2010-04-06	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Snapshot 1.8.8-0.20100311
	- Added addons/loadMACintoDB.pl to rpm spec

	* pf/conf/pf-release: Version bump to 1.8.8dev (forgot to do earlier)

	* pf/lib/pf/ifoctetslog.pm, pf/lib/pf/locationlog.pm: Fixed a context
	issue with database queries related to mac history, switchport history
	and user bandwidth accounting. Also fixed a slight mistake with 
	ifoctet's db queries in general.

2010-03-31	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/db.pm: Database is now reconnecting on failed queries

	* pf/lib/pf/SNMP/ThreeCom/Switch_4200G.pm: Imported bugs and
	limitations section from parent (pf::SNMP::ThreeCom::SS4500).

2010-03-24      Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/services.pm: PF now creates static routes to routed Vlans 
	when dhcpd is enabled in networks.conf. It used to be when named was 
	enabled.

2010-03-16	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Fix upgrade bug introduced in 1.8.5: Changed
	perl-Locale-gettext dependency to use the perl namespace version 
	perl(Locale-gettext). Fixes #931;
	http://www.packetfence.org/mantis/view.php?id=931

2010-03-11	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Snapshot 1.8.8-0.20100311

	* pf/lib/pf/pfcmd/graph.pm, pf/t/all.t, pf/t/graph.t: Fixed problem 
	introduced in the database improvements concerning graphs
	Added a test case to validate it

2010-03-10	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/accounting.pl, pf/addons/recovery.pl, pf/lib/pf/action.pm,
	pf/lib/pf/class.pm, pf/lib/pf/configfile.pm, pf/lib/pf/db.pm, 
	pf/lib/pf/ifoctetslog.pm, pf/lib/pf/iplog.pm, pf/lib/pf/locationlog.pm,
	pf/lib/pf/node.pm, pf/lib/pf/os.pm, pf/lib/pf/person.pm, 
	pf/lib/pf/pfcmd/dashboard.pm, pf/lib/pf/pfcmd/graph.pm, 
	pf/lib/pf/pfcmd/report.pm, pf/lib/pf/switchlocation.pm, 
	pf/lib/pf/traplog.pm, pf/lib/pf/trigger.pm, pf/lib/pf/useragent.pm, 
	pf/lib/pf/violation.pm, pf/sbin/pfdetect, pf/sbin/pfdhcplistener, 
	pf/sbin/pfmon, pf/sbin/pfsetvlan, pf/t/all.t, pf/t/data.t, 
	pf/t/config.t, pf/t/person.t: Improvements in the database layer
	- new db_query_execute() that handles retrying queries, rebuilding 
	  prepared statements and better error reporting
	- new way to store db handlers, they are now stored in a hash that expose 
	  them per thread
	- use get_db_handle() to get database handle
	- db_connect no longer has a way to force the preparation of statements
	This all means overall use simplification and better error-handling and 
	reporting.

2010-03-08	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/pfcmd/dashboard.pm, pf/lib/pf/pfcmd/graph.pm,
	pf/lib/pf/pfcmd/report.pm: These files are now a module.

2010-03-05	Regis Balzard <rbalzard@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: Routed VLANs 
	documentation and a schema to explain

	* pf/README_SWITCHES, pf/docs/PacketFence_Administration_Guide.odt,
	pf/html/admin/configuration/switches_add.php, 
	pf/html/admin/configuration/switches_edit.php, pf/t/SNMP.t,
	pf/lib/pf/SNMP/Cisco/Catalyst_3750.pm, pf/t/critic.t, pf/t/pod.t: 
	Added support for Cisco Catalyst 3750

2010-03-04	Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/node.pm: Query optimization (avoid sub-selects)
	Massive improvement of query duration: from a couple of minutes to 
	sub-second on a 25 000 nodes setup.

2010-02-26	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/admin/violation/add.php, pf/html/admin/violation/edit.php:
	Fixed a regression where the violation edit page on the web admin would
	not show the violation description properly. Fixes #922;
	http://www.packetfence.org/mantis/view.php?id=922
	Regression introduced in 1.8.4. Cleaning up add.php to use a better
	mechanism to avoid future breakage.

	* pf/lib/pf/vlan.pm: Fixed validation in custom_getCorrectVlan. I was
	testing against a hashref instead of a switch object. Cleaned up the 
	sub to make the normal case obvious.
	Problem introduced in rev 53a220abaf38f45b6b7f9948dd2d365135354fab.

	* pf/lib/pf/SNMP.pm, pf/t/SNMP.t: Modified generateFakeMac() to allow
	ifIndex larger than two digits to appear in fake MAC. Fixes #921;
	http://www.packetfence.org/mantis/view.php?id=921

2010-02-11	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/pfcmd/pfcmd.pm: Allow ! in value field when quoted. Fixes
	#911;
	http://www.packetfence.org/mantis/view.php?id=911

2010-02-10	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/conf/templates/httpd.conf.apache22,
	pf/conf/templates/httpd.conf.pre_apache22: Fixed an apache rewrite rule

	* pf/lib/pf/vlan.pm: Added validation to custom_getCorrectVlan.
	If the switch object is not correct, return the default VLAN and log a 
	warning.

2010-02-09	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/recovery.pl, pf/bin/pfcmd, pf/lib/pf/vlan.pm, 
	pf/sbin/pfsetvlan, pf/UPGRADE: Avoid loading the entire SwitchFactory 
	at several spots in vlan.pm by passing the switch object around instead 
	of the switch's IP. Improves performance. Fixes #910;
	http://www.packetfence.org/mantis/view.php?id=910

	* pf/lib/pf/SNMP.pm, pf/sbin/pfsetvlan: When a 'UP' trap is received
	PacketFence will try to get the MAC address 30 times or for 2 minutes 
	whichever condition is first met. Fixes #903;
	http://www.packetfence.org/mantis/view.php?id=903
	
	This prevent the following condition: telnet timeouts take three 
	minutes for the thread to recover so 30 times 3 minutes would hang a 
	thread (and the switch) for 90 minutes. Now since it's longer than the 2
	minutes limit, it only hang it for 3 minutes.

	* pf/lib/pf/web.pm: In web_node_record_user_agent call node_modify() 
	directly instead of pfcmd node edit. It's more performant (avoids 
	spawning a shell) and it'll avoid trying to adjust vlan. Fixes #908;
	http://www.packetfence.org/mantis/view.php?id=908

	* pf/sbin/pfsetvlan: Created an ALRM signal handler that report an
	error and does nothing else. This is a workaround to prevent pfsetvlan
	to crash when a Net::Telnet or a Net::Appliance::Session call times out,
	sending a SIGALRM. Fixes #907;
	http://www.packetfence.org/mantis/view.php?id=907 

	Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=54415

	Local bug to track upstream: 
	http://www.packetfence.org/mantis/view.php?id=902

2010-02-03	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Cisco/Controller_4400_4_2_130.pm,
	pf/lib/pf/SNMP/Cisco/WLC_2106.pm, pf/lib/pf/SNMP/Cisco/WiSM.pm:
	Documented problematic behavior on the WLC's and WiSM's with DHCP
	Proxying activated.

2010-02-02	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/admin/configuration/interfaces_add.php, 
	pf/html/admin/configuration/interfaces_edit.php,
	pf/html/admin/configuration/networks_add.php,
	pf/html/admin/configuration/networks_edit.php,
	pf/html/admin/configuration/switches_add.php, 
	pf/html/admin/configuration/switches_edit.php,
	pf/html/admin/configuration/violation_add.php, 
	pf/html/admin/configuration/violation_edit.php, 
	pf/html/admin/node/edit.php, pf/html/admin/person/edit.php, 
	pf/html/admin/scan/edit.php, pf/html/admin/violation/edit.php: Errors
	are now shown in Web admin's popups instead of automatically closing 
	the popups without checking return status. Fixes #899;
	http://www.packetfence.org/mantis/view.php?id=899

2010-02-01	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/database-backup-and-maintenance.sh: Added a once-a-month
	archiving of locationlog_history entries older than a year.

2010-01-29	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: Added documentation
	on how to configure the ISR 1800 with PacketFence and added it to
	the supported switches section

	* pf/NEWS, pf/README_SWITCHES, 
	pf/html/admin/configuration/switches_add.php,
	pf/html/admin/configuration/switches_edit.php, pf/t/SNMP.t,
	pf/t/critic.t, pf/t/pod.t: Cisco ISR 1800 officially supported

	* pf/lib/pf/SNMP/Cisco/Controller_4400_4_2_130.pm,
	pf/lib/pf/SNMP/Cisco/WLC_2106.pm, pf/lib/pf/SNMP/Cisco/WiSM.pm: 
	Documented an issue with Windows 7 and certain IOSes

2010-01-28	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Cisco/ISR_1800.pm: getVlan was returning true or false
	instead of requested VLAN, now fixed

	* pf/lib/pf/SNMP/Cisco/ISR_1800.pm: More work to support ISR1800 series
	- Implemented getMacBridgePortHash and it relies on CLI :(
	- Implemented _getAllIfIndexForThisVlan (used by getMacBridgePortHash)
	- Added mandatory POD sections

2010-01-27	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Cisco/ISR_1800.pm: Implemented isDefinedVlan and
	getVlan for the ISR 1800

2010-01-26	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Installation_Guide.odt: Default web admin
	account is not admin / qwerty anymore, it is defined by user when
	running installer.pl. Corrected that mistake in the install guide.

2010-01-22	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/bin/pfcmd: Validate for successful write to conf/switches.conf 
	when adding, deleting and editing a switch. Fixes #898;
	http://www.packetfence.org/mantis/view.php?id=898
	Pushed in a little print to logdie conversion at another spot too.
	Hard-coded line numbers are to get the web admin to display the error.

	* pf/bin/pfcmd: New grammar tracing flag in pfcmd (disabled by
	default)

2010-01-21	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/conf/dhcp_fingerprints.conf: Added a projectors class and an
	Epson projector fingerprint to the DHCP fingerprint database.
	Contributed by Roelof Hoekstra.
	
2010-01-19	Olivier Bilodeau <obilodeau@inverse.ca>
	* Adding pf/lib/pf/SNMP/Cisco/WiSM.pm, modified pf/README_SWITCHES, 
	pf/docs/PacketFence_Administration_Guide.odt,
	pf/html/admin/configuration/switches_add.php, 
	pf/html/admin/configuration/switches_edit.php, pf/t/SNMP.t,
	pf/t/critic.t, pf/t/pod.t: Added module for Cisco Wireless Services
	Module (WiSM) and all required references for new hardware support
	Internally module is referring to Cisco Controller 4200's
	implementation.

	* pf/conf/templates/httpd.conf.pre_apache22, 
	pf/conf/templates/httpd.conf.apache22: Blocking Microsoft NCSI user
	agent from reaching captive portal.
	Windows Vista and 7 use the NCSI in background to detect connectivity,
	there is no need to waste resources capturing these web requests.
	http://technet.microsoft.com/en-us/library/cc766017(WS.10).aspx.
	Fixes #892;
	http://www.packetfence.org/mantis/view.php?id=892

2010-01-15	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/lookup/person.pm: Improved custom example

	* pf/html/admin/login.php: Added a new way to do admin authentication:
	verify user locally but verify password on AD server. Commented out by
	default but could be enabled
	Also added a TODO task

	* Added
	pf/addons/high-availability/heartbeat-2.x-drbd-8.3-support-fix.patch:
	Patch required for heartbeat 2.x and drbd 8.3 compatibility. Took from
	http://hg.linux-ha.org/dev/rev/6467be4d4cb7

	* pf/lib/pf/pfcmd.pm: Now accepting @ in a person's pid

	* pf/lib/pf/person.pm: Removed debugging code that was left out by
	mistake it would seem

2010-01-05	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/NEWS, pf/UPGRADE, pf/packetfence.spec, pf/conf/pf-release,
	pf/t/pfcmd.t, pf/docs/PacketFence_Administration_Guide.odt,
	pf/docs/PacketFence_Developers_Guide.odt,
	pf/docs/PacketFence_Installation_Guide.odt,
	pf/docs/PacketFenceZEN_Installation_Guide.odt: 
	Version bump to 1.8.7
	Copyright bump to 2010 in documentation

2009-12-28	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/user/content/templates/register_1.html: Fixed missing
	closing html tags

2009-12-22	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/admin/login.php: Fixed "username" Cross-Site Scripting
	Vulnerability as reported by Secunia advisory 37844 available at:
	http://secunia.com/advisories/37844/. Fixes #884;
	http://www.packetfence.org/mantis/view.php?id=884

2009-12-17	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Added perl-LWP-UserAgent-Determined as a 
	dependency of remote-snort-sensor. Fixes #882;
	http://www.packetfence.org/mantis/view.php?id=882

	* pf/packetfence.spec: Added perl-SOAP-Lite as a dependency of 
	remote-snort-sensor. Fixes #881;
	http://www.packetfence.org/mantis/view.php?id=881

2009-12-15	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/vlan.pm: We no longer act on wireless deauthentication
	traps. Fixes #880;
	http://www.packetfence.org/mantis/view.php?id=880

	* pf/bin/pfcmd: Changed warning message when unable to call flip
	because of missing open locationlog entry. Now more emphasis on the
	fact that it cannot change a VLAN because of that.

	* pf/conf/templates/httpd.conf.pre_apache22,
	pf/conf/templates/httpd.conf.apache22: Windows Proxy autoconfiguration 
	gets a forbidden on captive portal (reduce load)

2009-12-10	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/web.pm: We no longer bindly accept someone who is 
	authenticated based on session information. In effect, this prevents
	users from re-registering without entering username / password again.
	Fixes #761;
	http://www.packetfence.org/mantis/view.php?id=761

2009-12-08	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Aruba.pm: 802.1x deauthentication support and
	deauthenticateMac() appropriately call right deauth based on the
	user's authentication. Fixes #873;
	http://www.packetfence.org/mantis/view.php?id=873

	* pf/lib/pf/SNMP/Aruba.pm: Improving Aruba code
	Doesn't rely on an open iplog entry to work
	Extracted generic code in util.pm
	Paved the way for 802.1x deauth support
	Improved POD doc
	Doesn't rely on an open iplog entry to work: Fixes #871;
	http://www.packetfence.org/mantis/view.php?id=871

	* pf/lib/pf/util.pm: Two new util subroutines: mac2oid and oid2mac

2009-12-04	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFenceZEN_Installation_Guide.odt: Updated ZEN guide for
	upcomming PacketFence ZEN release 1.8.6

	* pf/packetfence.spec: Updated RPM spec with link to correct database
	schema. Rebuilt packages: 1.8.6-2

2009-12-03	Regis Balzard <rbalzard@inverse.ca>
	* pf/html/admin/login.php: Added optional LDAP params for admin login

2009-12-01	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/ChangeLog, pf/NEWS, pf/conf/pf-release, pf/installer.pl, 
	pf/packetfence.spec, pf/t/pfcmd.t, 
	pf/docs/PacketFence_Administration_Guide.odt,
	pf/docs/PacketFence_Developers_Guide.odt,
	pf/docs/PacketFence_Installation_Guide.odt: Bump to version 1.8.6

	* pf/bin/pfcmd, pf/conf/documentation.conf, pf/conf/pf.conf.defaults,
	pf/lib/pf/node.pm: Expire mode deadline now works in vlan isolation
	mode. Fixes #865;
	http://www.packetfence.org/mantis/view.php?id=865

	* pf/addons/migrate-to-locationlog_history.sh: New script to help with
	smoothly migrating entries in locationlog to locationlog_history.

2009-11-30	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/db/pfschema.mysql.186, pf/installer.pl, pf/t/pfcmd.t, NEWS, 
	pf/UPGRADE: All database tables are now of InnoDB format. Fixes #747;
	http://www.packetfence.org/mantis/view.php?id=747

	* added pf/db/pfschema.mysql.186 and pf/db/upgrade-1.8.4-1.8.6.sql,
	pf/NEWS, pf/UPGRADE, pf/addons/database-backup-and-maintenance.sh
	pf/installer.pl, pf/t/pfcmd.t: Now providing a locationlog_history
	table by default and locationlog rotation after 15 days (instead of 2).
	Simplifies deployment (no need to create table by hand anymore)
	Added new schema and schema upgrade script and instructions
	Updated installer and tests
	Fixes #800;
	http://www.packetfence.org/mantis/view.php?id=800

	* pf/cgi-bin/pdp.cgi: Fixed invalid string concatenation. Fixes #862;
	http://www.packetfence.org/mantis/view.php?id=862

2009-11-27	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/util.pm: Disabled unnecessary caching in vlan isolation
	mode. Prevents out of memory crashes in pfmon on large networks. Fixes 
	#861;
	http://www.packetfence.org/mantis/view.php?id=861

	* pf/packetfence.spec: Removed the commented out %define macro for
	our versionning. It seems that macro in comments are also interpreted. 

2009-11-20	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/UPGRADE, pf/packetfence.spec: Changed some default behavior for 
	overwriting config files (for the better)
	RPM spec version bump to snapshot 20091120

2009-11-19	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/node.pm, pf/lib/pf/trigger.pm, pf/lib/pf/util.pm,
	pf/lib/pf/violation.pm: Fixed POD doc so that test passes

	* pf/t/binaries.t: Fixed test case: we removed pfcmd_ap.pl

	* pf/t/log.conf, pf/t/pfcmd.t, pf/t/services.t: Tests are now using
	their own target logfile: logs/packetfence-tests.log

	* pf/t/all.t, pf/t/services.t: Added tests to check if snort starts 
	successfully and if pfdetect can bind to it

	* Copied pf/conf/templates/snort.conf to 
	pf/conf/templates/snort.conf.pre_snort-2.8
	Modified pf/conf/templates/snort.conf, pf/lib/pf/services.pm: snort
	fixes
	Removed -o flag to snort startup string (deprecated in snort)
	Updated default snort.conf
	Fixes #581, #846, #849;
	http://www.packetfence.org/mantis/view.php?id=581
	http://www.packetfence.org/mantis/view.php?id=846
	http://www.packetfence.org/mantis/view.php?id=849

2009-11-17	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Installation_Guide.odt: Added repositories in
	OS requirements section of the install guide:
	- CentOS need extras which is enabled by default
	- RedHat needs EPEL (extra packages for enterprise linux) which is 
	disabled by default

	* pf/bin/pfcmd, pf/conf/ui.conf
	pf/html/admin/configuration/switches.php, pf/lib/pf/pfcmd/pfcmd.pm:
	Fixed SNMPv3 configuration from pfcmd and Web admin interface
	The SNMPUserNameTrap parameter was not exposed. Thanks to
	Jean-Francois Laporte for reporting this. Fixes #853;
	http://www.packetfence.org/mantis/view.php?id=853
	
2009-11-16	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Aruba.pm: Fixed string concatenation problem.
	Also took the opportunity to removed duplicated ERROR: string appended
	at the beginning of logger calls and commented out very verbose dumper 
	debug code.

	* pf/conf/violations.conf: Added new UserAgent sample string to block
	more iPods and reindexed the BlackBerry one

2009-11-13	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/cgi-bin/redir.cgi: Validating if $cgi->user_agent is defined. 
	Fixes #850;
	http://www.packetfence.org/mantis/view.php?id=850

2009-11-10	Regis Balzard <rbalzard@inverse.ca>
	* pf/html/admin/configuration/switches_edit.php: 
	* pf/html/admin/configuration/switches_add.php: Fixed issues with SSH
	for CLI transport. Should be set to 'SSH' rather than 'ssh'

	* pf/sbin/pfsetvlan: Fixed issues with desAssociate trap for Wireless.
	Threads don't support SSH CLI transport mode. So we fork a call to 
	'pfcmd_vlan -deauthenticate ...'

2009-11-09	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/802.1X/rlm_perl_packetfence.pl: Rewrite of our freeradius
	802.1x perl module. Resolving problems with guests (visitors) and 
	registered users in secure SSID. Fixes 839, 841;
	Also, VISITOR is now called GUEST and improved documentation while I 
	was at it.
	http://www.packetfence.org/mantis/view.php?id=839
	http://www.packetfence.org/mantis/view.php?id=841

2009-11-03	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/admin/configuration/switches_add.php,
	pf/html/admin/configuration/switches_edit.php: Fixed typo in switch 
	definition in the Web Admin causing problems adding or editing a Cisco 
	Catalyst 2970, 3500XL and wireless Controller 4400. Fixes 836; 
	http://www.packetfence.org/mantis/view.php?id=836
	Backported from the 1.9 branch.

2009-11-02	Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/services.pm: Fixed missing library requirement when using
	PacketFence with routed VLANs

2009-10-30	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Correctly pinned Parse::RecDescent dependency to
	version 1.94 which is known to work. Fixes #806;
	http://www.packetfence.org/mantis/view.php?id=806

2009-10-28	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/NEWS, pf/packetfence.spec: 1.8.5 ready

	* pf/lib/pf/services.pm: In conf/switches.conf uplink=dynamic is no
	longer case-sensitive. Fixes #831;
	http://packetfence.org/mantis/view.php?id=831

	* pf/lib/pf/violation.pm: performance: verifying if violation already 
	exists in violation_trigger. Improves performance in situation where 
	there are a lot of devices repetively generating violation (ex: blocked
	iPods) because we detect it before launching `pfcmd violation add`.
	Also decreased logging prority from WARN to INFO

	* pf/lib/pf/violation.pm: Tighter validation in violation_trigger when
	database query returns a non-empty array (which is a bigger problem yet
	to be identified)

2009-10-27	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: Decided to get rid of
	the release notes section (avoids manual data duplication)
	Added a pointer to NEWS, UPGRADE and ChangeLog in "About this guide"
	section.

	* pf/conf/pf-release: Version bump to 1.8.5

	* pf/docs/PacketFence_Administration_Guide.odt: Integrated release
	notes
	
	* pf/docs/PacketFence_Developers_Guide.odt,
	pf/docs/PacketFence_Installation_Guide.odt: Bumped release month

	* pf/installer.pl: Refer to database schema symlink instead of using a
	hardcoded version number

	* pf/installer.pl: Got rid of dead installer code

	* pf/t/SNMP.t, pf/t/critic.t, pf/t/pf.t, pf/t/pfcmd.t, pf/t/php.t,
	 pf/t/pod.t: Test file list update

2009-10-26	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/html/admin/configuration/switches_add.php, 
	pf/html/admin/configuration/switches_edit.php: Added newly supported
	switches to the Web Admin

	* pf/conf/templates/httpd.conf.apache22,
	pf/conf/templates/httpd.conf.pre_apache22: Using temporary redirects
	instead of permanent ones in the captive portal. Fixes #757;
	http://packetfence.org/mantis/view.php?id=757
	Reported by Josh Ward (he also suggested the fix) Many thanks!

	* pf/packetfence.spec: Parse::RecDescent is a build dependency AND a 
	runtime one. Hopefully fixes #806 for good;
	http://packetfence.org/mantis/view.php?id=806

	* pf/packetfence.spec, pf/installer.pl: Packaging and installer fixes
	- Parse::RecDescent is a build dependency not a runtime one. Fixes #806;
	  http://packetfence.org/mantis/view.php?id=806
	- Pulling php-pear-Log instead of php-pear. Fixes #804
	  http://packetfence.org/mantis/view.php?id=804
	- jpgraph is no longer installed by installer.pl (is a dep of the rpm)
	- php-pear-Log is no longer installed by installer
	- Lots of new TODO task for installer

	* pf/lib/pf/pfcmd/pfcmd.pm: Removed use of Log::Log4perl
	This removes a lot of unnecessary build requirements and it wasn't even
	used anywhere in this file. Fixes #826;
	http://packetfence.org/mantis/view.php?id=826

	* pf/packetfence.spec: Added dependency to enable SNMPv3 AES encryption
	support. Fixes #775; http://packetfence.org/mantis/view.php?id=775

	* pf/conf/documentation.conf, pf/conf/pf.conf.defaults: Clarified 
	Nessus Scan parameters

	* pf/docs/PacketFence_Administration_Guide.odt: Updated Nessus
	documentation

2009-10-23	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/packetfence.spec: Improvements to the RPM SPEC file
	- New complete build instructions
	- New source_release tag that allow us to do multi distro release with 
	the same source tarball
	- Updated list of files to include new stuff

	* pf/html/admin/scan/index.php, pf/html/admin/scan/scan.php: Disabled
	scans from the web admin and made the result page the default page when
	clicking on the scan tab

	* Added pf/html/user/content/templates/scan-in-progress.html.
	* Modified pf/cgi-bin/redir.cgi, pf/cgi-bin/release.cgi, 
	pf/conf/locale/en/LC_MESSAGES/packetfence.po, 
	pf/conf/locale/fr/LC_MESSAGES/packetfence.po, pf/lib/pf/scan.pm, 
	pf/lib/pf/web.pm: Nessus scan integration
	- Tracking the state of registration scans
	- New "scan in progress" page
	- redir.cgi and release.cgi will redirect to the new scan in progress
	  page if a scan is in progress
	- Not showing Nessus server's password in the logs anymore
	- Scanning page now redirect once the progress bar is over

2009-10-22	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/cgi-bin/release.cgi, pf/conf/documentation.conf, 
	pf/conf/locale/en/LC_MESSAGES/packetfence.po, 
	pf/conf/locale/fr/LC_MESSAGES/packetfence.po, pf/conf/pf.conf.defaults,
	pf/lib/pf/config.pm, pf/lib/pf/web.pm: Nessus scan integration
	- Forking in the background when calling a scan to pfcmd and redirecting
	  to a scan in progress page
	- New parameter scan.duration to control the length of the scan progress
	  bar
	- French and English translations of the new scan in progress page
	- New generate_scan_progress_page() in lib/pf/web.pm

	* pf/cgi-bin/release.cgi: Removed vid hack for Nessus scan violation

	* pf/lib/pf/trigger.pm: Removed deprecated code: trigger_scan and 
	trigger_scan_add subs

	* pf/lib/pf/scan.pm: Scan using violation_trigger mechanism now
	Also moved IP to MAC test earlier and quit if it can't resolve

	* pf/lib/pf/violation.pm: Preparing violation_trigger to handle scan 
	violations
	- new test: scan violation id not authorized in config
	- took out of the trigger id loop various one time tests (inefficient)
	- violation trigger returns 1 if at least one violation is added 0 
	  otherwise
	- bonus POD doc

	* pf/cgi-bin/pdp.cgi, pf/sbin/pfdetect: Fixed trappable ip test to add
	a violation.

2009-10-21	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/sbin/pfdetect: pfdetect now sends IP when calling violation_trigger
	since the information is already available to it anyway

	* pf/lib/pf/violation.pm: Using $bin_dir instead of hardcoded path
	to call pfcmd. Closes a TODO task.

	* pf/lib/pf/scan.pm, pf/bin/pfcmd, pf/lib/pf/trigger.pm: Refactoring
	Moved all scanning code out of pfcmd into a new scan module

	* pf/bin/pfcmd, pf/lib/pf/schedule.pm: Nessus scan integration
	Removed all references of trigger id (tid) regarding scanning

	* pf/lib/pf/pfcmd/help.pm: pfcmd schedule documentation now accurate

	* pf/bin/pfcmd, pf/cgi-bin/release.cgi, pf/html/admin/scan/scan.php:
	Nessus Scan integration
	No more special scans with tid=99999 carrying a special meaning. All
	scanning is done with command line nessus client instead of 
	Nessus::ScanLite (which lacked plugin configuration capabilities). Other
	fixes includes:
	- Removing the 1200001 violation only if one exists (fix a problem when
	  scanning from Web admin)
	- Set HOME= env before calling nessus to conf/nessus/ so the .nessusrc 
	  file is created at a location accessible from CLI and web interfaces
	- Capturing the output of the nessus call and logging it if nessus 
	  returns a non-zero exit code
	- trigger_scan is deprecated
	- Updated web admin accordingly and explicitly disabled scheduled scans

2009-10-20	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/802.1X/pfcmd_ap.pl: Deleted
	* pf/addons/802.1X/rlm_perl_packetfence.pl, pf/addons/802.1X/README:
	Performance improvement in the freeradius PacketFence module
	Merged the content of pfcmd_ap.pl into rlm_perl_packetfence.pl. This 
	avoids costly forks for each radius request.
	Also took the opportunity to add validation of the db handle.

2009-10-19	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/UPGRADE, pf/NEWS: Updated NEWS and UPGRADE with all the work done
	since 1.8.4

2009-10-16	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/violation.pm: Improved error-handling in violation_trigger
	Reverted fix in revision 5abfb5911a05dc03e9646eb79a48653155e39278
	because it was too convoluted and replaced it with something clearer.

	* pf/conf/violations.conf: Working Nessus config sample

	* pf/bin/pfcmd: Work torwards Nessus integration
	pfcmd now handles by itself the fact that it needs to close the 
	system scan violation if the scan was successfull

	* pf/lib/pf/action.pm, pf/lib/pf/violation.pm: Slight logging changes to
	better represent what is actually going on.

	* pf/lib/pf/trigger.pm: trigger_add_scan now follows a contract: returns
	1 if a violation was added by the trigger and 0 otherwise
	a litle POD doc as a bonus

2009-10-16      Regis Balzard <rbalzard@inverse.ca>
	* pf/conf/ui.conf:
	* pf/bin/pfcmd:
	* pf/lib/pf/pfcmd/pfcmd.pm:
	* pf/lib/pf/services.pm: Added the pf_gateway field in networks.conf 
	used to store the PacketFence gateway for a routed VLAN. This is field 
	is only used with routed Registration and Isolation VLANs.
	Added code to allow PacketFence to dynamically create static routes for
	routed Registration and Isolation VLANs. We use the pf_gateway field.

2009-10-16      Regis Balzard <rbalzard@inverse.ca>
	* pf/bin/pfcmd: Added a fix to show a message when trying to delete a 
	node having open locationlog entries. Fixes #807
	http://www.packetfence.org/mantis/view.php?id=807

2009-10-15      Regis Balzard <rbalzard@inverse.ca>
	* pf/conf/authentication/local.pm: Fixed test to validate if user/pwd 
	is ok for local authentication during registration process. Fixes #779
	http://www.packetfence.org/mantis/view.php?id=779

2009-10-15      Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/web.om: Fixed redir.cgi crash when upgrading useragent. 
	Fixes #782
	http://www.packetfence.org/mantis/view.php?id=782

2009-10-15      Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/violation.pm: "violation not added, no trigger found for.."
	messages too noisy in logs so we decreased log level from INFO to 
	DEBUG. Fixes #812
	http://www.packetfence.org/mantis/view.php?id=812

2009-10-15      Regis Balzard <rbalzard@inverse.ca>
	* pf/addons/accounting.pl 
	* pf/addons/autodiscover.pl 
	* pf/addons/convertToPortSecurity.pl 
	* pf/addons/recovery.pl 
	* pf/bin/flip.pl 
	* pf/bin/pfcmd_vlan 
	* pf/lib/pf/vlan.pm 
	* pf/lib/pf/services.pm 
	* pf/test/connect_and_read.pl 
	* pf/sbin/pfsetvlan: Adding missing test after call to 
	switch->instantiate(). If it returns 0 then stop executing more code
	and log an error. Fixes #755 and #813
	http://www.packetfence.org/mantis/view.php?id=755
	http://www.packetfence.org/mantis/view.php?id=813 

2009-10-14	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/cgi-bin/redir.cgi: Logging improvement in redir.cgi
	Messages and log priority makes more sense now

2009-10-13	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/vlan.pm: Increased logging severity for the "Can't
	determine Uplinks for the switch" message (from info to warn).
	The problem is that at this point nothing gets done by packetfence so
	it is rather important to see this message.

	* pf/conf/violations.conf: Added a new UserAgent statement to block
	PSPs

2009-10-13      Regis Balzard <rbalzard@inverse.ca>
	* pf/packetfence.init: Added test in condrestart to check if 
	pfsetvlan.pid exists. If so, restart packetfence. Fixes #805;
	http://www.packetfence.org/mantis/view.php?id=805

2009-10-13      Regis Balzard <rbalzard@inverse.ca>
	* pf/sbin/pfsetvlan.pm: Added missing test in pfsetvlan in order to 
	avoid warning messages. Fixes #792;
	http://www.packetfence.org/mantis/view.php?id=792

2009-10-13      Regis Balzard <rbalzard@inverse.ca>
	* pf/packetfence.spec: Added new dependencies on
	- perl-LDAP (used to authenticate users trough LDAP during registration)
	- php-ldap (used to authenticate users connecting to the Web interface 
	through LDAP)
	- perl-IPC-Cmd (used to generate static routes for registration and 
	isolation routed VLANs)
	- perl-SOAP-Lite (used when receiving alerts from Snort)
	Fixes #798;
	http://www.packetfence.org/mantis/view.php?id=798
	- seting the perl-parse-RecDescent version to 1.94 in order to avoid 
	issues with the newer versions that causes the pfcmd_pregrammar.pm 
	generation to fail. Fixes #806;
	http://www.packetfence.org/mantis/view.php?id=806

2009-10-13	Regis Balzard <rbalzard@inverse.ca>
	* pf/addons/pfcmd_ap.pl: In order to avoid unnecessary WIFI entries in
	locationlog (since authentication->reauthentication occurs very often), 
	we don't add new entries anymore if there is already one.i Fixes #788
	http://www.packetfence.org/mantis/view.php?id=788

2009-10-13	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: Updated configuration 
	parameter reference with documentation.conf's changes for 
	trapping.whitelist.

2009-10-09	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/conf/violations.conf: Added device banning templates for iPod 
	touch, iPhone, BlackBerries, PlayStation 3, PSP and Slingbox. 

	* pf/conf/dhcp_fingerprints.conf: PlayStation 3 also detects
	PlayStation Portable (PSP)

2009-10-09      Regis Balzard <rbalzard@inverse.ca>
	* pf/lib/pf/vlan.pm: Removed isClientAlive() since we remove the Hub 
	violation that creates too many false positives. 
	* pf/sbin/pfsetvlan: Removed calls to isClientAlive().
	* pf/conf/violations.conf: Removed Hub violation definition.
	* pf/html/user/content/violations/hub.php: Removed this file.
	* pf/lib/pf/SNMP/Cisco.pm: Removed the parsing of c2900AddressViolation
	traps which only purpose what to generate Hub violations.

2009-10-09	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/web.pm: Changed priority of unknown User-Agent log message
	Was WARN is now INFO which is less scary and makes a lot more sense. 

	* pf/conf/documentation.conf, pf/conf/pf.conf.defaults: Documentation
	for the whitelist parameter is now more accurate.
	
	* pf/cgi-bin/pdp.cgi, pf/lib/pf/violation.pm, pf/sbin/pfdetect,
	pf/sbin/pfdhcplistener: The validation that the violation is applicable
	is now done in violation_trigger removing duplicate code. Fixes #801;
	http://www.packetfence.org/mantis/view.php?id=801

2009-10-08	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/rawip.pm, pf/lib/pf/util.pm, pf/sbin/pfmon: Testing for 
	whitelisted_mac is no longer called inside trappable_mac sub.
	Modified callers so they do the test themselves.
	Whitelisting validation was called two times because of that.

	* pf/lib/pf/util.pm: Removed commented code

2009-10-06	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Enterasys/D2.pm, pf/README_SWITCHES: Added support for
	Enterasys Standalone D2 Switch
	It works in linkUp/linkDown mode and port-security (called maclock on
	Enterasys hardware). Talks to the switch using SNMP.

	* pf/README_SWITCHES, pf/docs/PacketFence_Administration_Guide.odt: 
	Added instructions to setup the D2
	Updated supported switches list

2009-10-05	Olivier Bilodeau <obilodeau@inverse.ca>
	* UPGRADING: Added notes about the last two uplink fixes since someone
	could rely on the bug's behaviour without his knowledge.

	* pf/lib/pf/SNMP/Accton.pm, pf/lib/pf/SNMP/Cisco.pm, 
	pf/lib/pf/SNMP/Linksys.pm, pf/lib/pf/SNMP/Nortel.pm, pf/lib/pf/SNMP.pm:
	switches.conf's uplink=dynamic is now case-insensitive. Fixes #809;
	http://www.packetfence.org/mantis/view.php?id=809

	* pf/lib/pf/SNMP/Accton.pm, pf/lib/pf/SNMP/Cisco.pm, 
	pf/lib/pf/SNMP/Linksys.pm, pf/lib/pf/SNMP/Nortel.pm, pf/lib/pf/SNMP.pm:
	Various getUpLinks() subs didn't respect the "return -1 on failure" 
	contract. Fixes #795;
	http://www.packetfence.org/mantis/view.php?id=795

	* pf/conf/templates/httpd.conf.apache22,
	pf/conf/templates/httpd.conf.pre_apache22: Fixed the omission of a banned
	UserAgent from the https portion of the httpd config. Thanks Regis for
	pointing that out!

2009-10-02	Olivier Bilodeau <obilodeau@inverse.ca>
	* Added pf/addons/high-availability/dhcpd-3.0.5-init-script-lsb-fix.patch:
	Little patch to fix LSB compliance of dhcpd's init script. 
	Non-compliant init scripts generate scary error messages in Heartbeat. 

	* pf/conf/log.conf: Logging priority now shown in log files. Fixes
	#771;
	http://www.packetfence.org/mantis/view.php?id=771

	* pf/lib/pf/SNMP/Enterasys/SecureStack_C3.pm, pf/README_SWITCHES: Added
	support for Enterasys SecureStack C3 Switch
	It works in linkUp/linkDown mode and port-security (called maclock on
	Enterasys hardware). Talks to the switch using SNMP.
	
	* pf/docs/PacketFence_Administration_Guide.odt: Added instructions to
	setup the SecureStack C3
	Updated supported switches list
	Added comments about cleanup to do
	Minor formatting / whitespace cleanup

2009-09-28	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/Enterasys/Matrix_N3.pm, pf/README_SWITCHES,
	pf/docs/PacketFence_Administration_Guide.odt: Added support for
	Enterasys Matrix N3 Switch (Chassis)
	It works in linkUp/linkDown mode and port-security (called maclock on
	Enterasys hardware). Talks to the switch using SNMP.
	Documentation on how to configure was added to the admin guide.

	* pf/lib/pf/SNMP/Enterasys.pm: Fix for maclock support (Enterasys' port
	security): Trap string had a typo in parseTrap()

	* pf/bin/pfcmd: Fixed a typo in a comment

2009-09-24	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: Clarification of the
	vlan parameter in violations.conf

2009-09-22	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/lib/pf/SNMP/HP.pm: Removed unused code

2009-09-18	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Administration_Guide.odt: New switch config
	Added configuration information for SMC TigerStack 6224M. Thanks to
	Chinasee B. <chinasee.b@psu.ac.th> who provided his config.

	* pf/lib/pf/violation.pm: Crash fix
	If we attempted to trigger a violation but no trigger for the violation
	existed, we still tried to move on and add the violation which caused
	the use of a 0 in an hash reference thus a crash.

	* pf/lib/pf/vlan.pm: Fix a crash that happens if violation classes are
	corrupted and a vlan change is required (like when a violation is
	created)

2009-09-16	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFenceZEN_Installation_Guide.odt: Documentation update
	- updated commercial support section
	- version bump
	- ToC now linked internally
	- fixed a few typos

	* pf/docs/PacketFence_Developers_Guide.odt: Documentation update
	- updated custom_getCorrectVlan sub according to new 1.8.5 behavior
	- updated commercial support section
	- version bump
	- ToC now linked internally
	- fixed three typos

	* pf/docs/PacketFence_Administration_Guide.odt: Documentation update
	- updated supported switch list
	- added how to configure 3Com NJ220
	- added how to configure Amer SS2R24i
	- added how to configure Extreme Networks switches
	- integrated all the switches that we support in config section
	- added a MySQL performance optimization tip 
	- updated commercial support section
	- fixed several typos
	- removed whitespace
	- version bump
	- ToC now linked internally

2009-09-15	Olivier Bilodeau <obilodeau@inverse.ca>
	* Renamed pf/addons/high-availability/named-init-script-lsb-fix.patch
	to pf/addons/high-availability/named-9.2-init-script-lsb-fix.patch:
	bind 9.2 exposed wrong behavior but bind 9.3 is fine and patch doesn't
	apply anyway

2009-09-14	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/addons/high-availability/mysqld-init-script-lsb-fix.patch, 
	pf/addons/high-availability/named-init-script-lsb-fix.patch: LSB 
	compliance patches for MySQL and Bind

	* pf/addons/database-backup-and-maintenance.sh: Added basic database
	maintenance and backup script

	* pf/addons/logrotate: Added a basic logrotate sample script for 
	packetfence

2009-09-11	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/conf/templates/httpd.conf.apache22 and 
	pf/conf/templates/httpd.conf.pre_apache22: Block misbehaving User Agents
	Block at the apache level some User Agents that we don't care about
	such as Windows Update, etc. We give them a 403 error (forbidden).
	Fixes bug #790;
	http://www.packetfence.org/mantis/view.php?id=790

	* pf/lib/pf/SNMP/Linksys.pm: Deactivated port security on Linksys
	Known to be broken and the telnet code was sending SIGALRM and crashing
	pfsetvlan.
	Also added some trace level logging statements. Fixes bug #797;
	http://www.packetfence.org/mantis/view.php?id=797

	* pf/sbin/pfsetvlan: pfsetvlan stops on SIGALRM signal
	Die is properly sent to log4perl. No more misterious stops without any
	error. Alarm signals are known to be buggy with threaded perl. Fixes 
	bug #796;
	http://www.packetfence.org/mantis/view.php?id=796

2009-08-25	Olivier Bilodeau <obilodeau@inverse.ca>
	* pf/docs/PacketFence_Installation_Guide.odt: Install Guide updated
	Details
	- version bump
	- yum update before rpmforge install
	- removed priorities requirement (not sure about this one)
	- updated installation procedure to reflect new yum repo
	- re-generated ToC so that updating the table works with OpenOffice 3.1
	- added index links to the ToC elements, it now creates a linkified PDF
	- switch setup now points to the Admin Guide for more switch config
	samples and supported devices list
	- re-org: switches definition before custom trap handling functions 
	since pf's new behavior is based on switch definition rather than 
	per-node
	- explained new correctVlan behavior
	- modifed switches definition to outline the fact that vlan number can
	be overloaded in a specific switch from the default
	- some minor prettification
	- mentionned new support packages and added meat in commecial support 
	section


2009-08-19	Ludovic Marcotte <lmarcotte@inverse.ca>

	* Renamed CHANGES to NEWS and updated the spec
	file to reflect this change
	* packetfence.spec and
	pf/docs/MIB/Inverse-PacketFence-Notification.mib
	Modified to use support@inverse.ca as the contact information
