Feature Improvements

    * Full support for CoA and Disconnect packets as per RFC 3576 and RFC 5176. Both receiving and proxying packets is supported.
    * Added "src_ipaddr" configuration to "home_server". See proxy.conf for details.
    * radsniff now accepts -I, to read from a filename instead of a device.
    * radsniff also prints matching requests and any responses to those requests when '-r' is used.
    * Added example of attr_filter for Access-Challenge packets
    * Added support for udpfromto in DHCP code
    * radmin can now selectively mark modules alive/dead. See "set module state".
    * Added customizable messages on login success/fail. See msg_goodpass && msg_badpass in log{} section of radiusd.conf
    * Document "chase_referrals" and "rebind" in raddb/modules/ldap
    * Preliminary implementation of DHCP relay.
    * Made thread pool section optional. If it doesn't exist, the server will run single-threaded.
    * Added sample radrelay.conf for people upgrading from 1.x
    * Made proxying more stable by failing over, rather than rejecting the first request. See "response_window" in proxy.conf
    * Allow home_server_pools to exist without realms.
    * Add dictionary.iea (closes bug #7)
    * Added support for RFC 5580
    * Added experimental sql_freetds module from Gabriel Blanchard.
    * Updated dictionary.foundry
    * Added sample configuration for MySQL cluster in raddb/sql/ndb. See the README file for explanations.
    * Unset the DF bit on outgoing packets, so that packets can be fragmented if necessary.

Bug Fixes

    * Fixed corner case where proxied packets could have extra character in User-Password attribute. Fix from Niko Tyni.
    * Extended size of "attribute" field in SQL to 64.
    * Fixes to ruby module to be more careful about when it builds.
    * Updated Perl module "configure" script to check for broken Perl installations.
    * Fix "status_check = none". It would still send packets in some cases.
    * Set recursive flag on the proxy mutex, which enables safer cleanup on some platforms.
    * Copy the EAP username verbatim, rather than escaping it.
    * Update handling so that robust-proxy-accounting works when all home servers are down for extended periods of time.
    * Look for DHCP option 53 anywhere in the packet, not just at the start.
    * Fix processing of proxy fail handler with virtual servers.
    * DHCP code now prints out correct src/dst IP addresses when sending packets.
    * Removed requirement for DHCP to have clients
    * Fixed handling of DHCP packets with message-type buried in the packet
    * Fixed corner case with negation in unlang.
    * Minor fixes to default MySQL & PostgreSQL schemas
    * Suppress MSCHAP complaints in debugging mode.
    * Fix SQL module for multiple instance, and possible crash on HUP
    * Fix permissions for radius.log for sites that change user/group, but which don't create the file before starting radiusd.
    * Fix double counting of packets when proxying
    * Make %l work
    * Fix pthread keys in rlm_perl
    * Log reasons for EAP failure (closes bug #8)
    * Load home servers and pools that aren't referenced from a realm.
    * Handle return codes from virtual attributes in "unlang" (e.g. LDAP-Group). This makes "!(expr)" work for them.
    * Enable VMPS to see contents of virtual server again
    * Fix WiMAX module to be consistent with examples. (closes bug #10)
    * Fixed crash with policies dependent on NAS-Port comparisons
    * Allowed vendor IDs to be be higher than 32767.
    * Fix crash on startup with certain regexes in "hints" file.
    * Fix crash in attr_filter module when packets don't exist
    * Allow detail file reader to be faster when "load_factor = 100"
    * Add work-around for build failures with errors related to lt__PROGRAM__LTX_preloaded_symbols.
    * Made ldap module "rebind" option aware of older, incompatible versions of OpenLDAP.
    * Check value of Fall-Through in attr_filter module.

Fix: Patch attached with submission follows: