diff --git a/freeradius-server-2.1.0.tar.bz2 b/freeradius-server-2.1.0.tar.bz2
deleted file mode 100644
index 49a1330..0000000
--- a/freeradius-server-2.1.0.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:03e950b1de76a0753ef6b387bcdf1d618552e32ea78abbf97b6158c64df54928
-size 2333292
diff --git a/freeradius-server-2.1.1-CVE-2008-4474.patch b/freeradius-server-2.1.1-CVE-2008-4474.patch
new file mode 100644
index 0000000..8fe05e8
--- /dev/null
+++ b/freeradius-server-2.1.1-CVE-2008-4474.patch
@@ -0,0 +1,123 @@
+--- dialup_admin/bin/clean_radacct
++++ dialup_admin/bin/clean_radacct
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
++use File::Temp;
+ 
+ $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 35;
+@@ -42,11 +43,10 @@
+ 
+ $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
+ print "$query\n";
+-open TMP, ">/tmp/clean_radacct.query"
+-        or die "Could not open tmp file\n";
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh $query;
++close $fh;
++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/monthly_tot_stats
++++ dialup_admin/bin/monthly_tot_stats
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
++use File::Temp;
+ 
+ # Log in the mtotacct table aggregated accounting information for
+ # each user spaning in one month period.
+@@ -51,14 +52,13 @@
+ 	AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+-	or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query1;
++print $fh $query2;
++close $fh;
++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/tot_stats
++++ dialup_admin/bin/tot_stats
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
++use File::Temp;
+ 
+ # Log in the totacct table aggregated daily accounting information for
+ # each user.
+@@ -48,14 +49,13 @@
+ 	AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+-	or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query1;
++print $fh $query2;
++close $fh;
++$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/truncate_radacct
++++ dialup_admin/bin/truncate_radacct
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
++use File::Temp;
+ 
+ $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 90;
+@@ -44,13 +45,12 @@
+ $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
+ $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
+ print "$query\n";
+-open TMP, ">/tmp/truncate_radacct.query"
+-        or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
++my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
++print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
++print $fh $query;
++close $fh;
++$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
++$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
++$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
diff --git a/freeradius-server-2.1.0-codecleanup.patch b/freeradius-server-2.1.1-codecleanup.patch
similarity index 100%
rename from freeradius-server-2.1.0-codecleanup.patch
rename to freeradius-server-2.1.1-codecleanup.patch
diff --git a/freeradius-server-2.1.0-dialup_admin.patch b/freeradius-server-2.1.1-dialup_admin.patch
similarity index 100%
rename from freeradius-server-2.1.0-dialup_admin.patch
rename to freeradius-server-2.1.1-dialup_admin.patch
diff --git a/freeradius-server-2.1.0-ltdl.patch b/freeradius-server-2.1.1-ltdl.patch
similarity index 100%
rename from freeradius-server-2.1.0-ltdl.patch
rename to freeradius-server-2.1.1-ltdl.patch
diff --git a/freeradius-server-2.1.0-rcradiusd.patch b/freeradius-server-2.1.1-rcradiusd.patch
similarity index 100%
rename from freeradius-server-2.1.0-rcradiusd.patch
rename to freeradius-server-2.1.1-rcradiusd.patch
diff --git a/freeradius-server-2.1.1.tar.bz2 b/freeradius-server-2.1.1.tar.bz2
new file mode 100644
index 0000000..eedd573
--- /dev/null
+++ b/freeradius-server-2.1.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d675601c0bde53d0f2f32d5280d8271ae7a546dcc251fb94ae6d5168fd04adfe
+size 2366923
diff --git a/freeradius-server.changes b/freeradius-server.changes
index 544e496..6a729e0 100644
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,7 +1,35 @@
+-------------------------------------------------------------------
+Thu Oct  9 11:41:06 CEST 2008 - prusnak@suse.cz
+
+- fixed CVE-2008-4474 [bnc#433762]
+
+-------------------------------------------------------------------
+Thu Oct  9 11:37:04 CEST 2008 - prusnak@suse.cz
+
+- updated to 2.1.1
+  o Feature Improvements
+    * Many more options and features are available via radmin.
+      See man radmin and raddb/sites-available/control-socket.
+    * Many more commands available via the control socket.
+      Connect via radmin, and type help for more information.
+    * Added dictionary.networkphysics and dictionary.lancom.
+    * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+  o Bug Fixes
+    * Fixed bug that made radmin not work.
+    * Fixed Suse && Debian package scripts.
+    * Fixed issues with dynamic clients.
+    * Fixed configure checks for -lreadline
+    * rlm_sqlippool no longer needs to be linked to rlm_sql.
+    * Add statistics for detail file listeners. This closes bug #593.
+    * Fixed printing of some WiMAX attributes.
+    * Fixed double free on exit() in rlm_attr_filter.
+    * Fixed build issues on Solaris.
+    * Fixed fast session resumption for EAP-TLS.
+
 -------------------------------------------------------------------
 Mon Sep 15 12:37:31 CEST 2008 - ro@suse.de
 
-- make radrelay a hardlink to radiusday (instead of identical copy) 
+- make radrelay a hardlink to radiusday (instead of identical copy)
 
 -------------------------------------------------------------------
 Tue Sep  9 19:49:08 CEST 2008 - prusnak@suse.cz
@@ -55,72 +83,72 @@ Tue Aug 26 12:01:12 CEST 2008 - pth@suse.de
 Wed Jul 23 11:06:13 CEST 2008 - prusnak@suse.cz
 
 - updated to 2.0.5
-	Feature improvements
-	* Permit SQL authorize_reply_query to be empty.
-	* Allow setting response packet type in Post-Proxy-Type Fail
-	  handler.
-	* Added install-chown target to set correct permission and ownership
-	  make RADMIN=radmin RGROUP=radius install-chown
-	* Support for LDAP-Group and other dynamic comparison attributes
-	  in unlang.  Developed from a patch by Jason Alderfer.
-	* Added chroot support.  See radiusd.conf for comments.
-	* Allow clients of 0/0.  We do not recommend using this, though.
-	* Moved many module configurations into raddb/modules/*
-	
-	Bug fixes
-	* Allow proxying to virtual servers for accounting packets, too.
-	* Added "num fields" function to PostgreSQL client.
-	* Updated proxy fallback mechanism to validate fallback servers,
-	  and to process fallback requests in a child thread.
-	* rlm_realm returns "ok" for LOCAL realms, not "noop".
-	* Fixed some DHCP code handling.  The examples should now work.
+    Feature improvements
+    * Permit SQL authorize_reply_query to be empty.
+    * Allow setting response packet type in Post-Proxy-Type Fail
+      handler.
+    * Added install-chown target to set correct permission and ownership
+      make RADMIN=radmin RGROUP=radius install-chown
+    * Support for LDAP-Group and other dynamic comparison attributes
+      in unlang.  Developed from a patch by Jason Alderfer.
+    * Added chroot support.  See radiusd.conf for comments.
+    * Allow clients of 0/0.  We do not recommend using this, though.
+    * Moved many module configurations into raddb/modules/*
+    
+    Bug fixes
+    * Allow proxying to virtual servers for accounting packets, too.
+    * Added "num fields" function to PostgreSQL client.
+    * Updated proxy fallback mechanism to validate fallback servers,
+      and to process fallback requests in a child thread.
+    * rlm_realm returns "ok" for LOCAL realms, not "noop".
+    * Fixed some DHCP code handling.  The examples should now work.
 
 - updated to 2.0.4
-	Feature improvements
-	* Allow "virtual_server" in "realm" and "home_server" sections.
-	  See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
-	* Allow "passwd" module to be listed in "accounting" and "post-auth".
-	* Added "fallback" to "home_server_pool" configuration, to handle
-	  the case of all home servers being dead.  See raddb/proxy.conf.
-	* Added sample text to raddb/sites-available/inner-tunnel which
-	  can simplify debugging of inner tunnel configurations.
-	* Added regular expression matching in realm names.  See
-	  raddb/proxy.conf for examples.
-	* Added simple DHCP server functionality.  For comments, see
-	  raddb/sites-available/dhcp.
-	* Added file globbing capabilities to detail file reader
-	* Added sample raddb/sites-available/robust-proxy-accounting
-	* Clients in SQL can now refer to a virtual server.
-	  Patch from Michael Bretterklieber.
-	* Added some examples of creating RADIUS administrator in SQL,
-	  and assigning appropriate access rights.
-	
-	Bug fixes
-	* Install all files in raddb/sites-available
-	* Allow non-threaded builds.
-	* Don't treat '0x' as special for known attributes that are not
-	  of type "octets".
-	* Fix log error in rlm_pap.
-	* Remove documentation about non-existent functionality.
-	* Updated warning messages in debug output.
-	* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
-	  This fix was supposed to go into 2.0.3, but did not make it.
-	* Fix event handling in debug mode for failed proxy requests.
-	* Fix memleak in fifos.  Closes #537.
-	* Fix memleak on blocked threads.  Closes #538.
-	* Perform additional checks on NULL realms.  Closes #541.
-	* Fix handling of "clients" in "listen" section.
-	* When detail file cannot process a packet, sleep for longer
-	  to let the rest of the server do something.
-	* Add missing table to raddb/sql/mssql/schema.sql.  Closes #545.
-	* Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
-	  Closes #533.
-	* Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
-	  correct place.
-	* Update rlm_attr_filter for some corner cases.  Closes #543.
-	* Fixed memory leak in libfreeradius event handler.
-	* In the SQL Accounting on/off queries, remove the restriction
-	  that the session time had to be zero.
+    Feature improvements
+    * Allow "virtual_server" in "realm" and "home_server" sections.
+      See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
+    * Allow "passwd" module to be listed in "accounting" and "post-auth".
+    * Added "fallback" to "home_server_pool" configuration, to handle
+      the case of all home servers being dead.  See raddb/proxy.conf.
+    * Added sample text to raddb/sites-available/inner-tunnel which
+      can simplify debugging of inner tunnel configurations.
+    * Added regular expression matching in realm names.  See
+      raddb/proxy.conf for examples.
+    * Added simple DHCP server functionality.  For comments, see
+      raddb/sites-available/dhcp.
+    * Added file globbing capabilities to detail file reader
+    * Added sample raddb/sites-available/robust-proxy-accounting
+    * Clients in SQL can now refer to a virtual server.
+      Patch from Michael Bretterklieber.
+    * Added some examples of creating RADIUS administrator in SQL,
+      and assigning appropriate access rights.
+    
+    Bug fixes
+    * Install all files in raddb/sites-available
+    * Allow non-threaded builds.
+    * Don't treat '0x' as special for known attributes that are not
+      of type "octets".
+    * Fix log error in rlm_pap.
+    * Remove documentation about non-existent functionality.
+    * Updated warning messages in debug output.
+    * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
+      This fix was supposed to go into 2.0.3, but did not make it.
+    * Fix event handling in debug mode for failed proxy requests.
+    * Fix memleak in fifos.  Closes #537.
+    * Fix memleak on blocked threads.  Closes #538.
+    * Perform additional checks on NULL realms.  Closes #541.
+    * Fix handling of "clients" in "listen" section.
+    * When detail file cannot process a packet, sleep for longer
+      to let the rest of the server do something.
+    * Add missing table to raddb/sql/mssql/schema.sql.  Closes #545.
+    * Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
+      Closes #533.
+    * Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
+      correct place.
+    * Update rlm_attr_filter for some corner cases.  Closes #543.
+    * Fixed memory leak in libfreeradius event handler.
+    * In the SQL Accounting on/off queries, remove the restriction
+      that the session time had to be zero.
 
 - dropped obsoleted patches
   * event-fifo-threads.patch (included in update)
@@ -142,73 +170,73 @@ Mon May  5 15:02:10 CEST 2008 - pth@suse.de
 Wed Mar 19 17:23:48 CET 2008 - prusnak@suse.cz
 
 - updated to 2.0.3
-	Feature improvements
-	* Updated raddb/certs/ca.cnf with extensions to allow ca.der
-	  to be imported as a CA on Symbian and Windows Mobile devices.
-	  Closes bug #524
-	* Enable multiple matches in "hints" via Fall-Through = Yes.
-	  Closes bug #477
-	* Added preliminary SQLite driver, contibuted by Apple.
-	  Untested, with no sample configuration.  This address bug #470.
-	* Updated logging sub-system so that log messages from libfreeradius
-	  can go to the log file, and not stdout.
-	* Added dictionary.rfc5176
-	* EAP module now checks for instance name, and uses that for
-	  authentication.  This avoids the need to set Auth-Type when
-	  there are multiple instances of the EAP module.
-	* Added Module-Return-Code attribute, which contains the value
-	  returned by the previous module (ok/fail/update/etc.)
-	Bug fixes
-	* Corrected typos in rlm_dbm.  Closes bugs #521 and #522.
-	* Detail file "listen" sections now work much better.
-	* Don't allow old "log_*" to over-ride new format.  Closes bug #525
-	* Initialize allocated memory in Oracle SQL driver.  This fixes
-	  occasional crashes on some systems.  Closes bug #518
-	* Call correct function in rlm_protocol_filter.  This enables the
-	  module to build.  Closes bug #512.
-	* Added deprecated flag to build for rlm_krb5.  This allows it to
-	  run on 64-bit systems.  Closes bug #491
-	* Corrected error message when parsing invalid configurations
-	  so it doesn't crash.  Closes bug #527
-	* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
-	* Handle $INCLUDE's in "instantiate" section.  Closes #528.
-	* Format updates to "man" pages from Stephen Gran.
+    Feature improvements
+    * Updated raddb/certs/ca.cnf with extensions to allow ca.der
+      to be imported as a CA on Symbian and Windows Mobile devices.
+      Closes bug #524
+    * Enable multiple matches in "hints" via Fall-Through = Yes.
+      Closes bug #477
+    * Added preliminary SQLite driver, contibuted by Apple.
+      Untested, with no sample configuration.  This address bug #470.
+    * Updated logging sub-system so that log messages from libfreeradius
+      can go to the log file, and not stdout.
+    * Added dictionary.rfc5176
+    * EAP module now checks for instance name, and uses that for
+      authentication.  This avoids the need to set Auth-Type when
+      there are multiple instances of the EAP module.
+    * Added Module-Return-Code attribute, which contains the value
+      returned by the previous module (ok/fail/update/etc.)
+    Bug fixes
+    * Corrected typos in rlm_dbm.  Closes bugs #521 and #522.
+    * Detail file "listen" sections now work much better.
+    * Don't allow old "log_*" to over-ride new format.  Closes bug #525
+    * Initialize allocated memory in Oracle SQL driver.  This fixes
+      occasional crashes on some systems.  Closes bug #518
+    * Call correct function in rlm_protocol_filter.  This enables the
+      module to build.  Closes bug #512.
+    * Added deprecated flag to build for rlm_krb5.  This allows it to
+      run on 64-bit systems.  Closes bug #491
+    * Corrected error message when parsing invalid configurations
+      so it doesn't crash.  Closes bug #527
+    * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
+    * Handle $INCLUDE's in "instantiate" section.  Closes #528.
+    * Format updates to "man" pages from Stephen Gran.
 
 - updated to 2.0.2
-	Feature improvements
-	* Added notes on how to debug the server in radiusd.conf
-	* Moved all "log_*" in radiusd.conf to log{} section.
-	  The old configurations are still accepted, though.
-	* Added ca.der target in raddb/certs/Makefile.  This is
-	  needed for importing CA certs into Windows.
-	* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
-	  This is available only debug builds.  It can be used
-	  to create invalid packets! Use it with care.
-	* Permit "unlang" policies inside of Auth-Type{} sub-sections
-	  of the authenticate{} section.  This makes some policies easier
-	  to implement.
-	* "listen" sections can now have "type = proxy".  This lets you
-	  control which IP is used for sending proxied requests.
-	* Added note on SSL performance to raddb/certs/README
-	Bug fixes
-	* Fixed reading of "detail" files.
-	* Allow inner EAP tunneled sessions to be proxied.
-	* Corrected MySQL schemas
-	* syslog now works in log{} section.
-	* Corrected typo in raddb/certs/client.cnf
-	* Updated raddb/sites-available/proxy-inner-tunnel to
-	  permit authentication to work.
-	* Ignore zero-length attributes in received packets.
-	* Correct memcpy when dealing with unknown attributes.
-	* Corrected debugging messages in attr_rewrite.
-	* Corrected generation of State attribute in EAP.  This
-	  fixes the "failed to remember handler" issues.
-	* Fall back to DEFAULT realm if no realm was found.
-	  Based on a patch from Vincent Magnin.
-	* Updated example raddb/sites-available/proxy-inner-tunnel
-	* Corrected behavior of attr_filter to match documentation.
-	  This is NOT backwards compatible with previous versions!
-	  See "man rlm_attr_filter" for details.
+    Feature improvements
+    * Added notes on how to debug the server in radiusd.conf
+    * Moved all "log_*" in radiusd.conf to log{} section.
+      The old configurations are still accepted, though.
+    * Added ca.der target in raddb/certs/Makefile.  This is
+      needed for importing CA certs into Windows.
+    * Added ability send raw attributes via "Raw-Attribute = 0x0102..."
+      This is available only debug builds.  It can be used
+      to create invalid packets! Use it with care.
+    * Permit "unlang" policies inside of Auth-Type{} sub-sections
+      of the authenticate{} section.  This makes some policies easier
+      to implement.
+    * "listen" sections can now have "type = proxy".  This lets you
+      control which IP is used for sending proxied requests.
+    * Added note on SSL performance to raddb/certs/README
+    Bug fixes
+    * Fixed reading of "detail" files.
+    * Allow inner EAP tunneled sessions to be proxied.
+    * Corrected MySQL schemas
+    * syslog now works in log{} section.
+    * Corrected typo in raddb/certs/client.cnf
+    * Updated raddb/sites-available/proxy-inner-tunnel to
+      permit authentication to work.
+    * Ignore zero-length attributes in received packets.
+    * Correct memcpy when dealing with unknown attributes.
+    * Corrected debugging messages in attr_rewrite.
+    * Corrected generation of State attribute in EAP.  This
+      fixes the "failed to remember handler" issues.
+    * Fall back to DEFAULT realm if no realm was found.
+      Based on a patch from Vincent Magnin.
+    * Updated example raddb/sites-available/proxy-inner-tunnel
+    * Corrected behavior of attr_filter to match documentation.
+      This is NOT backwards compatible with previous versions!
+      See "man rlm_attr_filter" for details.
 
 - dropped patches:
   * conf_read.patch (included in update)
@@ -295,83 +323,83 @@ Tue Nov  6 13:16:58 CET 2007 - prusnak@suse.cz
 Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de
 
 - Update to 1.1.6. Changes since 1.1.3:
-	Feature improvements
-	* Added dictionary.rfc4372 (Chargeable User Identity)
-	* Added dictionary.rfc4675 (VLAN and Priority)
-	* Added dictionary.rfc4679 (ADSL Forum)
-	  NOTE some name differences from the RFC, due to dictionary.redback
-	* Updated rlm_python to something usable
-	* Added experimental sql "HPW" IPPools.
-	* Added more dictionaries
-	* Dictionary files now MUST NOT be globally writable.
-	* Configuration files now MUST NOT be globally readable,
-	  or globally writable.
-	* Be more aggressive about freeing memory on clean exit.
-	  This helps track down run-time leaks.
-	* Updated rlm_python to something usable
-	* Added experimental sql "HPW" IPPools.
-	* Major enhancements to rlm_pap, that make "encryption_scheme"
-	  a thing of the past.  See "man rlm_pap" for details.
-	* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
-	  work-arounds that enable Windows Vista clients to work.
-	* Added preliminary code to support Firebird.
-	  Use at your own risk!
-	* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
-	  platforms.
-	* Add a new "reply-name" directive in rlm_sqlcounter to define the
-	  name of the reply attribute.
-	* Added more dictionaries and attributes
-	* Print ntlm_auth failure reason in Module-Failure-Message
-	* radsqlrelay is able to get the DB password from a file instead
-	  of command line.
+    Feature improvements
+    * Added dictionary.rfc4372 (Chargeable User Identity)
+    * Added dictionary.rfc4675 (VLAN and Priority)
+    * Added dictionary.rfc4679 (ADSL Forum)
+      NOTE some name differences from the RFC, due to dictionary.redback
+    * Updated rlm_python to something usable
+    * Added experimental sql "HPW" IPPools.
+    * Added more dictionaries
+    * Dictionary files now MUST NOT be globally writable.
+    * Configuration files now MUST NOT be globally readable,
+      or globally writable.
+    * Be more aggressive about freeing memory on clean exit.
+      This helps track down run-time leaks.
+    * Updated rlm_python to something usable
+    * Added experimental sql "HPW" IPPools.
+    * Major enhancements to rlm_pap, that make "encryption_scheme"
+      a thing of the past.  See "man rlm_pap" for details.
+    * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
+      work-arounds that enable Windows Vista clients to work.
+    * Added preliminary code to support Firebird.
+      Use at your own risk!
+    * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
+      platforms.
+    * Add a new "reply-name" directive in rlm_sqlcounter to define the
+      name of the reply attribute.
+    * Added more dictionaries and attributes
+    * Print ntlm_auth failure reason in Module-Failure-Message
+    * radsqlrelay is able to get the DB password from a file instead
+      of command line.
 
-	Bug fixes
-	* Corrected typo in rlm_pap.c
-	* Corrected typo in src/main/auth.c
-	* Suppress SSL error messages if error is zero.
-	* Don't complain about "Error in read client certificate A"
-	  if we expect to read it in the next packet.  Fix based on patch
-	  by Dan Lukes.
-	* Corrected nearly 30 bugs found by Coverity
-	  See also http://scan.coverity.com
-	* Don't die on HUP.  Instead leak memory (sorry).  After a few
-	  hundred HUP's, the server will have leaked a few megabytes of
-	  memory, and you should probably re-start it.  It's ugly, but
-	  better than dying.
-	* Corrected a few double free's
-	* Corrected typo in radrelay, which prevented it from working
-	* Made Firebird module build
-	* Fixed bug in PostgreSQL module that caused server crash.
-	* Fixed bug in SQL module that could cause server to crash.
-	* Corrected base64 decoding in rlm_pap
-	* Don't retransmit accounting packets.  The NAS should do this.
-	* Handle Client-Error in EAP-SIM.
-	* Port OpenSSL locking fixes from CVS head.  This makes PEAP
-	  more stable on some systems.
-	* Require Message-Authenticator in Status-Server packets
-	* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
-	* Be more aggressibe about freeing memory on clean exit.
-	  This isn't strictly a bug fix, but it makes it easier to
-	  find memory leaks
-	* Increase buffer size for dynamic expansion, which allows
-	  longer SQL qeuries.
-	* Use correct line number when there's a parse error in one
-	  of the configuration sections.
-	* Terminate SSL sessions in EAP on error, rather than continuing
-	  in some cases.
-	* Increase buffer size to allow parsing of long octet strings
-	* Fix string termination on xlat in rlm_perl
-	* Fix a parse error in the digest module, where malformed
-	  digest requests would result in the user being accepted.  Oops...
-	* VALUEs can only be defined for 'integer', to catch mistakes
-	  with setting VALUEs for type 'string'.
-	* Better parsing of VALUE names, so that values starting with
-	  a digit work correctly.
-	* Check return from malloc.
-	* Fix a double free() in rlm_eap_tls.c
-	* Check return code of malloc() during initialization.
-	* Fix a corner case where the proxy port isn't set either in
-	  radiusd.conf or in proxy.conf.
+    Bug fixes
+    * Corrected typo in rlm_pap.c
+    * Corrected typo in src/main/auth.c
+    * Suppress SSL error messages if error is zero.
+    * Don't complain about "Error in read client certificate A"
+      if we expect to read it in the next packet.  Fix based on patch
+      by Dan Lukes.
+    * Corrected nearly 30 bugs found by Coverity
+      See also http://scan.coverity.com
+    * Don't die on HUP.  Instead leak memory (sorry).  After a few
+      hundred HUP's, the server will have leaked a few megabytes of
+      memory, and you should probably re-start it.  It's ugly, but
+      better than dying.
+    * Corrected a few double free's
+    * Corrected typo in radrelay, which prevented it from working
+    * Made Firebird module build
+    * Fixed bug in PostgreSQL module that caused server crash.
+    * Fixed bug in SQL module that could cause server to crash.
+    * Corrected base64 decoding in rlm_pap
+    * Don't retransmit accounting packets.  The NAS should do this.
+    * Handle Client-Error in EAP-SIM.
+    * Port OpenSSL locking fixes from CVS head.  This makes PEAP
+      more stable on some systems.
+    * Require Message-Authenticator in Status-Server packets
+    * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
+    * Be more aggressibe about freeing memory on clean exit.
+      This isn't strictly a bug fix, but it makes it easier to
+      find memory leaks
+    * Increase buffer size for dynamic expansion, which allows
+      longer SQL qeuries.
+    * Use correct line number when there's a parse error in one
+      of the configuration sections.
+    * Terminate SSL sessions in EAP on error, rather than continuing
+      in some cases.
+    * Increase buffer size to allow parsing of long octet strings
+    * Fix string termination on xlat in rlm_perl
+    * Fix a parse error in the digest module, where malformed
+      digest requests would result in the user being accepted.  Oops...
+    * VALUEs can only be defined for 'integer', to catch mistakes
+      with setting VALUEs for type 'string'.
+    * Better parsing of VALUE names, so that values starting with
+      a digit work correctly.
+    * Check return from malloc.
+    * Fix a double free() in rlm_eap_tls.c
+    * Check return code of malloc() during initialization.
+    * Fix a corner case where the proxy port isn't set either in
+      radiusd.conf or in proxy.conf.
 
 -------------------------------------------------------------------
 Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de
@@ -381,12 +409,12 @@ Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de
 -------------------------------------------------------------------
 Sun Feb 11 18:33:47 CET 2007 - ro@suse.de
 
-- one oversight in last change, build tested 
+- one oversight in last change, build tested
 
 -------------------------------------------------------------------
 Sun Feb 11 12:00:25 CET 2007 - ro@suse.de
 
-- fix build as non-root 
+- fix build as non-root
 
 -------------------------------------------------------------------
 Mon Sep  4 11:18:59 CEST 2006 - kukuk@suse.de
@@ -434,7 +462,7 @@ Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de
 -------------------------------------------------------------------
 Mon Mar 27 14:32:09 CEST 2006 - ro@suse.de
 
-- also use fPIC on s390* 
+- also use fPIC on s390*
 
 -------------------------------------------------------------------
 Thu Mar 23 20:39:02 CET 2006 - stark@suse.de
@@ -454,7 +482,7 @@ Fri Jan 20 18:19:32 CET 2006 - stark@suse.de
 -------------------------------------------------------------------
 Thu Jan 19 01:23:36 CET 2006 - ro@suse.de
 
-- changed php requires to generic ones (for php5) 
+- changed php requires to generic ones (for php5)
 
 -------------------------------------------------------------------
 Sat Jan 14 16:40:53 CET 2006 - stark@suse.de
@@ -480,13 +508,13 @@ Wed Dec 21 10:14:01 CET 2005 - stark@suse.de
 -------------------------------------------------------------------
 Tue Nov 15 21:49:18 CET 2005 - stark@suse.de
 
-- moved dialup_admin to subpackage and integrate it into 
+- moved dialup_admin to subpackage and integrate it into
   Apache 2 configuration
 
 -------------------------------------------------------------------
 Mon Sep 26 01:35:29 CEST 2005 - ro@suse.de
 
-- added LDAP_DEPRECATED to CFLAGS 
+- added LDAP_DEPRECATED to CFLAGS
 
 -------------------------------------------------------------------
 Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de
@@ -497,7 +525,7 @@ Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de
 -------------------------------------------------------------------
 Fri Sep 23 01:38:53 CEST 2005 - ro@suse.de
 
-- fix build-dir references in .la files 
+- fix build-dir references in .la files
 
 -------------------------------------------------------------------
 Tue Aug 30 12:50:30 CEST 2005 - stark@suse.de
@@ -524,7 +552,7 @@ Sun Jun  5 00:36:51 CEST 2005 - stark@suse.de
 -------------------------------------------------------------------
 Mon Apr 11 11:29:05 CEST 2005 - stark@suse.de
 
-- start daemon correctly (#75979) 
+- start daemon correctly (#75979)
 - fixed packaging on x86-64 (#75979)
 
 -------------------------------------------------------------------
@@ -541,7 +569,7 @@ Fri Feb 18 11:05:35 CET 2005 - stark@suse.de
 -------------------------------------------------------------------
 Thu Feb 17 08:34:12 CET 2005 - stark@suse.de
 
-- update to 1.0.2 
+- update to 1.0.2
 
 -------------------------------------------------------------------
 Sat Nov 27 13:44:09 CET 2004 - stark@suse.de
@@ -577,12 +605,12 @@ Tue Aug 17 23:55:38 CEST 2004 - sndirsch@suse.de
 -------------------------------------------------------------------
 Fri Aug 13 07:10:34 CEST 2004 - stark@suse.de
 
-- added some sample scripts to documentation 
+- added some sample scripts to documentation
 
 -------------------------------------------------------------------
 Tue Aug 10 09:35:03 CEST 2004 - stark@suse.de
 
-- update to 1.0.0 
+- update to 1.0.0
 
 -------------------------------------------------------------------
 Thu Jun 24 00:03:59 CEST 2004 - ro@suse.de
@@ -607,7 +635,7 @@ Mon Jan 12 10:26:25 CET 2004 - adrian@suse.de
 -------------------------------------------------------------------
 Fri Nov 28 06:56:46 CET 2003 - stark@suse.de
 
-- security update to 0.9.3  
+- security update to 0.9.3
   * Fix a remote DoS and possible exploit due to mis-handling
     of tagged attributes, and Tunnel-Password attribute.
 
@@ -625,7 +653,7 @@ Fri Aug  1 16:02:14 CEST 2003 - ro@suse.de
 -------------------------------------------------------------------
 Thu Jul 31 06:18:03 CEST 2003 - stark@suse.de
 
-- use stop/restart macros 
+- use stop/restart macros
 
 -------------------------------------------------------------------
 Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de
@@ -639,7 +667,7 @@ Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de
 Mon Jul 21 08:56:54 CEST 2003 - stark@suse.de
 
 - update to 0.9.0
-- build against libiodbc to enable iodbc module 
+- build against libiodbc to enable iodbc module
 
 -------------------------------------------------------------------
 Wed Jun  4 19:47:02 CEST 2003 - schwab@suse.de
@@ -652,7 +680,7 @@ Wed Jun  4 19:47:02 CEST 2003 - schwab@suse.de
 -------------------------------------------------------------------
 Tue Apr 15 23:46:08 CEST 2003 - ro@suse.de
 
-- fixed neededforbuild 
+- fixed neededforbuild
 
 -------------------------------------------------------------------
 Mon Mar  3 18:20:50 CET 2003 - kukuk@suse.de
@@ -667,7 +695,7 @@ Fri Feb  7 13:31:05 CET 2003 - kukuk@suse.de
 -------------------------------------------------------------------
 Wed Jan 15 15:53:21 CET 2003 - ro@suse.de
 
-- use sasl2 
+- use sasl2
 
 -------------------------------------------------------------------
 Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz
@@ -678,17 +706,17 @@ Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz
 Thu Dec 12 10:28:13 CET 2002 - stark@suse.de
 
 - update to 0.8.1
-  * minor bugfixes 
+  * minor bugfixes
 
 -------------------------------------------------------------------
 Mon Dec  2 07:20:10 CET 2002 - stark@suse.de
 
-- removed radwatch from package 
+- removed radwatch from package
 
 -------------------------------------------------------------------
 Tue Nov 19 08:33:36 CET 2002 - stark@suse.de
 
-- update to 0.8 
+- update to 0.8
   * Support for Status-Server packets
   * Fixed memory leak when proxying
   * Round-robin load balancing when proxying
@@ -699,22 +727,22 @@ Tue Nov 19 08:33:36 CET 2002 - stark@suse.de
 -------------------------------------------------------------------
 Mon Aug 19 00:06:38 CEST 2002 - ro@suse.de
 
-- don't overwrite README's with each other 
+- don't overwrite README's with each other
 
 -------------------------------------------------------------------
 Fri Aug 16 09:06:03 CEST 2002 - stark@suse.de
 
-- added PreReq (Bug #17838) 
+- added PreReq (Bug #17838)
 
 -------------------------------------------------------------------
 Thu Jun 20 01:06:41 CEST 2002 - ro@suse.de
 
-- hack ltconfig for ppc64 
+- hack ltconfig for ppc64
 
 -------------------------------------------------------------------
 Mon Apr  8 11:11:56 CEST 2002 - stark@suse.de
 
-- fixed packaging on 64bit platforms 
+- fixed packaging on 64bit platforms
 - added logrotate config
 - added some sample scripts to doc-dir
 
@@ -726,7 +754,7 @@ Fri Mar 22 15:01:10 CET 2002 - stark@suse.de
   * EAP/MD5 and experimental EAP/TLS,
   * Experimental PHP web administration interface,
   * Fixes for *BSD,
-  * Configurable database queries, executed per packet 
+  * Configurable database queries, executed per packet
     (e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}),
   * Fix logic bug which would cause occasional server crashes,
   * Server-side quenching of DoS attacks,
@@ -737,49 +765,49 @@ Fri Mar 22 15:01:10 CET 2002 - stark@suse.de
 -------------------------------------------------------------------
 Mon Feb 25 16:19:26 CET 2002 - stark@suse.de
 
-- moved *.la back to main-package as it is needed for 
+- moved *.la back to main-package as it is needed for
   dynamic loading of modules
 
 -------------------------------------------------------------------
 Mon Feb 25 07:44:11 CET 2002 - stark@suse.de
 
-- added patch to work with heimdal-krb5 
+- added patch to work with heimdal-krb5
 - moved *.so to -devel package
 
 -------------------------------------------------------------------
 Fri Feb  8 14:24:51 CET 2002 - stark@suse.de
 
 - deactivated kerberos support
-  (seems to be not compatible with heimdal :-() 
+  (seems to be not compatible with heimdal :-()
 
 -------------------------------------------------------------------
 Thu Feb  7 13:27:47 CET 2002 - stark@suse.de
 
-- changed heimdal libdir 
+- changed heimdal libdir
 
 -------------------------------------------------------------------
 Thu Dec 13 07:33:45 CET 2001 - stark@suse.de
 
 - update to 0.4
-- better use of fillup_and_insserv 
+- better use of fillup_and_insserv
 
 -------------------------------------------------------------------
 Mon Dec  3 11:42:15 CET 2001 - stark@suse.de
 
 - don't use START_RADIUSD anymore
-- make use of new fillup_and_insserv macro 
+- make use of new fillup_and_insserv macro
 
 -------------------------------------------------------------------
 Fri Oct 12 07:03:07 CEST 2001 - stark@suse.de
 
 - update to version 0.3
-- packed source-archive as bz2 
+- packed source-archive as bz2
 - branched package -> devel
 
 -------------------------------------------------------------------
 Fri Aug  3 07:53:54 CEST 2001 - stark@suse.de
 
-- removed use of watcher-script 
+- removed use of watcher-script
 - removed config-check (-C) in init script
   (it's not supported in freeradius)
 
@@ -787,12 +815,12 @@ Fri Aug  3 07:53:54 CEST 2001 - stark@suse.de
 Thu Aug  2 12:22:00 CEST 2001 - stark@suse.de
 
 - status fix in init script
-- renamed pam-configfile: radius -> radiusd 
+- renamed pam-configfile: radius -> radiusd
 
 -------------------------------------------------------------------
 Wed Aug  1 09:57:53 CEST 2001 - stark@suse.de
 
-- updated to 0.2 
+- updated to 0.2
 
 -------------------------------------------------------------------
 Thu Jul 26 10:06:01 CEST 2001 - kukuk@suse.de
@@ -812,7 +840,7 @@ Sat Jun 23 20:52:07 CEST 2001 - schwab@suse.de
 -------------------------------------------------------------------
 Mon Jun 18 07:58:08 CEST 2001 - stark@suse.de
 
-- removed absolute paths from pam-config 
+- removed absolute paths from pam-config
 
 -------------------------------------------------------------------
 Wed May 23 13:32:20 CEST 2001 - stark@suse.de
@@ -822,7 +850,7 @@ Wed May 23 13:32:20 CEST 2001 - stark@suse.de
 -------------------------------------------------------------------
 Wed Mar 21 13:11:34 CET 2001 - stark@suse.de
 
-- new snapshot 20010321 (pre-BETA) 
+- new snapshot 20010321 (pre-BETA)
 - replaced start- and killproc to avoid problems with Kernel 2.4
   using the radwatch shell-script
 - added built of LDAP and MySQL modules
@@ -830,7 +858,7 @@ Wed Mar 21 13:11:34 CET 2001 - stark@suse.de
 -------------------------------------------------------------------
 Mon Jan 29 09:58:23 CET 2001 - stark@suse.de
 
-- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay 
+- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
 
 -------------------------------------------------------------------
 Mon Jan 15 10:52:42 CET 2001 - stark@suse.de
@@ -841,5 +869,5 @@ Mon Jan 15 10:52:42 CET 2001 - stark@suse.de
 -------------------------------------------------------------------
 Thu Jan  4 13:32:26 CET 2001 - stark@suse.de
 
-- CVS snapshot 20010104 
+- CVS snapshot 20010104
 
diff --git a/freeradius-server.spec b/freeradius-server.spec
index e56daa6..1525131 100644
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package freeradius-server (Version 2.1.0)
+# spec file for package freeradius-server (Version 2.1.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -18,8 +18,8 @@
 
 
 Name:           freeradius-server
-Version:        2.1.0
-Release:        4
+Version:        2.1.1
+Release:        1
 License:        GPL v2 only; LGPL v2.1 only
 Group:          Productivity/Networking/Radius/Servers
 Provides:       radiusd
@@ -33,6 +33,7 @@ Patch0:         %{name}-%{version}-ltdl.patch
 Patch1:         %{name}-%{version}-dialup_admin.patch
 Patch2:         %{name}-%{version}-rcradiusd.patch
 Patch3:         %{name}-%{version}-codecleanup.patch
+Patch4:         %{name}-%{version}-CVE-2008-4474.patch
 PreReq:         %{_sbindir}/useradd %{_sbindir}/groupadd
 PreReq:         perl
 PreReq:         %insserv_prereq %fillup_prereq
@@ -209,6 +210,7 @@ Authors:
 %patch1
 %patch2
 %patch3
+%patch4
 
 %build
 #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fstack-protector"
@@ -433,6 +435,28 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_includedir}/freeradius/*.h
 
 %changelog
+* Thu Oct 09 2008 prusnak@suse.cz
+- fixed CVE-2008-4474 [bnc#433762]
+* Thu Oct 09 2008 prusnak@suse.cz
+- updated to 2.1.1
+  o Feature Improvements
+  * Many more options and features are available via radmin.
+  See man radmin and raddb/sites-available/control-socket.
+  * Many more commands available via the control socket.
+  Connect via radmin, and type help for more information.
+  * Added dictionary.networkphysics and dictionary.lancom.
+  * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+  o Bug Fixes
+  * Fixed bug that made radmin not work.
+  * Fixed Suse && Debian package scripts.
+  * Fixed issues with dynamic clients.
+  * Fixed configure checks for -lreadline
+  * rlm_sqlippool no longer needs to be linked to rlm_sql.
+  * Add statistics for detail file listeners. This closes bug #593.
+  * Fixed printing of some WiMAX attributes.
+  * Fixed double free on exit() in rlm_attr_filter.
+  * Fixed build issues on Solaris.
+  * Fixed fast session resumption for EAP-TLS.
 * Mon Sep 15 2008 ro@suse.de
 - make radrelay a hardlink to radiusday (instead of identical copy)
 * Tue Sep 09 2008 prusnak@suse.cz