FreeRADIUS 0.7.1 ; Date: 2002/09/10 14:02:30 , urgency=high

	* Fix a security hole in the kerberos module
	* Updated 'configure' to allow it to discover pthread libraries on
	  Solaris.
	
FreeRADIUS 0.7 ; Date: 2002/07/26 18:01:50 , urgency=high

	* Allow attributes of type 'date' to be sent in outgoing packets.
	  Bug found by Loh John Wu <ljwu@sandvine.com>
	* Add 'Realm' attribute, even if it's a LOCAL realm.
	  Bug noted by Chris Brotsos.
	* Added experimental SMB authentication module, which uses
	  PAP passwords to authenticate against an NT-Domain.
	  NT/LM-passwords are not currently supported.
	* More documentation for rlm_passwd, rlm_mschap, and rlm_digest.
	* 'configure' changes to better find sem_init and friends.
	* Allow the use of previously installed libtool, and libltdl.
	  This appears to help a lot on FreeBSD.
	* Fixes to work on non-threaded builds.
	  Patch from Rainer Weikusat.
	* SQL now re-connects to the server, if the connection is lost.
	  Currently only MySQL is fixed, but other patches will follow.
	  Patch from Todd T. Fries.
	* Added experimental use of dynamicly translated variables,
	  CallBack-Number = `%{request:Calling-Station-Id}`
	  sets the value of the CallBack-Number attribute to the value of
	  the Calling-Station-Id in the original request.
	* Cute hack: Allow regex matching on IP addresses, by placing
	  the string representation of the IP address (1.2.3.4) into
	  the internal data structure.  This allows things like
	  NAS-IP-Address =~ "^192\.168", which may be useful.
	* Add documentation for experimental rlm_dbm module.
	* Added experimental Perl module.
	* Added the relevant IETF RFC's (standards documents) to 'doc/rfc',
	  along with some simple perl scripts to convert them to cross-
	  referenced HTML.
	* Updated the experimental Python module.
	* Added Cisco SSG VSA's
	* When rejecting authentication due to external Exec-Program, do
	  NOT free the reply pairs, as the server core will take care of
	  doing that.  Bug noted by Thomas Jalsovsky
	* New experimental module: rlm_cram
	  Supports APOP, CRAM-MD5, CRAM-MD4, CRAM-SHA1 with it's own
	  VSA's. This module may be used for SMTP/POP3/IMAP4 server
	  authentication.
	* Make Exec-Program and Exec-Program-Wait work in debugging mode.
	* Finalize the radrelay additions, based on Cistron RADIUS
	  Patches from Simon <lists@routemeister.net>
	* Fix issues with linking, by making libradius shared.
	* Fix issues with MD4, MD5, SHA1, and use of OpenSSL
	* Update rlm_x99_token module to compile.

FreeRADIUS 0.6.0 ; Date: Date: 2002/07/03 14:16:33 , urgency=high

	* Many bug fixes.  For explicit details, see:
		http://www.freeradius.org/cvs-log/
	* Change to the user/group specified in the config file in all
	  modes ( debug and daemon ).
	* SQL sockets are rotated so that all are used, to prevent the
	  SQL server timing out and closing unused sockets.  Patch from
	  Todd T. Fries
	* Sybase driver from mattias@nogui.se.
	* Modules are now versioned.
	* Delete garbage Proxy-Reply attributes sent by the home server
	  before performing our own reply.
	* Fix race conditions when duplicate packets resulted in a request
	  being processed by two threads, at the same time.
	* Add '-d' command-line option to radwho
	  Bug noted by Matthew Schumacher
	* Corrected issue that when a home server never replied to a
	  proxied request, the server may die.
	* In SQL, look in radcheck, if not found there, try radgroupcheck.
	  Patch from Thomas Jalsovsky.
	* Set sql user name for ALIVE accounting packets, too.
	  Patch from Simon <lists@routemeister.net>.
	* Use port-specific checking for realms, now that we can proxy to
	  different auth/acct servers for the same realms.
	  Patch from Eddie Stassen.
	* Minor updates to encrypted tunnel passwords.
	* Default 'run_dir' is now /var/run/radiusd, not var/run.
	  /var/run is writeable only by root, and radiusd may be run suid.
	* Modules are now versioned, so that upgrading the server
	  ensures that the new modules are installed.
	* Fix sql code, so that magic SQL characters don't get the
	  SQL server excited.
	* Remove references to "UNKNOWN-NAS" in log messages.
	* Properly handle fork() and obtaining child processes exit
	  status when using threads.  (pthread is broken w.r.t. signals)
	* Correct code which would send erroneous reject, when the reject
	  was delayed, and a new request came in.
	* Fix race condition where proxied requests would sometimes never
	  be re-sent.  Bug noted by Eddie Stassen.
	* Corrected LDAP3 schema
	* Implemented Digest authentication, as per IETF document
	  draft-sterman-aaa-sip-00.txt, to perform authentication against
	  a Cisco SIP server.
	* If no password or group files have been specified in the config,
	  use the standard system calls to find them, rather than giving
	  up.  Patch from Steve Langasek.	
	* Return Proxy-State attributes in a delated Access-Reject
	* Corrected 'session zap' logic, when an old and unused session
	  is deleted from the databases.  Accounting packets with garbage
	  Client-IP-Address attributes should no longer be a problem.
	* Bug fixed in LDAP attribute map, for MS-CHAP related attributes.
	* Fixes to the EAP module to work better with XP.
	* Support for MS-SQL, using the FreeTDS library,
	  from Dmitri Ageev
	* New operators =* and !*.  See 'man 5 users' for details.
	* Added translation for %{config:section.subsection.item}, to
	  allow run-time translation of internal configuration parameters.
	* New rlm_sqlcounter module, to keep counters based on SQL data.
	* Fix rlm_realm, to allow seperate proxying of accounting and
	  authentication requests.
	* Bug fixes in PostgreSQL back-end, from Andrew Kukhta.
	* Increase internal buffers, to allow large SQL query strings.
	* Added debug level 3 (-xxx), where debug messages have time stamps.
	* Fix 'radwho' to use the correct radutmp file, as found by
	  'configure' (but radwho still doesn't read radiusd.conf)
	* Fix bugs in tunnel (tagged attribute) code, which would prevent
	  tagged attributes from being generated correctly in a packet.
	* Build only 'stable' modules by default.  Experimental modules
	  require --with-experimental-modules to be passed to 'configure'
	* New module rlm_ippool, to do server-side IP pooling.
	* Fix rlm_eap module for portability, to work on non-x86 platforms.
	* Re-connect to the LDAP server if the connection idles out
	* Increased the visibility of the warning messages when doing
	  'make install'
	* Fixed EAP module to use 16-bit integers, so that it will
	  work on big-endian architectures.
	
FreeRADIUS 0.5.0 ; Date: 2002/03/14 22:18:22, urgency=medium

	* Many bug fixes.  For explicit details, see:
		http://www.freeradius.org/cvs-log/
	* Added Foundry dictionary, from Thomas Keitel
	* Fix a logic bug in the 'walk over request list' code, which
	  would sometimes result in a request being deleted while it
	  was still being processed.  Found by Rainer Clasen
	* New 'tuning' guide, for optimizing the server's speed.
	* The default ports are now 1812/1813, which is the standard.
	* Fix a bug which would hang the server when many SQL connections
	  were open.  Found by Cvetan Ivanov <zezo@spnet.net>
	* Updated MySQL schema, with sanity checks, based on a schema from
	  Thomas Huehn <huehn@eozaen.net>
	* Added 'Aptis' (Nortel CVX) dictionary.
	* Added Ipv6 attributes (as 'octets' type for now)
	* 'xlat' capability for SQL, so other modules can do SQL queries.
	* We don't need a shared secret for LOCAL realms.
	* Added better description of internal variables.
	* Configurable fail-over to DEFAULT realm.  Sometimes we don't
	  want to use the DEFAULT realm, if all configured realms are
	  marked dead.  From Rainer Clasen.
	* new configuration items 'max_attributes' and 'reject_delay'
	  If the packet contains too many attributes, it can be rejected.
	  We can also delay sending an Access-Reject, which slows down
	  certain DoS attacks.
	* Updates to redhat scripts and spec file, from Marko Myllynen.
	* Python module (EXPERIMENTAL) from migs paraz <mparaz@yahoo.com>
	* Add ability to find *best* match when comparing attributes.
	  If there is more than one attribute in a request and the first
	  one doesn't match, go check the second one, instead of failing.
	* unixODBC support for SQL, from Dmitri Ageev <d_ageev@ortcc.ru>
	* Use thread-safe versions of library calls.  This work is still
	  on-going.
	* New rlm_passwd module, to allow general parsing of passwd-style
	  files.
	* Preliminary EAP-TLS support.
	* Updated LDAPv3 schema
	* Correct checks for Odbc, and fix bugs in the module.
	  Andreas Kainz <aka@maxxio.at>
	* MAN page fixes and updates
	* Added PHP web interface 'dialup_admin'
	* Password = "UNIX" or "PAM" backwards compatibility removed.
	* Use the operators in the SQL schema and queries, and bug
	  fixes in the SQL module.
	  Randy Moore <ramoore@axion-it.net>
	* fgetpwent() compatibility, for systems without it,
	  from Daniel Carroll <freeradius@defiant.mesastate.edu>
	* Added PAP authentication module, as a step to removing
	  most authentication handlers in other modules.
	* Send a Access-Reject after max_request_time
	* Multiple fixes in the LDAP module.
	* Quintum dictionary by Jeremy McNamara <jj@indie.org>
	* Preliminary EAP Module with MD5 support
	  Contributed by Raghu <raghud@hereuare.com>
	* Better sanity checking for bad VSA's when receiving a packet
	* new 'xlat register' so that attribute values may be pulled
	  out of configurable databases at run-time.
	  e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}
	* Minor fixes to debian package rules
	* Attribute 'Password' deprecated in favor of 'User-Password'.
	* MS-CHAP and MS-CHAPv2 MPPE support added.
	  Contributed by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>.
	* X9.9 token enhancements (several).

  --  Alan DeKok <aland@ox.org>

FreeRADIUS 0.4.0 ; urgency=low

	* Allow the MS-CHAP module to work, and to read /etc/smbpass
	  3APA3A <3APA3A@SECURITY.NNOV.RU>
	* Remove the server requirement that one of User-Password
	  or CHAP-Password exist when doing authentication.  These
	  checks should be handled by the modules.  This change
	  also prepares us for EAP.
	  Patch from Raghu <raghud@hereuare.com>
	* Make NAS-Port-ID in radwho, raduse, etc. unsigned,
	  instead of signed.
	  Patch from John Morrissey <jwm@horde.net>
	* Allow \t and \n inside of configuration strings.
	  Frank Cusack <fcusack@fcusack.com>
	* X9.9 Challenge-Response token card support.
	  For now, only CRYPTOCard tokens are supported.
	  Frank Cusack <fcusack@fcusack.com>
	* Fix core dump on Solaris in radwho.c
	  Patch from Eddie Stassen <eddies@saix.net>
	* Fix leak / core dump in Oracle module.
	* Fix memory leak in rlm_counter
	  Kostas Kalevras <kkalev@noc.ntua.gr>
	* "LOCAL" realms do not need to have an entry in the 'clients'
	  file.  Philippe Levan <levan@epix.net>

  --  Alan DeKok <aland@ox.org>

FreeRADIUS 0.3.0 ; urgency=low

	* Added ability to send debug messages to the log file, when
	  running in daemon mode.
	* Miscellaneous fixes to get Debian packaging working.
	* When trapping a signal, don't SIGKILL children on a SIGTERM,
	  SIGTERM them, instead.  This allows Exec-Program scripts to
	  catch the signal, and finish processing, instead of dying.
	  Bug noted by Michael Chernyakhovsky <magmike@mail.ru>
	* Increased limit on length of user name read from /etc/passwd,
	  to match the maximum allowed by RADIUS.
	  Bug noted by "Gonzalez B., Fernando" <fgonzalez@manquehue.cl>
	* Configurable fail-over when proxying packets.  If the
	  home server doesn't respond to a repeated proxied request,
	  it's marked as 'dead', and the next one in the list is used.
	  Patch by Eddie Stassen <eddies@saix.net> and <spirn@21cn.com>
	* Pass Access-Challenge attributes through the server, in
	  preparation for EAP.
	  Raghu <raghud@hereuare.com>
	* More fixes for RFC compliance on the Message-Authenticator
	  Raghu <raghud@hereuare.com>
	* Merged OSFC2/OSFSIA authentication patches from Cistron.
	  (Bug # 104)  The patches are not well tested, however.
	* IBM DB2 UDB V7.1 SQL driver, contributed by
	  Joerg Wendland <wendland@scan-plus.de>
	* Fix the IP + Port address assignment.
	  Bug found by "John Padula" <john_padula@aviancommunications.com>
	* Patch to avoid smashing the contents of Ascend binary filters.
	  Michael Chernyakhovsky <magmike@mail.ru>
	* Create and Validate Message-Authenticator attribute, in
	  preparation for EAP.
	* Initialize variables properly in rlm_attr_filter.
	  Patch from Andriy I Pilipenko <bamby@marka.net.ua>
	* Renamed RedHat init script from 'radiusd.init' to 'radiusd'.
	  This allows it to work properly with the RedHat rc system.
	  Patch from Christian Vogel <chris@amor.iksys.de>
	* Fix the configure script checks for PostgreSQL, so that
	  they use the 'test' command properly.
	  Bug found by Robert Haskins <rhaskins@ziplink.net>
	* Change instances of 'assert' to 'rad_assert', so that it
	  can log the error to the standard radius log files.
	  Patch from Vesselin Atanasov <vesselin@bgnet.bg>
	* Patch to prevent segv when freeing results, from
	  Tomas Heredia <tomas@intermediasp.com>
	* Added support for Exec-Program to acct.  Bug found by
	  <magmike@mail.ru>
	* Corrected rlm_files so that raddb/acct_users works
        * When doing synchronous proxying, update proxy next try
	  entries, so that the server doesn't eat CPU time.
	  Raghu <raghud@hereuare.com>
	* Add primitive dictionary.nomadix <CBoyd@apogeetelecom.com>
	* Log messages to console, if the logger hasn't been
	  initialized.  <vesselin@bgnet.bg>
	* Log invalid user for proxy rejects, too. <help@visp.net>
	* Fixed Expiration attribute handling.
	* Added code to handle Ascend-Send-Secret and Ascend-Receive-Secret
	* Removed non thread-pool code.  If we have threads, we now force
	  the use of thread pools.
	* Update version number
	* correct bug where proxied accounting packets would never have a
	  reply sent back to the NAS, or the reply would be sent twice.

  --  Alan DeKok <aland@ox.org>
	
FreeRADIUS Alpha 0.2.0, July 30, 2001.

	* call openlog() again when using PAM, to get the correct log
	facility.
	* Update child thread code, to minimize race conditions.
	* Make thread pools the default.  Using plain child threads is NOT
	recommended.
	* Ignore SIGPIPE to get ride of crashes when using ldap.
	* Update proxying code to work better.
	* Platform independent pthread_cancel()ling
	* Fix 'unresponsive child pid' erroneous warning messages.
	* Many changes to get various SQL modules working.
	Note that there may still be some issues with Oracle.
	* Added configure options 'with-rlm-FOO-include/lib-dir', so that
	lower-level rlm_FOO modules can be configured via the top-level
	configuration file.  This isn't completely done yet.
	* Fix check for shared library using libtool info, instead of
	assuming extension being ".so".
	* Fixes for HPUX.  We probably need more.
	* Many additional bug fixes and changes.
