2007/03/25 - 0.9.12c

        - Fixed security bug in radldap.c by cleaning up the
          DN-as-pseudo-attribute feature. It contained a dangerous strcpy.

          Long DN values could cause a buffer overflow in the radldap sub 
          module, possibly allowing arbitrary code originating from the 
          database to be run as the user radldap runs as, which is the same as 
          the user the main server runs as in default installations.

        - Updated BSD and Solaris makefiles

2006/03/24 - 0.9.12b

	- Updated the GNU and BSD makefiles to use $(PREFIX) for compiled in
	  base paths, defaulting to /usr/local. If you specify a PREFIX during
	  'make', you must specify the same one during 'make install'.  The
	  INST_PREFIX is a wholly separate feature that specifies the target
	  root directory for the installation only, and is intended for the
	  creation of binary packages and -tarballs.

	- Fixed LDAP bitrot since 0.9.9: 
	
	  o updated radldap and radldap.attrmap to reflect the moving of the 
	    internal int and str attributes from vendor 0 to the special vendor
	    'any' and the renumbering of 'clearpassword' and 'md5hexpassword'
	    in dict.internal.

	  o Fixed a naming error in sample.ldif and mismatch with the authbind
	    behaviour file
	
	- Improved radldap error resilience: if a search results in a low level
	  LDAP error, it will reconnect itself instead of leaving that to the
	  LDAP library. OpenLDAP eg. fails to do that.

2006/03/17 - 0.9.12a

	First maintenance release for 0.9.12. I expect to do those for a while,
	as it's the last one that attempts to be compatible with existing
	installations. 0.9.13 has a big overhaul in some areas of the behaviour
	language.
	
	- Reverted change made to the installation script in 0.9.11, which
	  broke on systems with strictly POSIX versions of 'cp'.

	- Minor backports from 0.9.13's build files (make dist works more 
	  sensibly now; making a preprocessed .i file from a .c file is now
	  possible by simply calling make dir/file.i)

	- Removed EAPServer and EAP-TLS stuff; it's unusable and doesn't 
	  provide useful information as the form EAP work has taken on in
	  0.9.13 is quite different. 

2005/12/8 - 0.9.12

	Changes

	- Altered compiler's search order when encountering a named term. If
	  an attribute context is in scope, the list of constant value names
	  for that attribute is now searched before the list of attributes is
	  searched. This allows Acct-Terminate-Cause == Session-Timeout to work
	  as expected.

	- Changed the scoping of the attribute context used for finding
	  constant names.

	  Attribute contexts are now only reset when a comma is encountered
	  (not when immediate terms are read). The context still only
	  propagates to lower level subexpressions, not to higher levels.

	- Made all VM arithmetic and conversions unsigned. Fits RADIUS better,
	  as all IETF integer attributes are defined as unsigned. Wrapping
	  at either side works properly, and we use 2's complement, so no
	  information is lost: (2 - 5) + 6 == 3, and -(2 - 5) == 3, and 
	  2 - 5 == -3 are all still true.

	- Changed radclient's logging parameters; -q now only suppresses output
	  on stderr and does not influence the log level anymore. That is now
	  solely controlled by -v, which lowers the log threshold for all
	  facilities from ERROR to NOTICE, and another -v from NOTICE to DEBUG.

	New features

	- Big modernization of the example configuration/behaviour files for
	  PostgreSQL and MySQL; the good bits of various customer
	  implementations and new features are included there, such as
	  proxying, summary logging, and Message-Authenticator checking.

	- Added feature in radsql to allow the id of the last inserted record
	  as given by the DBD's last_insert_id function to be returned in an
	  attribute. The format of the bind variable list given by the second
	  'str' is now 

	  	'bindattr,bindattr,bindattr/returned_id_attr[=sequence_name]'

	  Some database drivers /require/ the sequence name to be specified;
	  others ignore it. Too bad, but many behaviour files will already use
	  database-specific SQL statements anyway.

	- Added feature that allows you to put A/V pairs to be added to each
	  request's request or reply list in the configuration file. Can be
	  used for setting a server key for use in State and Class HMAC 
	  checking, and other static values.

	- Added Request-Number and Server-Pid feature that can help in
	  generating safe session identifiers if the NAS doesn't provide them. 
	  The concatenation of Timestamp + Server-Identifier + Server-Pid +
	  Request-Number is *guaranteed* to be unique by your machine's sanity
	  (the PID not wrapping nor OpenRADIUS getting 2^31 requests in one
	  second), whereas 'random 8' merely has a high *probability* of being
	  unique over a number of iterations.  Using random for serial numbers
	  is gambling with a high chance of success, not making an effort.
	  There is a difference!

	- Implemented multi-call transactions. This allows you to ensure that
	  repeated calls to a module end up at the same instance of the module.
	  For example, if you require SQL transactions, you can now run 
	  multiple instances of radsql again again, because all calls that are
	  part of a transaction will use the same PID, or return with an error.

	  This is done by allowing module interfaces to specify an attribute 
	  where the chosen PID of a module subprocess is stored after a module
	  call. If that attribute is found upon a (subsequent) module call,
	  we route the job to that PID, or continue the job with that attribute
	  set to -1, so that your behaviour file can rollback the transaction,
	  reset the session, or perform other cleanups.

	  This makes transaction-based SQL accounting very scaleable.

	- Updated radaccttest wrapper to allow setting an Acct-Session-Id
	  attribute using -sess.

	Bugfixes

	- Made radsql more friendly towards picky DBD drivers that require
	  a bindvar call for all placeholders, including those that are NULL.
	  This fixes a problem when using newer versions of Postgres.

	- Made radsql return int=1 when DBI returns '0E0' for 'number of
	  records returned/affected', so that N/A is interpreted as success.
	  This fixes a problem when using newer versions of Postgres.

	- Made 'make install INST_PREFIX=directory' work as advertised.
	  Should merge Ray Dassen's Debian package soon.

	- The feature that allows part of the request- and reply list to be
	  initialized in the configuration file now actually works

0.9.11b

	- Applied missing shoe polish. Was missing from 0.9.11 releases.
	  Seriously, installation and configuration are now as they should be:
	  working out of the box.

2005/11/9 - 0.9.11 (it's an accident, honestly)

	Changes:

	- Bumped binary module interface version to 2, because we now send 
	  requests with a different magic number (0xbeefdead). Replies are
	  still expected to have 0xdeadbeef as the magic number. The difference
	  will be used to distinguish among replies by modules and messages
	  from modules that are to be decoded using a dictionary and handled as
	  a new 'RADIUS' request, with the response going back to the module. A
	  side effect is that the binary module 'cat' will then not implement
	  'moveall', but a recursive call of the behaviour file.

	New features:

	- Implemented auto splitting of attributes at buildtree stage based
	  on max_size dictionary item property. Currently max_size cannot be
	  set explicitly, but is calculated from the len_size and the rest.

	- Implemented unary prefix operator 'all' that takes all instances of
	  A/V pairs referenced by its operand and joins them together into one
	  string. Referenced integers are taken as raw bytes in network order.

	- Implemented unary prefix operator 'random' that generates a number
	  of random bytes matching to the given integer or the length of the
	  string on the right.

	- Implemented binary operators 'papencrypt' and 'papdecrypt'; this
	  allows full 128-byte PAP password support, contrary to the crude
	  version that used to be in the example behaviour files

	- Implemented binary operator 'unixcrypt' that performs a crypt(3),
	  based on patch by Geoffrey Hort <g.hort@unsw.edu.au>. Note: Platform
	  makefiles other than Makefile.gnu don't currently set -DHAVE_CRYPT or
	  -lcrypt in S_CF_CRYPT and S_LL_CRYPT.

	- Implemented binary operator 'hmacmd5' to allow verification of
	  Message-Authenticator in the behaviour file. Added code to sign
	  response packets in Message-Authenticator if it was given on the
	  reply list.

	- Implemented Message-Authenticator checking in the supplied example
	  behaviour file.

	- Added missing attributes from RFC2869 to dict.rfc2869. Together with
	  the above two changes, this means that the server is now fully
	  RFC 2869 compliant if you use a suitable behaviour file.

	- Modernised example behaviour files, taking advantage of new
	  dictionary layout and the and, or, pokedwith, papdecrypt and
	  accept/reject/acctresp operators. Log-Line still only used in
	  behaviour.sample-usersfile and accounts/behaviour for now.

	- Solved ancient encoder problem that required the reply list to be
	  ordered such that fixed fields (eg. the RAD-* attributes) effectively
	  had to come either all first or last, but not mixed with the normal
	  attributes. 

	  (Technical explanation of the feature: if meta_buildtree is about to
	  use a fixed (eg. RAD-Attributes) field as an encapsulating item, it
	  now searches the tree on the current level to see if such an item
	  already exists. If so, that one is used, instead of adding a new
	  instance that would overwrite the old instance of the item during
	  encode).

	- Allowed source directories to be specified as well as files for
	  build/install

	- Improved default install permissions; always required manual tweaking
	  and the default set was good for almost nobody. Everything is now
	  mode 644 (755) except for potentially sensitive files (configuration,
	  because holds database passwords; behaviour, because may hold
	  emergency admin credentials; and legacy, because holds shared secrets
	  and user credentials), which are installed 640. It's recommended to
	  set the group of the 640/750 files to 'radiusd' and run the server as
	  a (obviously non-root) user that is a member of that group.

	Bugfixes:

	- Fixed suble stdarg-related bug; on AMD64, va_list is a reference
	  to the argument list index instead of the actual index. A braindead
	  way of dealing with register parameters, but allowed by C99. Caused
	  SIGSEGVs at startup. Reported by Jrg Wunsch
	  <j@ida.interface-business.de>

	- Fixed error in radsql that caused it to fail on newer DBI drivers
	  that return undef instead of 0 as the number of columns returned
	  if there is nothing to fetch.

	- Fixed subtle bug in radclient that caused it not to encrypt PAP
	  attributes correctly if a request authenticator was already given
	  in the query. Does not happen when used for proxying or other normal
	  purposes, but it's a bug nonetheless.

	- Fixed bug in job_run that would make the server behave unpredictably
	  if your behaviour file doesn't set a Secret on the reply list but
	  still makes the server respond (using halt or its accept, reject, or
	  acctresp variations thereof).

	- Fixed error in meta_atoord (ASCII to numeric conversion operating on
	  rings) that caused characters in the range 'a' - base to be accepted,
	  where they should be rejected. Most prominent effect is that '\xa\xa'
	  now works and generates '\x0a\x0a' instead of '\xa5xa'.

	- Fixed small memory leak when papencrypt or papdecrypt is supplied
	  with invalid authenticators/secrets

	- Fixed bug that prevented syslog facility argument to be handled 
	  correctly; patch from Geoffrey Hort

	- Renamed ARCH variable in build system to ARCHIVE, so that ARCH can
	  hold an architecture name, as is the case on eg. FreeBSD, suggested
	  by Adam Jette <jettea46@yahoo.com>

2005/02/20 - 0.9.10

	- Fixed compile error of tools/ascenddatafilter on MAC OS X (UINT4)

	- Added support for pseudo LDAP attribute 'dn' in radldap; this can
	  be used map the distinguished names of returned objects to OpenRADIUS
	  attributes, allowing you to search for an object first and then 
	  to bind on it (using a separate instance of radldap).

	- Added a balanced accounts example setup, see examples/accounts;
	  implements full pre-paid accounts based on time slots and/or 
	  metered time. Also supports automatic caller ID locking.

	- Restructured source tree a bit, renaming raddb to etc and creating
	  an examples directory containing the (not installed) example 
	  configurations, to prepare for merging Ray Dassen's contributed
	  Debian package (thanks!)

	- Corrected error in subdicts/dict.ascend that prevented all integer
	  attributes from working.

	- Added a few dictionaries, most notably ERX (Juniper), WISPr
	  and Nomadix; updated dict.rfc2869 to be more complete.

	- Updated the default configuration and behaviour files for ASCII files
	  to use Log-Line and pokeav. Other example files still tbd.

	- Changed logging for the [recv] and [send] facilities; level notice
	  now gives decoded A/V lists for [recv] and the Log-Line for [send],
	  and level debug provides the packet hexdumps for both and an A/V tree
	  for facility [send].

	- Added Log-Line feature: an attribute that gets logged as facility
	  [send] at level notice when the behaviour expression terminates.
	  This removes the need for a logging interface call before every
	  halt or abort.

	- Added pokeav to support changing attributes or fixed fields in
	  place; together with the new dictionary structure, this allows
	  you to set eg. Message-Authenticator to zeroes before doing a
	  hmac-md5 on the whole packet. No hmac-md5 operator is implemented
	  yet though.

	- Restructured dictionary to remove the RAD-Length = 20 hack from
	  the dictionary, and to allow access to the whole packet for 
	  the purpose of verifying signatures such as RAD-Authenticator
	  and Message-Authenticator (80).

	- Added asmac operator that converts strings containing MAC addresses
	  to a user defined canonical format. Usage is 'string asmac 
	  separator', eg. "0:01:2:03:4:aA" asmac "" -> 0001020304aa 
	  or (same) asmac "-" -> 00-01-02-03-04-aa

	- Updated example behaviour file behaviour.sample-usersfile to show
	  how PAP passwords longer than 16 characters can be handled (0.9.9c)

	- Fixed problem caused by missing file etc/openradius/legacy/nases
	  (0.9.9c)

	- Fixed a bug that allowed a module dying at the wrong time to take
	  the server with it. A timespan existed between reaping dead modules
	  and sending data to modules for modules to exit, causing the write
	  to generate a SIGPIPE. This was observed in the field under high 		  load in combination with a constantly restarting module (0.9.9b)

	- Fixed compiler error that caused it to generate spurious auto 
	  conversion opcodes for parentized subexpressions (0.9.9a)

2004/08/xx - 0.9.9

	- Added Target-Server attribute to radclient which can be used to 
	  specify one or more server:port/secret combos to be used for the
	  query instead of those given on the command line.

	- Enhanced module interface; the receive window may be larger than 1;
	  requests/replies may use a user defined job ticket attribute to
	  refer to one of several outstanding requests. The module subprocess 
	  supervision watchdog now guards the oldest job on the receive queue.

	- The above two entries are really just a cryptic way of saying that 
	  full featured proxying is finally there.

	- Cleaned up and updated behaviour,configuration.sample-usersfile to 
	  demonstrate proxying and adds a Naslist interface that can be used to
	  add NAS-specific attributes (in addition to RADIUS client-specific
	  attributes; there's no difference if there are no proxies in between).

	- Added an example schema, configuration and behaviour file for 
	  PostgreSQL. The configuration- and behaviour files also show the
	  new proxy features.

	- Added -a flag to radsql to turn autocommit off. Remember to make
	  sure that multiple statements in the same transaction go through
	  the same connection, by defining an interface with only a single
	  'prog=radsql' line when using this flag.

	- Improved module interface debugging output

	- Improved VM error messages (although you had probably rather seen
	  that for the compiler)

	- Fixed some rare corner cases in module interface and language and
	  some uninitialised structures; valgrind is completely happy now.

2004/01/16 - 0.9.8

	- Added pidfile and 'reopen-output-at-HUP' feature by Brian Candler 
	  to radlogger for easier log rotation. 

	- Made ascfile more forgiving about carriage returns at the start of
	  lines.

	- Added 'exists' boolean unary postfix operator, which returns 0 if 
	  the left hand side argument is an unresolved attribute reference,
	  and 1 otherwise. This is useful to distinguish between a false (empty
	  or zero) valued attribute and no attribute at all.

	- Added 'not' and 'no' as synonyms for '!', the boolean not operator.
	  This means you can write "no User-Password exists" and get the
	  expected result.

	- Added a badly needed convenience feature: three behaviour file
	  operators, accept, reject, and acctresp. These set RAD-Code to
	  the appropriate value and halt, but before doing so, they remove
	  certain A/V pairs from the reply list. This makes it much easier
	  for your behaviour file to guarantee RFC-compliant responses.

	  The rules are as follows: 

	  * acctresp deletes all attributes in space RAD-ATR from the reply
	  list, unless the attribute has 'acctresp' set in the dictionary. This
	  is normally only the case for Proxy-State, but you may set it for
	  additional attributes if required.

	  * reject deletes all attributes in space RAD-ATR from the reply
	  list, unless the attribute has 'reject' set in the dictionary. This
	  is normally only the case for Proxy-State and Reply-Message, but you
	  may set it for additional attributes if required.

	  * accept doesn't remove any attributes, it just sets RAD-Code to
	  Access-Accept before halting. Included mainly for completeness.

	- Updated raddb/subdicts/dict.stdauth to include these flags.

	- Added SMB (Windows NT) authentication module by Brian McGraw
	  <bmcgraw@philorch.org>

	- Made radldap use LDAPv3 instead of LDAPv2 by default, unless -2 is
	  specified.

	- Increased max. subprocess message size and made subprocess ring 
	  buffer always follow chosen size.

	- Fixed a typo in jobs.c that caused a SIGSEGV on overflowing interface
	  queues.

	- Fixed bug in radclient that prevented echoing of Radclient-Query-Id
	  in case of succesful queries.

	- Made radclient not add a CHAP-Challenge attribute if the -p 
	  (don't encode given password attributes) is specified

	- Made radaccttest script accept same optional argument list as
	  radtest (port, cli, dnis, etc).

	- Added groupname column in MySQL schema. This can be used to add
	  attributes that are specific to a user-, client- or NAS-group, by
	  doing a query in space 'groups' using the groupname values as 
	  returned by a query for users, clients or NASes. See the new
	  behaviour.sample-mysql.

	- Fixed bug in behaviour.sample-mysql that prevented reply attributes
	  returned by the client query from working correctly

	- Improved usefulness of authentication logging in SQL as done by 
	  behaviour.sample-mysql; the result is logged too, for example.

	- Cleaned up the default behaviour.sample-usersfile a little,
	  and updated it to make use of the new preferred 'or' and 'and' 
	  synonyms for || and && and the new accept, reject and acctresp
	  operators.

	- Added command line tool to precompile Ascend-Data-Filter 
	  definitions to binary form suitable for use in the behaviour file
	  or MySQL.

	- Added Ascend dictionary using FreeRADIUS' dictionary and Brian
	  Candler's free2openradius.pl script

2003/05/02 - 0.9.7

	- Added 'radsql' module that supports generic queries to SQL databases,
	  including queries that return FreeRADIUS-style check items or
	  arbitrary A/V pairs.

	- Added 'delay' module that answers after delaying a number of seconds

	- Added '-s' (single line) flag to the radlogger module.
	  (from Brian Candler <b.candler@pobox.com>)

	- Made some minor improvements to radaccttest

	- Made radtest pass on the -i (interface) option

	- Added some optional request attribute args to the radtest script

	- Added radtest / radaccttest to list of files installed in .../bin

	- Made radlogger's error messages go to stderr instead of stdout

	- Fixed permission bits on Makefile.solgcc / sol5gcc

	- Added -lber to radldap's flags in Makefile.bsd

	- Updated main README with new build and test instructions

2003/04/03 - 0.9.6:

	- Added documentation for the client in tools/radclient/README

	- Added Cistron/FreeRADIUS-compatible radtest wrapper scripts in 
	  tools/radclient/radtest and -radaccttest

	- Changed default timeout in radclient to 5 seconds instead of 2

	- Fixed typo in radclient.c that prevented replies to be correctly
	  matched to requests 

	- Added Acct-Status-Types from RFC 2869 (Tunneling) in dict.stdacct

	- Added Makefile.sol5gcc for Solaris 2.5.1; removes HAVE_VSNPRINTF

	- Removed unsupported -f (flood) option in radclient for now

	- Removed some outdated and redundant documentation files from doc/

2003/02/25 - 0.9.5:

	- Added versatile radius client in tools/radclient; supports fully
	  asynchronous operation, multiple target servers, the standard 
	  OpenRADIUS module interface, encoding of PAP and CHAP passwords,
	  and much more. Can be used for trivial proxying purposes as well.

	- Fixed segfault when reading dictionary that occurred when an item
	  referenced for adding constant value names is outside the default
	  space. (from 0.9.4c)

	- Minor fixes for QNX4's Watcom C (which defaults to unsigned char).

	- Added a portable install script; installation now works hassle-free
	  on Linux, NetBSD, FreeBSD, BSDI, SunOS 5, Solaris 7, Tru64 4.0, 5.1, 
	  and QNX 4. No longer overwrites existing configuration directories.

	- Complete rewrite of the build system, using a single-session make.
	  At the cost of relying more heavily on GNU Make, rebuilds are now 
	  always correct, header dependencies are automatically generated and
	  tracked without requiring things like 'make dep', and full builds 
	  are faster. (See the paper "Recursive Make Considered Harmful", by 
	  Peter Miller). Also fixes inconsistencies in various Make.conf.xxx
	  files.

	- Changed default configuration directory from ...etc/raddb to
	  ...etc/openradius. This makes it easier to keep it next to other
	  servers and removes the suggestion that the files are compatible.

	- Ascfile module: multiline records are no longer delimited by blank 
	  lines; rather, a new record is started by any non-comment line whose 
	  first non-whitespace character is in column 0, for both single and 
	  multiline-record files. The distinction is gone, so the -s flag is 
	  not needed anymore either. (from Brian Candler <b.candler@pobox.com>)

	- Added support for USR's NMC attributes in the dictionary; no actual
	  attributes added yet though.

	- Fixed partially initialized sockaddr_in structure which caused bind
	  errors on some platforms, particularly OS X. (from 0.9.4b)

	- Fixed wraparound error in ring buffer scanning functions which 
	  sometimes caused apparently random behaviour file compilation errors.
	  (from 0.9.4a)

2002/06/25 - 0.9.4:

	- Put real, registered OIDs in distributed sample LDAP schema 

	- Fixed CERT CA-2002-06 vulnerability #2

	- Fixed conversion operators in language

	- A number of bugfixes and improvements in the behaviour language:

	  * actually implemented the conversion from string to date;
	  * date + int sets current type to date;
	  * IP address + int sets current type to IP address;
	  * 'and', 'or' synonyms for '&&', '||';
	  * divide by zero just aborts expression, instead of killing server
	  * fixed '!' behaviour on strings;
	  * made date conversions to/from strings use localtime() instead of 
	    gmtime(). Run the server with TZ set to UTC if you want the old
	    behaviour.

	- Good cleanup of meta_buildtree()

2002/03/22 - 0.9.3:

	- Fix major bug in example behaviour files involving CHAP. It plainly
	  didn't work at all.

	- Fixed bug in behaviour.sample-ldap-authbind, which would allow 
	  all non-PAP users in (that is, without checking any passwords).

	- Fix bug in dictionary that caused Accounting signature validation
	  to fail. Corrected mix up of Acct-Authentic and Acct-Authenticator.

	- Included some test queries for PAP, CHAP and accounting for use
	  with tools/radclient.

	- Changed server to use raddb as current directory for modules again,
	  so that all configuration files are kept in one place. Modules' own 
	  configuration files are stored under raddb/modules now. Also fixes 
	  bug when using ASCII clients- and users files.

2002/03/20 - 0.9.2:

	- Added LDAP schema and ldif file with sample data; updated included
	  example attribute mapping file; added proper example behaviour and 
	  configuration files for use with LDAP.

	- When (auto-)converting a decimal string attribute to a numeric one, 
	  and the string is not a valid number, we try to find lookup the
	  value as a named constant for the string attribute. If found, that
	  value is used instead. Handy for doing things like
	  'Framed-Protocol = str-Framed-Protocol', and allows to use constant
	  names in LDAP different from our own.

	- Start modules using their own directory as cwd. This allows modules
	  to operate without having absolute paths to their configuration
	  files specified on their command lines.

	- Added elementary test command line client in tools/radclient. Reads 
	  list of ASCII A/V pairs on stdin (formatted as by ASCII modules) and 
	  displays pairs in response. Note that all attributes are sent as-is, 
	  including User-Password, and the response is not checked in any way,
	  only displayed. Will add PAP/CHAP generator soon.

	- Plugged a couple of memory leaks; Mozilla's leaky tool doesn't show 
	  any now (thanks to dmelomed@devonitnet.com for pointing this out).

	- Fixed := operator bug that scribbled on memory when the instance 
	  assigned to was also referenced on right hand side.

	- Big makefile cleanup. Supports GNU Make only now. I've given in to
	  the temptations of the slogan "don't bother with portable makefiles,
	  use a portable make instead". Portable makefiles don't seem to be
	  possible at all if you want to add text to variables (for making 
	  lists) and want to use a common settings file so you can call make 
	  in every subdirectory.

	- Added dictionary support for MS VSAs.

	- Merged fixes to make it run on Mac OS X, untested though.

	- Fixed (harmless) GCC warnings on LP64 platforms such as Alpha.

2001/12/08 - 0.9.1:

	- Added LDAP module.

	- Added some informational messages during server startup, to
	  improve usefulness of '-d all', '-d misc -d recv' etc.; some
	  other logging cleanups.

	- Prepended log lines with internal facility names.

	- Fixed bug caused by not emptying a channel's receive queue
	  when its associated process dies. This caused the interface
	  that the channel was associated with, not to recover gracefully
	  from a subprocess restart.

	- Added some radius attributes to 'constants.h' to root and put
	  it in the public domain, to facilitate module writing. 

	- Put the Logger module (bourne shell script) in public domain
	  as well.

	- BSD/SysV compatibility fixes: Made uint32_t / u_int32_t dependent 
	  on Make.conf setting; more Make.conf cleanups/fixes

	- Added more documentation for all modules.

2001/11/18 - 0.9:

	- Added a lot of language documentation.
	
	- Included the (bare) html files in the doc/html directory and
	  generated the text files from that using lynx. The online docs
	  are generated from them as well.

	- Some precedence table fixes in langcompile.c; moved 'hex', 'md5'
	  together with other unary prefix operators (still lower because we
	  have string-related ops always lower than integer ones); moved '.'
	  just below lastof / firstof e.d.

	- Fixed minus handling for auto-radix numbers in meta_atoord; it used 
	  to require 0x-55 instead of -0x55.

	- Made 'statement' operators (interface calls, del, moveall etc). much 
	  more sane; they don't set the context to 'none' anymore so you can 
	  use them before closing a subexpression with ')'. They all leave 
	  something on the stack now. For del, delall and moveall, it's an int 
	  that reflects the number of pairs that were deleted resp. moved.

	- Removed the comma operator hack, which allowed it to be used in
	  context 'none' as well, where it would emit a OP_NOP. Not needed
	  anymore because no operator returns context 'none' anymore (except
	  the comma operator itself, which only still exists as an unary 
	  postfix operator that emits OP_POP).
	  
	- Made the pseudo-check items in dict.internal, that are likely to be
	  returned by ascfile to be compared to request attributes rather than
	  included in the actual reply, begin with a lowercase letter, so that
	  you don't need to use REQ: all the time. Reflected that in example 
	  raddb/legacy/users as well.

	- Added unixpasswd module. Simple, but probably effective enough.

	- Also because of above, updated behaviour.sample and renamed to
	  behaviour.sample-usersfile. Removed 'old', untested behaviour file.
	  Kept configuration.old around, as it's slightly less misleading,
	  although still just a more or less theoretic example, because most
	  modules mentioned there still aren't written yet. Added DNS resolver
	  example to it. Made behaviour.sample-unixpasswd the default one.

	- Fixed bug in config.c that caused behaviour file compilation errors
	  to be ignored.

	- Makefile fixes in raddb/, modules/ and tools/.

2001/11/05 - v0.8:

	- First public release.

2001/10/09 - v0.7:

	- First version that actually gets the name OpenRADIUS and a version
	  number, as all of the core functionality is finally implemented.

