c: Fixed a typo in z_code_base64_encode_pack
	invocation. (fixes: #5105)

	* libproxy/zorp/proxy/code.h: Removed unneeded function
	declarations. (fixes: #5105)

	* modules/vbuster4/vbuster.c (vbuster_quarantine_save): Don't try
	to write again if a write has been failed before. (fixes: #3226)

	* modules/vbuster4/vbuster.c (vbuster_quarantine_save): Close the
	fd after writing everithing.

	* modules/vbuster4/vbuster.c: Write a log message if couldn't
	write to quarantine. (fixes: #3226)

	* libproxy/base64.c: Hungarian named variables renamed. (fixes:
	#5105)

	* libproxy.base64.c (z_code_base64_decode_pack):
	z_code_base64_decode_quattro renamed.

	* libproxy/base64.c (z_code_base64_encode_pack):
	z_code_base64_encode_treas renamed.

	* libproxy/zorp/procy/code.h (z_code_free): Function
	added. (fixes: #5105)

	* modules/ftp/Ftp.py (FtpProxyRW): ALLO command added to acdepted
	command set.

	* modules/ftp/ftpcmd.c (ftp_command_parse_ALLO): Added some check
	for ALLO parameter. (fixes: #2271)

2005-03-22  Balazs Scheidler <bazsi@balabit.hu>

	* zorpctl/main.c (z_safe_start_instance): don't try to realloc the
	argv array returned by popt as it is a single chunk containing the
	arguments themselves as well, and we realloced the pointer section
	only (fixes: #5850)

	* lib/szig.c (z_szig_handle_command): added support for RELOAD
	command (fixes: #5850)

	* lib/zorp.c (z_main_loop, z_load_policy): moved from main.c, to
	make support RELOAD through szig (fixes: #5850)

	* zorp/main.c (z_main_loop, z_load_policy): removed these
	functions as they have been moved to lib/zorp.c (fixes: #5850)

	* zorpctl/szig.c (z_szig_reload): new function, sends a RELOAD
	command to zorp (fixes: #5850)

	* zorpctl/main.c (z_process_reload): new function, instead of
	sending SIGHUP to Zorp use its SZIG channel, now correctly marks
	instances which could not be successfully reloaded (fixes: #5850)

	* zorp/main.c: moved z_process_ok() to a later stage of processing
	to actually indicate 0 exit status only when the policy has been
	successfully initialized at least once

	* zorpctl/main.c: introduced START_CHECK_TIMEOUT and
	START_WAIT_TIMEOUT options in zorpctl.conf, first applies to
	auto-restart mode, zorpctl waits for zorp to exit for
	START_CHECK_TIMEOUT interval, if it exits, then it is assumed that
	it failed, the second applies to cases where auto-restart is
	disabled, it waits for Zorp to exit for this amount of time,
	(z_safe_start_instance): report success/failure based on Zorp exit
	behaviour

	* doc/man/zorpctl.conf.5: updated manpage about the new options

	* modules/http/http.c (http_connect_server): do not reconnect in
	transparent mode just because the host header has changed (fixes:
	#6177)

	* pylib/Zorp/Proxy.py (Proxy.connectServer): do not allow a
	stacked proxy to reconnect its server side multiple times, log an
	internal error instead. (fixes: #6177)

2005-03-22  Attila SZALAY <sasa@balabit.hu>

	* Added a protocol test to mime testcases.

	* modules/mime/mime.c (mime_load_error): Changing bad attchment
	with a warning message work again. (Failed when changed to blob
	system)

	* modules/mime/mime.c: Changed the way how escaping from poll
	loop.  instead of z_poll_quit, set state to MIME_STATE_QUIT.

	* modules/mime/mimedata.c (mime_transfer_both_shutdown) Renewed
	function. Only changes self when both side shutdowned.

	* modules/mime/mimedata.c (mime_transfer_free_method): remove blob
	stream from poll.

	* modules/mime/Makefile.am: mimehandler.c added to sources file.

	* modules/mime/mime.c (mime_header_process): made this function
	more general. (Use the entity given in parameters, not
	self->current.

	* modules/mime/mime.c (mime_main) If everything went well append a
	mime object if needed.

	* Testcases added to check mime object appending.

	* modules/mime/mime.c: Fixed an assertion when a message body has
	no data.

	* modules/mime/mime.c (mime_insert_headers): Insert a header which
	marked with MIME_HDR_INSERT in policy level.

	* modules/mime/mime.c: Add headers marked with MIME_HDR_INSERT
	into the first level of mime object.

	* modules/mime/mime.c: Check the return value of mime_header_end.

	* modules/mime/mimedata.c: Don't drop last linefeed character from
	objects.

	* modules/mime/mimepolicy.c (mime_hash_get_type): Function
	removed, !z_policy_tuple_get_verdict used instead.

	* modules/mime/mimepolicy.c: Policy level can return value
	evaluated again.

	* modules/mime/mimehandler.c: New file. This file will contains
	mime object manipulation releated codes.

	* modules/mime/mime.c, modules/mime/mimepolicy.c: Changes in mime
	header policy decisions.

	* New testcases to test mime header manipulating.

	* modules/mime/mime.c: Policy level of header checking linked.

	* modules/mime/mimepolicy.c: Make header rewrite possible.

	* modules/mime/mime.c: Functions documented.

	* modules/mime/mime.c: Some redundant variable setting removed.

	* lib/streamblob.c: Remove unneeded res variable.

	* modules/mime/*.c: Changed object handling method, using blob
	system.

2005-03-22  Simon Gabor  <fules@balabit.hu>

	* lib/blob.c: several bugs fixed (fixes #6372), comments, log
	messages, NOTES and FIXMEs added, default settings can be set at
	policy level (see NEWS) Features implemented so far:

	  - concurrent access of blobs

	  - dynamic size allocation: extending and shrinking the allocated
	  space

	  - swapping of too large blobs: only the blob that is being
	  resized will be swapped out

	  - fetching in: on blob deallocation only. The decision factor is
	  still a rough hack.

	  - deferred allocation: if a blob can't be allocated/expanded,
	  blocks until some other blobs are destroyed.

	  - swapping capability

	  - stream interface (ZStreamBlob)

	  - timeout support for operations that could block

	  - get_pointer support and forced swapping out (get_filename)

	* modules/mime/mime.c modules/mime/mimedata.c
	modules/mime/mimehdr.c: Now mime uses blobs.

2005-03-17  SZALAY Attila  <sasa@balabit.hu>

	* modules/*/ChangeLog: Moved ChangeLog from every modules to root
	directory, suffixed with the module name.

	* lib/pysockaddr.c (z_py_gethostbyname): Reduce the overcalculated
	counter by one. (fixes: #6453)

	* psslpolicy.c (pssl_privkey_set): Removed unneeded log
	messages. (fixes: #5849)

2005-03-13  SZALAY Attila  <sasa@sasa.home>

	* lib/pysockaddr.c (z_py_gethostbyname): Calculate the counts of
	returned adresses with a cycle, not the h_addr_length
	field. (fixes: #6453)

2005-03-09  SZALAY Attila  <sasa@balabit.hu>

	* lib/packstream.c (z_stream_packet_read_method): Fixed an assert
	condition. (fixes: #6435)

2005-03-07  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/http/httpftp.c (http_ftp_format_response): removed
	literal Proxy-Connection header as another one comes from
	self->headers[EP_SERVER]

	*
	tests/functional/http/protocol/non-transparent/ftp-over-http.tests:
	fixed testcase to match proxy behaviour

	* modules/http/httpftp.c (http_handle_ftp_request): add a
	connection header to the response and set self->connection_hdr to
	avoid segfault (fixes: #5126)

	* modules/http/http.c: Fixed Transfer-Encoding header processing
	for HTTP uploads (fixes: #6233)

	* modules/http/Http.py: added documentation on FTP over HTTP
	(fixes: #5126)

	* modules/http/Http.py: added documentation on
	permit_ftp_over_http (fixes: #5126)

	* modules/http/http.c: fixed CONNECT handling with some more
	CONNECT specific exceptions (fixes: #5126)

	* modules/http/httpftp.c: added docstrings and log documentation,
	(http_ftp_set_type): new function to change transfer type (fixes:
	#5126),
	(http_handle_ftp_request): set transfer type to binary for files
	and ASCII for directories (fixes: #5126),
	(http_ftp_htmlize_listing): set the timeout for the data-stream
	(fixes: #5126),

	* modules/http/httpmisc.c: added docstrings

	* modules/http/httpfltr.c (http_transfer_new): fixed uploading
	entities encoded using "chunked" transfer encoding
	(self->content_length was not determined correctly)

	* modules/http/http.c (http_process_request): after reconstructing
	the URL immediately parse and canonicalize it before filtering,
	(http_process_filtered_request): removed URL parsing, handle
	CONNECT requests

	* modules/http/http.c (http_query_request_url): renamed from
	http_query_url, use the new HttpURL instance to return parts of
	the URL,
	(http_set_request_url): instead of exporting the GString
	request_url attribute directly, use this function which is called
	whenever Python code changes request_url. It reparses the URL to
	request_url_parts,
	(http_error_message): added message about redirect (FTP over HTTP
	uses it),
	(http_process_filtered_request): parse the URL using
	http_parse_url, changed to using request_url_parts,
	(http_format_request): use http_format_url() for formatting
	requested URLs,
	(http_proxy_free): use http_destroy_url() instead of calling
	g_string_free directly,

	* modules/http/http.h (HttpURL): new structure, contains parsed
	parts of an URL

	* modules/http/httpmisc.c (http_init_url, http_destroy_url,
	http_parse_url, http_destroy_url): new URL parsing and formatting
	routines

	* modules/http/httpftp.c: adapted to the HttpURL changes,
	(http_ftp_htmlize_listing): HTML output made a bit nicer

	* modules/http/tests/http_parse_url.c,
	modules/http/tests/http_canon_url.c: new unit tests for URL
	routines

	* modules/http/httpftp.c (http_ftp_htmlize_listing): new function,
	reads the FTP directory listing and formats HTML which is returned
	to the browser

	* modules/http/http.h (HttpProxy): request_url attribute split
	into different GStrings

	* modules/http/http.c (http_process_filtered_request): store
	results from URL split into request_url_*,
	(http_connect_server): removed static as it is used from
	httpftp.c,
	(http_format_request): do not split the URL again, use the values
	in request_url_*,

	* modules/http/httpfltr.c (http_data_transfer): changed parameter
	list so that it includes ZStream pointers, as in the case of FTP,
	an independent stream is used as source, even though it behaves a
	normal server->client transfer,

	* modules/http/httpftp.c: lots of changes, now actually works for
	retrieving files in passive mode

	* modules/http/httpmisc.c (http_split_request): fixed log messages
	as they referred to wrong field length value, thus some garbage
	might have been printed

	* modules/http/http.h (HttpProxy): renamed default_port to
	default_http_port, added default_ftp_port (fixes: #5126)

	* modules/http/http.c (http_process_filtered_request): new
	function, performs reprocessing after the policy layer possibly
	changed the request, (fixes: #5126)
	(http_copy_request): removed http_split_url as that is moved into
	http_process_filtered_request, (fixes: #5126)
	(http_main): call http_process_filtered_request (fixes: #5126)

	* modules/http/http.c: added new permit_ftp_over_http attribute,
	(http_process_request): moved parts of the URL processing from
	http_copy_request to here, detect server side protocol based on
	the URL,
	(http_main): based on the protocol either execute the HTTP or the
	FTP specific parts,
	(http_error): added an FTP specific error page

	* modules/http/httpftp.c: new file, which will contain the FTP
	client code

2005-03-03  SZALAY Attila  <sasa@balabit.hu>

	* Added a testcase to check if rewriting URL in non transparent
	mode with parent proxy keep proxy method or not.

	* modules/vbuster4/vbuster.c (vbuster_communicate): Revert to
	z_log because self may be NULL so z_proxy_log isn't workable.

	* VBuster testcases added.

2005-03-01  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Resolver.py: new file, containing the
	AbstractResolver interface

	* src/tpsocket.c (z_do_tp_bind): Use z_do_ll_bind() instead of
	calling bind() directly. (fixes: #1088)

	* pylib/Zorp/Proxy.py (Proxy.__pre_config__): check if the client
	side connection uses UDP and lower the default timeout to make
	sure it is smaller than the conntrack timeout (fixes: #5104)

	* lib/zorp/proxyvars.h: changed Z_VAR_SET and Z_VAR_SET_CONFIG to
	implicitly contain Z_VAR_GET as well (fixes: #6322)

	* pylib/Zorp/Proxy.py (Proxy.__init__): add an attribute named by
	the value of self.name to session pointing to self, which makes
	attribute access in stacked proxies easier, also added a
	documentation note to the MasterSession object about this access
	method (fixes: #6046)
	(Proxy.__destroy__): remove the circular reference introduced by
	self.session.<name> (fixes: #6046),
	(Session.MasterSession): added a paragraph on referencing parent
	proxy attributes

	* lib/pysockaddr.c (z_py_gethostname): return a list of IP
	addresses instead of a single address (fixes: #3885)

	* pylib/Zorp/Proxy.py (Proxy.setServerAddr): use Service.resolver
	to resolve names (fixes: #3885)

	* pylib/Zorp/Service.py (Service.__init__): added resolver
	argument
	(fixes: #3885)

	* lib/pysockaddr.c (z_py_gethostbyname): the loop iterating
	through the list of IP addresses accidentaly used the same IP
	address several times. (fixes: #3885)

	* pylib/Zorp/Auth.py (AuthPolicy.__init__): added the auth_cache
	argument, (fixes: #5363)
	(AuthPolicy.performAuth): added cache support, (fixes: #5363)

2005-03-01  Simon Gabor  <fules@balabit.hu>

        * zorpctl/main.c: process check after stopping Zorp added (fixes
	#1990)

        * doc/man/zorpctl.conf.5: The new options documented.

        * zorpctl/zorpctl.conf: two new options (STOP_CHECK_DELAY and
	STOP_CHECK_TIMEOUT) added

2005-02-28  SZALAY Attila  <sasa@balabit.hu>

	* Makefile.am (SUBDIRS): Changed the method how SUBDIRS
	created. (fixes: #5152)

	* lib/authprovider.c (z_auth_provider_check_passwd): Log some
	information about authentication.

        * modules/ftp/ftpcmd.c: When error reply arrived to one of data
	transfer command, print the command name too.

        * configure.in.in, Makefile.am: Removed solbuild directory from
	GPL-ed version. (fixes: #5152)

        * modules/vbuster4/vbuster.c: Fixed accounting log.

2005-02-28  SZALAY Attila  <sasa@balabit.hu>

        * modules/vbuster4/vbuster.c: Implemented quarantine function.
        (fixes: #3226)

        * modules/pop3/pop3.c: Increment output buffer size with
	2. (#5899)

        * modules/Pop3/Pop3.py: Added documentation about banner
	rewriting.
        (fixes: #333)

        * modules/pop3/pop3auth.c: New file. Handle AUTH related
	conversation. (fixes: #5764)

        * modules/pop3/pop3.c: New attribute created max_authline_count
	control the maximum count of authentication lines. (fixes: #5764)
        
        * modules/vbuster4/VBuster.py: Added the constant values for more
	known and possible error codes. (fixes: #6173)
        
        * modules/vbuster4/vbuster.c (vbister_init): Two attribute added
	to the initialization message archive_max_size and
	archive_max_ratio control the max size and compression ratio of
	archived files.
        (fixes: #6022)
        
        * modules/vbuster4/vbuster.c: Added minor version number to so
	name.
        (fixes: #5082)
        
	* modules/vbuster4/vbuster.c: Fixed spelling problem. (fixes:
	#5082)

        * modules/vbuster4/vbuster.c (vbuster_write_file): New function.
	Make sure to write out all data to the file.

        * modules/vbuster4/vbuster.c (vbuster_quarantine_save): New
	function. Write out the buffer into quarantine. (fixes: #3226)

        * modules/vbuster4/vbaccesif.c (vbuster_write): Write out message
	to quarantine if needed. (fixes: #3226)

        * modules/vbuster4/vbuster.c (vbustr_scan): Write ot message to
	quarantine if needed. (fixes: #3226)

        * modules/vbuster4/vbuster.c (vbuster_communicate): Check for
	error_hash if it available and return the result.
        (vbuster_communicate): If ENGINE_GetErrorInfo could not find the
	error description, check it in a local hash. (fixes: #6172) Follow
	the changes in vbuster_communicate. Added decision test when
	appropriate.  Check if mkstemp succes or not. (fixes: #3226)
                  
2005-02-28  Simon Gabor <fules@balabit.hu>

        * zorpctl/main.c: added zorpctl error message when the instances
	file cannot be opened (fixes #5724), handle invalid args and opts
	in zorpctl (fixes #5750), The (somewhat misleading) message
	'Invalid argument list: <instance name>' has been changed to
	'Invalid argument list at instance: <instance name>', because the
	word after the colon isn't an arg list but the name of an instance
	whose arg list is invalid. (fixes: #5750),

        * zorpctl/main.c: Fixed the format of the error messages about
	instances.conf

        * lib/*.c (*): some missing comment headers added

2005-02-19  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.3.2

	* tests/python/Makefile.am (EXTRA_DIST): Removed test_ipchains.py
	because it's not present.

2005-02-11  Simon Gabor  <fules@balabit.hu>

	* warning message issued when running in demo mode (fixes #5589)

	* modules/pssl2/Pssl.py (AbstractPsslProxy): two new attributes
	'(client|server)_local_privatekey_passphrase'
	(X509KeyBridge.__init__): new argument 'key_passphrase', 3rd
	element of '(un)trusted_ca_files[]' specifies passphrase for the
	private keys.  By default all these passphrases are set to
	empty. (fixes: #5849)

	* pssl2/Pssl.py: attribute for private keys passphrase added
	(needed for #5849)

	* modules/pssl2/Pssl.py: missing 'self.' added to front of
	client_peer_certificate (fixes #5969)

	* modules/imap/imap.c: Checking of imap capabilities is
	case-insensitive (fixes #5990)

	* modules/imap/imapcmd.c: added handling of cap lists in tagged OK
	(fixes #6168)

	* zorp/main.c: explicit unblocking of handled signals (fixes
	#5143)

	* pylib/Zorp/Chainer.py: failoverchainer clears its cache when all
	dests fail (fixes #5560)

	* pylib/Zorp/Cache.py: clear() method added to Cache classes
	(required for #5560)

2005-02-02  Gabor Simon  <fules@balabit.hu>

	* Now z_satyr_new() takes the port number as argument, and only
	uses SATYR_PORT as default for invalid port values (<=0 or >65535)
	(fixes: #5936)

2005-02-02  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/pssl2/Pssl.py (X509KeyBridge.__init__): added proper
	handling of IOErrors (fixes: #6039)

	* modules/smtp/smtp.c: added permit_long_responses attribute
	(fixes: #6078)

	* smtp.c (smtp_copy_request): added some more detail to "Copying
	request" message (fixes: #5572)

	* lib/policy.c, lib/zorp/policy.h: added
	z_policy_raise_exception_obj() function to make it possible for
	non-Python dependent code to raise an exception

	* modules/http/Http.py: added wrapper functions for the
	__headerManip C function (fixes: #5559)

	* modules/http/http.c (http_policy_header_manip): C function
	exported to Python to query and manipulate HTTP headers (fixes:
	#5559)

	* modules/http/httpfltr.c (http_transfer_dst_write): change the
	order of preamble generation and header popping, do header popping
	first so that it can be substracted from the value of the
	content-length hint (fixes: #5205)

	* pylib/Zorp/Zorp.py: changed the value of AuthException to
	'Authentication or authorization failed' as the value of the
	exception is printed by Zorp and both authentication and
	authorization triggers the same exception. (fixes: #5516)

	* lib/*.c: fixed trivial warnings (fixes: #6124)

	* lib/satyr.c: fixed possible strict-aliasing problem by not using
	completely independent ZSatyrSession and ZRealSatyrSession
	structures, but using the first from the second (fixes: #6124)

	* various .c files: changed ZClass initialization to avoid
	warnings (fixes: #6124)

2005-01-28  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.3.1

	* zorp/Makefile.am: Added logtags.txt to EXTRA_DIST

2005-01-27  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/smtp/smtpcmd.c (smtp_parse_extensions): changed a couple
	of strcmp()s to strcasecmp(), (fixes: #6111)
	(smtp_response_EHLO): convert extension identifier to upper case
	before checking whether it is permitted (fixes: #6111)

	* lib/zorp/proxy.h: moved proxy specific logging macros from
	libzorpll to here
	(fixes: #5392)

	* lib/szig.c: adapted to the new libzorpll log error handling to
	report invalid logspecs (fixes: #5392)

	* zorp/main.c: adapted to the new libzorpll log functions, added
	maptag cache support

	* zorp/logtags.txt: list of commonly used logtags in Zorp
	(currently copied from the message database, and to be maintained
	manually) (fixes: #5392)

	* zorp/Makefile.am: added rules to generate gperf lookup function
	to be used by the maptag cache (fixes: #5392)

2005-01-27  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: don't bother with engine/or database
	upgrading when it is disabled by configuration (fixes: #5997)

2005-01-25  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/pssl/Pssl.py: added name attribute, changed constructor
	parameters to work with 3.0 (fixes: #6099)

	* modules/pssl/pssl.c (pssl_init_client_ssl, pssl_init_server_ssl,
	pssl_init_streams): fixed reference leaking of ZSSLSession,
	(PsslProxy): removed unused server_ctx & client_ctx fields (fixes:
	#6099)

	* configure.in.in & makeconfig.sh: added pssl module to the
	default MODULE_DIRS

	* zorpctl/main.c (z_cmd_logging, z_cmd_szig): added popt usage
	messages and help switch (fixes: #5995)

	* lib/szig.c (z_szig_handle_command): changed command parsing to
	be more extensible, added support for the LOGGING command (fixes:
	#4667)

	* zorp/main.c (z_main_loop): use the new log functions from
	libzorpll to change log level

	* zorpctl/main.c (z_cmd_log): new command to manipulate log
	settings of a running Zorp instance (fixes: #4667)

	* zorpctl/szig.c (z_szig_logging): new function for interfacing
	the LOGGING command in SZIG (fixes: #4667)

2004-12-22  Balazs Scheidler  <bazsi@bzorp.balabit>

	* Bumped to version 3.0.3

2004-12-21  SZALAY Attila  <sasa@balabit.hu>

	* lib/sysdep.c (z_sysdep_init): Remove comment after BENIG MARK,
	because source-strip dislike it.

	* Bumped to version 3.0.2.4

	* lib/sysdep.c (z_sysdep_parse_tproxy_arg): Fixed a typo. Added
	missing closing bracket.

	* Bumped to version 3.0.2.3

2004-12-20  Attila SZALAY  <sasa@balabit.hu>

	* modules/vbuster4/vbuster.c (vbuster_scan): fixed an
	uninitialized variable issue (context was not initialized and
	could be freed without setting it to a value)

	* modules/vbuster4/vbuster.c: Add description to account rule,
	when something happened. (fixes: #5472)

	* modules/vbuster4/vbaccessif.c (vbuster_fill_buffer): Move stream
	error checking closer to reading. (fixes: #5191)

	* Take problems about swapfile as error case. (fixes: #5191)

	* Created a new policy variable named error. This normative hash
	indexed with the errror code given by the VBuster engine. You may
	accept, reject the content of the object, or leave it as an error
	statement. (fixes: #5472)

	* Created a new function to set the final decision about the
	object.  Use it in every situation when needed. After the scanning
	check it, and do everithing depend on it. (logging, propagating
	verdict, sending the object up).

2004-12-18  Balazs Scheidler <bazsi@balabit.hu>

	* debian/Makefile.am: fixed binary branch package generation

2004-12-18  Sandor Geller  <wildy@balabit.hu>

        * debian/Makefile.am: updated the name of the logrotate, init, and
	cron scripts (#5863)

        * debian/rules.in-pro: added --name=zorp-pro parameter to
	dh_installinit, dh_installcron and dh_installlogrotate; removed
	unnecessary "for" loop (zorp-pro-addon-fp1 doesn't exist anymore)

2004-12-18  Balazs Scheidler  <bazsi@balabit.hu>

	* modules/http/http.c (http_fetch_buffered_data): new function,
	reads from the client in non-blocking mode until
	G_IO_STATUS_NORMAL is returned (fixes: #5875),
	(http_main): call http_fetch_buffered_data at the end of the
	keep-alive loop (fixes: #5875)

2004-12-17  Attila SZALAY  <sasa@balabit.hu>

	* makefile.am, configure.in.in: Save some information about
	configuration.

	* configure.in.in: Get the license information from enviroment ad
	give it to compile enviroment. (fixes: #5152)

	* makeconfig.sh: Fixed module list generation for GPL-ed
	zorp. (fixes: #5152)

	* debian/*: GPL version of Zorp related debian files added.
	Rearranged Makefile to change between GPL-ed and professional
	version of files. (fixes: #5152)

	* lib/authprovider.c lib/pyattach.c lib/pycore.c lib/pydispatch.c
	lib/pypolicy.c lib/pyproxy.c lib/pysatyr.c lib/pyzasauth.c
	lib/satyr.c lib/zasauth.c lib/zpython.c zorp/main.c: Mark parts,
	which included in profession version of Zorp only. (fixes: #5152)

	* lib/zorp/authprovider.h lib/zorp/policy.h lib/zorp/pysatyr.h
	lib/zorp/pyzasauth.h lib/zorp/satyr.h lib/zorp/zasauth.h
	lib/zorp/zorp.h: Mark parts which included in profession version
	of Zorp only. (fixes: #5152)

	* pylib/Zorp/Auth.py pylib/Zorp/AuthDB.py pylib/Zorp/Dispatch.py
	pylib/Zorp/Globals.py pylib/Zorp/Proxy.py pylib/Zorp/Zorp.py: Mark
	parts which included in profession version of Zorp only. (fixes:
	#5152)

	* scripts/Makefile.am: Dont install vbupgrade script to GPL-ed
	version of Zorp. (fixes: #5152)

	* configure.in.in: Provide VERSION to source files.

	* *.c: Removed solaris releated codes from GPL-ed version. (fixes:
	#5152)

	* zorpctl/main.c: Removed reload releated codes from GPL-ed
	version. (fixes: #5152)

	* configure.in: Don't check for libzorplicense in GPL-ed version.
	(fixes: 5152)

2004-12-16  Balazs Scheidler  <bazsi@balabit.hu>

	* configure.in: bumped version to 3.0.2.2

2004-12-15  Balazs Scheidler  <bazsi@balabit.hu>

        * pylib/Zorp/NAT.py (NATPolicy.__init__): fixed cacheable argument
	handling, it was previously always set to TRUE regardless what the
	user specified. (fixes: #5848)

2004-12-15  MDE  <mde@balabit.hu>

        * pylib/Zorp/NAT.py: removed the type definition of the self
	parameter from the documentation of the NATPolicy class (#5835)

2004-12-15  Sandor Geller  <wildy@balabit.hu>

        * scripts/vbupgrade.sh: added missing doublequote to the usage
	function (fixes: #5855); increased apt verbose level when VERBOSE
	is set to W_ALL

2004-12-14  Balazs Scheidler  <bazsi@balabit.hu>

        * lib/pysatyr.c (z_py_zorp_satyr_auth): added authorization
	callback parameter, delay success message until the authorization
	callback returns (fixes: #4705)

        * pylib/Zorp/Auth.py (SatyrAuthentication.performOutbandAuth):
	pass authorization callback to satyr (fixes: #4705)

        * lib/pysatyr.c (z_py_zorp_satyr_auth): fixed possible heap
	corruption caused by authorization check (fixes: #4705)

        * pylib/Zorp/Auth.py (SatyrAuthentication.performOutbandAuth):
	fixed authorizeUser callback function (fixes: #4705)

2004-12-14  Balazs Scheidler  <bazsi@balabit.hu>

	* pyzasauth.c (z_py_zorp_zas_auth_new_instance): added support for
	verify_depth (fixes: #5202)

        * zasauth.c (z_zas_new): added support for verify_depth, (fixes:
	#5202)

        * pylib/Zorp/AuthDB.py: added support for SSL verify_depth (fixes:
	#5202)

2004-12-14  Balazs Scheidler  <bazsi@balabit.hu>

        * pylib/Zorp/Chainer.py: Fixed FailoverChainer to work correctly
	when forge_addr is set (fixes: #5397)

        * lib/zasauth.c (z_zas_connect): z_ssl_context_new might return
	NULL if an error occurs which was not handled before, and might
	cause a segmentation fault (fixes: #5292)

        * lib/pydispatch.c (z_py_zorp_dispatch_new_instance): fix possible
	cross-locking, the exact reason is explained in the source (fixes:
	#5242)

        * lib/packsock.c (z_nf_packsock_recv): Do not return original
	destination address if the values returned by the kernel are zero
        (fixes: #5528)

        * lib/packsock.c (z_nf_packsock_recv): fix possible SIGSEGV by
	checking whether to_addr is NULL, introduced by the previous
	IP_ORIGADDRS (fixes: #5528)

        * modules/smtp/Smtp.py (SmtpInvalidRecipientMatcher.checkMatch):
	changed error handling so that server.quit() is always called to
	avoid fd leak (fixes: #5521)

        * modules/pssl/pssl.c (pssl_load_local_key): do not try to use the
	keys if they are NULL, (fixes: #5636)
        (pssl_client_cert_cb): do not return success if there are no keys
	available (fixes: #5636)

2004-12-14  Sandor Geller  <wildy@balabit.hu>

        * scripts/vbupgrade.sh: updated to honour the value of the
	FTPOVERHTTPPROXY parameter; corrected the help message (fixes:
	#5793)

        * scripts/vbuster.options: added FTPOVERHTTPPROXY parameter
	(fixes: #5793)

        * doc/man/vbuster.options.5: documented the FTPOVERHTTPPROXY
	parameter (fixes: #5793)

2004-12-14  Balazs Scheidler  <bazsi@balabit.hu>

        * modules/http/http.c (http_handle_connect): instead of making up
	our own CONNECT request to parent proxies use the original sent by
	the client to make it possible to do authentication in the parent
	proxy for example (fixes: #5763),
        (http_format_request): handle CONNECT requests (URL is not in the
	same format),
        (http_process_response): do not add connection headers for
	CONNECT/200 responses,
        (http_copy_response): suppress data for CONNECT/200 responses

        * modules/smtp/smtp.c (smtp_process_request,
	smtp_process_response): added logging when the policy or the
	command/response checking functions return failure, (fixes: #5755)
	(smtp_main): separate error message for policy reject and I/O
	error sending ack command (fixes: #5755)

        * modules/smtp/Smtp.py (AbstractSmtpProxy.loadSMTP): added 550 as
	permitted answer for DATA (fixes: #5755)

2004-12-13 Balazs Scheidler  <bazsi@balabit.hu>

        * zorpctl/main.c (main): fixed uninitialized cmd variable which is
	causing problems since the original fix for 5346
        (fixes: #5346)

        * zorpctl/main.c (z_error, z_dump_errors): new functions to
	implement delayed error reporting to make output more readable
	(fixes: #5346)

        * zorpctl/main.c: implemented CHECK_PERMS again (fixes: #5464)

        * zorpctl/main.c (z_check_config_dir): Clarified zorpctl error
	/message about invalid etc/zorp permissions (fixes: #5346)

        * zorpctl/main.c (z_parse_config): added support for
	AUTO_RESTART_DELAY a new parameter to specify the number of
	seconds to wait before Zorp is restarted, changed, (fixes: #5455)
        (z_safe_start_instance): changed restart logic to take
	AUTO_RESTART_DELAY into account and to also perform restart when
	Zorp exit code is not zero, even if it exited gracefully (fixes:
	#5455)

	* modules/http/http.c: added some new HTTP in various error
	scenarios (fixes: 5485)

        * modules/http/http.c: added another set of new HTTP in various
	error scenarios (fixes: #5485)

	* modules/http/http.c: Added message descriptions for new messages
	(fixes: #5485)

        * modules/http/http.c (http_transfer_src_read): fixed ZProxy
	argument for z_proxy_log, use self->super.owner instead of self
	itself which is a badly casted to (ZProxy *) (fixes: #5748)

        * modules/http/http.c (http_process_request): ensure that inband
	authentication is performed prior to accepting a CONNECT request
        (fixes: #5356)

        * modules/smtp/smtpcmd.c (smtp_parse_mail_extensions): Strip
	trailing spaces after extensions in the MAIL command (fixes:
	#5148)

        * modules/smtp/smtp.c: fixed default value for
	self->max_request_length & self->max_response_length (fixes:
	#5653)

        * modules/smtp/smtp.c (smtp_main): Added possibility to change the
	response code returned by the proxy when the target server is down
        (fixes: #5723)

2004-12-09  Sandor Geller  <wildy@balabit.hu>

	* debian/control.in: changed build-depends to binary branched
	libzorpll and libzas versions; changed dependency of the
	zorp-pro-dev package to binary branched libzorpll-dev version
	(fixes: #5771)

	* debian/control.in: changed zorplicense-dev build dependency to
	zorplicense@BINARY_BRANCH@-dev; added virtual provided and
	conflicting packages to the -dev, -dov, -modules packages (fixes:
	#5771)

2004-12-06  Sandor Geller  <wildy@balabit.hu>

        * debian/rules.in: replaced debian/$$filelist.files with
	debian/zorp-pro@BINARY_BRANCH@-modules.files; replaced
	debian/$$filelist.conffiles with
	debian/zorp-pro@BINARY_BRANCH@-modules.conffiles
        (fixes: #5744)

2004-12-06  Balazs Scheidler  <bazsi@balabit.hu>

	* doc/man/zorpctl.conf.5: updated on ZORPCTL_APPEND_ARGS and
	ZORP_APPEND_ARGS (fixes: #5568)

	* zorpctl/main.c: fixed APPEND_ARGS handling, renamed APPEND_ARGS
	to ZORP_APPEND_ARGS and introduced ZORPCTL_APPEND_ARGS to allow
	specifying zorpctl specific options as well (fixes: #5568)

	* modules/pssl2/Pssl.py: added new permit_invalid_certificates
	attribute, changed values for PSSL_VERIFY_* constants, and added
	PSSL_VERIFY_OPTIONAL_TRUSTED (fixes: #5405)

	* modules/pssl2/pssl.c: exported permit_invalid_certificates
	attribute, changed verify_type handling somewhat to support
	PSSL_VERIFY_OPTIONAL_TRUSTED, and added support for
	permit_invalid_certificates (fixes: #5405)

2004-12-03  MDE  <mde@balabit.hu>

        * modules/pssl2/Pssl.py: fixed attribute documentation to match
	the ZMS database types

        * modules/pssl2/Pssl.py: X509KeyBridge attribute types changed for
	better GUI support (#5418)

        * modules/http/Http.py, modules/pssl2/Pssl.py,
	modules/smtp/Smtp.py: changed some INST_ types to CLASSINST_, what
	helps generating them into a new entry point (#5537)

2004-12-03  Simon Gabor  <fules@balabit.hu>

        * modules/nntp/*.[hc]: indentation changed to 2-char-wide tabstops
        (at last), minor syntactic changes (unnecessary braces at chained
	'else if's removed, etc.)

2004-12-03  Simon Gabor  <fules@balabit.hu>

        * modules/nntp/*.[hc]: indentation fixed, log messages converted
	to the unified format

2004-12-03  Simon Gabor  <fules@balabit.hu>

        * lp.c: indentation fixed, smaller syntactic changes log messages
	re-formatted according to the spec (#81)

2004-12-03  Balazs Scheidler  <bazsi@balabit.hu>

        * doc/man/zorpctl.conf.5: fixed docbug (fixes: #5454)

        * zorpctl/main.c, zorpctl/zorpctl.conf: changed default threshold
	value to 64 (fixes: #5454)

        * doc/man/*: updated manpages (fixes: #5370)

        * pylib/Zorp/Listener.py: added missing documentation on the
	"threaded" attribute (fixes: #5594)

2004-12-03  Attila SZALAY  <sasa@balabit.hu>

        * modules/vbuster4/vbuster.c (vbuster_load_engine): Replace NULL
	pointer with "(null)" string when log it. (fixes: #5323)

        * lib/modules.c: If g_module_error() return with NULL replace it
	with "(null)". (fixes: #5322)

2004-12-03  Sandor Geller  <wildy@balabit.hu>

        * debian/Makefile.am: removed zorp-pro-modules.conffiles and
	zorp-pro-modules.files, these files will be generated by
	debian/rules

        * debian/rules.in: removed unused debfiles target, modified
	debfiles-stamp target to generate
	debian/zorp-pro@BINARY_BRANCH@-modules.files and
	debian/zorp-pro@BINARY_BRANCH@-modules.conffiles instead of
	debian/zorp-modules.files and debian/zorp-modules.conffiles - THIS
	CAN BREAK THE GPL PACKAGE - omit vbuster4 module when the build
	architecture isn't i386
        (fixes: #5591)

2004-12-03  Sandor Geller  <wildy@balabit.hu>

        * debian/Makefile.am: added logrotate script to the list of the
	generated files; modified "rules" target to make rules executable

        * debian/Makefile.am: added rules to CONFIG_CLEAN_FILES

        * debian/Makefile.am: make sure that the rules file is regenerated

        * debian/Makefile.am: added logrotate script to the list of the
	generated files; modified "rules" target to make rules executable

        * debian/Makefile.am: added rules.in,
	zorp-pro-modules.conffiles.in,
	zorp-pro@BINARY_BRANCH@-modules.conffiles to EXTRA_DIST, added
	zorp-pro@BINARY_BRANCH@-modules.conffiles generator target

        * debian/zorp-pro-modules.files.in: added usr/lib/zorp,
	usr/share/zorp

        * debian/rules.in: added

        * debian/zorp-pro-modules.conffiles.in: added

2004-12-03  Sandor Geller  <wildy@balabit.hu>

        * scripts/options: renamed to scripts/vbuster.options

        * scripts/Makefile.am: added vbuster.options to sysconf_DATA to
	install into the proper directory (binary branch...)

        * debian/rules: removed vbuster.options installation, this file
	will be installed with make install

2004-12-03  Sandor Geller  <wildy@balabit.hu>

        * debian/Makefile.am: added zorp-pro.logrotate.in to EXTRA_DIST
        (fixes: #5541)

2004-12-03  Sandor Geller  <wildy@balabit.hu>

	* solbuild/postinstall: Added a missing doublequote to line 5,
	standardized variable references (fixes: #5149)

2004-11-26  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.2.1

2004-11-26  Attila SZALAY <sasa@balabit.hu>

	* modules/ftp/ftp.c: Log the flow direction of data connection.

2004-11-23  Attila SZALAY <sasa@balabit.hu>

	* vbaccessif.c (vbuster_getsize): Fixed oversize checking method.
	Fixed: #5173.

2004-11-23  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: changed the verbosity of some progress
	messages from -gt $V_WARN to -ge $V_WARN (fixes: #5548)

	* scripts/vbupgrade.sh: added summary messages (fixes: #5548)

	* scripts/vbupgrade.sh: removed cat $VBLOGFILE when ADMINEMAIL is
	blank and we don't log through syslog (fixes: #5224)

	* doc/man/vbuster.options.5: documented the new behaviour

	* doc/man/vbupgrade.8: changed AUTHOR's name

2004-10-22  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/proxy.c (z_proxy_stack_proxy): merged common parts for res
	== NULL and res == z_policy_none (fixes: #5324)

2004-10-28  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.2

2004-10-27  Balazs Scheidler  <bazsi@bzorp.balabit>

	* Bumped to version 3.0.1.10

	* lib/pycore.c (z_py_zorp_set_connmark): added enabling
	CAP_NET_ADMIN (fixes: #5379)

2004-10-25  Balazs Scheidler  <bazsi@bzorp.balabit>

	* Bumped to version 3.0.1.9

2004-10-25  Sandor Geller  <wildy@balabit.hu>

	* solbuild/space,preremove,postremove,preinstall,postinstall:
	added

	* solbuild/Makefile.am: added the files mentioned above

2004-10-22  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/satyr.c, lib/zasauth.c: initialize ToS value to -1

	* pylib/Zorp/Service.py: fixed protocol name reporting as the
	previous implementation broke the logging policy

2004-10-21  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/packsock.c: fix Solaris compilation by enabling IP_RECVTOS
	only if ZORPLIB_ENABLE_TOS is defined

	* zorpctl/zorpctl.conf: increased FD_LIMIT_THRESHOLD to 8

2004-10-21  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.8

2004-10-19  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.7

2004-10-19  Simon Gabor <fules@balabit.hu>

	* pylib/Zorp/Session.py: unneeded getProtocolName() removed

	* pylib/Zorp/Zorp.py: ZD_PROTO_NAME tuplified

	* pylib/Zorp/Session.py (isClientPermitted, isServerPermitted):
	logging of rejected client and server zones in the same order
	(#3871)

	* pylib/Zorp/Session.py (isClientPermitted, isServerPermitted):
	logging of rejected client and server zones added (#3871)

	* pylib/Zorp/Zorp.py: global hash ZD_PROTO_NAME[] added
	(stringified names for ZD_PROTO_* protocol identifiers)

	* pylib/Zorp/Service.py: references to session.getProtocolName()
	changed to session.protocol_name

	* pylib/Zorp/Session.py: MasterSession.getProtocolName() replaced
	with 'MasterSession.protocol_name' and
	'MasterSession.setProtocol()'

	* pylib/Zorp/Session.py (isClientPermitted, isServerPermitted):
	logging of rejected client and (at inbound) server addresses added
	(#3871)

	* pylib/Zorp/Session.py (MasterSession): getProtocolName() added
	(#4881)

	* pylib/Zorp/Service.py (Service.startInstance): Logging of
	protocol added (#4881)

	* pylib/Zorp/Chainer.py (ConnectChainer.establishConnection): - ||
	-

2004-10-19  SZALAY Attila  <sasa@balabit.hu>

	* lib/zasauth.c (z_zas_connect): Raise max_verify_depth to
	5. Temporary fix to enable ssl session to zas. Bug: #5202

2004-10-15  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: include the system date to the log
	messages (bug #5270); apt-cache output redirected to /dev/null

 	* scripts/options: documented the new SYSLOG option and the new
	VERBOSE setting

2004-10-14  Balazs Scheidler  <bazsi@bzorp.balabit>

	* debian/zorp-pro.files, debian/zorp-pro-dev.files: fixed .so
	references to put them into the -dev package

2004-10-14  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Dispatch.py: don't touch the ToS value if the fd is
	-1 (in the case of UDP), set our side of the ToS to the value used
	by the client (fixes: #5255, #5256)

2004-10-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* Bumped to version 3.0.1.6

2004-10-12  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.5

2004-10-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/proxy.c: Fixed obsolete policy handler logging as it was
	logged everytime when a proxy did not have a startup() method at
	all (fixes: #4601)

	* lib/proxy.c (z_proxy_policy_call): support fallback to old
	method name as Zorp 2.1 still used startUp and shutDown while Zorp
	3.0 already uses startup and shutdown respectively (fixes #5011)

	* lib/sysdep.c: report the type of tproxy implementation found as
	a string, not as a decimal code

	* zorp/main.c: exit if z_sysdep_init failed (fixes #5157)

	* lib/zpython.c: added ignoring DeprecationWarning for Non-ASCII
	characters in python modules without encodings (fixes #5068)

	* lib/conntrack.c: added ToS support

	* lib/attach.c: added support for ToS

	* lib/pyattach.c: added support for the tos keyword argument

	* pylib/Zorp/Attach.py: added passing the server_tos value to C
	code

	* pylib/Zorp/Router.py: added copying the client ToS value to
	server_tos

	* pylib/Zorp/Dispatch.py: added saving the client ToS value in
	session.client_tos

	* lib/pycore.c: added z_py_get_peer_tos, z_py_get_our_tos,
	z_py_set_our_tos functions, exported to Python

2004-10-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/attach.c, lib/dispatch.c: updated to use libzorpll post
	3.0.5.0.2

2004-10-06  Simon Gabor <fules@balabit.hu>

        * zorp/main.c (main): log level of 'Shutting down' set to 3
	(#5009)

        * zorpctl/main.c (z_safe_start_instance): logging of instance name
	added (#5010)
      
2004-10-06  SZALAY Attila  <sasa@balabit.hu>

	* lib/zorp/policy.h (Z_ERROR): Core functionality added to handle
	situation when stacked proxy failed. Bug: #3909

2004-10-06  Balazs Scheidler  <bazsi@bzorp.balabit>

	* Bumped to version 3.0.1.4

	* lib/attach.c, lib/dispatch.c, lib/szig.c: updated to the latest
	libzorpll changes

2004-10-04  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.3

2004-09-30  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.2

	* zorp-config.in (Usage): Fix compilation issues.

2004-09-30  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: changed default to --disable-debug

	* debian/control.in: added conflict with libvbengine (bug #5080)

	* doc/man/vbupgrade.8, doc/man/vbuster.options.5: added man
	pages; scripts/vbupgrade.sh: added logging through syslog,
	added a new VERBOSE option (bug #4740)

2004-09-29  SZALAY Attila  <sasa@balabit.hu>

	* Applied various patches from dev-bazsi

2004-09-29  Balazs Scheidler  <bazsi@bzorp.balabit>

	* debian/control.in: added python2.3-pyopenssl dependency (fixes
	#5066)

2004-09-22  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.1.1

2004-09-21  SZALAY Attila  <sasa@balabit.hu>

	* configure.in: Removed setting HAVE_LEAK_IN_GETHOSTBYNAME_R in
	Linux platform because the leak has fixed in libc. Bug: #4983

2004-09-16  SZALAY Attila  <sasa@balabit.hu> 
 
	* Bumped to version 3.0.1

2004-09-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pysockaddr.c: fixed 64bit issue in htonl & ntohl, use "I"
	format specified to parse an unsigned int

2004-09-03  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.7

2004-09-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: really fix stack size setting (set rlimit_max to
	stack_size as well, otherwise pthread allocated 2MB stacks)

2004-08-24  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.6

2004-08-16  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.5

2004-08-11  Sandor Geller  <wildy@balabit.hu>

	* solbuild/prototype-maker.sh: removed /opt from the prototype

2004-08-09  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: fixed some problems which were
	introduced at the last code cleanup

2004-08-06  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.4

	* libproxy/zorp/proxy/transfer2.h (ZT2S_SOFT_EOF_SOURCE): Change
	SOFT_EOF_SOURCE and SOFT_EOF_DEST values because of a conflict.

2004-08-06  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: added HRS variable declaration

	* scripts/vbupgrade.sh: fixed another typo (bug #4588); removed
	unnecessary for loops from the engine and the database version
	checking - currently we have only 1 engine and 1 database package
	and the code cannot handle multiple packages

2004-08-05  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.3

2004-08-05  Sandor Geller  <wildy@balabit.hu>

	* solbuild/Makefile.ad: added the missing depend file to
	EXTRA_DIST

2004-08-05  SZALAY Attila  <sasa@balabit.hu>

	* lib/pypolicy.c (z_policy_var_parse_int): New function. Convert a
	policy object to integer if it possible. Bug: #4444

	* Bumped to version 3.0.0.2

2004-08-04  Sandor Geller  <wildy@balabit.hu>

	* solbuild/depend: added ZOSpydns dependancy

2004-08-03  Sandor Geller  <wildy@balabit.hu>

	* solbuild/admin: added

	* solbuild/pkgmaker.sh: removed stdout, stderr redirections

	* solbuild/prototype-maker.sh: add the admin file to the package

	* solbuild/Makefile.am: added admin file

2004-08-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Zorp.py: added MatcherException

	* pylib/Zorp/Matcher.py (AbstractMatcher.checkMatch): added note
	that it can raise a MatcherException

2004-07-30  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: fixed two typos

2004-07-29  Sandor Geller  <wildy@balabit.hu> 

	* solbuild/depend: created

	* solbuild/pkgmaker.sh, solbuild/prototype-maker.sh: use the
	  depend file

2004-07-29  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pypolicy.c: fix startup, return error when the init function
	does not return 'TRUE' value or an exception occurred (fixes
	#4638)

	* libproxy/transfer2.c: removed packet/byte counters as they were
	not used anyways and exporting it is not good either (counters
	were scattered around in various buffers whose use depended
	whether a stacked proxy was used or not)

2004-07-28  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/dottransfer.c: added function heading documentation,
	removed z_dot_transfer_run in favour of z_transfer2_simple_run

	* libproxy/transfer2.c: added function heading documentation,
	(z_transfer2_simple_run): new function which makes it easier to do
	start|run|cancel in simple cases

2004-07-28  Sandor Geller  <wildy@balabit.hu> 

	* solbuild/pkgmaker.sh: clean up the spool after the package
	creation

	* solbuild/rules: sed s/prorotype/prototype/

2004-07-27  Sandor Geller  <wildy@balabit.hu>

        * solbuild/pkgmaker.sh: include rules.conf; changed the FILENAME
	prefix to the prefix which the .tar.gz package uses; compress the
	native Solaris package with gzip

2004-07-26  SZALAY Attila  <sasa@balabit.hu>

	* lib/zasauth.c: Lock a mutex when stream closed or created. Bug:
	#4535

2004-07-26  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/transfer2.c (z_transfer2_start): initialize the stream
	timeout according to self->timeout (shutdown is using blocking
	mode in which case the timeout value is significant) (fixes #4620)

	* lib/zorp/policy.h (z_policy_var_parse): always delete Python
	error state when parsing a Python value fails (fixes #4646)

2004-07-26  Sandor Geller  <wildy@balabit.hu>

	* solbuild/pkginfo.in, solbuild/pkgmaker.sh,
	solbuild/prototype-maker.sh: added native Solaris packaging

	* solbuild/Makefile.am: changed EXTRA_DIST to include the files
	mentioned above

	* solbuild/rules: added pkgpackage target which is included in the
	binary target too

	* configure.in: added solbuild/pkginfo to AC_OUTPUT

2004-07-22  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0.0.1

	* lib/packstream.c (z_stream_packet_read_method): Remove bad
	assertion. (packet length might be above 1500 byte)

2004-07-22  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pycore.c: fixed reference to z_py_zorp_set_connmark() as it
	is not defined on Solaris (fixes compilation on Solaris)

	* pylib/Zorp/Zone.py (NATPolicy): the fix to #4587 was not working
	properly, the clone function requires an argument, also fixed
	caching as performTranslation changed the IP address by the time
	we stored it in the cache, now we save the value first and then
	call performTranslation (fixes #4587)

2004-07-21 Sandor Geller  <wildy@balabit.hu>

	* scripts/vbupgrade.sh: changed the subject of the e-mail when the
	upgrade was successful; additionally print the engine and the
	database version to the log (bug #4588)

	* scripts/vbupgrade.sh: log into /var/log/vbupgrade.log too

	* debian/zorp-pro.logrotate: created

	* debian/rules: added dh_installlogrotate

2004-07-20  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Zone.py: Readded ZoneException to indicate that a
	zone was not found, because it was removed in one of the Zone
	reorganizations, this adds somewhat more detail to our error
	messages. (instead of DACException we get ZoneException with the
	missing address) (fixes #4585)

2004-07-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: rereleased 3.0.0

	* pylib/Zorp/NAT.py (NATPolicy): fixed caching so that the cached
	value does not contain a port number as otherwise multiple
	services using the same NAT policy may not function properly
	(fixes #4587)

2004-07-16  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: bumped version number to 3.0.0

2004-07-14  Sandor Geller <wildy@balabit.hu>

	* scripts/vbuster.sh: when the engine isn't installed send a
	warning instead of an error; added version number; changed
	VENDORSTRING to match both virusbuster.hu and vbuster.hu

2004-07-09  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3.6

2004-07-09  Sandor Geller  <wildy@balabit.hu>

	* scripts/vbuster.sh: don't run, when the engine isn't installed
	(bug #4007)

2004-07-09  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/dottransfer.c: do not report internal error when count
	is less than 2, (fixes #4468)
	(z_dot_transfer_dst_shutdown): new function, ensure that the
	server side is terminated by a CRLF to make sure that the server
	understands our final closing '.' (refixes #4421)

2004-07-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pycore.c (z_py_zorp_set_connmark): conditionally compile
	setConnmark when ENABLE_NETFILTER_TPROXY is defined

2004-07-08  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3.5

	* zorp/main.c (main): Remove devel message. Bug: #4424

2004-07-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* debian/rules: copy options to /etc/zorp/vbuster.options

	* scripts/vbupgrade.sh: do not use a separate /etc/vbuster
	directory, use our central /etc/zorp instead (fixes #4007)

2004-07-07  Balazs Scheidler  <bazsi@bzorp.balabit>

	* scripts/Makefile.am: change the name of vbupgrade.sh to
	vbupgrade when installing

	* debian/zorp-pro.cron.d: changed to use /usr/sbin/vbupgrade.sh

	* lib/pypolicy.c: added error clearing to all _getattr()
	functions,
	(z_policy_var_parse): new function which converts a Python string
	to C string with error handling (simplifies global option parsing
	in VBuster a lot)

2004-07-07  SZALAY Attila  <sasa@balabit.hu>

	* debian/rules: Install the database upgrade script and it's
	option file to it's place. Bug: #4007

	* zorpctl/vbupgrade.sh: Insert a script what will upgrade the
	vbuster database if needed. Bug: #4007

2004-07-06  SZALAY Attila  <sasa@balabit.hu>

	* libproxy/dottransfer.c (z_dot_transfer_run): Check if the last
	character was a newline. If not send a newline to server
	side. This is a dirty hack now, because it's may have a
	neverending loop. Bug: #4421

2004-07-05  SZALAY Attila  <sasa@balabit.hu>

	* lib/proxy.c: Clean up the child removal issue. Bug: #3606

2004-07-05  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zorp.c, zorp/main.c, lib/pycore.c: changed deprecated
	g_main_* to g_main_loop_*

	* lib/szig.c: fixed average aggregator (fixes #4285)

2004-07-02  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/*.c: fixed PyTypeObject initialization to avoid warning
	messages completely, now we can compile again with -Werror

	* lib/pytisauth.c, lib/tisauth.c, lib/zorp/pytisauth.h,
	lib/zorp/tisauth.h: removed these files, as authentication against
	TIS-like authservers is not supported anymore (and did not work
	anyway)

	* lib/proxy.c: instead of using a mutex to synchronize
	z_proxy_set_parent(NULL) in parent and child destroyal, avoid
	touching the same piece of data from parallel threads, see the
	long comment in the beginning of the file (changes the fix for
	#3606)

	* pylib/Zorp/NAT.py: added missing import of types (fixes #4405)

2004-07-01    <bazsi@hp-ia64.balabit>

	* Fixed a couple of 64bit issues

2004-06-22  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3.3

	* lib/proxy.c (z_proxy_set_parent): Make the proxy unreffin
	exclusive, because it's may be called from child proxy's
	z_proxy_destroy_method and parent proxy's
	z_proxy_satck_destroy. Bug: #3606

2004-06-17  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3.2

	* pylib/Zorp/Core.py (config): Create Vbuster module inside Core.

	* lib/zasauth.c (z_zas_read): Close zas streams if error
	occured. Bug: #4274

2004-06-15  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3.1

2004-06-14  SZALAY Attila  <sasa@balabit.hu>

	* lib/plugsession.c (z_plug_session_new): Set the client and
	server stream names, if not setted before. Bug: 3870

2004-06-11  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zorp/proxy.h: added functions for content-length hinting
	into the ZProxyResultIface interface (fixes #4216)

2004-06-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: fix stack limit setting, as it set the stack limit
	to 256 bytes previously (which was not taken seriously by newer
	kernels)

2004-06-08  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta3

2004-06-04  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/NAT.py (generalNAT): changed the solution of #4017 to
	a simpler one

2004-06-03  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta2.3

2004-06-02  SZALAY Attila  <sasa@balabit.hu>

	* libproxy/transfer2.c (z_transfer2_free_method): Call
	z_stream_context_destroy for transfer contexts.

2004-06-01  SZALAY Attila  <sasa@balabit.hu>

	* pylib/Zorp/Matcher.py (RegexpMatcher.checkMatch): Log if
	matching regexp found.

2004-06-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pycore.c: (z_py_zorp_set_connmark): new function, enables
	changing the connection mark of a connection (fixes #4132)

	* pylib/Zorp/Proxy.py (connectServer): forget previously set
	server side local address as a proxy might establish connection to
	the server multiple times (e.g. non-transparent HTTP or SQLNet),
	and this might cause problems with TIME_WAIT sockets

2004-06-01  SZALAY Attila  <sasa@balabit.hu>

	* debian/zorp-pro.postinst: Set ownership of /var/lib/zorp/* and
	/var/run/zorp to root.zorp and rights to 0770. Bug: #4124

2004-05-27  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta2.2

2004-05-26  SZALAY Attila  <sasa@balabit.hu>

	* lib/packsock.c: Implement UDP handling in solaris.

2004-05-25  SZALAY Attila  <sasa@balabit.hu>

	* pylib/Zorp/NAT.py (GeneralNAT.performTranslation): Fix a typo in
	self.mapping[s] Bug: #4015
	(GeneralNAT.performTranslation): Check if mapping are a
	typle. Bug: #4017

2004-05-22  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/proxy.c (z_stacked_proxy_new): new argument, specifies the
	control stream, used when stacking programs,
	(z_proxy_control_stream_read): new function, read callback for
	control streams,
	(z_proxy_stack_program): also create control stream, additional
	error handling

2004-05-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/dispatch.c (z_dispatch_register): removed wildcard variable
	(fixes #3976)

2004-05-19  SZALAY Attila  <sasa@balabit.hu>

	* lib/zasauth.c (z_zas_read): Remove z_zas_close() calling. Bug:
	#4005

	* debian/zorp-pro.postinst: Separate quarantine and temp dir
	creation. Correct che checking of it's existance. Bug: #3895,
	#3827

2004-05-19  SZALAY Attila  <sasa@balabit.hu>

	* Change /etc/zorp directory ownership. It's now root.zorp ownered
	mode 0750. Bug: #3956

2004-05-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: fixed PYTHONPATH and LD_LIBRARY_PATH
	composition, handle the case where these variables are not set in
	the environment (triggers a segfault on Solaris as its libc does
	not handle the parameter of a %s argument being NULL) (fixes
	#3913)

2004-05-07  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: added support for creation of /var/run/zorp
	(fixes #3897)

	* pylib/Zorp/Chainer.py: added state support for FailoverChainer
	(fixes #3884)

	* pylib/Zorp/NAT.py, pylib/Zorp/Auth.py: changed class ordering to
	make sure the GUI has BasicAccessList and GeneralNAT as the first
	class within their type (fixes #3758)

2004-05-06  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta2.1

2004-05-03  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta2

2004-05-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/satyr.c, zorp/transfer.h: fixed 64bit issues

	* lib/pypolicy.c (z_policy_tuple_get_verdict): new function to get
	the verdict from an action tuple,
	(z_policy_convert_strv_to_list): new function to convert an strv
	array to a Python list

	* lib/proxy.c: added docstrings for all functions, removed the
	dummy z_proxy_basic_get_thread_id_method function

2004-04-29  SZALAY Attila  <sasa@balabit.hu>

	* zorp/main.c (z_sigchild_handler): waitpid may return with 0 when
	no chld process exited. Bug: #3687

2004-04-28  SZALAY Attila  <sasa@balabit.hu>

	* lib/tpsocket.c (z_tp_set_tproxy_opt): Foolow changes in solaris
	(ipfilter) interface.

2004-04-20  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta1.2

2004-04-20  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/conntrack.c (z_conntrack_packet_in): do not double unref the
	sockaddr when sending to the proxy fails

2004-04-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c: allow tproxy2.0 calls in Z_SD_TPROXY_IPF as well

2004-04-15  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/proxy.c (z_proxy_stack_proxy): check if the returned proxy
	instance is None, and return failure in this case

	* lib/zorp/*.h, libproxy/zorp/*.h: changed the way Python.h is
	included to make sure it is included first (required to avoid a
	lot of warnings during compilation)

	* lib/proxyvars.c: fixed Python locking when a DIMHASH, HASH or
	METHOD object is created (fixes #3544)

2004-04-14  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zpython.c: added another FutureWarning ignore

	* configure.in, lib/zorp/zpython.h: work around braindead Python
	include files which triggered a lot of warnings

	* configure.in: fixed ENABLE_XXXX macros to make it possible to
	display their values in --version output

	* lib/sysdep.c: added new prepcocessor directive
	ENABLE_TPROXY_FALLBACK_V12 which needs to be defined when the
	fallback should be enabled

	* lib/szig.c: changed an abort() call to g_assert(0) (as abort was
	not defined in the included files and this was an easier solution)

	* lib/zorp/nfiptproxy-kernel.h, lib/zorp/nfiptproxy-kernelv2.h:
	reverted to upstream versions, no editing is necessary

	* lib/zorp/ipfiptproxy-kernel.h: updated to TProxy 2.0

	* lib/tpsocket.c: include IPF header files from ipfilter/* instead
	of netinet/*

2004-04-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* solbuild/*: added solaris build files

	* zorp/main.c: added SIGCHLD handler to wait for possible child
	processes (fixes #3564)

2004-04-02  SZALAY Attila  <sasa@balabit.hu>

	* lib/proxy.c (z_proxy_policy_config): Rename and split __config__
	event to __pre_config__ and __post_config.

	* lib/packsock.c (z_nf_packsock_open): Remove mark_tproxy
	dependency. Bug: #3448

2004-04-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/proxy.c (z_proxy_stack_object): new function to be used from
	proxies ready to start a stacked proxy. in addition to handling
	Proxy instances it also handles executing programs

2004-03-24  SZALAY Attila  <sasa@balabit.hu>

	* lib/conntrack.c (z_io_receive_packet_in): Freeing packet if
	cannot send to to appropriate proxy. Bug: #332

2004-03-17  SZALAY Attila  <sasa@balabit.hu>

	* lib/packsock.c: Make it tproxy v2.0 compatible. Bug #3203, #3274

	* lib/pydispatch.c (z_py_zorp_dispatch_new_instance): Set
	mark_tproxy default to FALSE.

2004-03-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: added VERSION number to the starting up message
	(fixed #3220)

	* zorpctl/main.c: added --no-auto-start per instance option, also
	added force-start global command

2004-03-10  SZALAY Attila  <sasa@balabit.hu>

	* Bumped to version 3.0beta0

2004-03-05  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/NAT.py (GeneralNAT.__init__): changed the name of the
	argument mappings to mapping (to match other NAT classes)

2004-02-25  SZALAY Attila  <sasa@balabit.hu>

	* debian/control (Provides): zorp-pro-modules now conflicts with
	zorp-pro-addon-fp1. Bug #3174

2004-02-26  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pypolicy.c: reworked z_policy_getattr and z_session_getattr
	and moved common parts to a single function, added
	z_global_getattr function

	* lib/dispatch.c: added a couple of docstrings, changed assert()
	to g_assert(),

	* lib/zorp/dispatch.h: moved mark_tproxy member of ZDispatchParams
	to common

2004-02-25  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c: more TPROXY 2.0 fixes

2004-02-24  SZALAY Attila  <sasa@balabit.hu>

	* debian/zorp-pro.postinst: Add zorp user to keys group. Bug #3169

2004-02-24  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c: fixed a couple of problems in TPROXY 2.0
	support, this should actually compile now (though it might not
	work)

2004-02-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Proxy.py (Proxy.connectServer): set
	session.server_stream to None before attempting to connect (fixes
	#3110)

2004-02-18  SZALAY Attila  <sasa@balabit.hu>

	* Create first draft of TPROXY v2.0 compatibility layer. Closes:
	#3061

2004-02-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zpython.c: moved PySys_AddWarnOption before Py_Initialize,
	it seems to work this way

2004-02-11  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/Makefile.am: instead of making zorpctl2, create the
	zorpctl binary (the shell script version is obsoleted)

	* Makefile.am: removed scripts from SUBDIRS

2004-02-11  SZALAY Attila  <sasa@balabit.hu>

	* zorp/main.c (main): Set stack limit to 256 KByte default. Bug:
	#2344

2004-02-10  SZALAY Attila  <sasa@balabit.hu>

	* lib/szig.c (z_szig_init): Check if thread creation failed and
	handle it. Bug: #2098

2004-02-06  SZALAY Attila  <sasa@balabit.hu>

	* lib/szig.c (z_szig_thread): Free message object after get datas
	from it.

	* libproxy/transfer2.c (z_transfer2_copy_data): Only write data if
	buffer full. Closes: #2541

2004-02-04  SZALAY Attila  <sasa@balabit.hu>

	* pylib/Zorp/*.py: Change docstrings to comform zms database
	generation rules.

2004-02-03  SZALAY Attila  <sasa@balabit.hu>

	* Move base64 coder to libproxy. Closes: #68

2004-02-02  SZALAY Attila  <sasa@balabit.hu>

	* pylib/Zorp/Zorp.py (ZD_PROTO_AUTO): New Constanst. It's used
	with ZMS to set Chainer protocol to be autodetect. Closes: #2822

2004-01-30  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: added 1, 5, 15 minute thread averages (fixes
	#2895)

	* pylib/Zorp/Service.py: fixed race condition in num_services
	counting (fixes #2965)

2004-01-26  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/attach.c: specify ZSF_LOOSE_BIND socket flag if
	params.tcp.loose is TRUE

	* lib/pydispatch.c (z_py_zorp_dispatch_accepted): clone sockaddrs
	to avoid passing ZSockAddr references through thread boundary (as
	ref & unref of sockaddrs are not thread safe)

2004-01-20  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: added command line --crypto-engine parameter (when
	ZORPLIB_SSL_ENGINE is defined)

2004-01-19  SZALAY Attila  <sasa@balabit.hu>

	* zorpctl/main.c (z_setup_env): Keep the old enviroment value,
	only prepend the needed path.

2004-01-14  Balazs Scheidler  <bazsi@bzorp.balabit>

	* debian/zorp-pro.files: added AuthDB.py as it was missing

2004-01-09  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: changed z_process_failed calls as its declaration
	changed

	* pylib/Zorp/Auth.py: fixes typo cleanup_treshold ->
	cleanup_threshold

	* libproxy/transfer2.c (ZTransfer2Funcs): new setup callback,
	(z_transfer2_start): call new setup callback to make it possible
	to change stream settings in derived classes

	* doc/zorp-tutorial.txt: fixed section numbers, added
	--autobind-ip info to instances.conf

	* lib/tpsocket.c: call setsockopt(IP_TPROXY_CONNECT) right before
	connect to inform the TPROXY code about our remote address

2004-01-07  Balazs Scheidler  <bazsi@bzorp.balabit>

	* doc/zorp-tutorial.txt: fixed a couple of small issues (--on-port
	argument missing to TPROXY target, DROP default policy for
	non-builtin chains)

	* lib/packsock.c: added IP_TPROXY_CONNECT call for the new TPROXY
	support

2004-01-06  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/szig.c: removed SZIG locking as SZIG events are synchronized
	by an async queue, operations happen in a single thread (fixes
	#2792)

2004-01-05  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Auth.py: fixed typo (threshold was called treshold)
	fixes bug 2672

	* lib/fastpath.c: added docstings

	* lib/sysdep.c: -"-

	* lib/modules.c: updated docstrings

	* lib/pycore.c: -"-

	* lib/pystream.c: -"-

	* lib/zpython.c: -"-

	* pylib/Zorp/Cache.py: fixed a bad reference to self.time, use
	time.time() instead

	* pylib/Zorp/Dispatch.py: removed client_ips hash as it is not
	used anymore

2003-12-27  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zpython.c: ignore FutureWarnings about hexadecimal constants
	above maxint as the code that uses this construct does not really
	care about the sign of the number (it does only bitwise logical
	operations)

	* zorpctl/main.c: implemented gui-status command

2003-12-17  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c (z_do_tp_getsockopt): call IP_TPROXY_ALLOC when
	the returned port number is 0 (ie. not yet allocated)

	* lib/zorp/nfiptproxy-kernel.h: updated to the latest TPROXY head
	version

2003-12-15  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Auth.py (BasicAccessList.__init__): changed the name
	of the list argument to 'acl'

	* pylib/Zorp/*.py: changed all log() invocations to use the new
	log() function

	* lib/pycore.c (z_py_log): defer string formatting until we really
	know that a message must be logged, this required a slight change
	in the Python exported log() function, the change is upward
	compatible but to make use it the caller must be changed (to
	supply the format arguments as a tuple instead of formatting the
	message inline)

	* zorp/main.c (main): use popt's usage function instead of a
	hand-maintained one

	* pylib/Zorp/Globals.py: added auth_caches hash

	* pylib/Zorp/Cache.py (TimedCache): new class

	* pylib/Zorp/Auth.py (AuthCache): generalized cache functionality
	and moved into Cache.TimedCache, made it possible to refer to
	AuthCache instances by name

2003-12-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: added --enable-core instance specific option

	* configure.in: added --with-python configure option

	* pylib/Zorp/NAT.py: add type declarations for __init__ arguments

	* pylib/Zorp/Dispatch.py: make the transparent check stronger,
	only fail iff transparent && dest ip == listen ip && dest port ==
	listen port)

	* lib/zpython.c: use g_snprintf instead of snprintf

	* lib/szig.c: use strncat instead of strcat (though the length was
	checked previously, just to make things sure)

2003-11-26  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c: adapted to the latest sock_flags change

2003-11-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Service.py: if the auth argument is a String
	interpret it as an auth_policy

	* pylib/Zorp/Service.py, pylib/Zorp/Auth.py: make sure the
	AuthPolicy wrapper actually works

	* pylib/Zorp/Service.py (Service.startInstance): if the 'auth'
	compatibility was used the encapsulation into an AuthPolicy
	instances was not working, this was fixed (pass None as the name
	argument)

	* pylib/Zorp/Auth.py (AuthPolicy.__init__): do not register self
	in auth_policies if name is None

	* lib/pypolicy.c: removed the hacks from z_session_getattr as it
	is not used by ZAuthProvider any more

	* lib/authprovider.c: instead of using the hacked
	z_session_getattr with an empty string parameter, use
	z_proxy_getattr(self, "session");

2003-11-18  Szalay Attila  <sasa@mochrul.balabit>

	* lib/pypolicy.c (z_session_getattr): Return with session object
	when name parameter NULL.

	* lib/authprovider.c (z_auth_provider_check_passwd): Call
	startSession from here, not from InbandAuthentication method.

	* lib/zasauth.c (z_zas_read): Remove hash values in rigth
	order. This fix a memory leak when used authentication

	* lib/proxy.c (z_proxy_user_authenticated): the function always
	returned failure, fixed

	* lib/pypolicy.c (z_session_getattr): return self.session if the
	length of name is 0

2003-11-18  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: added check for -lrt as it is needed by python2.3

2003-11-16  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: setup environment and resource limits when
	starting Zorp in the background (fixes #2320)

2003-11-04  Szalay Attila  <sasa@mochrul.balabit>

	* lib/base64.c (z_code_base64_decode): Fix in stripping code.

2003-11-03  Szalay Attila  <sasa@mochrul.balabit>

	* lib/base64.c (z_code_base64_decode): Strip trailing and leading
	whitespaces.

2003-11-11  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/conntrack.c (z_io_receive_new): set session_limit to 10 if
	it is 0

2003-10-31  Szalay Attila  <sasa@mochrul.balabit>

	* libproxy/transfer2.c (z_transfer2_free_method): Remove
	downstreams from poll. It caused temporary memory and fd leaks,
	and may caused segmentation failure.

2003-10-30  Szalay Attila  <sasa@mochrul.balabit>

	* lib/proxy.c (z_stacked_proxy_new): Get ZStream as parameter, not
	an fd.

2003-10-28  Szalay Attila  <sasa@mochrul.balabit>

	* lib/pyattach.c: Remove reference to freeq.h

2003-10-28  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/dispatch.c (z_dispatch_chain_ref, z_dispatch_chain_unref):
	added assertions to check whether the reference count is positive

2003-10-27  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pydispatch.c: fixed deadlock on the Python state as
	z_dispatch_unregister was called with Python state locked, thus
	our destroy notify callback could not lock it again

	* lib/dispatch.c: fixed a deadlock caused by the misordered
	locking on ZIOListen->lock (when the callback is called) and the
	chain->lock.
	(many functions): reorganized and formalized locking, chains have
	a recursive mutex, removed the ugly 'unlock' parameter from unref,
	changed the global rwlock to a simple mutex as it only complicated
	things

	* doc/zorp-tutorial.txt: merged tutorial update from
	mag@debian.org

	* zorpctl/main.c: Solaris sprintf doesn't handle NULL as the
	argument to %s, fixed

2003-10-22  Balazs Scheidler  <bazsi@bzorp.balabit>

        * lib/main.c: never exit directly from the sigterm handler handle
	term_received=TRUE case before the main loop starts

        * lib/packstream.c: adapted to refcountless ZPackets

        * lib/packet.c: dropped reference counting as it would require a
	lock on the ref_count field

        * lib/dispatch.c (z_dispatch_connection): lock the chain while
	traversing it,
        (z_dispatch_register): upgrade to write lock earlier to avoid
	parallel binding to the same port, handle races by looking up the
	hashtable again when the write lock is acquired

        * lib/conntrack.c (z_conntrack_add_stream,
	z_conntrack_remove_stream): added a mutex protecting the
	connection_poll as it was accessed from multiple threads,
        (z_conntrack_socket_free) fixed a memory leak in ZCTSockets, the
	ZSockAddr members were not freed,
        (z_conntrack_socket_ref, z_conntrack_socket_unref): use a lock to
	protect the reference counter,
        (various functions): ZPacket does not use reference counts any
	more (to avoid the need to lock)
        (z_conntrack_socket_start, z_conntrack_socket_shutdown):
	add/remove a reference to the referenced structure to avoid
	freeing ZCTSockets which were not shut down
        (z_conntrack_packet_in): backported runtime session_limit, added
	log messages about new sessions

        * lib/attach.c: set the 'bound' member in the ZConnection struct
	
        * configure.in: added Linux 2.6 to tproxy detection

2003-10-20  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/transfer2.c: implemented time based transfer progress
	callback (used by SMTP to send NOOPs while waiting the stacked
	proxy to verify data)

2003-10-17  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zasauth.c (z_zas_connect): if connection failed the attach
	instance was leaked, fixed

	* lib/satyr.c, lib/zasauth.c: fixed fd leak by calling
	z_stream_close explicitly and passing FALSE as the value of the
	new close_stream argument to zas_auth_protocol_destroy

2003-10-16  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/AuthDB.py (ZAS2AuthenticationProvider): added
	docstring on constructor parameters

	* pylib/Zorp/Zorp.py: added constants for BasicAccessLists

	* pylib/Zorp/Session.py: added auth_policy support

	* pylib/Zorp/Service.py: added auth_policy support

	* pylib/Zorp/Proxy.py: use the new AuthPolicy, userAuthenticated
	now takes groups as parameter, and also checks authorization info
	(and raises exception if unauthorized)

	* pylib/Zorp/Core.py: added imports for new classes

	* pylib/Zorp/Auth.py: added authorization support (user and group
	based), added AuthPolicy class

	* pylib/Zorp/AuthDB.py: new file, ZAuthenticationProvider is moved
	here from Auth.py

	* lib/zasauth.c: changed ZAS_TIMEOUT to 60 * G_USEC_PER_SEC
	(bugfix as it used to be 0.06sec)

	* lib/satyr.c: group list support

	* lib/pysatyr.c: parse group list sent by ZAS, return group list
	when the authentication ends

	* lib/proxy.c (z_proxy_authenticated, z_proxy_connect_server):
	changed return type to gboolean (not a real change)

2003-10-14  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/tpsocket.c: added workaround of ipfilter's braindamage

	* lib/packsock.c (z_packsock_init): do not report error if
	ENABLE_CONNTRACK is not defined

2003-10-13  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/transfer2.c: added ZT2_RESULT_ABORTED

	* pylib/Zorp/Core.py: added import of GeneralNAT

	* pylib/Zorp/Domain.py: added contains, getHostAddr, mapHostAddr
	functions to help NAT mappings

	* pylib/Zorp/NAT.py: added GeneralNAT implementation

	* zorp/main.c: detach from the controlling terminal

	* lib/szig.c: use a g_async_queue

2003-10-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/transfer2.c: correctly handle G_IO_ERROR_STATUS when reading
	from the source

	* lib/*.c: merged log message documentation

	* lib/pyproxy.c: removed destroy method as it did not always work
	and was never really used, use ZProxyParams instead of separate
	arguments for the ZProxy constructor, do not format attribute
	fetched and set log messages if the verbosity level is not high
	enough (improves performance)

	* lib/proxy.c: changed naming to be a bit more consistent
	(z_proxy_***_event was renamed to z_proxy_policy_***), added
	virtual methods to config,startup,main,shutdown and destroy
	(this is incompatible so proxies must be migrated, currently HTTP
	is the only which works), removed virtual methods for
	getattr/setattr

2003-10-09  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/*.py: merged log message documentation

	* zorpctl/main.c: updated to use the --foreground option to avoid
	zorp going to background, don't close stderr in case Zorp wants to
	inform the user about errors

	* zorp/main.c: added error reporting to all permission setup
	functions, use z_process_daemonize to go into background

	* lib/proxy.c: implemented an alternative startup for proxies
	which correctly reference counts threaded ZProxy execution (see
	the z_proxy_start and z_proxy_run functions) We still miss some
	features to correclty handle the 'unable to create new thread'
	case because the proxy constructor should return NULL, but
	z_proxy_new immediately creates some circular references which are
	only resolved in z_proxy_destroy, which in turn requires a
	thread-specific Python thread. This still needs to be resolved
	somehow.

	* lib/conntrack.c, lib/attach.c, lib/pyattach.c, lib/pyfastpath.c:
	removed all Conntrack trackers and all references, performed the
	following renames: ZConntrack struct was renamed to ZIOReceive,
	ZCTSocket was renamed to ZDGramConnection, applied a similar
	rename in function names

	* lib/attach.c: fixed memory leak, the user's destroy_notify
	callback was not called if attaching was cancelled

	* lib/connection.c: added function headers

2003-10-09  Szalay Attila  <sasa@mochrul.balabit>

	* libproxy/transfer2.c (z_transfer2_free_method): Remove timeout
	source when quit.

2003-10-08  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Receiver.py: added session_limit to docstring

	* lib/pydispatch.c: support session_limit

	* lib/dispatch.c: instead of using a hard-wired constant to limit
	incoming UDP sessions, make it a runtime configuration parameter
	(session_limit)

2003-10-06  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/transfer.c: set both the proxy streams and down streams to
	nonblocking mode

	* lib/transfer.c (z_transfer_free_method): free buffers allocated
	by ZTransfer

	* lib/pypolicy.c: added const qualifier to a couple of arguments

	* pylib/Zorp/NAT.py: added cacheable attribute and caching
	implementation to NATPolicy

	* lib/transfer.c: do not save the nonblocking state of streams as
	it is saved/restored by z_stream_{save|restore}_context

	* zorp/main.c: fixed a couple of compiler warnings

	* libproxy/transfer2.c, libproxy/zorp/proxy/transfer2.h: new
	implementation of ZTransfer, currently only used by the SMTP proxy

2003-10-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/transfer.c: added a new progress reason (ZTP_STARTUP) which
	is called after initialization and before the first poll loop

2003-10-02  Szalay Attila  <sasa@mochrul.balabit>

	* lib/transfer.c (z_transfer_copy_data): Limit the number of copy
	cycle at a time.

2003-10-02  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pyattach.c: accept new keyword argument: local_loose

	* lib/tpsocket.c: use the new loose_bind arguments to implement
	sane source port allocation, call IP_TPROXY_FLAGS for mark only
	sockets (fixes bug 1259)

	* pylib/Zorp/Chainer.py: use server_local_loose to specify loose
	binding

	* pylib/Zorp/NAT.py: added docstring to NATPolicy

	* pylib/Zorp/Router.py: added forge_port argument to various
	Router classes, introduced source port number allocation

	* pylib/Zorp/Session.py: added a new attribute server_local_loose
	which means that the server-side can be loosely bound

	* pylib/Zorp/Zorp.py: added Z_PORT_* constants

2003-10-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/zpython.c (z_python_destroy): fixed crash when called
	without initialization

	* lib/dispatch.c (z_dispatch_destroy): fixed crash when called
	without initialization

	* lib/conntrack.c (z_conntrack_destroy): fixed crash when called
	without initialization

2003-10-01  Szalay Attila  <sasa@mochrul.balabit>

	* libproxy/dottransfer.c (z_dot_transfer_src_read): Check if
	buffer to small to read at least 2 character.
	(z_dot_transfer_dst_write): Do not write the same line again and
	because of this doesn't say that wrote more bytes than readed

2003-10-01  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Dispatch.py (CSZoneDispatcher.__init__,
	ZoneDispatcher.__init__): clear follow_parent argument from the
	keyword hash, prior to calling the inherited constructor

	* zorpctl/main.c: added force-stop, force-restart commands

	* lib/zasauth.c: added SSL support

2003-09-30  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/transfer.c (z_transfer_enable_copy,
	z_transfer_disable_copy): changed not to change self->flags,
	(copy functions): always call z_transfer_enable_copy when
	G_IO_STATUS_AGAIN or NORMAL occurred to make sure that remaining
	data is read when an error occurs during flush

2003-09-30  Szalay Attila  <sasa@mochrul.balabit>

	* libproxy/dottransfer.c (z_dot_transfer_dst_write): Fix dot
	escaping state machine to not write the same (dat started) line
	again and again. (And fix the state too, when buffer have more
	than one line)

	* lib/transfer.c (z_transfer_copy_client_to_server): Fix handling
	of the state when ZTF_COMPLETE_COPY in work.
	(z_transfer_enable_copy): Fix a lot of miswritted side (client <->
	server) and fix the handling of state when writing have an error
	but must read till EOF

2003-09-29  Balazs Scheidler  <bazsi@bzorp.balabit>

	* scripts/zorpctl.in: add 64 to the calculated fd limit

	* zorpctl/szig.c: new file, contains a simple client to SZIG
	functions

	* zorpctl/main.c: added inclog, declog and szig commands

	* lib/szig.c: fixed a couple of bugs in the publishing code

2003-09-26  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: make sure verbose_level remains between [0..10]
	when controlled using USR1 and USR2 signals

	* lib/transfer.c (z_transfer_enable_copy): do not reenable copying
	in a direction which has already indicated EOF

2003-09-26  Szalay Attila  <sasa@mochrul.balabit>

	* debian/zorp-pro-modules.postrm: Rearrange removing Zorp
	directories.

2003-09-25  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pyfastpath.c (z_fp_transparent_router_setup): forced port
	was erroneously parsed as an object, parse it as an int instead
	(caused forced_port to be always set, thus TransparentRouter was
	not working)

2003-09-24  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: removed free queue references

	* lib/pyproxy.c: inform SZIG about the arrival of a new,
	previously unknown IP to be counted into the license

	* lib/szig.c: support string values

	* pylib/Zorp/Zorp.py: added getKeywordArg() function which helps
	parsing optional keyword arguments

	* pylib/Zorp/Dispatch.py, pylib/Zorp/Listener.py,
	pylib/Zorp/Receiver.py: use constructor arguments consistently,
	make sure all necessary arguments are passed to Dispatchers using
	its keyword argument hash

2003-09-23  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/szig.c: reimplemented SZIG functions

	* lib/pyszig.c: commented out for now

2003-09-19  Szalay Attila  <sasa@mochrul.balabit>

	* lib/nullcode.c (z_code_null_finish): Set to parameter unused.

2003-09-19  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/pysockaddr.c: fixed a problem in gethostbyname_r workaround
	code, the Python interpreter was not correctly locked while
	constructing the Python error object

	* lib/tpsocket.c: default autobind IP readded back

2003-09-17  Balazs Scheidler  <bazsi@bzorp.balabit>

	* libproxy/dottransfer.c: support and escape the '.' character

	* lib/transfer.c: added the possibility to enable/disable copying
	in one or the other direction to support SMTP where the two
	directions depend on each other, also made
	z_transfer_update_eof_mask() public, though this is not the best
	solution.

	* zorp/main.c: portability fixes

2003-09-15  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorp/main.c: fixed popt based argument parser

2003-09-12  Balazs Scheidler  <bazsi@bzorp.balabit>

	* lib/sysdep.c (z_sysdep_parse_tproxy_arg): added const qualifier

	* lib/pyfastpath.c: do not set params.udp.tracker in
	ENABLE_CONNTRACK is not defined (#ifdefs added)

	* lib/dispatch.c, lib/nullcode.c, lib/packet.c, lib/szig.c,
	lib/tpsocket.c: added inclusion of <string.h>

	* lib/packstream.h: added inclusion of <zorp/packet.h>

	* lib/zorp/transfer.h: added inclusion of <zorp/poll.h>

2003-09-10  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c: fixed bug in instances.conf parsing

	* lib/*.c: changed '%m' to '%s' and g_strerror(errno)

	* lib/transfer.c (z_transfer_update_eof_mask): fixed a typo
	(add_mask was ANDed twice)

	* pylib/Zorp/Proxy.py: fixed exception reporting when connection
	to the target server failed (because of DAC policy violation for
	example), the code referred to a variable named session which was
	not present (now I'm using self.session instead)

	* zorpctl/main.c: use libpopt instead of getopt_long

	* zorpctl/arglist.c: removed, as we are now using libpopt and it
	has this feature built in

	* lib/szig.c: added const to arguments where appropriate,
	
	* lib/tpsocket.c: -"-,

	* lib/sysdep.c: -"-

	* zorp/main.c: use libpopt instead of getopt_long, added const to
	a couple of arguments to avoid warnings (libpopt returns const
	char * for optional arguments)

	* configure.in: search for libpopt

	* debian/zorp-pro.files: added zorpctl2 to the deb package

	* zorpctl/main.c: added support for displaying thread count for
	instances based on SZIG

	* zorpctl/arglist.c: skip whitespace between arguments

2003-09-09  Balazs Scheidler  <bazsi@bzorp.balabit>

	* zorpctl/main.c, zorpctl/arglist.c, zorpctl/arglist.h: new
	directory & files, contains the C based implementation of zorpctl

	* libproxy/zorp/proxy/dottransfer.h: moved from libproxy/zorp to
	start separating the zorp include directory, references to this
	file should be done through <zorp/proxy/dottransfer.h>

	* configure.in, zorp-config.in: start using libzorpproxy.so

	* pylib/Zorp/NAT.py, pylib/Zorp/Router.py, pylib/Zorp/Chainer.py:
	implemented NAT policies, e.g. NAT instances referenced by name

	* scripts/zorpctl.in: added a sleep call before an instance is
	restarted

2003-09-04  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: fixed Python detection on Solaris

2003-09-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* configure.in: started libproxy subdirectory

	* libproxy/dottransfer.c: new file, will implement a common
	dot-terminated transfer class to be used by POP3, SMTP and NNTP
	proxies

	* pylib/Zorp/Auth.py: changed 'Client-zone' zas header to
	'Client-Zone'

	* lib/transfer.c (z_transfer_free_method): free the associated
	ZStackedProxy,
	(z_transfer_new): store a reference to ZStackedProxy

	* lib/proxy.c (z_stacked_proxy_new): modified function arguments
	to expect the parent and child proxies which are needed to
	correctly get rid of object references

2003-09-01  Balazs Scheidler  <bazsi@bzorp.balabit>

         * lib/transfer.c: changed ZTF_MANAGED_POLL to
	 ZTF_PROXY_STREAMS_POLLED and it affects only proxy streams,
	 stacked streams are always added/removed from the poll
	
	* lib/transfer.c: instead of always managing the associated ZPoll,
	let the proxy do it by specifying a ZTF_MANAGED_POLL flag,
	(z_transfer_update_eof_mask): do not remove streams from the poll,
	it will be done in z_transfer_run() time

2003-08-27  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/transfer.c: changed EOF_ constants to be prefixed by ZTS_
	and declared some public constants that makes it possible to use
	self->status in derived classes

	* lib/pydispatch.c: use a separate thread state for each Dispatch
        (avoid using the main state as the conntrack & main threads would
	then share their Python thread state)

2003-08-21  Szalay Attila  <sasa@mochrul.balabit>

	* debian/zorp-pro-modules.postrm: Bugfix. When purge try to remove
	/usr/share/zorp directory, and handle when this directory
	nonexist. Closes: #594

	* debian/rules: Install NEWS file instead of ChangeLog

	* configure.in: Remove gethostbyname_r checking, because
	impelementation have a memleak.

2003-08-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/transfer.c (z_transfer_set_stacked_proxy): new function,
	makes it possible to set stacked proxy after ZTransfer has been
	initialized

	* pylib/Zorp/Proxy.py: added additional information to exception
	logging

	* pylib/Zorp/Dispatch.py: -"-

2003-08-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c (z_conntrack_packet_in): when several sessions
	were started at the same time, the packets received after the
	initial packet was always sent to the first, instead of the
	correct session, fixed,
	(z_conntrack_init, z_conntrack_thread): synchronize using a mutex
	and condvar instead of the ugly sleep-loop

	* lib/attach.c (z_attach_start): initialize conn->protocol for UDP
	connections as it was logged incorrectly otherwise

2003-07-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* pypolicy.c (z_policy_call_object): clear Python error state to
	avoid spurious exceptions

2003-07-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/zorp.h: changed MAX_SESSION_ID to 128 chars

	* lib/tpsocket.c (z_do_tp_bind): handle 0.0.0.0 as bind address
	and do not try to do IP_TPROXY_ASSIGN (which will certainly fail)

2003-07-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxyvars.c: an error state might have remained stuck in
	Python if a Dimhash was indexed by a tuple (the exception was not
	handled when PyArg_Parse returned), causes random, seeming
	unrelated exceptions to pop up here and there

	* lib/dispatch.c: handle thread creation failure

	* lib/conntrack.c: handle thread creation failure

	* zorp/main.c: move deinitialization at the end of the main
	function and use goto to move there in case of failure (this
	removed code duplication)

	* pylib/Zorp/Auth.py (InbandAuthentication): the inherited
	constructor was not called

	* lib/pypolicy.c (z_policy_thread_self,
	z_policy_thread_get_policy): new functions to support the bugfix
	in proxy.c

	* lib/proxy.c: fixed a problem with unlocked proxy startup, the
	thread policy must be created in the same Python interpreter, not
	using the current configuration (triggered when an FTP proxy is
	started, then Zorp is reloaded, and the data proxy has problems
	starting up)

	* lib/pydispatch.c: removed a deadlock condition for threaded
	dispatchers, also removed thread_count support

	* lib/dispatch.c: removed support for multiple dispatch threads,
	as it actually decreased performance (and added another
	unfairness, which it was meant to prevent)

2003-07-17  Szalay Attila  <sasa@mochrul.balabit>

	* lib/dispatch.c (z_dispatch_chain_new): Bugfix. If dispatch
	doesn't use thread set thread_count to 0.

2003-07-16  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pydispatch.c: if dispatch uses several threads then several
	Python thread states are required, added hacks to support this

	* lib/pydispatch.c: added new dispatch parameter called
	thread_count

	* lib/dispatch.c: reworked threaded listener, instead of simply
	increasing priority, it is now possible to specify a given number
	of threads to start (e.g. it is possible to start 4 threads just
	for accepting & starting new connections), added message to log
	accept_queue length

2003-07-16  Szalay Attila  <sasa@mochrul.balabit>

	* lib/dispatch.c (z_dispatch_chain_unref): Bugfix. Send a function
	pointer to dispatch thread if unrefing.

2003-07-16  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py (getName): name cache

	* pylib/Zorp/Session.py (isClientPermitted(),
	isServerPermitted()): added cache to make DAC policy faster

	* pylib/Zorp/Dispatch.py: cleaned up keyword argument handling,
	now it should really work for all kind of Listeners & Receivers

	* lib/pydispatch.c: create seperate ZPolicyThread for threaded
	dispatchers, fixes a SIGSEGV when multiple dispatchers are trying
	to use the main thread state

	* lib/dispatch.c: created a 'threaded' parameter in the
	ZDispatchParams struct, which enables the threaded dispatcher

	* lib/proxy.c: do not acquire an execution frame when creating a
	new thread state, especially not current_policy->main_thread

2003-07-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyproxy.c: release lock prior to calling the proxy's
	constructor

	* lib/proxy.c: the Python lock is released while new threads are
	started, thus some syncronization is necessary to ensure that the
	Python part of a proxy is properly initialized, I used a condition
	variabled in ZPolicyThread for this purpose (pyproxy.c calls
	z_policy_thread_ready(), and z_policy_acquire_thread() calls
	z_policy_thread_wait())

	* lib/dispatch.c: implemented dispatch threads to make processing
	incoming connections more fair as the accept queue in the kernel
	reorders incoming connections, instead of "accept one, start new
	thread", we quickly accept incoming connections to a queue, which
	is then processed by a thread associated with the current dispatch
	chain

2003-07-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: changed a couple of messages to
	CORE_SESSION(5) instead of CORE_SESSION(4) (to make -v4 report
	session start & end only)

	* pylib/Zorp/Service.py (Service.stopInstance): added a message
	about the termination of the service (CORE_SESSION(4))
	
2003-07-10  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pystream.c: implemented bytes_sent, bytes_recvd stream
	attributes which contain the bytes sent/received

2003-07-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/transfer.c, lib/plugsession.c: adapted to the latest
	z_stream_set_timeout() change

	* lib/conntrack.c (z_conntrack_new): initialize ref_cnt to 1
	(fixes #1483)

2003-07-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c (z_proxy_check_secondary): new function which checks
	whether a secondary connection is appropriate,
	
	* lib/zorp/proxy.h: moved ZS_MATCH_* constants from plug here

2003-07-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: new command line option named --threadpools alias
	-O which enables the use of threadpools in libzorpll

2003-07-01  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Dispatch.py (AbstractDispatcher.accepted): also write
	the optional argument for DACException to the log,
	(ZoneDispatcher & CSZoneDispatcher): use the classes implemented
	in Cache.py for caching, report failed service lookups to the log

	* pylib/Zorp/Cache.py: new file, implements general caching for
	different parts of the policy layer

	* zorp/main.c: use LICENSE_VERSION for license verification
	(to allow version 2.1 to use version 2.0 licenses)

2003-06-27  Szalay Attila  <sasa@mochrul.balabit>

	* lib/proxy.c (z_parse_interval): Fix a typo in for cycle.

2003-06-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Dispatch.py: support multiple listen addresses

	* lib/pyproxy.c: look for ZR_NONE instead of ZR_PROXY when
	searching registered proxy types

2003-06-24  Szalay Attila  <sasa@mochrul.balabit>

	* zorp-config.in: --libs only return with zorp lib.

2003-06-19  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: allow up to 128 soft-instances (16 were previously
	allowed)

	* lib/packsock.c: enabled SO_BROADCAST for UDP sockets, fixed
	Linux2.2 fallback when netfilter tproxying is used

	* lib/conntrack.c: made ZConntrackSocket reference counted, made
	sure that ZConntrackSocket will not be freed as long as there
	might be callbacks pending (caused SIGSEGV)

	* acconfig.h: added HAVE_SUN_GETHOSTBYNAME_R

2003-06-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: various fixes

2003-06-16  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: added a couple of tests to make it easier to
	compile on Solaris

2003-06-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* Couple of Solaris portability fixes (it has no UDP support yet)

	* lib/attach.c: make it compile with ENABLE_CONNTRACK undefined

	* lib/conntrack.c: -"-

	* lib/dispatch.c: -"-

	* lib/packsock.c: -"-

	* lib/pyfastpath.c: -"-

	* lib/sysdep.c: added IPFilter/TProxy support

	* lib/tpsocket.c: added IPFilter/TProxy support

	* lib/zorp/ipfiptproxy-kernel.h: new file, the interface to the
	tproxy module

	* zorp/main.c: added IPFilter/TProxy support
	
2003-06-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py: bugfix, do not save the current protocol
	identifier in self as the same service might be used for both TCP
	and UDP sessions

2003-06-13  Szalay Attila  <sasa@mochrul.balabit>

	* lib/transfer.c (z_transfer_shutdown): Return G_IO_STATUS_NORMAl,
	if try to shutdown a way again, or called with shutdown_mode set
	to 0.

	* lib/zasauth.c: Set ZAS stream name.

2003-06-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyfastpath.c: commented out a couple of
	z_py_zorp_proxy_check() function calls as it does not work

	* lib/pyproxy.c (z_py_zorp_proxy_get_proxy): new function to
	return the underlying ZProxy implementation

	* pylib/Zorp/Session.py (Session.setServer): removed server_local
	argument as it is now set earlier

2003-06-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/transfer.h (ZTransfer): renamed self->eofmask to
	self->eof_mask,

	* lib/transfer.c: implemented ZTF_COPY_COMPLETE (to always copy
	remaining data until EOF),
	(z_transfer_shutdown): verify that each shutdown direction is
	called only once,
	(z_transfer_free_method): call z_object_free_method at the end

2003-06-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.conf: added APPEND_ARGS, CHECK_PERMS variables

	* scripts/zorpctl.in: added a couple of logging and added the
	possibility to automatically append command line arguments to each
	proxy instance (APPEND_ARGS), it is now possible to turn off
	/etc/zorp permission checking (CHECK_PERMS)

	* zorp/main.c: added --tproxy argument which specifies the proxy
	implementation to use

	* doc/man/zorp.8: updated zorp command line arguments

	* lib/sysdep.c: added the possibility to explicitly specify TPROXY
	implementation from the command line

	* pylib/Zorp/Router.py: the handling of forge_addr is moved to
	AbstractRouter, forge_addr is assumed to be TRUE if snat is
	present

	* pylib/Zorp/Chainer.py: error out if SNAT is present and local
	address is None

2003-06-03  Szalay Attila  <sasa@mochrul.balabit>

	* lib/attach.c (z_attach_tcp_callback): Get 4. parameter reflect
	to changes is libzorpll

	* lib/base64.c (z_code_base64_decode_quattro): Change variable
	type to explicit signed.

	* lib/plugsession.c (_ZPlugIOBuffer): Change buffer end, ofs,
	packet_bytes to gsize

	* lib/proxy.c (z_parse_intervall): New function. Check and parse a
	string intervall.

	* lib/satyr.c (z_satyr_get_answer): Bugfix. Doesn't log error when
	EOF reached.

2003-06-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zasauth.c: fixed a compilation problem (wait undeclared)

2003-05-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/policy.boot: removed Zorp.Auth

2003-05-30  Szalay Attila  <sasa@mochrul.balabit>

	* lib/zasauth.c (z_zas_do): Bugfix: Leave while when timeout.

	* lib/satyr.c (z_satyr_session_startup): Bugfix. Check if
	SSL_accept return with 0.

	* pylib/Zorp/Auth.py (ZAS2AuthenticationProvider): Bugfix. Send
	headers parameter to lower level.

2003-05-29  Szalay Attila  <sasa@mochrul.balabit>

	* Change docstrings in Auth.py and Listen.py to comform with
	zms-scripts

2003-05-29  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/plugsession.c: the copying code referred to a bad buffer in
	z_plug_session_down_to_server, fixed

	* lib/transfer.c: added stacked proxy support

	* lib/transfer.c: various fixes, stacked proxy support is still
	missing

	* configure.in: reset CFLAGS to -g when --enable debug is in use
	(to avoid -O2 being included), added $CFLAGS when it is not

2003-05-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/transfer.c, lib/zorp/transfer.h: added initial
	implementation of ZTransfer

2003-05-27  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyproxy.c (z_py_zorp_proxy_getattr): removed support for
	__handle__

	* lib/pyproxy.c (z_py_zorp_proxy_new): no need to query the
	__handle__ attribute as the pointer passed by ExtensionClass is
	ZorpProxy compatible

2003-05-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/authprovider.c: changed crypt to z_crypt to avoid races

	* pylib/Zorp/Service.py: forward ported getInstanceId usage

	* lib/pysockaddr.c (z_py_zorp_sockaddr_new_instance): check if
	z_sockaddr_inet_new succeeds, and raise an exception if failed
	(fixes bugzilla bug 1289)

2003-05-21  Szalay Attila  <sasa@mochrul.balabit>

	* lib/proxy.c (z_proxy_del_child): Bugfix. Remove check before
	delete child proxy.

	* lib/base64.c (z_code_base64_encode): Implement base64 encode.

2003-05-20  Szalay Attila  <sasa@mochrul.balabit>

	* pylib/Zorp/Proxy.py: Bugfix. Remove auth.stopSession call
	because not needed. (And not implemented too).

2003-05-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c: removed conntrack timeouts as they clash with
	Proxy timeouts

2003-05-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/packstream.c: ported to the new ZStream framework (using
	ZObject)

	* lib/*.c: changed z_stream_new to z_stream_fd_new

2003-05-11  Balazs Scheidler  <bazsi@bzorp.balabit.hu>

	* configure.in: fixed libcrypto test to work for openssl 0.9.7

2003-05-09  Szalay Attila  <sasa@mochrul.balabit>

	* lib/zasauth.c (z_zas_close): Bugfix. Set self->proto to NULL
	after destroy it.

2003-05-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py: the way non-cached Zone lookup works was
	reworked to use hash tables and better algorithms

	* pylib/Zorp/Proxy.py (__startup__): handle exceptions during
	fastpath setup

	* lib/tpsocket.c (z_tp_autobind): check if the socket has already
	been bound, and report success if it was

2003-05-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pydispatch.c: handle the case when current_policy is NULL

	* zorp/main.c: new command line argument --also-as

	* pylib/Zorp/Zorp.py: support several instances

	* pylib/Zorp/Session.py (MasterSession.__init__): new
	base_session_id argument,
	(several functions): instead of directly specifying firewall_name
	as the first part of the session_id use self.base_session_id
	instead

	* pylib/Zorp/Dispatch.py: save the name of the actual instance
	during __init__ so it can be used as the base session_id when a
	real instance starts

	* lib/zorp.c: the fake session id also contains the name of the
	instance (just like the real one does)

	* lib/pyproxy.c: handle when parent is None, thus it has no
	__handle__ attribute

	* lib/pypolicy.c: support several soft instances (the name of the
	instance is passed as an array of strings)

	* pylib/Zorp/Zone.py: reworked internal Zone structure as creating
	the data structure was very slow for 500 zones, it now uses a
	simpler data structure with cached lookups

	* lib/pycore.c: forward ported z_py_get_instance_id

	* lib/*.c: do not report exception when PyErr_Occurred is true in
	itself, as there might be a pending exception set even if there
	was no exception during the current operation

2003-05-05  Szalay Attila  <sasa@mochrul.balabit>

	* zorp/main.c (z_resolve_user): Detect errors when resolve user.
	(z_resolve_group): Detect errors when resolver group too.

2003-04-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: fail if --autobind-ip was not specified on the
	command line and netfilter tproxy support is to be used

	* lib/proxy.c (z_proxy_connect_server_event): handle the returned
	value by setServerAddress and propagate the possible error
	condition to the proxy (fixed bugzilla id: 1032)

	* pylib/Zorp/Proxy.py (Proxy.setServerAddress): return a boolean
	value to indicate whether the operation succeeded

	* pylib/Zorp/Dispatch.py: if getService returns None, report it as
	a DACException (instead of dumping a traceback)

	* pylib/Zorp/Core.py: added import of HashNAT and various Receiver
	classes (ZoneReceiver and friends)

2003-04-29  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: instead of registering fastpath info
	after the proxy instance had been created, do it in the
	Proxy.__startup__ function which avoids races

	* pylib/Zorp/Proxy.py (Proxy.__startup__): setup fastpath info
	here,
	(Proxy.__del__): moved code to __destroy__ as the C proxy might
	have been destroyed by the time __del__ is called (thus references
	to attributes might trigger warning messages in the logs)

2003-04-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: changed pidfile dir to /var/run/zorp

	* lib/zorp/zorp.h: changed pidfile directory to /var/run/zorp
	instead of /var/run

	* zorp/main.c: permit using the root uid for --uid and --gid
	parameters

	* lib/proxy.c: changed to use class specific VMTs instead of local
	function pointers, removed dead code,
	(general): added a couple of docstrings,
	(ZProxyIface, z_proxy_add_iface, z_proxy_del_iface,
	z_proxy_find_iface): implemented ZProxyIface and friends to help
	discover interfaces implemented by different proxies (for inter
	proxy communication)

	* configure.in: changed required minimal libzorpll version to
	2.1.0, added a check for libutil

2003-04-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c: adapted to the new ZObject framework

	* lib/zobject.c, lib/zorp/zobject.h: new files, contains the new
	ZObject framework

	* pylib/Zorp/Proxy.py: added a new attribute to session called
	'proxy' which contains a reference to the associated proxy object,
	the circular reference is resolved in the __destroy__ method

	* lib/proxy.h: moved proxyvars specific variables and functions to
	proxyvars.h

	* lib/pyproxy.c (z_py_zorp_proxy_new): new argument, parent which
	specifies the parent proxy, pass this information to the proxy
	init function, (INCOMPATIBLE API CHANGE),
	(z_py_zorp_getattr): new internal attribute called __handle__
	which contains a pointer to the underlying C object (this is a
	hack)

	* lib/proxy.c: modified & updated function docstrings,
	(z_proxy_add_child, z_proxy_del_child, z_proxy_set_parent):
	functions to maintain the inter-proxy links

	* configure.in: separated the required versions of dependent
	libraries to the beginning of the file to make it easier to modify
	those

2003-04-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (ConnectChainer.establishConnection):
	removed exception handling and moved to Proxy.connectServer

	* pylib/Zorp/Proxy.py (Proxy.connectServer): moved exception
	handling here, added log messages on various exceptions

2003-04-11  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Router.py: Use forge_addr parameter.

	* lib/satyr.c (z_satyr_session_startup): Bugfix. Create ssl stream
	before do SSL_accept.

2003-04-11  Balazs Scheidler  <bazsi@bzorp.balabit.hu>

	* pylib/Zorp/Dispatch.py (CSZoneListener): changed implementation
	for lookup to support follow_parent,
	(ZoneListener): support follow_parent here as well

2003-03-14  Szalay Attila  <sasa@balabit.hu>

	* lib/satyr.c (z_satyr_get_answer): Bugfix. Check if cmd setted.

2003-03-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: added exception handling around fastpath
	setup. this is a temporary fix to avoid raised exceptions when
	fastpath info is stored _after_ the proxy exits

2003-02-26  Szalay Attila  <sasa@balabit.hu>

	* lib/tpsocket.c (z_tp_socket_init): Bugfix. Compile when
	--enable-tproxy=linux22 is set.

2003-02-12  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Auth.py (SatyrAuthentication.__init__): Change
	default port to 1316.

2003-02-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: fixed restart (each instance was restarted
	twice)

 	* zorp/main.c (z_remove_pid_file): report failure

	* zorp/main.c (main): fixed pid file handling (could not remove
	pidfile if it was not specified explicitly)

2003-02-03  Szalay Attila  <sasa@balabit.hu>

	* Change satyr.c and zasauth.c to follow changes in zas/protocol.h
	changes.

2003-01-23  Balazs Scheidler  <bazsi@balabit.balabit>

        * main.c (z_fatal_signal_handler): do not exit with exit(1) as it
	clobbers our exit code which is used by zorpctl

	* pylib/Zorp/Chainer.py: NAT classes get a clone of server_local
	instead of None

	* scripts/zorpctl.in: fixed status reporting

2003-01-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/authprovider.h: ZAuthorization was renamed to
	ZAuthProvider

	* lib/authprovider.c: replace all ZAuthorization to ZAuthProvider

2003-01-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/attach.c: use z_io_connect_start_block() if blocking mode is
	enough (TODO: remove unneeded synchronization)

	* lib/zorp/satyr.h: removed SATYR_TRANSPORT constants, satyr moved
	to use ZD_PROTO_*

	* lib/pysatyr.c: expect a protocol argument from Python

	* pylib/Zorp/Auth.py (SatyrAuthentication): pass session.protocol
	to the C ZorpSatyr object to support UDP protocols

2003-01-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (SideStackChainer): fixed a couple of
	1.4isms, so it works again

	* pycore.c (z_py_stream_pair_new): bugfix, the returned tuple
	contains two ZorpStream instances which referred to the same
	stream, instead of the stream pair

2003-01-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: close standard file descriptors when safe
	start is used

	* lib/pysockaddr.c: fixed a memory leak in sockaddr.clone()

2002-12-19  Szalay Attila  <sasa@balabit.hu>

	* Create /var/run/zorp directory for szig socket. (Closes: #644)

2002-12-18  Szalay Attila  <sasa@balabit.hu>

	* lib/authprovider.c, lib/zasauth.c, lib/pyzasauth.c, lib/satyr.c,
	lib/pysatyr.c: Use new libzas to handle zas protocol.

2002-12-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/ipchains.c, lib/pyipchains.c, lib/zorp/ipchains.h,
	lib/zorp/pyipchains.h, lib/zorp/ipchains-kernel.h: removed dead
	code

	* scripts/zorpctl.conf: new file, contains defaults for zorpctl

2002-12-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/plugsession.c: set bandwidth to 0.0 to suppress a compiler
	warning

	* lib/pyattach.c (z_py_attach_cnonected): moved Py_XDECREF(sobj)
	into the if block as it was unrefed even if it was not initialized

	* lib/zasauth.c (z_zas_session_do): initialize answer to NULL as
	it might have been used uninitilized

	* lib/satyr.c (z_satyr_process_response): initialize rc to FALSE
	as the compiler complained about uninitialized variable

	* lib/pydispatch.c, lib/pyattach.c: PyObject_New doesn't
	initialize fields to 0, so init all fields to NULL to avoid memory
	corruption (fixes bugzilla id: 601)

	* pylib/Zorp/Chainer.py: support remote.port == 0 case

	* lib/connection.c: use MAX_SOCKADDR_STRING instead of 128 for
	z_sockaddr_format buffers

	* lib/conntrack.c: -"-

	* lib/dispatch.c: -"-

	* lib/fastpath.c: -"-

	* lib/pyattach.c: -"-

	* lib/pydispatch.c: -"-

	* lib/pysockaddr.c: -"-

	* doc/man/*: updated man pages

	* scripts/zorpctl.in: revised to make more sensible decisions
	about ulimits, also supports extra zorpctl parameters for each
	instance

2002-12-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c (z_sigterm_handler): instead of calling
	z_main_quit() set term_received to TRUE and check that variable in
	the main loop

	* pylib/Zorp/Globals.py: deinit_callbacks new list where deinit
	callbacks can be registered, dispatches: new list which contains
	all registered dispatches

	* lib/pypolicy.c: z_policy_ref and _unref has its own lock, thus
	there's no need to call z_python_lock(),
	(z_policy_purge): new function, calls the purge function in Python
	to purge all symbols

	* lib/plugsession.c: added G_GNUC_UNUSED to z_plug_write_output to
	avoid warning

	* lib/proxy.c: replaced all z_policy_lock references to
	z_python_thread_lock() (the other is now a macro)

	* lib/pyattach.c: support config reloading similarly to pydispatch

	* lib/pydispatch.c: grab a reference to the current policy when
	the dispatch is initialized and acquire the associated main thread
	when the python callback is called

	* lib/pypolicy.c: nearly complete rewrite, a policy is not a
	single, global object anymore. needed for configuration reload

	* lib/pysatyr.c: use z_policy_raise_exception to raise
	LicenseException

	* lib/pyproxy.c: use z_policy_raise_exception to raise
	LicenseException

	* lib/pycfg.c, lib/zorp/cfg.h: removed these files, this was used
	only when determing the local firewall name

	* lib/zorp.c (z_log_set_fake_session_id): avoid using the
	z_config_* interface as this was the only referencing code, and it
	was removed

	* lib/zorp/policy.h: reworked zorp-policy interface to support the
	notion of several loaded configuration (needed for config reload)

	* zorp/main.c (main): cleaned up main() function, some parts were
	put into a separate function,
	(z_main_loop): new function, this one is the main loop, cares
	about config file reloading
	(z_setup_signals): new function to set up signals

2002-12-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (FailoverChainer.chainParent): support
	lists in addition to tuples for specifying destinations

	* lib/pysockaddr.c (z_py_zorp_sockaddr_clone): new function,
	exports z_sockaddr_clone() functionality to python

2002-12-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/szig.c: register a thread_start and thread_stop callback to
	make it possible to gather thread specific information

2002-12-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: removed --enable-stackdump handling

	* zorp/main.c: removed stackdump, use zorplibll for that purpose

	* configure.in: bumped version number to 2.0pre29, required
	zorplib 2.0.5.0 (contains a pssl & pssl2 fix)

2002-12-02  Szalay Attila  <sasa@balabit.hu>

	* lib/conntrack.c (z_conntrack_init): Move waiting for
	conntrack_poll to here. (conntack_stream_add may use it)

2002-11-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/plugsession.c (z_plug_copy_data): update the timeout only if
	it is not NULL (caused a SIGSEGV)

	* configure.in: bumped version number to 2.0pre27

2002-11-25  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: handle the case when the number of processes
	is unlimited

	* lib/plugsession.c: instead of using the timeout callback of the
	stream, register our own timeout source

	* lib/conntrack.c: instead of using the timeout callback of the
	stream, register our own timeout source

2002-11-22  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre26

	* lib/conntrack.c (z_conntrack_packet_in): bugfix, it was not
	verified that the number of sessions started was below the
	MAX_CONNTRACK_SESSIONS_AT_A_TIME constant

	* pylib/Zorp/Proxy.py (Proxy.stackProxy): return the proxy
	instance if successful, None if not, removed addPolicy() function

2002-11-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/packstream.c: adapted to latest zorplib stream changes (ctrl
	function)

	* pylib/Zorp/Listener.py: added constructor parameter docstrings
	(fixed bug id: 394)

2002-11-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/NAT.py: fixed another bunch of docbugs (fixes bug
	207)

	* pylib/Zorp/Listener.py: updated ZoneListener docstrings (to
	include transparent and backlog argument documentation)

2002-11-18  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/NAT.py: added some docstrings

	* lib/zasauth.c, lib/satyr.c: ZERO terminate all headers (fixed
	bug id 346)

2002-11-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/plugsession.c: only free packet_stats timeout source if it
	is non-NULL

	* configure.in: bumped version number to 2.0pre25

	* lib/plugsession.c: implemented packetStats() for both packet
	counters and timeouts

	* lib/zasauth.c: ported satyr fixes to ZAS (the protocol is the
	same, the implementation is similar but copied), this should be
	fixed in 2.0fp1

	* pylib/Zorp/Dispatch.py: don't try to start a session when stream
	is None, it indicates that a connection was accepted but the fd
	returned by accept was -1

	* lib/pydispatch.c (z_py_zorp_dispatch_accept): bugfix, do not
	reference conn when it is NULL (it was referenced in the exception
	handling case, when the stream was called, and at the end when
	ZConnection was freed)

2002-11-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre24

	* lib/plugsession.c (several read callbacks): a break; statement
	was missing in switch statements, therefore stacked proxies were
	not working properly

	* lib/satyr.c (z_satyr_new): the client address is not changed
	because it is used later, a local ZSockAddr instance is created
	instead

2002-11-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/satyr.c: removed enabling TCP_NODELAY (it was a hack to work
	around buggy satyr implementation), added a couple of log messages
	(z_satyr_new): cleaned it up,
	(z_satyr_session_startup): fixed a couple of problems in SSL
	support,
	(z_satyr_send_command): instead of sending each bit of the command
	separately, combine the whole thing into a GString, and send it
	using a single write() call,
	(z_satyr_get_headers): fixed a couple of off-by-one bugs, and
	cleaned up

	* zorp/main.c: changed ENABLE_ macro references to be prefixed by
	ZORPLIB_ wherever applicable

	* configure.in: changed zorplibll library requirement to 1.5.54

	* zorp/main.c: updated version information to use info stored in
	the zorplibll library

	* README: updated to reflect the latest changes in Zorp 2.0

	* lib/zorp/zorp.h: added CORE_POLICY macro

2002-11-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyfastpath.c: implemented TransparentRouter fastpath

	* pylib/Zorp/Router.py: use TransparentRouter fastpath

	* lib/pyfastpath.c: fixed log output, do not try to format a
	sockaddr if it is NULL

	* lib/pyproxy.c (z_py_zorp_proxy_check): new function, returns
	TRUE if the given Python object is a PyProxy

	* lib/fastpath.c (ZProxyFastpath, ZProxyFastpathSession): new
	structs, reorganized fastpath, in addition to a ZConnection a
	ZProxyFastpathSession is used to alter local/remote addresses on
	the fastpath (router, snat/dnat, chainer)

	* lib/pyfastpath.c, lib/zorp/pyfastpath.h: new files, separated
	python specific functions from fastpath.c

	* configure.in: bumped version number to 2.0pre20

2002-11-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre19

	* lib/attach.c: call z_conntrack_socket_start once the connection
	has been initialized

	* lib/conntrack.c: split z_conntrack_socket_new into
	z_conntrack_socket_new and z_conntrack_socket_start, the latter
	adding the allocated streams to the Conntrack poll loop, this
	fixes a race in attach
	(z_conntrack_packet_in): call z_conntrack_socket_start()

	* pylib/Zorp/Proxy.py: fixed session_id of stacked proxy streams
	(instead of the parent proxy type, use the newly stacked proxy
	name)

	* lib/satyr.c: fixed a memory leak (session_id was allocated and
	was not freed), fixed session_id semantics

	* lib/proxy.c (z_proxy_stack_proxy): fixed a stream reference
	leak, the stacked stream was leaked
	(z_proxy_get_addresses): API change, new argument protocol where
	the protocol used by this session is returned

	* lib/pyproxy.c: instead of calling z_proxy_free, call
	z_proxy_unref

	* lib/proxy.c: added reference counting (z_proxy_ref, and
	z_proxy_unref functions), added new proxy state PS_DESTROYING
	which is set if z_proxy_destroy is called

	* lib/plugsession.c, lib/zorp/plugsession.h: added plugsession
	implementation here, so both pssl and plug can use it

2002-11-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c (z_proxy_stack_proxy): fix channel naming

	* pylib/Zorp/Service.py (startInstance): set client stream name
	here

	* pylib/Zorp/Proxy.py (Proxy): changed __init__ syntax, it doesn't
	expect a name parameter anymore, it is expected to be set by the
	class statement (e.g. it must be a class defined attribute) all
	proxies were updated accordingly

	* configure.in: bumped version number to 2.0pre17 (pssl2 proxy
	fix)

	* configure.in: bumped version number to 2.0pre16

	* pylib/Zorp/Chainer.py: changed server_addr to server_address in
	log message

	* lib/proxy.c (z_proxy_connect_server_fast_event): added a log
	message about the result of the connection establishment
	
	* lib/fastpath.c: fixed a couple of issues on the fastpath, it
	should really work now

	* lib/connection.c (z_connection_destroy): free conn->bound

	* lib/attach.c (z_attach_tcp_callback): fill conn->bound

2002-11-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxy.c (z_proxy_get_addresses): added new argument which
	returns the listener address which launched this proxy

	* configure.in: bumped version number to 2.0pre15

	* pylib/Zorp/Session.py: new attribute called 'protocol', used for
	protocol autodetection

	* pylib/Zorp/Dispatch.py: store the protocol as it is needed later
	for protocol autodetection

	* pylib/Zorp/Chainer.py (ConnectChainer): support protocol
	autodetection (defaults to the client side protocol unless
	explicitly overridden)

	* lib/pydispatch.c (z_py_zorp_dispatch_accept): handle the case
	when conn == NULL (reset during accept for example)

2002-11-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre14 (identical to
	pre13, but binary linked against 0.0.2 of liblicense)

	* configure.in: bumped version number to 2.0pre13

	* lib/packsock.c: if the local address is not specified for a
	connection, first determine a suitable local address based on the
	routing table (involves an ugly connect-unconnect-reconnect phase)

	* configure.in: bumped version number to 2.0pre12

	* lib/packsock.c: autobind socket even if local address is not
	present

	* configure.in: bumped version number to 2.0pre11

	* lib/packsock.c: added a couple of log messages in error
	conditions

	* lib/packsock.c: the netfilter implementation did not return
	GIOStatus, fixed

	* configure.in: bumped version number to 2.0pre10

2002-11-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/connection.c (z_connection_format): handle conn == NULL

	* zorp/main.c: z_license_init API was changed, adapted main.c
	accordingly

	* lib/zorp/Makefile.am: killed unneeded files

	* lib/satyr.c (z_satyr_destroy): don't call g_string_free if
	self->username is NULL (fixes bug 231)

2002-11-03  Balazs Scheidler  <bazsi@bzorp.balabit>

	* pylib/Zorp/Matcher.py: added docstrings (fixes bug id: 188)
	
2002-10-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre9

	* dispatch.c (z_dispatch_entry_free): don't call
	self->data_destroy when it is NULL

	* configure.in: bumped version number to 2.0pre8

	* lib/dispatch.c (z_dispatch_register): fixed the case when
	dynamic port allocation was requested, the entry is associated
	with the allocated port not the requested one (which is always 0)

	* configure.in: bumped version number to 2.0pre7

	* lib/attach.c: added a log message on established connections,
	(z_attach_free): check if self->c.connect is NULL, and don't free
	it, if it is

	* added a couple of missing copyright headers

	* configure.in: bumped version number to 2.0pre6

2002-10-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre5

	* pylib/Zorp/Auth.py (InbandAuthentication): fixed some bugs,
	adapted to the new auth mechanism

	* lib/proxyvars.c: moved a couple of z_enter()/z_leave() pairs to
	the correct place

	* lib/authprovider.c: fixed a couple of bugs in the simple
	password checking mechanism (for inband authentication)

2002-10-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre4, changed min
	required zorplibll version to 1.5.49

	* lib/dispatch.c: get the original destination with
	z_getdestname() instead of z_getsockname

	* lib/tpsocket.c: split z_getsockname implementation into two:
	z_getsockname and z_getdestname, z_getsockname is used by
	dispatch, the other everywhere else

	* configure.in: bumped version number to 2.0pre3

2002-10-28  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Router.py: -- || --

	* pylib/Zorp/Receiver.py: -- || --

	* pylib/Zorp/NAT.py: -- || --

	* pylib/Zorp/Listener.py: -- || --

	* pylib/Zorp/Domain.py: -- || --


	* pylib/Zorp/Chainer.py: -- || --

	* pylib/Zorp/Auth.py: Write machine parseable parameter
	description.

	* lib/packstream.c: handle setting nonblock parameters in packet
	streams.

	* lib/dispatch.c: Insert z_enter and z_leave calls in functions.

	* lib/authprovider.c: New function to check username/passwd in one
	call. Needed for proxys.

	* lib/attach.c: Bugfix. Check self->c.connect instead of connect

2002-10-25  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 2.0pre2

	* lib/attach.c (z_attach_free): fixed two leaks
	(self->connected_cond and self->connected_lock was not freed),
	(z_attach_block): refer to self while waiting for the connection
	to establish

	* lib/proxyvars.c (z_proxy_var_register): support a free function
	for custom types

2002-10-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: bugfix, try getting the NATed destination first

	* lib/license.c: bugfix, do not insert a local variable into the
	hash

	* pylib/Zorp/Listener.py, pylib/Zorp/Dispatch.py: fixed
	ZoneListener & CSZoneListener

	* lib/sysdep.c: report sysdep_tproxy value

2002-10-24  Szalay Attila  <sasa@balabit.hu>

	* lib/pyproxy.c (z_py_zorp_proxy_check_license): Bugfix. Set
	default return value to TRUE

	* lib/packstream.c (z_stream_packet_write_method): Write data
	dump.

2002-10-22  Balazs Scheidler  <bazsi@balabit.balabit>

	* debian/rules: added debfiles target to automatically generated
	filelists based on included modules

	* lib/satyr.c: call z_ssl_session_unref() instead of
	z_ssl_session_destroy()

	* pylib/Zorp/Router.py: refer to client_local instead of
	client_dest

	* pylib/Zorp/Session.py: removed client_dest, its value is in
	client_local now,
	(Session.destroy): close client & server stream if present (called
	when an error occurs)

	* pylib/Zorp/Dispatch.py: removed license limit verification (it
	was moved to C), changed the accepted() member function to match
	the way it is called from C

	* lib/zpython.c: new variable PyExc_LicenseException

	* lib/pysatyr.c: raise PyExc_LicenseException instead of a string
	with the same value

	* lib/pyproxy.c: implemented licensed IP checking, currently
	supports only IPv4, and assumes a lot of things about the Python
	layer

	* lib/pypolicy.c: get a reference to Zorp.LicenseException to be
	able to raise a LicenseException from C (otherwise the raised
	exception would not be compatible with the Python except block)

	* lib/pydispatch.c: removed client_dest (its value is passed as
	client_local), added bound address as client_listen

	* lib/proxyvars.c (z_proxy_var_dump): don't dump OBSOLETE
	variables

	* lib/license.c (z_license_is_ip_permitted): new function,
	implementing IP counting in C

	* lib/dispatch.c: store the bound-to address in ZConnection, so
	proxies will know which address to bind their fast-path,
	(z_dispatch_bind_listener): handle the case when z_io_listen_new
	returns NULL (indicating an I/O error)

	* configure.in: ZORP_COMPILE_DATE is exported as YYYY/MM/DD to
	match the format in the license file

2002-10-18  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: support Z_SD_TPROXY_LINUX22 in initialization

	* lib/proxy.c (z_proxy_get_addresses): new function, fetches all
	session specific addresses

	* lib/license.c: added version 2.0 verification

	* lib/conntrack.c: save bound address

	* lib/attach.c: save original local address

	* lib/packsock.c (z_packsock_open): always enable SO_REUSEADDR on
	UDP sockets,
	(z_packsock_read): fixed return value (rc was overwritten)
	(z_packsock_init): support Linux 2.2 fallback

2002-10-18  Szalay Attila  <sasa@balabit.hu>

	* lib/packstream.c (z_stream_fd_ctrl_method): New
	function. Reflect to libzorpll changes.

2002-10-14  Szalay Attila  <sasa@balabit.hu>

	* First state of obsolate variable support. This type of variable,
	like alias point to other variable, but will be removed from next
	version.

2002-10-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c (z_license_check_validity): fixed date comparison

	* pylib/Zorp/Service.py, pylib/Zorp/Zone.py, pylib/Zorp/Auth.py:
	use Globals module to store global information

	* pylib/Zorp/Globals.py: new module, all global python variables
	are stored here

	* lib/sysdep.c: removed old unused code, implemented run-time
	detection of kernel versions, z_sysdep_init calls z_packsock_init
	& z_tp_socket_init based on the detected version

	* lib/pyattach.c (ZorpAttach.start): raise an exception if an
	error occurs

	* lib/packsock.c: return GIOStatus in I/O functions, modified so
	it supports runtime fallback between kernels

	* lib/conntrack.c: packsock returns GIOStatus & GError **,
	modified conntrack accordingly, support for several packets at
	session startup

	* lib/attach.c: support for UDP remote addresses added,

2002-10-10  Szalay Attila  <sasa@balabit.hu>

	* lib/pyproxy.c (z_py_zorp_proxy_new): Bugfix. Return NULL if
	cannot load proxy.

	* zorp/main.c (z_version): Remove logging the state of
	packet-trace becouse it's removed.

2002-10-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyattach.c: blocking functions now delegated to low level
	ZAttach

	* lib/fastpath.c: implemented ConnectChainer fastpath (parameter
	passing is still lacking...)

	* lib/connection.c (z_connection_free): renamed to
	z_connection_destroy

	* lib/attach.c (z_attach_block): new function, does blocking using
	condition variables (similarly what pyattach had)

	* lib/zorpthread.c: free the allocated thread state when the
	thread exits

	* lib/szig.c (z_szig_search): free the result of g_strsplit(),
	(z_szig_accept_callback): return a gboolean as that is now
	required by z_io_listen

	* lib/proxy.c (z_proxy_destroy): free fastpath state variables

	* lib/dispatch.c (z_dispatch_tcp_accept): fix memory leak, client
	address's refcount was incremented, thus it was never freed

	* lib/connection.c: fix two memory leaks (conn->stream was not
	unrefed, conn itself was not freed)

2002-10-08  Szalay Attila  <sasa@balabit.hu>

	* lib/dispatch.c (z_dispatch_equal): Bugfix. Use ZDispatchKey
	correctly in assert.

2002-10-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/dispatch.c: checked race against race conditions, the way
	state is freed is now unified between listeners and conntracks,

	* lib/conntrack.c (ZConntrack): added support for reference
	counts,
	(ZCTAcceptFunc): now returns a gboolean to indicate that no
	further connections should be accepted
	(z_conntrack_cancel): implemented this function (previously it was
	empty),

	NOTE: conntrack might still contain a race when the stream is
	removed from the poll, see comment in z_conntrack_cancel

2002-10-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version number to 1.5.7

	* pylib/Zorp/Proxy.py: fixed up stream naming, it should now be
	consistent
	
	* pylib/Zorp/Dispatch.py: removed the constants ZD_PROTO_* (moved
	to Zorp.py), AbstractDispatch.__init__ is not protocol specific
	anymore

	* pylib/Zorp/Chainer.py: use Attach instead of Connect & Sender

	* lib/pysender.c, lib/pyconnect.c, lib/zorp/pysender.h,
	lib/zorp/pyconnect.h: removed files

	* lib/zpython.c (z_python_policy_init): removed initialization of
	connect and sender, a general interface called Attach is now used
	instead

	* lib/packstream.c: fixed a couple of messages here and there,
	session_ids are now correct, I/O messages were added

	* lib/fastpath.c: still broken, a blocking connect must be written
	(or added to ZAttach)

	* lib/dispatch.c (z_dispatch_chain_destroy): bugfix, free the lock
	instead of locking it,
	(z_dispath_entry_free): new function, as a ZDispatchEntry is freed
	at several different places,
	(z_dispatch_key_hash, z_dispatch_key_equal): use the new
	z_sockaddr_inet_check function,
	(z_dispatch_register): support wildcard addresses (when port
	number is 0)

	* lib/conntrack.c: cleaned up logging, now session_ids are more or
	less correct, a few messages might need to be added here and there

	* lib/connection.c (z_connection_free): new parameter named close,
	which specifies whether the stream needs to be closed

	* lib/attach.c (ZAttach): support for destroy_notify, mutex
	protected refcounting,
	(z_attach_get_local): new function
	(UDP support): still needs to be added

2002-10-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added --autobind-ip parameter to usage screen

	* pylib/Zorp/Receiver.py, pylib/Zorp/Listener.py: made listener
	classes wrappers around Dispatcher, most of the code was removed4

	* pylib/Zorp/Dispatch.py: created ZoneDispatcher, CSZoneDispatcher

	* lib/connection.c, lib/zorp/connection.h: new files, separated
	ZConnection related functions to these files

	* lib/zorp.c: removed () from the default session_id

	* lib/tpsocket.c: added an additional check to verify dummy
	interface availability

	* lib/pysender.c: allow specifying session_id

	* lib/pydispatch.c: allow specifying session_id to be passed to
	low-level listeners

	* lib/packstream.c: cleaned up logging a bit

	* lib/packsock.c: implemented support for Linux 2.2 udp tproxy, it
	also works on an unpatched 2.4 kernel (runtime fallback still
	needs to be done)

	* lib/fastpath.c: renamed ZDirectedRouterStruct to
	ZDirectedRouterData, the same happened to
	ZSendChainerData. SendChainer now support specifying session_id

	* lib/dispatch.c: support returning the bound local address when
	registering a dispatch entry, correctly free a ZDispatchChain,
	removed ZConnection support functions, they were moved to a
	separate file

	* lib/conntrack.c: cleaned up a couple of messages, and logging

2002-09-25  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c (z_conntrack_packet_in): verify that
	z_conntrack_socket_new succeeeded (instead of SIGSEGV)
	(this time tested, and confirmed that conntrack seems to work for
	UDP protocols)

2002-09-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c: changed according to the new packsock interface

	* lib/packsock.c, lib/zorp/packsock.h: reworked packsock interface
	to be a little bit more generic. sockets are created by packsock,
	a clear distinction was made between listening and already
	established packsocks. (an established packsock is one which is
	bound & connected, a listening packsock is one which receives
	datagrams with unidirectional nat) implemented Netfilter 2.4
	support

	* lib/packet.c, lib/zorp/packet.h: removed ZPacket->from and
	ZPacket->to,
	(z_packet_set_data): new function to initialize data holding
	members of a ZPacket

2002-09-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added initialization of z_conntrack

	* pylib/Zorp/Dispatch.py, pylib/Zorp/Listener.py,
	pylib/Zorp/Receiver.py: don't pass self to MasterSession

	* pylib/Zorp/Session.py: MasterSession does not need 'starter' as
	its argument, the attribute with the same name was removed as well

	* pylib/Zorp/Chainer.py: don't use 'session.starter', as that
	attribute was removed (it uses a
	'session.service.proxy_class.tracker_name' instead, maybe a link
	between the current session and the current proxy instance would
	be needed (not trivial, as this means a circular reference)

	* lib/pysender.c: updated to the latest conntrack changes

	* lib/packstream.c: updated to the latest ZStream changes

	* lib/fastpath.c: the SendChainer fastpath was updated to the
	latest changes

	* lib/conntrack.c: changed conntrack to use a global poll, and a
	single thread, instead of a new thread for every conntrack (this
	lestens the connection between ZConntrack and ZCTSocket), protocol
	helper is now optional, defaults to a plug-like conntrack

2002-09-18  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.6

2002-09-17  Szalay Attila  <sasa@balabit.hu>

	* lib/pyconnect.c (z_py_zorp_connect_connected): Non blocking
	connect send stream to callback, not fd.

2002-09-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added check for license validity at every 10000th
	iteration of the main loop

	* lib/pyreceive.c, lib/zorp/pyreceive.h: removed these files, the
	functions of Receivers will be implemented using the Dispatcher

	* lib/pysender.c: started to adapt to the new conntrack/dispatch
	architecture, but it's not working yet

	* pylib/Zorp/Dispatch.py: adapted to changed pysender.c

	* lib/pydispatch.c: adapted to dispatch.c parameter passing,
	python passes protocol specific parameters as a dictionary

	* lib/proxy.c (z_proxy_connect_server_fast_event): changed to use
	ZConnection instead of ZFastSession, the fast_chainer callback
	returns a ZStream instead of modifying ZFastSession directly
	(which is now a ZConnection),
	(z_proxy_add_fast_session): function removed,
	(z_fast_session_destroy): function removed

	* lib/packstream.c: reorganized & cleaned up, a ZPacketStream does
	not touch the data members of its pair, it calls a function
	instead (z_stream_feed & z_stream_fetch etc), closing a
	ZPacketStream is not synchronized any more, when one side closes
	the stream, the other side gets an EOF or EPIPE (read or write)

	* lib/packsock.c: adapted to new ZPacket structure

	* lib/packet.c: reorganized ZPacket a bit (still need to be
	cleaned up a bit though), removed ZPacket.packheader, its
	attributes were inlined to ZPacket

	* lib/license.c (z_license_verify_validity): new function, which
	verifies whether the loaded license is still valid (within the
	evaluation period)

	* lib/fastpath.c: ZFastSession was removed, changed to ZConnection

	* lib/dispatch.c: protocol specific parameters are passed as
	ZConntrackParams, which is a union of ZConntrackTCPParams and
	ZConntrackUDPParams

	* lib/conntrack.c: removed proxy pooling code, it will be
	performed by the proxies, changed a couple of functions (to return
	GIOStatus for example), removed ZFastSession structure, it will be
	a common structure defined in dispatch.h (ZConnection)

2002-09-16  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Proxy.py (Proxy.stackProxy): Remove second argument
	from proxy_class becouse it isn't needed.

2002-09-12  Szalay Attila  <sasa@balabit.hu>

	* Revise log tags and level.

2002-09-11  Szalay Attila  <sasa@balabit.hu>

	* lib/tpsocket.c (z_tp_socket_init): Send modprobe command output
	to /dev/null

2002-09-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c: started porting to the new dispatch
	architecture
	(removed dependency between proxies and conntrackers, cleaned up
	identifiers, and removed a couple of unneeded attributes)
	
2002-09-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Dispatch.py: new file, python interface for
	dispatch.c

	* lib/pydispatch.c: python interface file for dispatch.c

	* lib/dispatch.c, lib/zorp/dispatch.h: new files which implement
	the new connection dispatching architecture, this system will make
	it possible to drop the dependency between Receivers and Proxyies
	and also allow to specify expected connections from within C

	* lib/zpython.c: initialize pydispatch.c

	* zorp/main.c: initialize dispatch.c

2002-09-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/conntrack.c (z_conntrack_new): renamed variable 'protocol'
	to 'tracker', the parameter tracker was renamed to 'tracker_name'

	* lib/conntrack.h (ZConnTrack): the field protocol was renamed to
	protocol_tracker, this change was applied at several places in
	conntrack.c

	* lib/zorp/proxy.h (ZFastConnection): renamed to ZFastSession,
	this structure will be killed once the new dispatch architecture
	is in place,
	(ZProxy): add_connection member function renamed to add_session,
	this pointer will also be killed once the new architecture is in
	place

2002-09-02  Balazs Scheidler  <bazsi@balabit.balabit>
	
	* lib/conntrack.c: continued cleanup of yeti's code. lot of
	unneeded variables and structure members were removed, the members
	in ZConnTrack and ZCTSocket were documented while learning the
	code

	* lib/zorp/conntrack.h (ZConnTrack): removed port, open, mutex,
	connpool, started members, bound address renamed from addr to
	bind_addr,
	(ZCTSocket): removed proto_data, proto_data_len members

	* lib/packsock.c: removed the limited z_packsock_setup()
	interface, will need something more sophisticated

2002-08-30  Szalay Attila  <sasa@balabit.hu>

	* lib/pysatyr.c (z_py_zorp_satyr_auth): Bugfix. Eliminate
	neverending cycle if communication error occur. (Memleak is
	possible)

2002-08-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: added variables default_router,
	default_chainer, default_snat, default_dnat, default_auth which
	hold default values for services, so those don't need to be
	explicitly given for each service

2002-08-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* configure.in: bumped version to 1.5.5

	* lib/pyconnect.c (z_py_zorp_connect_block_method): return None if
	the connection fails, yeti: 3

	* pylib/Zorp/Service.py (Service.startInstance): set the name of
	the client stream as soon as the instance number of the proxy is
	available
	
	* pylib/Zorp/Receiver.py: removed the 1:1 enforced connection
	between receivers and services (the reason for the Session.starter
	change)
	
	* pylib/Zorp/Proxy.py (Proxy.stackProxy): set the name of the
	server stream as well

	* pylib/Zorp/Session.py: MasterSession has a new parameter
	'starter' where it expects a reference to the class that
	instantiated it (this might make policy reloading difficult)

	* pylib/Zorp/Connector.py (Connect.__init__): added a timeout
	argument which defaults to 30 seconds
	
	* pylib/Zorp/Chainer.py: make SendChainer able to determine
	required parameters automatically, without having to specify them
	(to make it easier for the user to use UDP based services)

	* lib/pyconnect.c, lib/pyconnect.c: instead of specifying a dummy
	name for streams, a zero length string is specified, which tells
	z_log() to log under the fake session id (or the session id
	associated to the current thread)

	* lib/proxy.c (z_proxy_stack_proxy): pass a stream to stackProxy
	(it was expected by the Python part, but not implemented in C)
	yeti: 2

	* lib/pylisten.c, lib/pyreceive.c: XDECREF returned result from
	callback, yeti: 1

	* pylib/Zorp/Router.py: make AbstractRouter parent class for all
	router classes, renamed setupFastPath to setupFastpath (the way it
	is referenced)

2002-08-27  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/proxyvars.c: added inclusion of proxy.h

	* lib/zorp/proxy.h: include proxyvars.h

	* lib/zorp/proxyvars.h: removed inclusion of proxy.h, forward
	declared struct _ZProxy

	* pylib/Zorp/Session.py (Service.__init__): removed a trailing
	comma from the session_id initialization, this caused
	session.session_id to become a tuple instead of a string
	(Service.__del__): call stopInstance only if service is not None

	* pylib/Zorp/Service.py: imported the services hash from the Zorp
	module

	* pylib/Zorp/Receiver.py: reordered arguments to match Listener

	* pylib/Zorp/NAT.py: renamed setupProxy to setupFastpath

	* pylib/Zorp/Core.py: import SendChainer as well

	* pylib/Zorp/Chainer.py: use the new log() syntax

	* lib/zorp/proxy.h: removed the definition of
	z_proxy_set_active_session (this function was renamed to
	z_proxy_vars_set_active_session)

	* lib/pyreceive.c: changed arguments order to be more similar to
	Listener

	* lib/pyproxy.c (z_py_zorp_proxy_new): expect 3 arguments instead
	of 4

	* lib/pyproxy.c: z_session_vars_new() was incorrectly named
	z_proxy_vars_session_new, fixed

	* lib/packstream.c: removed z_stream_packet_set_callback_method,
	and z_stream_packet_set_cond and referenced the functions in
	stream.c instead

	* lib/packsock.c: added a simple BSD only code which doesn't
	support transparency (now is used when ENABLE_NETFILTER_TPROXY is
	defined)

	* lib/fastpath.c: check if the passed Proxy instance has an
	underlying C Proxy as well (fixes a SIGSEGV), return NULL in case
	of an exception (instead of PyInt_FromLong(-1))

	* lib/conntrack.c: fixed some indentation issues

2002-08-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Router.py: renamed setupProxy to setupFastpath

	* pylib/Zorp/Receiver.py (SimpleReceive, Receiver, ZoneReceiver):
	reordered arguments, and defaulted some arguments to sane
	defaults, added a FIXME note about 1:N connection between services
	& receivers, added connection tracker autodetection, fixed license
	check, the client stream might not have been closed if the
	connection is over the license limit

	* pylib/Zorp/Zorp.py: renamed InternalError to InternalException

	* pylib/Zorp/Listener.py: returns None if connection is rejected
	instead of Z_REJECT, and return the proxy instance if accepted
	(made it similar to the UDP case)

	* pylib/Zorp/Chainer.py: renamed setupProxy to setupFastpath,
	changed to new log() semantics

	* lib/proxy.h: removed ctrack.h reference and added conntrack.h
	instead,
	(ZProxy): removed unused callbacks, changed macros z_proxy_var_new
	& z_session_var_new (adapted to new proxyvars structure, the proxy
	interface does not change)
	
	* lib/policy.h: added list handling primitives

	* lib/conntrack.h: removed reference to proxy.h and added forward
	declarations for ZProxy structures (to avoid circular inclusion of
	header files), added reference to packet.h
	
	* lib/zpython.c: removed reference to pyctrack.h

	* lib/pyreceive.c: renamed proto argument to tracker

	* lib/pylisten.c (z_py_zorp_listen_accept): expect the return
	argument to be either None (if an error occurs), or the proxy
	instance, the same semantics is used by UDP proxies

	* lib/proxyvars.c: renamed from pyvars.c, made the interface a
	less Python dependant, Z_TYPE_METHOD requires a new argument,
	otherwise ZProxy dependancy was removed, introduced ZSessionVars
	to aid UDP session variables, renamed ZPySessionVars to
	ZSessionVars

	* lib/proxy.c: include proxyvars.h instead of pyvars.h, adapted to
	the reworked pyvars interface (now renamed to proxyvars),
	(z_proxy_set_active_session): removed, moved to proxyvars.c and
	renamed to z_proxy_vars_set_active

	* lib/packsock.c: removed a refernce to old header file ctrack.h

	* lib/conntrack.c (z_conntrack_new): renamed proto argument to
	tracker, to indicate what it really means

2002-08-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/packsock_22.c & lib/packsock_wasteful.c: merged, created a
	linux22 specific and a netfilter specific ifdef, changed the
	tproxy implementation to be linux22 specific (uses MSG_PROXY flag
	instead of recvmsg), the same things will be copied to the
	netfilter specific code

	* lib/ct_tproxy.c & lib/ct_wasteful.c: merged to one conntrack.c
	based on wasteful as generally the one fd per UDP session will be
	used

	* lib/packstream.c: handle the timeout value -1 (it was not
	handled before) , some minor typos were fixed,
	(z_stream_packet_read_method): initialize shift to 0 when a
	partial packet is read and a new packet is fetched

	---

	* zorp/main.c: updated --version output

	* pylib/Zorp/Service.py (Service.startInstance): removed type
	argument

	* pylib/Zorp/Proxy.py (Proxy.__init__): removed type argument as
	it is not needed anymore,
	(DatagramProxy): removed

	* lib/sysdep.c, lib/tpsocket.c: changed according to new defines
	by configure.in

	* integrating and cleaning up yeti's conntrack code, new files:
	ct_tproxy.c, ct_wasteful.c, packsock_22.c, packsock_wasteful.c,
	packstream.c, packsock.h, packstream.h)

	* configure.in: cleaned up, tproxy settings can now be specified
	with --enable-tproxy=[method], deprecated configure options are
	reported as such

2002-08-22  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: resource limits are checked only if zorpctl
	start is issued

	* pylib/Zorp/Proxy.py (Proxy.__destroy__): instead of calling
	self.auth.stopSession, reference auth as self.session.auth (fixes
	a bogus error message when the authentication is not successful)

2002-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Router.py: handle the case when dest_addr.port == 0,
	and use the original client destination port instead

2002-08-22  Szalay Attila  <sasa@balabit.hu>

	* Start to reimplement UDP handling.

2002-08-05  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.3

	* Finish zas integration.

2002-07-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: added further ulimit checks

2002-07-30  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/io.c: modified to call z_getsockname and z_listen (for 2.4
	kernel support)

	* lib/socket.c, lib/tpsocket.c, lib/zorp/socket.h,
	lib/zorp/tpsocket.h: new files, implementing support for netfilter
	tproxy

	* configure.in: added --enable-netfilter-tproxy switch

2002-07-29  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: move z_free_queue_init earlier during
	initialization (required by z_szig_init)

	* pylib/Zorp/Connector.py: specify 30 as default timeout for
	connection establishment

	* lib/szig.c: fixed bug which caused segfault when szig was
	initialized and the required directory was not found

	* lib/pyconnect.c: implemented Connect timeout

2002-07-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py (Zone.setAddrParent): bugfix, store parent in
	addr_parent (stored a reference to self instead), caused no
	problems as addr_parent has not been used yet

2002-07-16  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.2

	* Set all proxys, to use z_zorp_thread_new. A wrapper around
	z_thread_new to set the working threads number.

	* Implement Simple Zorp Imformation Gathering.

2002-07-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* updated debian/rules (now supports ZORP_DEBUG, and inserted
	netfilter specific configure options)

2002-07-10  Szalay Attila  <sasa@balabit.hu>

	* Bumped to version 1.5.1

	* zorp/main.c (z_dump_maps): Forward ported function, to log maps
	when fatal signal arrived.

2002-07-01  Balazs Scheidler  <bazsi@balabit.balabit>

	* proxy.c (z_proxy_destroy): fixed pyvars freeing

2002-06-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* fixed a couple of -W triggered warnings

2002-06-24  Balazs Scheidler  <bazsi@balabit.balabit>

        * pylib/Zorp/Router.py: added overrideable parameter for
	DirectedRouter and TransparentRouter

        * lib/pylisten.c: do not explicitly close fds passed to Python
	except when an exception occurs during accepted callback, forward
	ported a listener race fix (instead of XDECREFing in destroy
	immediately we do this in a freeq callback)

        * pylib/Zorp/NAT.py: fixed default_reject reference in OneToOneNAT
	& OneToOneMultiNAT, forwardported HashNAT

        * lib/pyvars.c: forward ported config dump

        * lib/pysockaddr.c (z_py_zorp_gethostbyname): added support for
	Sun gethostbyname_r, check if the returned hostentry is NULL

	* zorp/main.c: make auto_bind_ip configurable from the command
	line

	* lib/tpsocket.c: compile in netfilter specific parts only if
	ENABLE_NETFILTER_TPROXY is defined
	
	* lib/tpsocket.h: add extern char *auto_bind_ip

2002-06-19  Szalay Attila  <sasa@balabit.hu>

	* First try of new authentication. Now with a lot of FIXMEEE

2002-06-13  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Zone.py (RootZone.__init__): Bugfix. Permitting "*"
	service if old style outbound_services is used.

2002-06-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py: handle all exceptions that might occur
	during Connect()

2002-06-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c, lib/pyconnect.c, lib/pylisten.c: reorganized
	tpsocket support so SockAddrInetRange works properly (global
	function pointers to socket handling functions)

2002-06-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: call IP_TPROXY_ASSIGN even if we bound to a
	local address (so -m tproxy matches)

2002-06-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/tpsocket.c: added a few trace messages; enable CAP_NET_ADMIN
	prior to calling tproxy functions

2002-05-31  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/nfiptproxy-kernel.h: new file, a copy of the interface
	file <linux/netfilter_ipv4/ip_tproxy.h>

	* lib/pyconnect.c, lib/pylisten.c: use tpsocket instead of simple
	sockets to support transparency

	* lib/tpsocket.c, lib/zorp/tpsocket.h: socket supporting
	transparent proxying for use by listeners and connectors

2002-05-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/sysdep.c: moved from zorp-lib back to here

2002-05-21  Balazs Scheidler  <bazsi@balabit.balabit>

        * lib/pylisten.c: fixed a race condition occurring when destroy
	was called (setting self->handler to NULL), and our callback has
	already entered (didn't check self->handler to NULL)

2002-05-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c (z_license_load): correctly close the license file
	in all cases

        * lib/pypolicy.c: added /*NOLOG*/ clauses to two log messages

        * pylib/Zorp/Core.py: added imports OneToOneNAT, RandomNAT,
	StaticNAT, OneToOneMultiNAT

        * lib/zpython.c: changed log() function to accept a new argument,
	which specifies the session_id, remains compatible with the old
	interface by checking the number of arguments

        * pylib/Zorp/*.py: changed log() invocations to the new interface

        * pylib/Listener.py: added session_id to messages

2002-05-06  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Listener.py (CSZoneListener): New class. Ths Listener
	class is capable to select service based on client and server
	zone.

	* pylib/Zorp/Conntrack.py (AbstractTracker.connectServer):
	Bugfix. Set local to self.session.client_local.

	* pylib/Zorp/NAT.py (ForgeClientSourceNAT): Flag
	ForgeClientSourceNAT as Obsolete.

2002-05-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py (setServer): new argument local_addr, for
	specifying outgoing source address, defaults to None

	* pylib/Zorp/Chainer.py: call SNATs with session.server_local as
	addr, to avoid having to look into the session for addresses to
	translate

	* pylib/Zorp/Router.py: added forge_addr arguments to __init__
	constructors, and support for setting the outgoing source address

2002-04-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py: added docstrings to FailoverChainer and
	SideStackChainer

2002-04-19  Szalay Attila  <sasa@balabit.hu>

	* Finish set COPYRIGHT header.

2002-04-10  Szalay Attila  <sasa@balabit.hu>

	* Finish glib2.0 compatibility.

	* lib/ctracker.c (z_tracker_write): Bugfix. Return with NULL if
	value NULL

2002-02-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py (setServer): handle the case where addr is
	a tuple

2002-02-11  Balazs Scheidler  <bazsi@balabit.balabit>

 	* src/pysockaddr.c (z_py_gethostbyname): fixed the gethostbyname_r
	call (instead of checking the value returned in error, check its
	return value)

2002-01-23  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zone.py: reverted __str__ not to quote the IP address
	of the zone

	* pylib/Zorp/NAT.py: made OneToOneNAT finally work

	* pylib/Zorp/Router.py: use session.setServer instead of
	manipulating session.server_address directly

2002-01-10  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (connectServer): fixed a typo, changed an
	`or' to `and'

2002-01-10  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/log.c: include <time.h> instead of <sys/time.h> so it works
	on woody too

	* pylib/Zorp/Core.py: handle import errors when Conntrack is not
	enabled

2002-01-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Conntrack.py: supply nat_type arguments to calls to
	NAT code, pylib/Zorp/Chainer.py: -"-

	* pylib/Zorp/NAT.py (AbstractNAT.performTranslation): added
	nat_type argument which tells the nat object which translation it
	is used in (snat or dnat)

	* lib/pysockaddr.c: use gethostbyname_r instead of simple
	gethostbyname to help concurrence, fixed a bug in the fallback
	getbostbyname version

	* configure.in: added check for gethostbyname_r

2002-01-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: removed explicitly enabling core dumps

	* pylib/Zorp/Zorp.py: fixed typo (AuthException)

	* lib/pypolicy.c: changed exception handling a bit, earlier a
	detailed traceback of each exception was dumped, now string
	exceptions are simply reported as an error message to avoid ugly
	tracebacks

	* lib/proxy.c: added session_id arguments to z_policy_call

	* lib/ctracker.c: added session_id arguments to z_policy_call

	* lib/authorization.c: added session_id arguments to z_policy_call

2002-01-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: removed message about the creation of the pidfile

2002-01-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Chainer.py (AbstractChainer): supply a default
	__init__ method,
	(FailoverChainer): call inherited __init__,
	(SideStackChainer): new class

	* pylib/Zorp/Proxy.py (Proxy): supply a default config() method,
	(Proxy.chainParent): change behaviour if Chainer is not defined
	(not currently used), if server_stream is defined return it
	intact, if server_fd is defined create a stream and return it,
	otherwise raise an exception

	* pylib/Zorp/Zorp.py: import socket related constants from socket
	module instead of defining our own (more portable)

2001-12-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: if resolving a hostname fails, report it in
	the logs

	* pylib/Zorp/Chainer.py: new class FailoverChainer

	* zorp/main.c: call z_log_destroy as it was not called

	* lib/log.c (z_log_destroy): close stderr-syslog pipe so the
	stderr reading thread quits

	* pylib/Zorp/Auth.py: set auth_info based on whether we
	authenticated from the cache, or really from satyrd

	* pylib/Zorp/Proxy.py: added auth_info argument to
	userAuthenticated

2001-12-20  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: do not report "Server connection
	established" with fd == -1, if the connection failed,

	* pylib/Zorp/Auth.py: new class AuthCache which implements
	authentication caching for protocols like HTTP,
	AbstractAuthentication: added auth_cache as argument to __init__,
	SatyrAuthentication: added auth_cache as argument to __init__,
	implemented caching in performOutbandAuth

2001-12-20  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: handle IOError in setServerAddress to avoid
	exceptions on unknown hostnames

	* pylib/Zorp/Chainer.py: handle session.server_address == None
	case

2001-12-18  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zorp.py: added AF_INET6 symbol

	* pylib/Zorp/Zone.py: new class Inet6Zone

	* pylib/Zorp/Domain.py: new class Inet6Domain

	* pylib/Zorp/Core.py: conditionally import ipv6 symbols

	* lib/sockaddr.c: support IPv6 socket addresses

	* lib/pysockaddr.c: export inet_ntop & inet_pton, and
	SockAddrInet6

	* configure.in: added --enable-ipv6 option (defines ENABLE_IPV6
	cpp symbol)

2001-12-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/zorp/proxy.h, lib/zorp/log.h: changed function prototypes
	not to use C++ reserved words.

2001-11-20  Szalay Attila  <sasa@balabit.hu>

	* Rewrite inbound az outbound_services. Use
	permitted/inherited/effective triple.

2001-11-05  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c (main): handle SIGTRAP and ignore it

	* pylib/Zorp/NAT.py (AbstractNAT.__init__) new function

        * configure.in: define HAVE_PR_SET_KEEPCAPS if PR_SET_KEEPCAPS is
	present
	
        * zorp/main.c: fixed prctl() problem which prevented Zorp to run
	as non-root
	
2001-10-15  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Zone.py (RootZone.getName): new function. Get the
	zone real name.

2001-10-15  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: handle SIGHUP

2001-10-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c (z_send_syslog): check return values of write() more
	strictly

2001-10-04  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Session.py: set fd_close attribute to TRUE by default

	* pylib/Zorp/Listener.py: fixed ZoneListener

	* pylib/Zorp/Core.py: added import of ZoneListener

2001-10-02  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c: use our own log writer to send syslog messages

2001-09-25  Szalay Attila  <sasa@balabit.hu>

	* lib/ctrackrouter.c (z_conntrack_router_newfd_with_data): Enable
	late connecting. (Only connect when the first packet is arrived.

2001-09-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c: accept expired certificates on licenses

2001-09-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: moved sigusr1 & sigusr2 handlers to the main loop
	(so the race between the handler and the core doesn't occur)

2001-09-17  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Listener.py: accept -1 as unlimited in host count checking

2001-09-16  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: added --chroot argument to Zorp

	* lib/log.c: dup fds prior to starting stderr thread, handle cases
	when the stderr pipe cannot be opened by fdopen()

	* pylib/Zorp/Proxy.py: authenticate users only if no
	authentication was performed previously

2001-09-13  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyconnect.c (z_py_zorp_connect_connected): fixed a possible
	deadlock when z_io_connect_start immediately calls its callback

	* lib/io.c (z_io_connect_start): do not call callback if
	z_connect() fails, return NULL instead

2001-09-10  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyvars.c (z_pyvar_string_free, z_pyvar_sockaddr_free): new
	functions, pyvars now frees registered variables automatically

2001-09-07  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c (z_enable_core): new function,
	(z_fatal_signal_handler): ensure coredumping by killing our
	process after reporting the signal

2001-09-06  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Auth.py (AbstractAuthentication.performAuth): new
	method, which performs authentication callable from
	Proxy.__config__

	* pylib/Zorp/Proxy.py (Proxy.__config__): moved generalized auth
	here (inband & outband merged)

	* pylib/Zorp/Service.py: removed Satyr authentication and moved to
	Proxy, since it blocked the main thread (while a user was
	authenticating nobody else could do so, and no sessions could be
	started either)

2001-09-04  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/proxy.c (z_proxy_destroy): free up thread state (caused a
	leak during operation, it was freed only at the end of the
	program)

2001-09-03  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/satyr.c (z_satyr_destroy): didn't unref sockaddr if the
	connection to the satyrd wasn't successful

	* pylib/Zorp/Auth.py: authorization dbs are named just like
	services, so no python variables are needed to assign
	authentication to authorization, changed TISAuthorization ->
	TISAuthorization & ZASAuthorization, the latter using the extended
	authentication protocol

	* lib/zorp/policy.h (z_policy_var_parse_tuple): new macro
	corresponding to PyArg_ParseTuple

2001-08-28  Balazs Scheidler  <bazsi@balabit.balabit>

	* zorp/main.c: merged signal handlers into a single function

	* lib/memtrace.c, lib/zorp/memtrace.h: new files, implementing a
	simple & fast memory consistency checker (as a side effect it can
	help debug leaks as well)

2001-08-24  Balazs Scheidler  <bazsi@balabit.balabit>

	* scripts/zorpctl.in: added zorpctl status

	* lib/pysatyr.c: check for "satyr" licensed-option

	* lib/license.c (z_license_is_option_permitted): new function,
	checks if the given option is licensed

2001-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Conntrack.py: wrote docstring

	* pylib/Zorp/Auth.py (performInbandAuth): refer to
	auth_inband_supported instead of inband_auth_supported to reflect
	name change
2001-08-21  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Core.py: Import receiver and AbstractTracker.

	* lib/misc.c (z_port_enabled): New function. Return TRUE if the
	given port is in a portrange.

2001-08-21  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/pyvars.c (z_pyvar_alias_get, z_pyvar_alias_set): implemented
	alias support for exported variables

	* zorp/main.c (z_dump_backtrace): fixed format string to avoid gcc
	warnings

2001-08-16  Szalay Attila  <sasa@balabit.hu>

	* lib/readline.c: Put z_enter and z_leave into every function.
	(z_read_line_get_copy): Return error when readed line is bigger
	than buffer

2001-08-14  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Zorp.py: added error checking to init(), so undefined
	instances are reported as such instead of an exception

2001-08-11  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Listener.py, lib/io.c, lib/pyconnect.c: implemented
	backlog parameter to Listener

	* lib/io.c, lib/pyconnect.c: fixed some might-be-races in the hope
	it fixes a SIGSEGV problem

2001-08-09  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/log.c (z_log): save errno prior to writing a messages to
	avoid clobbering its value

	* lib/stream.c: removed errno saving, as it is now implemented in
	z_log()

2001-08-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* lib/license.c: added default options if a license file is not
	available (3 different ips), added checking for validity periods

	* pylib/Zorp/Listen.py: readded license check

	* lib/io.c: added z_enter/z_leave pairs

2001-08-08  Szalay Attila  <sasa@balabit.hu>

	* lib/log.c (z_logv): If ENABLE_TRACE and log_tags are both TRUE
	log thread id fo debugging.

2001-08-03  Szalay Attila  <sasa@balabit.hu>

	* lib/readline.c (z_read_line_get): If not setted ZRL_TRUNCATE,
	return error when input line is too long.

2001-07-31  Szalay Attila  <sasa@balabit.hu>

	* zorp/main.c (z_sigusr1_handler): New function. Grow the verbose
	level woth one on a USR1 signal
	(z_sigusr2_handler): - || -

	* lib/dimhash.c (z_dim_hash_table_makekey): Bugfix. When examine
	key parts it was look every time the first key.

2001-07-26  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Proxy.py: proxies should not be able to override
	address set by DirectedRouter

2001-07-12  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/Service.py: fixed a typo, AddClient renamed to
	addClient

2001-07-08  Balazs Scheidler  <bazsi@balabit.balabit>

	* pylib/Zorp/NAT.py (OneToOneNAT): new attribute/parameter
	default_reject, controls whether IP addresses outside the given
	range should be rejected, or returned unmodified.

2001-06-28  Szalay Attila  <sasa@balabit.hu>

	* lib/pyvars.c (z_py_zorp_dimhash_subscript): Change String a
	Tuple recognization sequence.

	* pylib/Zorp/Listener.py (Listener.accepted): Use exported
	Licenseed Number value

2001-06-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Matcher.py: new module implementing general string
	matcher to be used by URL filtering

2001-06-21  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/zorpctl.in: check permissions of $sysconfdir and fail if
	permissions are higher than needed.

2001-06-12  Balazs Scheidler  <bazsi@balabit.hu>

	* configure.in: bumped version number to 0.9.2

	* pylib/Zorp/Service (Service.__init__): added auth_name parameter

	* pylib/Zorp/Auth.py (SatyrAuthentication.performOutbandAuth): use
	service.auth_name instead service.name

	* lib/zpython.c (z_python_init): fixed PYTHONPATH setting, Zorp
	now doesn't require PYTHONPATH prior to startup.

	* lib/zpython.c (z_py_get_license_value): new function to return
	license hash contents (exported to Python as getLicenseValue)

	* lib/license.c: use ZORP_CONFIG_DATE instead of __DATE__ when
	reporting startup license date

	* configure.in: added ZORP_CONFIG_DATE define, contains
	configuration date

2001-06-07  Szalay Attila  <sasa@balabit.hu>

	* lib/pyreceive.c (z_py_zorp_receive_new_instance): Bgfix. Explain
	when cannot bind to given address.

2001-06-06  Szalay Attila  <sasa@balabit.hu>

	* lib/dimhash.c: Remove allocating memory. Use preallocated stack
	place.

	* lib/ctracker.c (int_to_str): Change snprintf to self create
	procedure.

2001-05-30  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/NAT.py: implemented OneToOneNAT, RandomNAT classes

	* lib/zorp/log.h (z_llog): declared z_llog() as a printf-style
	function

	* lib/stream.c: check z_log_enabled() prior to generating the
	packet dump

	* lib/log.c (z_log_enabled): new function for checking whether a
	given class/verbosity message will get to the logs, thus we can
	check whether to format an expensive message

2001-05-29  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/dimhash.c: z_dim_hash_key_free() new function, frees up a
	dimhash key array,
	(z_dim_hash_table_search): fixed allocation of saved key array

	* lib/pyvars.c (z_py_zorp_dimhash_unref_items): free key as well
	(FIXME: freeing this key should really be done in dimhash itself),
	(z_py_zorp_dimhash_subscript, z_py_zorp_dimhash_ass_subscript):
	free allocated key

	* lib/threads.c (z_thread_init): added support for idle_threads,
	zorp defaults to max_threads * 0.1 idle threads
	
	* lib/zpython.c (z_python_init): PYTHONPATH setup uses the
	environment variable as well (to make it possible to override
	built in setting)

	* zorp/main.c: added inclusion of <zorp/sysdep.h>, added support
	for --idle-threads parameter

2001-05-28  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/zpython.c: set PYTHONPATH automatically (overriding the
	value specified in the environment)

	* configure.in: added test for getopt_long and getopt.h

2001-05-16  Szalay Attila  <sasa@balabit.hu>

	* lib/dimhash.c (z_dim_hash_table_rec_search): Reorganize dimhash
	search. (C) Kovacs Krisztian

2001-05-11  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: use getopt() instead of getopt_long() if the latter
	is not available, added short options to usage screen, call
	z_sysdep_init(), z_sysdep_destroy()

	* lib/ctracker.c, lib/ctrackrouter.c, lib/ipchains.c,
	  lib/packsock.c, lib/pyctracker.c, lib/pyipchains.c,
	  lib/pyreceive.c, lib/zorp/ipchains.h: made optional,
	  conditonally compiled when ENABLE_CONNTRACK is defined

	* lib/stream.c: added inclusion of sys/types.h

	* lib/tisauth.c: added inclusion of string.h
	
	* lib/zpython.c: removed transparent destination address detection
	and moved to sysdep.c

	* lib/poll.c: changed ETIME to ETIMEDOUT

	* lib/Makefile.am: added sysdep.c

	* configure.in: added additional enable/disable options

	* acconfig.h: added some possible ENABLE_*

2001-05-09  Balazs Scheidler  <bazsi@balabit.hu>


	* lib/pytisauth.c: adapted to the slightly changed tisauth.c

	* lib/tisauth.c: implemented authserver reconnection

	* lib/pyconnect.c: report connection failures right after the
	connect syscall

	* lib/satyr.c: removed unused SSL_CTX creator function
	(z_ssl_session_new is used instead)

	* lib/*.c: documented log messages

2001-05-07  Balazs Scheidler  <bazsi@balabit.hu>

	* pylibZorp/Proxy.py (Proxy.connectServer): server_fd_picked is
	set to TRUE even if we are a toplevel proxy, because otherwise
	session.server_fd was closed both by the proxy and the python
	layer

	* src/ssl.c: ZSSLVerifyData removed, ZSSLSession is used instead,
	an ssl session has to be freed using z_ssl_session_destroy

	* src/satyr.c: moved from SSL * to ZSSLSession *

	* src/readline.c (z_readline_get): added handling ZRL_SINGLE_READ
	which causes an ST_AGAIN to be returned if a full line is not
	available

	* src/pylisten.c (z_py_zorp_listen_accepted): report accepted fd
	value in debug message

	* src/proxy.c (z_proxy_stack_proxy): added debug message about
	client and server fd pairs

	* src/giossl.c: moved from SSL * to ZSSLSession *

2001-05-03  Szalay Attila  <sasa@balabit.hu>

	* lib/pyvars.c: Implement multidim. hash.

	* lib/dimhash.c: New file. Handle "multidimensional" hash (when
	hashkey are tuple)

2001-04-28  Balazs Scheidler  <bazsi@balabit.hu>

	* tests/Makefile.am: commented out making satyr test

	* scripts/zorpctl.in: commented out setting and exporting
	LD_LIBRARY_PATH

	* lib/zorp.c: moved z_log_set_fake_session_id here

	* pysatyr.c: log fixes

	* lib/log.c: moved z_log_set_fake_session_id to zorp.c, because it
	pulled in python dependencies into zorpll

	* lib/Makefile.am: libzorp split, libzorp.so and libzorpll.so
	installs to $prefix/lib, instead of a package specific directory

	* zorp-config.in: new command line switches --ll-libs and
	--local-ll-libs
	
	* configure.in: changed needed for splitting up libzorp into
	libzorp and libzorpll

2001-04-27  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Auth.py (SatyrAuthentication): added timeout
	parameter

	* lib/stream.c: added support for timeouts in SSL enabled streams

	* lib/pysatyr.c (z_py_zorp_satyr_new_instance): added support for
	satyr timeouts,
	(z_py_zorp_satyr_auth): check requested method whether it is
	allowed, added some log messages

	* lib/zorp/zorp.h: added CORE_AUTH log tag

	* lib/pytisauth.c: fixed a possible SIGSEGV when connecting to the
	authserv failed

	* lib/sockaddr.c: unix domain socket address size is calculated
	dynamically (just like in syslog-ng which triggered an RSBAC bug)

2001-04-26  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Conntrack.py (CTracker.connectServer): Use snat and
	dnat

2001-04-25  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zorp.py: added Z_DROP constant

	* pylib/Zorp/Service.py: added support for snat/dnat

	* pylib/Zorp/NAT.py: changed FakeNAT to ForgeClientSourceNAT

	* pylib/Zorp/Core.py: changed FakeNAT to ForgeClientSourceNAT

	* pylib/Zorp/Chainer.py: added support for snat/dnat

	* lib/readline.c: added checking for embedded NUL characters

	* debian/rules: zorp-config.1 manual package should only be in
	zorp-dev

2001-04-24  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Zone.py: zones with enumerated address ranges, where
	the number of addresses is 1 don't have real subzones

	* lib/ssl.c (z_ssl_session_new): SSL_* functions return 1 on
	success and not -1 on failure, changed error checks accordingly,
	added reporting SSL error message

2001-04-18  Szalay Attila  <sasa@balabit.hu>

	* lib/ctracker.c: Implement proxy pool.

2001-04-17  Szalay Attila  <sasa@balabit.hu>

	* lib/ctracker.c: Move timeout a max_packet variables into
	ctracker.

2001-04-17  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c (z_dump_backtrace): added printing the real
	SIGSEGV/SIGILL location (even more i386 specific)

	* src/stream.c (z_data_dump): made a dummy function, because it
	was SLOOOOOW

	* src/pylisten.c (z_py_zorp_listen_accepted): fixed two possible
	race conditions

	* src/io.c (z_io_listen_accepted): fixed a possible race condition

	* pylib/Zorp/Zone.py: readded umbrella support

2001-04-14  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/zorpctl.in: we now check if the process exists if a
	pidfile is still found, if the pidfile is stale we remove it and
	start a new instance

2001-04-13  Szalay Attila  <sasa@balabit.hu>

	* lib/ctrackrouter.c (z_conntrack_router_newfd): Bugfix. Doesn't
	drop g_slist_prepend return value.

	* pylib/Zorp/Conntrack.py (CTracker.startProxyInstance): Now
	connections go through the full authentication
	(CTracker.connectServer): Now use router and nat functionality

	* lib/ctracker.c (z_tracker_add_connect): Now connect into
	destination to use correct from address

2001-04-13  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Auth.py: correctly calculate the value for use_ssl

	* lib/sockaddr.c (z_sockaddr_new): changed a g_error() invocation
	to z_log()

	* lib/satyr.c: adapted to the new ssl core, changed Satyr protocol
	so that Zorp initiates SSL handshare (if enabled in the policy),
	and to include more address information in the greeting (AF_INET,
	IP address, port number)

	* lib/ssl.c: cleaned up ssl core (use z_ssl_session_new to create
	an SSL session structure with the given key, cert and verification
	parameters)

2001-04-11  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Proxy.py: avoid using the socket module by using the
	functions provided by the Zorp core.
	
	* pylib/Zorp/SockAddr.py: -"-

	* pylib/Zorp/Core.py: new module importing all core classes, so
	configuration files will not need to import them one by one

	* lib/pytisauth.c: use enhanced TIS authserv features (stateless
	protocol elements) if available, Zorp will not use more than 1
	connection to the authserv,
	(ZorpTISAuth): new field lock, avoiding race conditions for
	hashtable accesses

	* lib/tisauth.c: implemented new stateless protocol functions

2001-04-10  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pysockaddr.c: moved htonl, ntohl, getsockname here

	* doc/examples/https.py: new example demonstrating the use of a
	transparent HTTPS proxy

	* lib/zpython.c (z_py_close_fd): new function, exported as closeFd
	to make it possible to avoid using the os module,
	(htonl, htonl): new exported funtions to avoid the usage of the
	socket module

2001-04-10  Szalay Attila  <sasa@balabit.hu>

	* Remove pyathconn.h link from some source.

	* lib/zorp/pysatyr.h: Remark pyauthconn.h (Doesn't need.)

	* pylib/Zorp/Proxy.py (Proxy.__init__): Bugfix. Remove `);' from
	end of line: log(CORE_SESSION, 1, "%s: Proxy...

	* Delete lib/receive.c Not used.

	* Rename z_denter and z_dleave in some files.

2001-04-09  Szalay Attila  <sasa@balabit.hu>

	* pylib/Zorp/Conntrack.py: New file. Python part of connection
	tracking.

	* lib/ctrackrouter.c: New file. Polling part of conenction
	tracking.

	* lib/ctracker.c: New file. Main part of connecion tracking.

	* lib/pyctracker.c: New file. Glue between C conntrack and python
	policy

	* pylib/Zorp/Service.py (Service.startInstance): New parameter:
	type.
	(Service.startCTInstance): New function. Start a connection
	tracking module.
	(Service.addClient): New function. Set the socket, where the
	service listen.

	* pylib/Zorp/Receiver.py (Receiver.__init__): Major rewrite.

	* pylib/Zorp/Proxy.py (Proxy.__init__): Call ZorpProxy with type
	parameter.

	* lib/registry.c (z_registry_init): Enhance registry. Now every
	proxy type have it's own hash.
	(z_registry_add): Now must set the proxy type.
	(z_registry_get_one): New function. Return the egzakt entry
	pointed with name and type.
	(z_registry_has_key): New function. Return TRUE if there is any
	line in the registry with the given name.

	* lib/pyreceive.c: Major rewrite. This module only create a socket
	now.

	* lib/pyproxy.c (z_py_zorp_proxy_new): New parameter: type. Set
	type of proxy.

	* lib/poll.c (z_poll_remove_stream): New function. Remove a
	ZStream from poll.

	* lib/packsock.c: Rewrite packsock.c. Keep only z_packsock_receive
	and z_packsock_read.

2001-04-09  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/*.py: changed log messages to the new format.

2001-04-05  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pytisauth.c, lib/cap.c: added trace calls

        * Zorp-Core adapted to new, consistent logging format

	* lib/packsock.c, lib/labelset.c, lib/pylabelset.c,
	lib/authconn.c, lib/pyauthconn.c: removed files

2001-04-04  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/*.c: adapted to the new log macros

	* lib/zorp/log.h: changed trace macro names to be more consistent

2001-03-29  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Auth.py: written docstrings

	* lib/zpython.c: removed inclusion of pyauthconn.h and
	z_py_zorp_authconn_init

	* lib/ssl.c, lib/zorp/ssl.h: moved z_stream_ssl here

	* lib/tokenize.c, lib/zorp/tokenize.h: renamed lineio.h, reviewed,
	cleaned up

	* lib/satyr.c, lib/pysatyr.c, lib/zorp/satyr.h,
	lib/zorp/pysatyr.h: rewritten to conform to the new auth
	architecture

	* lib/authorization.c (z_authorization_get_methods): fixed
	allocation of the result array

	* lib/Makefile.am: removed authconn.c pyauthconn.c from
	compilation, they should be adapted to the new authentication
	framework

2001-03-26  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Proxy.py: store TRUE in server_fd_picked if the proxy
	is a stacked one, and it picked up its the server side fd with
	connectServer(), if server_fd_picked is FALSE upon destroyal of
	the proxy instance, the fd is silently closed

	* pylib/Zorp/Proxy.py (Proxy.stackProxy): new function, moved from
	Plug/Pssl for easier proxy stacking

	* lib/proxy.c (z_proxy_stack_proxy, z_stacked_proxy_new,
	z_stacked_proxy_destroy): new functions, these make it easier to
	use stacked proxies.

	* lib/giossl.c (GIOSSLChannel): moved to giossl.h

	* lib/stream.c: make shutdown a function pointer, so that SSL
	enabled streams may define their own shutdown (using SSL_shutdown)

2001-03-23  Balazs Scheidler  <bazsi@balabit.hu>

	* main.c: enable setting maximum threads with the --threads
	parameter

2001-03-19  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pysockaddr.c (z_py_zorp_sockaddr_getattr): added support for
	family attribute

	* lib/pytisauth.c: added support for startSession & stopSession

	* pylib/Zorp/Proxy.py: call self.auth.stopSession from __destroy__

	* pylib/Zorp/Auth.py (Authorization): added startSession() and
	stopSession() methods,
	(Authentication.performInbandAuthentication): call
	auth.startSession()

2001-03-17  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/io.c, lib/pyconnect.c, lib/pylisten.c: ZIOConnect and
	ZIOListen made reference counted, ugly locking cleaned up

2001-03-16  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: rewritten

	* pylib/Zorp/NAT.py: new file

	* pylib/Zorp/Router.py: new file

	* pylib/Zorp/Service.py: adapted to the new Chainer/Router modell

	* pylib/Zorp/Listener.py: -"-

2001-03-15  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/sockaddr.c (z_connect): loop on EINTR instead of returning
	an error condition

2001-03-14  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/zpython.c (z_python_init): call the initialization function
	for pytisauth

	* lib/pytisauth.c, lib/zorp/pytisauth.h: new files, Python wrapper
	for tisauth.c

	* lib/tisauth.c, lib/zorp/tisauth.h: new files, implement low
	level interface to TIS authentication server

2001-03-12  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pyvars.c (z_proxy_var_new): added support for
	Z_VAR_TYPE_METHOD

	* pylib/Auth.py: readded, and rewritten (Authorization and
	Authentication classes)

	* lib/proxy.c: standard events with underlines added (__config__,
	__startup__, __shutdown__)

	* lib/authorization.c, lib/zorp/authorization.h: new files for
	interfacing to authorization databases

2001-03-07  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: call license checks

	* lib/zorp/license.h: new file

	* lib/license.c: new file, implements license file checks

2001-02-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Chainer.py: DirectedChainer checks its remote
	argument whether it's a SockAddrInet instance

	* pylib/Zorp/Zorp.py: define Z_ABORT, and define some logtags used
	in the python part of Zorp.

	* pylib/Zorp/Listener.py: SimpleListen new class

	* pylib/Zorp/Domain.py: small fix to use netmask() method instead
	of using the mask attribute directly

	* pylib/Zorp/Connector.py: define and call connect_hook and
	unconnect_hook so the administrator is able to change packet
	filter rules dynamically

	* lib/thread.c: protect the thread list with a mutex, it could
	cause infinite loops, or SIGSEGVs

2001-02-19  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/cap.c: don't do anything if --no-caps is specified

	* lib/packsock.c: z_packsock_sendfrom() enable requried
	capabilities

2001-02-15  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Session.py: moved a log message (about the client
	connection info) to Service.py (after the session instance id is
	determined)

	* scripts/zorpctl.in: fixed a problem in zorpctl restart (when no
	instance names was given to restart)

2001-02-11  Balazs Scheidler  <bazsi@balabit.hu>

	* lib/pylisten.c: the return value of the accepted() callback
	should be Z_ACCEPT or Z_REJECT not a simple boolean value

	* pylib/Zorp/Chainer.py: Chainer class renamed to abstract
	Chainer.

2001-02-07  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/policy.py.sample: fixed some bugs

2001-02-06  Balazs Scheidler  <bazsi@balabit.hu>

	* scripts/instances.conf.sample: changed copyright

2001-01-30  Balazs Scheidler  <bazsi@balabit.hu>

	* configure.in: bumped version number to 0.7.14

	* lib/proxy.c (z_proxy_destroy): don't use z_python_global_state,
	use self->thread instead

	* lib/log.c: protect message output with a mutex to avoid message
	clashes

2001-01-29  Balazs Scheidler  <bazsi@balabit.hu>

	* debian/control (zorp-dev): fixed a typo, depend on zorp-libs
	instead of zorp-lib

	* debian/rules: instead of configure-ing modules by hand, do a
	make config-stamp in the modules directory

	* configure.in: separate CPPFLAGS and DEPS_CPPFLAGS variable (for
	CPPFLAGS to be used for Zorp compilation and CPPFLAGS required by
	dependencies glib, python etc)

	* zorp-config.in: separate --cflags and --cppflags arguments, use
	@DEPS_CPPFLAGS@ instead of CPPFLAGS directly to avoid inclusion of
	the Zorp source directory in the include search path

	* lib/pyvars.c (z_pyvars_setattr, z_pyvars_getattr): check if
	self->vars is NULL

	* lib/pylisten.c (z_py_zorp_listen_free): call
	z_io_listen_destroy() if the python instance is freed

	* lib/proxy.c (z_proxy_destroy): call __destroy__() event,
	(z_proxy_destroy): dispose z_pyvars to avoid circular references
	(caused memory leaks in HTTP),
	(z_proxy_config_event): added log message,
	(z_proxy_startup_event): -"-,
	(z_proxy_shutdown_event): -"-,
	(z_proxy_connect_server_event): -"-
	(z_proxy_destroy_event): new function to call __destroy__()

	* lib/io.c, lib/zorp/io.h (z_fd_set_oobinline): new function to
	enable the SO_OOBINLINE socket parameter (used by the FTP module)

2001-01-25  Szalay Attila  <sasa@balabit.hu>

	* configure.in: version number bumped to 0.7.13

	* zorp-config.in (Usage): New parameter --local-libs and
	--local-cflags. Used when zorp-modules is compiled with zorp.

2001-01-25  Balazs Scheidler  <bazsi@balabit.hu>

	* zorp/main.c: stackdump is moved to a separate function to be
	called by different signal handlers

	* pylib/Zorp/Session.py (MasterSession.__init__): new attribute
	`started' which is set to TRUE when startInstance is called

	* pylib/Zorp/Service.py (AbstractService.stopInstance): new
	function, to be called when the session of the given service
	exits,
	(Service.__init__): initialize new attributes: max_instances,
	num_instances,
	(Service): delete attribute definition from the class (they are
	created during initialization),
	(Service.startInstance): ensure that session limits are not
	broken,
	(Service.stopInstance): decrease num_instances if the stopped
	session was started

	* pylib/Zorp/Proxy.py: write a log message when a proxy module
	starts and exits

	* pylib/Zorp/Listener.py: move message tags to variables, add
	handler for LimitException

	* pylib/Zorp/Zorp.py: new exception type LimitException

2001-01-24  Szalay Attila  <sasa@balabit.hu>

	* zorp/main.c (z_sigill_handler): New function, called when SIGILL
	caught.

	* lib/pypolicy.c (z_policy_call_object): Bugfix. Remove DECREF,
	becouse variable is not referred from here.

2001-01-22  Balazs Scheidler  <bazsi@balabit.hu>

	* pylib/Zorp/Session.py: use Zorp.firewall_name in session_ids

	* pylib/Zorp/Listener.py: store getSockName(client_fd) in
	session.client_local

	* pylib/Zorp/Listener.py: new parameter to Listener, transparent
	it disallows directly connecting to the given socket (to avoid an
	endless loop, when a transparent listener is connected directly)
	
	* lib/zpython.c (z_py_get_sock_name): new function, which returns
	the sockname of the given socket

	* lib/io.c (z_fd_set_keepalive): enable SO_KEEPALIVE on the given
	socket,
	(z_io_listen_accept): call z_fd_set_keepalive,
	(z_io_connect_connected): -"-

2001-01-22  Szalay Attila  <sasa@balabit.hu>

	* lib/zorp/proxy.h (func_cp): New macro. Write a CheckPoint into
	log.

2001-01-22  Balazs Scheidler  <bazsi@balabit.hu>

	* new ChangeLog started
