2005/02/20 - 0.9.10

	- Fixed compile error of tools/ascenddatafilter on MAC OS X (UINT4)

	- Added support for pseudo LDAP attribute 'dn' in radldap; this can
	  be used map the distinguished names of returned objects to OpenRADIUS
	  attributes, allowing you to search for an object first and then 
	  to bind on it (using a separate instance of radldap).

	- Added a balanced accounts example setup, see examples/accounts;
	  implements full pre-paid accounts based on time slots and/or 
	  metered time. Also supports automatic caller ID locking.

	- Restructured source tree a bit, renaming raddb to etc and creating
	  an examples directory containing the (not installed) example 
	  configurations, to prepare for merging Ray Dassen's contributed
	  Debian package (thanks!)

	- Corrected error in subdicts/dict.ascend that prevented all integer
	  attributes from working.

	- Added a few dictionaries, most notably ERX (Juniper), WISPr
	  and Nomadix; updated dict.rfc2869 to be more complete.

	- Updated the default configuration and behaviour files for ASCII files
	  to use Log-Line and pokeav. Other example files still tbd.

	- Changed logging for the [recv] and [send] facilities; level notice
	  now gives decoded A/V lists for [recv] and the Log-Line for [send],
	  and level debug provides the packet hexdumps for both and an A/V tree
	  for facility [send].

	- Added Log-Line feature: an attribute that gets logged as facility
	  [send] at level notice when the behaviour expression terminates.
	  This removes the need for a logging interface call before every
	  halt or abort.

	- Added pokeav to support changing attributes or fixed fields in
	  place; together with the new dictionary structure, this allows
	  you to set eg. Message-Authenticator to zeroes before doing a
	  hmac-md5 on the whole packet. No hmac-md5 operator is implemented
	  yet though.

	- Restructured dictionary to remove the RAD-Length = 20 hack from
	  the dictionary, and to allow access to the whole packet for 
	  the purpose of verifying signatures such as RAD-Authenticator
	  and Message-Authenticator (80).

	- Added asmac operator that converts strings containing MAC addresses
	  to a user defined canonical format. Usage is 'string asmac 
	  separator', eg. "0:01:2:03:4:aA" asmac "" -> 0001020304aa 
	  or (same) asmac "-" -> 00-01-02-03-04-aa

	- Updated example behaviour file behaviour.sample-usersfile to show
	  how PAP passwords longer than 16 characters can be handled (0.9.9c)

	- Fixed problem caused by missing file etc/openradius/legacy/nases
	  (0.9.9c)

	- Fixed a bug that allowed a module dying at the wrong time to take
	  the server with it. A timespan existed between reaping dead modules
	  and sending data to modules for modules to exit, causing the write
	  to generate a SIGPIPE. This was observed in the field under high 		  load in combination with a constantly restarting module (0.9.9b)

	- Fixed compiler error that caused it to generate spurious auto 
	  conversion opcodes for parentized subexpressions (0.9.9a)

2004/08/xx - 0.9.9

	- Added Target-Server attribute to radclient which can be used to 
	  specify one or more server:port/secret combos to be used for the
	  query instead of those given on the command line.

	- Enhanced module interface; the receive window may be larger than 1;
	  requests/replies may use a user defined job ticket attribute to
	  refer to one of several outstanding requests. The module subprocess 
	  supervision watchdog now guards the oldest job on the receive queue.

	- The above two entries are really just a cryptic way of saying that 
	  full featured proxying is finally there.

	- Cleaned up and updated behaviour,configuration.sample-usersfile to 
	  demonstrate proxying and adds a Naslist interface that can be used to
	  add NAS-specific attributes (in addition to RADIUS client-specific
	  attributes; there's no difference if there are no proxies in between).

	- Added an example schema, configuration and behaviour file for 
	  PostgreSQL. The configuration- and behaviour files also show the
	  new proxy features.

	- Added -a flag to radsql to turn autocommit off. Remember to make
	  sure that multiple statements in the same transaction go through
	  the same connection, by defining an interface with only a single
	  'prog=radsql' line when using this flag.

	- Improved module interface debugging output

	- Improved VM error messages (although you had probably rather seen
	  that for the compiler)

	- Fixed some rare corner cases in module interface and language and
	  some uninitialised structures; valgrind is completely happy now.

2004/01/16 - 0.9.8

	- Added pidfile and 'reopen-output-at-HUP' feature by Brian Candler 
	  to radlogger for easier log rotation. 

	- Made ascfile more forgiving about carriage returns at the start of
	  lines.

	- Added 'exists' boolean unary postfix operator, which returns 0 if 
	  the left hand side argument is an unresolved attribute reference,
	  and 1 otherwise. This is useful to distinguish between a false (empty
	  or zero) valued attribute and no attribute at all.

	- Added 'not' and 'no' as synonyms for '!', the boolean not operator.
	  This means you can write "no User-Password exists" and get the
	  expected result.

	- Added a badly needed convenience feature: three behaviour file
	  operators, accept, reject, and acctresp. These set RAD-Code to
	  the appropriate value and halt, but before doing so, they remove
	  certain A/V pairs from the reply list. This makes it much easier
	  for your behaviour file to guarantee RFC-compliant responses.

	  The rules are as follows: 

	  * acctresp deletes all attributes in space RAD-ATR from the reply
	  list, unless the attribute has 'acctresp' set in the dictionary. This
	  is normally only the case for Proxy-State, but you may set it for
	  additional attributes if required.

	  * reject deletes all attributes in space RAD-ATR from the reply
	  list, unless the attribute has 'reject' set in the dictionary. This
	  is normally only the case for Proxy-State and Reply-Message, but you
	  may set it for additional attributes if required.

	  * accept doesn't remove any attributes, it just sets RAD-Code to
	  Access-Accept before halting. Included mainly for completeness.

	- Updated raddb/subdicts/dict.stdauth to include these flags.

	- Added SMB (Windows NT) authentication module by Brian McGraw
	  <bmcgraw@philorch.org>

	- Made radldap use LDAPv3 instead of LDAPv2 by default, unless -2 is
	  specified.

	- Increased max. subprocess message size and made subprocess ring 
	  buffer always follow chosen size.

	- Fixed a typo in jobs.c that caused a SIGSEGV on overflowing interface
	  queues.

	- Fixed bug in radclient that prevented echoing of Radclient-Query-Id
	  in case of succesful queries.

	- Made radclient not add a CHAP-Challenge attribute if the -p 
	  (don't encode given password attributes) is specified

	- Made radaccttest script accept same optional argument list as
	  radtest (port, cli, dnis, etc).

	- Added groupname column in MySQL schema. This can be used to add
	  attributes that are specific to a user-, client- or NAS-group, by
	  doing a query in space 'groups' using the groupname values as 
	  returned by a query for users, clients or NASes. See the new
	  behaviour.sample-mysql.

	- Fixed bug in behaviour.sample-mysql that prevented reply attributes
	  returned by the client query from working correctly

	- Improved usefulness of authentication logging in SQL as done by 
	  behaviour.sample-mysql; the result is logged too, for example.

	- Cleaned up the default behaviour.sample-usersfile a little,
	  and updated it to make use of the new preferred 'or' and 'and' 
	  synonyms for || and && and the new accept, reject and acctresp
	  operators.

	- Added command line tool to precompile Ascend-Data-Filter 
	  definitions to binary form suitable for use in the behaviour file
	  or MySQL.

	- Added Ascend dictionary using FreeRADIUS' dictionary and Brian
	  Candler's free2openradius.pl script

2003/05/02 - 0.9.7

	- Added 'radsql' module that supports generic queries to SQL databases,
	  including queries that return FreeRADIUS-style check items or
	  arbitrary A/V pairs.

	- Added 'delay' module that answers after delaying a number of seconds

	- Added '-s' (single line) flag to the radlogger module.
	  (from Brian Candler <b.candler@pobox.com>)

	- Made some minor improvements to radaccttest

	- Made radtest pass on the -i (interface) option

	- Added some optional request attribute args to the radtest script

	- Added radtest / radaccttest to list of files installed in .../bin

	- Made radlogger's error messages go to stderr instead of stdout

	- Fixed permission bits on Makefile.solgcc / sol5gcc

	- Added -lber to radldap's flags in Makefile.bsd

	- Updated main README with new build and test instructions

2003/04/03 - 0.9.6:

	- Added documentation for the client in tools/radclient/README

	- Added Cistron/FreeRADIUS-compatible radtest wrapper scripts in 
	  tools/radclient/radtest and -radaccttest

	- Changed default timeout in radclient to 5 seconds instead of 2

	- Fixed typo in radclient.c that prevented replies to be correctly
	  matched to requests 

	- Added Acct-Status-Types from RFC 2869 (Tunneling) in dict.stdacct

	- Added Makefile.sol5gcc for Solaris 2.5.1; removes HAVE_VSNPRINTF

	- Removed unsupported -f (flood) option in radclient for now

	- Removed some outdated and redundant documentation files from doc/

2003/02/25 - 0.9.5:

	- Added versatile radius client in tools/radclient; supports fully
	  asynchronous operation, multiple target servers, the standard 
	  OpenRADIUS module interface, encoding of PAP and CHAP passwords,
	  and much more. Can be used for trivial proxying purposes as well.

	- Fixed segfault when reading dictionary that occurred when an item
	  referenced for adding constant value names is outside the default
	  space. (from 0.9.4c)

	- Minor fixes for QNX4's Watcom C (which defaults to unsigned char).

	- Added a portable install script; installation now works hassle-free
	  on Linux, NetBSD, FreeBSD, BSDI, SunOS 5, Solaris 7, Tru64 4.0, 5.1, 
	  and QNX 4. No longer overwrites existing configuration directories.

	- Complete rewrite of the build system, using a single-session make.
	  At the cost of relying more heavily on GNU Make, rebuilds are now 
	  always correct, header dependencies are automatically generated and
	  tracked without requiring things like 'make dep', and full builds 
	  are faster. (See the paper "Recursive Make Considered Harmful", by 
	  Peter Miller). Also fixes inconsistencies in various Make.conf.xxx
	  files.

	- Changed default configuration directory from ...etc/raddb to
	  ...etc/openradius. This makes it easier to keep it next to other
	  servers and removes the suggestion that the files are compatible.

	- Ascfile module: multiline records are no longer delimited by blank 
	  lines; rather, a new record is started by any non-comment line whose 
	  first non-whitespace character is in column 0, for both single and 
	  multiline-record files. The distinction is gone, so the -s flag is 
	  not needed anymore either. (from Brian Candler <b.candler@pobox.com>)

	- Added support for USR's NMC attributes in the dictionary; no actual
	  attributes added yet though.

	- Fixed partially initialized sockaddr_in structure which caused bind
	  errors on some platforms, particularly OS X. (from 0.9.4b)

	- Fixed wraparound error in ring buffer scanning functions which 
	  sometimes caused apparently random behaviour file compilation errors.
	  (from 0.9.4a)

2002/06/25 - 0.9.4:

	- Put real, registered OIDs in distributed sample LDAP schema 

	- Fixed CERT CA-2002-06 vulnerability #2

	- Fixed conversion operators in language

	- A number of bugfixes and improvements in the behaviour language:

	  * actually implemented the conversion from string to date;
	  * date + int sets current type to date;
	  * IP address + int sets current type to IP address;
	  * 'and', 'or' synonyms for '&&', '||';
	  * divide by zero just aborts expression, instead of killing server
	  * fixed '!' behaviour on strings;
	  * made date conversions to/from strings use localtime() instead of 
	    gmtime(). Run the server with TZ set to UTC if you want the old
	    behaviour.

	- Good cleanup of meta_buildtree()

2002/03/22 - 0.9.3:

	- Fix major bug in example behaviour files involving CHAP. It plainly
	  didn't work at all.

	- Fixed bug in behaviour.sample-ldap-authbind, which would allow 
	  all non-PAP users in (that is, without checking any passwords).

	- Fix bug in dictionary that caused Accounting signature validation
	  to fail. Corrected mix up of Acct-Authentic and Acct-Authenticator.

	- Included some test queries for PAP, CHAP and accounting for use
	  with tools/radclient.

	- Changed server to use raddb as current directory for modules again,
	  so that all configuration files are kept in one place. Modules' own 
	  configuration files are stored under raddb/modules now. Also fixes 
	  bug when using ASCII clients- and users files.

2002/03/20 - 0.9.2:

	- Added LDAP schema and ldif file with sample data; updated included
	  example attribute mapping file; added proper example behaviour and 
	  configuration files for use with LDAP.

	- When (auto-)converting a decimal string attribute to a numeric one, 
	  and the string is not a valid number, we try to find lookup the
	  value as a named constant for the string attribute. If found, that
	  value is used instead. Handy for doing things like
	  'Framed-Protocol = str-Framed-Protocol', and allows to use constant
	  names in LDAP different from our own.

	- Start modules using their own directory as cwd. This allows modules
	  to operate without having absolute paths to their configuration
	  files specified on their command lines.

	- Added elementary test command line client in tools/radclient. Reads 
	  list of ASCII A/V pairs on stdin (formatted as by ASCII modules) and 
	  displays pairs in response. Note that all attributes are sent as-is, 
	  including User-Password, and the response is not checked in any way,
	  only displayed. Will add PAP/CHAP generator soon.

	- Plugged a couple of memory leaks; Mozilla's leaky tool doesn't show 
	  any now (thanks to dmelomed@devonitnet.com for pointing this out).

	- Fixed := operator bug that scribbled on memory when the instance 
	  assigned to was also referenced on right hand side.

	- Big makefile cleanup. Supports GNU Make only now. I've given in to
	  the temptations of the slogan "don't bother with portable makefiles,
	  use a portable make instead". Portable makefiles don't seem to be
	  possible at all if you want to add text to variables (for making 
	  lists) and want to use a common settings file so you can call make 
	  in every subdirectory.

	- Added dictionary support for MS VSAs.

	- Merged fixes to make it run on Mac OS X, untested though.

	- Fixed (harmless) GCC warnings on LP64 platforms such as Alpha.

2001/12/08 - 0.9.1:

	- Added LDAP module.

	- Added some informational messages during server startup, to
	  improve usefulness of '-d all', '-d misc -d recv' etc.; some
	  other logging cleanups.

	- Prepended log lines with internal facility names.

	- Fixed bug caused by not emptying a channel's receive queue
	  when its associated process dies. This caused the interface
	  that the channel was associated with, not to recover gracefully
	  from a subprocess restart.

	- Added some radius attributes to 'constants.h' to root and put
	  it in the public domain, to facilitate module writing. 

	- Put the Logger module (bourne shell script) in public domain
	  as well.

	- BSD/SysV compatibility fixes: Made uint32_t / u_int32_t dependent 
	  on Make.conf setting; more Make.conf cleanups/fixes

	- Added more documentation for all modules.

2001/11/18 - 0.9:

	- Added a lot of language documentation.
	
	- Included the (bare) html files in the doc/html directory and
	  generated the text files from that using lynx. The online docs
	  are generated from them as well.

	- Some precedence table fixes in langcompile.c; moved 'hex', 'md5'
	  together with other unary prefix operators (still lower because we
	  have string-related ops always lower than integer ones); moved '.'
	  just below lastof / firstof e.d.

	- Fixed minus handling for auto-radix numbers in meta_atoord; it used 
	  to require 0x-55 instead of -0x55.

	- Made 'statement' operators (interface calls, del, moveall etc). much 
	  more sane; they don't set the context to 'none' anymore so you can 
	  use them before closing a subexpression with ')'. They all leave 
	  something on the stack now. For del, delall and moveall, it's an int 
	  that reflects the number of pairs that were deleted resp. moved.

	- Removed the comma operator hack, which allowed it to be used in
	  context 'none' as well, where it would emit a OP_NOP. Not needed
	  anymore because no operator returns context 'none' anymore (except
	  the comma operator itself, which only still exists as an unary 
	  postfix operator that emits OP_POP).
	  
	- Made the pseudo-check items in dict.internal, that are likely to be
	  returned by ascfile to be compared to request attributes rather than
	  included in the actual reply, begin with a lowercase letter, so that
	  you don't need to use REQ: all the time. Reflected that in example 
	  raddb/legacy/users as well.

	- Added unixpasswd module. Simple, but probably effective enough.

	- Also because of above, updated behaviour.sample and renamed to
	  behaviour.sample-usersfile. Removed 'old', untested behaviour file.
	  Kept configuration.old around, as it's slightly less misleading,
	  although still just a more or less theoretic example, because most
	  modules mentioned there still aren't written yet. Added DNS resolver
	  example to it. Made behaviour.sample-unixpasswd the default one.

	- Fixed bug in config.c that caused behaviour file compilation errors
	  to be ignored.

	- Makefile fixes in raddb/, modules/ and tools/.

2001/11/05 - v0.8:

	- First public release.

2001/10/09 - v0.7:

	- First version that actually gets the name OpenRADIUS and a version
	  number, as all of the core functionality is finally implemented.

