1 FreeRADIUS 1.0.0 ; Date: $Date$, urgency=low
2 * EAP-TTLS support in rlm_eap
4 FreeRADIUS 0.9.1 ; Date: 2003/09/04 14:56:34, urgency=low
6 * Replicate-To-Realm is deprecated, and hence no longer documented
7 * Document rlm_detail support for authorize and post-auth sections
8 * Improve slightly MySQL accounting record SQL query
9 * Opaquefied CHAP-Challenge
10 * Add attributes to Nomadix dictionary
11 * Fix rlm_exec's parsing of non-attribute return values
12 * Fix for a segfault while reading config files
13 * Fix for a segfault regarding hostname lengths
14 * Fix for a segfault while reading deprecated config files
15 * Fix compilation of radiusd.c when threads are disabled
16 * Recover from inability to relay
17 * Stop complaining in error log when a system call is interrupted.
18 * Don't print binary CHAP-Passwords into the logs
19 * Successfully detect GNU dbm >= 1.8.1's dbm compatibility library
20 * Fix rlm_unix to deal with requests without a username
21 * Fix "uninmplemented function" crash in postgresql driver on -HUP
22 * Revert INTERVAL types to BIGINT in postgresql example schema
23 * Fix radrelay to notice when it's out of IDs
24 * Fix radrelay to correctly skip bad attributes
25 * Fix radrelay to not leak IDs when discarding packets
26 * Fix configure to correctly identify systems without SYSV or GNU-style
27 gethostby{addr,name}_r.
29 FreeRADIUS 0.9.0 ; Date: 2003/07/04 21:01:29, urgency=low
31 * Many, many, bug fixes and feature enhancements.
32 * radrelay now updates packet 'id' on retransmissions.
33 * More checks for thread-safe functions.
34 * Fix CHAP related buffer overflow (ouch!), thanks to Masao NISHIKU.
35 * Issue warnings if deprecated configuration files are used.
36 * rlm_passwd can now add items to the reply, request, or config items.
37 * The rlm_digest, rlm_exec, and rlm_ippool modules are now marked
38 as 'stable', and included in the default build.
39 * Removed 'raduse'. No one has used it for years.
40 * Massive fixes for Debian packaging.
41 * radclient can now send "disconnect" packets, to NASes which
42 support it. The server, however, CANNOT send disconnect packets.
43 * Made Auth-Type, Acct-Type, etc. names consistent across
44 dictionary files and radiusd.conf. The old (inconsistent) names
45 are still allowed for backwards compatibility.
46 * Cleaned up problems with the rlm_sql module.
47 * Updates to the rlm_ldap module.
48 * rlm_mschap no longer reads SMB password files. See rlm_passwd,
50 * Changed default entry in the 'users' file to 'Auth-Type = System',
51 to allow EAP and Digest authentication to work automagically.
52 * Support for Cisco LEAP.
53 * Added many new dictionaries (Extreme, Wispr, ERX, Netscreen...)
54 * Removed support for ATTRIB_NMC. It is now handled (better)
55 in a different manner.
56 * Dictionaries have been moved from /etc/raddb to /usr/share/freeradius
57 * Many documentation updates
58 * Ignore whitespace-only lines in the 'users' file.
59 * Patch to fix 'rlm_realm' from returning the DEFAULT entry when
60 we are looking for the NULL entry and it doesn't exist. Bug
61 noted by Nathan Miller.
62 * Disable child process spawning if we don't have threads.
63 The code doesn't work, so it's better to force the server
64 to run in single-process mode.
65 * New rlm_exec module, which allows a more generic way of
66 executing external programs.
67 * Preliminary large file support in 'configure' and in the server,
68 to support 2G+ detail files.
69 * Install documentation into /usr/local/share/doc/freeradius
70 * New/updated dictionaries for RedCreek, Bintec, Alcatel,
71 ITK, Telebit, and Cabletron.
72 * Updates to allow building on MAC OSX.
73 * Add support for Acct-Type,Session-Type and PostAuth-Type
74 * Removed builddbm. It hasn't been used for ages.
75 * Added new post_proxy section, based on patch from Chris Brotsos.
76 * rlm_counter shouldn't reset the counters on instantiation,
77 if the reset is set to 'never'.
78 * Significant updates to the rlm_python and rlm_perl modules
79 * Fix the rlm_pap module to handle password lengths properly.
80 * Do SQL 'close' on bad sockets, to prevent descriptor leaks
81 * Case insensitivity option for rlm_radutmp
82 * New pseudo-round-robin load balancing for realms.
83 * Suppress empty SQL queries.
85 * Create 'snmp' configuration directive, so that we can disable
86 SNMP at run time, even if it's built into the server.
87 * Refresh realm as 'active' when we see a response from it,
88 Based on a patch by Angelos Karageorgiou.
89 * Don't core dump if Status-Server is received, but it's disabled.
90 * Support more variants of character fields in Oracle.
91 Patch from Stocker Gernot.
92 * Better parsing of dictionary files.
93 * Alteon web switch dictionary, from Thomas Linden
95 FreeRADIUS 0.8 ; Date: 2002/11/18 15:37:24, urgency=low
97 * Added Oracle-specific queries.
98 * Updated SQL queries to match schema.
99 * PostGreSQL reconnect patch.
100 * Added documentation on how to build on MAC OSX.
101 * Allowed SQL module to ignore unknown Acct-Status-Type values.
102 * Updated PostGreSQL queries and schema.
103 * Updated the log rotation configuration files.
104 * Colubris and updated Nomadix dictionaries, from Marko Myllynen.
105 * Normalized error messages from the SQL modules, so that they're
107 * Added Suse specific directory and configuration files, from
109 * SQL fail-over patch, so that the module returns FAIL if
110 the back-end database is down. Based on a patch from
112 * Cleaned up the internal handling of the configuration
113 information, in preparation for better handling SIGHUP.
114 * Updated rlm_krb5 configuration to better find it's libraries
116 * radclient now complains if it receives a reply from a machine
117 other than the one to which it sent the request.
118 * Updated Postgresql SQL queries to get the operator, too.
119 * Added Juniper dictionary.
120 * Added Cisco VPN3000, VPN5000, and BBSM dictionaries.
121 * New platform-neutral 'rc.radiusd'
122 * Configuration files with private information get chmod'd
123 0600 after installation.
124 * Preliminary support for clean shutdowns when a SIGTERM is
126 * SNMP timeouts for checkrad, so there will be fewer situations
127 where it hangs for 30 seconds...
128 * Added code to clean up modules and memory when asked to exit
130 * Removed all need for the old-style 'naslist' and 'client' files,
131 and noted that they are deprecated.
132 * Added support for Status-Server packets, stolen shamelessly
133 from Cistron RADIUSD. This is despite the RFC's saying such
135 * Bug fixes to rlm_dbm.
136 * Updates for checkrad, max40xx routine, from Aleksandr Kuzminsky.
137 * Disable caching of passwords for the Unix module. It was
138 causing too much confusion.
139 * Fix a memory leak when proxying Authentication-Request's
140 * Attributes which are not found in the dictionary are now of
141 type 'octets', instead of 'string'.
142 * Support for "round-robin" load balancing, when proxying requests
143 to multiple servers for one realm.
144 * Minor changes for better HPUX support.
145 * Updated the documentation and README's
146 * Made FreeTDS build ONLY after hand-editing, as the FreeTDS
147 libraries are in a state of flux, due to active development.
148 * Fixes to help build the server on MAC OSX
149 * Cisco VPN 3000 dictionary, as posted to the list by Chris Deramus.
150 * Fix EAP problems with retransmission, from Rainer Weikusat.
151 * Updates to the Oracle module, from Andrea Gabellini.
152 * In xlat, Unix timestamps are unsigned ints.
153 * Security fixes for the Kerberos Module.
154 * New 'post-auth' section, to do additional processing of
155 requests after they've been authenticated.
156 * doc/aaa.txt describes how the server works.
157 * More uniform encoding/decoding of passwords, so that they will
158 be seen as clear-text where possible.
159 * radwho and radzap now read 'radiusd.conf' to discover where the
160 radutmp files are located. Patch from Andrea Gabellini.
161 * Preliminary 'expression' module, to allow you to do cool things
162 like: Session-Timeout = `%{expr:3600 - %{sql:SELECT ...}}`
163 * Added ability to do xlat on check items, and reply items,
164 so that the value of the reply attributes can be dynamically
166 * Added MIBs, taken from the RFC's. This makes SNMP queries to
167 the server a little easier to set up.
168 * Don't SEGV when we receive a packet which is larger than the
169 size claimed in the RADIUS portion. Patch from Vaughn Skinner.
170 * SNMP patches from Harrie Hazewinkel.
171 * Added Altiga dictionary, from Calum <calum.aug02@umtstrial.co.uk>
172 * New Rewrite-Rule for rlm_attr_rewrite, to selectively choose
173 which rewrite rule is performed, and when.
174 * Minor bug fixes for radrelay.
175 * Bug fixes in SQL and sub-modules.
176 * Major updates to dialup_admin.
177 * Fixed handling of tagged string attributes, so that the server
178 doesn't go off into never-never land.
179 * Cleaned up experimental rlm_smb, so that it builds on more
181 * Don't over-write request->reply->vps with the Reply-Message,
182 when doing authentication rejects with Exec-Program-Wait.
183 * Added 'instantiate' section, so that modules like 'expr',
184 with only an 'xlat' function can be registered.
185 * Allow '{' and '}' in xlat'd strings.
186 * C++ compatibility patch from Andrey Kotrekhov, for libradius.
187 * Automatically decrypt/encrypt User-Password, so that debugging
188 mode will print out the text password, and not the random
189 garbage it previously showed.
190 * Cleaned up header files and function prototypes for the SQL
193 FreeRADIUS 0.7 ; Date: 2002/07/26 18:01:50 , urgency=high
195 * Allow attributes of type 'date' to be sent in outgoing packets.
196 Bug found by Loh John Wu <ljwu@sandvine.com>
197 * Add 'Realm' attribute, even if it's a LOCAL realm.
198 Bug noted by Chris Brotsos.
199 * Added experimental SMB authentication module, which uses
200 PAP passwords to authenticate against an NT-Domain.
201 NT/LM-passwords are not currently supported.
202 * More documentation for rlm_passwd, rlm_mschap, and rlm_digest.
203 * 'configure' changes to better find sem_init and friends.
204 * Allow the use of previously installed libtool, and libltdl.
205 This appears to help a lot on FreeBSD.
206 * Fixes to work on non-threaded builds.
207 Patch from Rainer Weikusat.
208 * SQL now re-connects to the server, if the connection is lost.
209 Currently only MySQL is fixed, but other patches will follow.
210 Patch from Todd T. Fries.
211 * Added experimental use of dynamicly translated variables,
212 CallBack-Number = `%{request:Calling-Station-Id}`
213 sets the value of the CallBack-Number attribute to the value of
214 the Calling-Station-Id in the original request.
215 * Cute hack: Allow regex matching on IP addresses, by placing
216 the string representation of the IP address (1.2.3.4) into
217 the internal data structure. This allows things like
218 NAS-IP-Address =~ "^192\.168", which may be useful.
219 * Add documentation for experimental rlm_dbm module.
220 * Added experimental Perl module.
221 * Added the relevant IETF RFC's (standards documents) to 'doc/rfc',
222 along with some simple perl scripts to convert them to cross-
224 * Updated the experimental Python module.
225 * Added Cisco SSG VSA's
226 * When rejecting authentication due to external Exec-Program, do
227 NOT free the reply pairs, as the server core will take care of
228 doing that. Bug noted by Thomas Jalsovsky
229 * New experimental module: rlm_cram
230 Supports APOP, CRAM-MD5, CRAM-MD4, CRAM-SHA1 with it's own
231 VSA's. This module may be used for SMTP/POP3/IMAP4 server
233 * Make Exec-Program and Exec-Program-Wait work in debugging mode.
234 * Finalize the radrelay additions, based on Cistron RADIUS
235 Patches from Simon <lists@routemeister.net>
236 * Fix issues with linking, by making libradius shared.
237 * Fix issues with MD4, MD5, SHA1, and use of OpenSSL
238 * Update rlm_x99_token module to compile.
240 FreeRADIUS 0.6.0 ; Date: Date: 2002/07/03 14:16:33 , urgency=high
242 * Many bug fixes. For explicit details, see:
243 http://www.freeradius.org/cvs-log/
244 * Change to the user/group specified in the config file in all
245 modes ( debug and daemon ).
246 * SQL sockets are rotated so that all are used, to prevent the
247 SQL server timing out and closing unused sockets. Patch from
249 * Sybase driver from mattias@nogui.se.
250 * Modules are now versioned.
251 * Delete garbage Proxy-Reply attributes sent by the home server
252 before performing our own reply.
253 * Fix race conditions when duplicate packets resulted in a request
254 being processed by two threads, at the same time.
255 * Add '-d' command-line option to radwho
256 Bug noted by Matthew Schumacher
257 * Corrected issue that when a home server never replied to a
258 proxied request, the server may die.
259 * In SQL, look in radcheck, if not found there, try radgroupcheck.
260 Patch from Thomas Jalsovsky.
261 * Set sql user name for ALIVE accounting packets, too.
262 Patch from Simon <lists@routemeister.net>.
263 * Use port-specific checking for realms, now that we can proxy to
264 different auth/acct servers for the same realms.
265 Patch from Eddie Stassen.
266 * Minor updates to encrypted tunnel passwords.
267 * Default 'run_dir' is now /var/run/radiusd, not var/run.
268 /var/run is writeable only by root, and radiusd may be run suid.
269 * Modules are now versioned, so that upgrading the server
270 ensures that the new modules are installed.
271 * Fix sql code, so that magic SQL characters don't get the
273 * Remove references to "UNKNOWN-NAS" in log messages.
274 * Properly handle fork() and obtaining child processes exit
275 status when using threads. (pthread is broken w.r.t. signals)
276 * Correct code which would send erroneous reject, when the reject
277 was delayed, and a new request came in.
278 * Fix race condition where proxied requests would sometimes never
279 be re-sent. Bug noted by Eddie Stassen.
280 * Corrected LDAP3 schema
281 * Implemented Digest authentication, as per IETF document
282 draft-sterman-aaa-sip-00.txt, to perform authentication against
284 * If no password or group files have been specified in the config,
285 use the standard system calls to find them, rather than giving
286 up. Patch from Steve Langasek.
287 * Return Proxy-State attributes in a delated Access-Reject
288 * Corrected 'session zap' logic, when an old and unused session
289 is deleted from the databases. Accounting packets with garbage
290 Client-IP-Address attributes should no longer be a problem.
291 * Bug fixed in LDAP attribute map, for MS-CHAP related attributes.
292 * Fixes to the EAP module to work better with XP.
293 * Support for MS-SQL, using the FreeTDS library,
295 * New operators =* and !*. See 'man 5 users' for details.
296 * Added translation for %{config:section.subsection.item}, to
297 allow run-time translation of internal configuration parameters.
298 * New rlm_sqlcounter module, to keep counters based on SQL data.
299 * Fix rlm_realm, to allow seperate proxying of accounting and
300 authentication requests.
301 * Bug fixes in PostgreSQL back-end, from Andrew Kukhta.
302 * Increase internal buffers, to allow large SQL query strings.
303 * Added debug level 3 (-xxx), where debug messages have time stamps.
304 * Fix 'radwho' to use the correct radutmp file, as found by
305 'configure' (but radwho still doesn't read radiusd.conf)
306 * Fix bugs in tunnel (tagged attribute) code, which would prevent
307 tagged attributes from being generated correctly in a packet.
308 * Build only 'stable' modules by default. Experimental modules
309 require --with-experimental-modules to be passed to 'configure'
310 * New module rlm_ippool, to do server-side IP pooling.
311 * Fix rlm_eap module for portability, to work on non-x86 platforms.
312 * Re-connect to the LDAP server if the connection idles out
313 * Increased the visibility of the warning messages when doing
315 * Fixed EAP module to use 16-bit integers, so that it will
316 work on big-endian architectures.
318 FreeRADIUS 0.5.0 ; Date: 2002/03/14 22:18:22, urgency=medium
320 * Many bug fixes. For explicit details, see:
321 http://www.freeradius.org/cvs-log/
322 * Added Foundry dictionary, from Thomas Keitel
323 * Fix a logic bug in the 'walk over request list' code, which
324 would sometimes result in a request being deleted while it
325 was still being processed. Found by Rainer Clasen
326 * New 'tuning' guide, for optimizing the server's speed.
327 * The default ports are now 1812/1813, which is the standard.
328 * Fix a bug which would hang the server when many SQL connections
329 were open. Found by Cvetan Ivanov <zezo@spnet.net>
330 * Updated MySQL schema, with sanity checks, based on a schema from
331 Thomas Huehn <huehn@eozaen.net>
332 * Added 'Aptis' (Nortel CVX) dictionary.
333 * Added Ipv6 attributes (as 'octets' type for now)
334 * 'xlat' capability for SQL, so other modules can do SQL queries.
335 * We don't need a shared secret for LOCAL realms.
336 * Added better description of internal variables.
337 * Configurable fail-over to DEFAULT realm. Sometimes we don't
338 want to use the DEFAULT realm, if all configured realms are
339 marked dead. From Rainer Clasen.
340 * new configuration items 'max_attributes' and 'reject_delay'
341 If the packet contains too many attributes, it can be rejected.
342 We can also delay sending an Access-Reject, which slows down
344 * Updates to redhat scripts and spec file, from Marko Myllynen.
345 * Python module (EXPERIMENTAL) from migs paraz <mparaz@yahoo.com>
346 * Add ability to find *best* match when comparing attributes.
347 If there is more than one attribute in a request and the first
348 one doesn't match, go check the second one, instead of failing.
349 * unixODBC support for SQL, from Dmitri Ageev <d_ageev@ortcc.ru>
350 * Use thread-safe versions of library calls. This work is still
352 * New rlm_passwd module, to allow general parsing of passwd-style
354 * Preliminary EAP-TLS support.
355 * Updated LDAPv3 schema
356 * Correct checks for Odbc, and fix bugs in the module.
357 Andreas Kainz <aka@maxxio.at>
358 * MAN page fixes and updates
359 * Added PHP web interface 'dialup_admin'
360 * Password = "UNIX" or "PAM" backwards compatibility removed.
361 * Use the operators in the SQL schema and queries, and bug
362 fixes in the SQL module.
363 Randy Moore <ramoore@axion-it.net>
364 * fgetpwent() compatibility, for systems without it,
365 from Daniel Carroll <freeradius@defiant.mesastate.edu>
366 * Added PAP authentication module, as a step to removing
367 most authentication handlers in other modules.
368 * Send a Access-Reject after max_request_time
369 * Multiple fixes in the LDAP module.
370 * Quintum dictionary by Jeremy McNamara <jj@indie.org>
371 * Preliminary EAP Module with MD5 support
372 Contributed by Raghu <raghud@hereuare.com>
373 * Better sanity checking for bad VSA's when receiving a packet
374 * new 'xlat register' so that attribute values may be pulled
375 out of configurable databases at run-time.
376 e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}
377 * Minor fixes to debian package rules
378 * Attribute 'Password' deprecated in favor of 'User-Password'.
379 * MS-CHAP and MS-CHAPv2 MPPE support added.
380 Contributed by Takahiro Wagatsuma <waga@sic.shibaura-it.ac.jp>.
381 * X9.9 token enhancements (several).
383 -- Alan DeKok <aland@ox.org>
385 FreeRADIUS 0.4.0 ; urgency=low
387 * Allow the MS-CHAP module to work, and to read /etc/smbpass
388 3APA3A <3APA3A@SECURITY.NNOV.RU>
389 * Remove the server requirement that one of User-Password
390 or CHAP-Password exist when doing authentication. These
391 checks should be handled by the modules. This change
392 also prepares us for EAP.
393 Patch from Raghu <raghud@hereuare.com>
394 * Make NAS-Port-ID in radwho, raduse, etc. unsigned,
396 Patch from John Morrissey <jwm@horde.net>
397 * Allow \t and \n inside of configuration strings.
398 Frank Cusack <fcusack@fcusack.com>
399 * X9.9 Challenge-Response token card support.
400 For now, only CRYPTOCard tokens are supported.
401 Frank Cusack <fcusack@fcusack.com>
402 * Fix core dump on Solaris in radwho.c
403 Patch from Eddie Stassen <eddies@saix.net>
404 * Fix leak / core dump in Oracle module.
405 * Fix memory leak in rlm_counter
406 Kostas Kalevras <kkalev@noc.ntua.gr>
407 * "LOCAL" realms do not need to have an entry in the 'clients'
408 file. Philippe Levan <levan@epix.net>
410 -- Alan DeKok <aland@ox.org>
412 FreeRADIUS 0.3.0 ; urgency=low
414 * Added ability to send debug messages to the log file, when
415 running in daemon mode.
416 * Miscellaneous fixes to get Debian packaging working.
417 * When trapping a signal, don't SIGKILL children on a SIGTERM,
418 SIGTERM them, instead. This allows Exec-Program scripts to
419 catch the signal, and finish processing, instead of dying.
420 Bug noted by Michael Chernyakhovsky <magmike@mail.ru>
421 * Increased limit on length of user name read from /etc/passwd,
422 to match the maximum allowed by RADIUS.
423 Bug noted by "Gonzalez B., Fernando" <fgonzalez@manquehue.cl>
424 * Configurable fail-over when proxying packets. If the
425 home server doesn't respond to a repeated proxied request,
426 it's marked as 'dead', and the next one in the list is used.
427 Patch by Eddie Stassen <eddies@saix.net> and <spirn@21cn.com>
428 * Pass Access-Challenge attributes through the server, in
430 Raghu <raghud@hereuare.com>
431 * More fixes for RFC compliance on the Message-Authenticator
432 Raghu <raghud@hereuare.com>
433 * Merged OSFC2/OSFSIA authentication patches from Cistron.
434 (Bug # 104) The patches are not well tested, however.
435 * IBM DB2 UDB V7.1 SQL driver, contributed by
436 Joerg Wendland <wendland@scan-plus.de>
437 * Fix the IP + Port address assignment.
438 Bug found by "John Padula" <john_padula@aviancommunications.com>
439 * Patch to avoid smashing the contents of Ascend binary filters.
440 Michael Chernyakhovsky <magmike@mail.ru>
441 * Create and Validate Message-Authenticator attribute, in
443 * Initialize variables properly in rlm_attr_filter.
444 Patch from Andriy I Pilipenko <bamby@marka.net.ua>
445 * Renamed RedHat init script from 'radiusd.init' to 'radiusd'.
446 This allows it to work properly with the RedHat rc system.
447 Patch from Christian Vogel <chris@amor.iksys.de>
448 * Fix the configure script checks for PostgreSQL, so that
449 they use the 'test' command properly.
450 Bug found by Robert Haskins <rhaskins@ziplink.net>
451 * Change instances of 'assert' to 'rad_assert', so that it
452 can log the error to the standard radius log files.
453 Patch from Vesselin Atanasov <vesselin@bgnet.bg>
454 * Patch to prevent segv when freeing results, from
455 Tomas Heredia <tomas@intermediasp.com>
456 * Added support for Exec-Program to acct. Bug found by
458 * Corrected rlm_files so that raddb/acct_users works
459 * When doing synchronous proxying, update proxy next try
460 entries, so that the server doesn't eat CPU time.
461 Raghu <raghud@hereuare.com>
462 * Add primitive dictionary.nomadix <CBoyd@apogeetelecom.com>
463 * Log messages to console, if the logger hasn't been
464 initialized. <vesselin@bgnet.bg>
465 * Log invalid user for proxy rejects, too. <help@visp.net>
466 * Fixed Expiration attribute handling.
467 * Added code to handle Ascend-Send-Secret and Ascend-Receive-Secret
468 * Removed non thread-pool code. If we have threads, we now force
469 the use of thread pools.
470 * Update version number
471 * correct bug where proxied accounting packets would never have a
472 reply sent back to the NAS, or the reply would be sent twice.
474 -- Alan DeKok <aland@ox.org>
476 FreeRADIUS Alpha 0.2.0, July 30, 2001.
478 * call openlog() again when using PAM, to get the correct log
480 * Update child thread code, to minimize race conditions.
481 * Make thread pools the default. Using plain child threads is NOT
483 * Ignore SIGPIPE to get ride of crashes when using ldap.
484 * Update proxying code to work better.
485 * Platform independent pthread_cancel()ling
486 * Fix 'unresponsive child pid' erroneous warning messages.
487 * Many changes to get various SQL modules working.
488 Note that there may still be some issues with Oracle.
489 * Added configure options 'with-rlm-FOO-include/lib-dir', so that
490 lower-level rlm_FOO modules can be configured via the top-level
491 configuration file. This isn't completely done yet.
492 * Fix check for shared library using libtool info, instead of
493 assuming extension being ".so".
494 * Fixes for HPUX. We probably need more.
495 * Many additional bug fixes and changes.