- Update from version 3.2.5 to 3.2.6
- Update of rootfile
- Changelog
3.2.6
Configuration changes
* require_message_authenticator=auto and limit_proxy_state=auto
are not applied for wildcard clients. This likely will
leave your network in an insecure state. Upgrade all clients!
Feature improvements
* Allow for "auth+acct" dynamic home servers.
* Allow for setting "Home-Server-Pool", etc. for proxying
accounting packets, just like authentication packets.
* Fix spelling in starent SN[1]-Subscriber-Acct-Mode attribute
value. Patch from John Thacker.
* Update dictionary.iea. Patch from John Thacker.
* Add warning for secrets that are too short.
* More debugging for SSL ciphers. Patch from Nick Porter.
* Update 3GPP dictionary. Patch from Nick Porter.
* Fix ZTE dictionary.
* Make radsecret more portable and avoid extra dependencies.
* Add timestamp for Client-Lost so we don't think it's 1970. Patch
from Alexander Clouter. #5353
Bug fixes
* Dynamic clients now inherit require_message_authenticator
and limit_proxy_state from dynamic client {...} definition.
* Fix radsecret build rules to better support parallel builds.
* Checkpoint systems should be reconfigured for the BlastRADIUS
attack: https://support.checkpoint.com/results/sk/sk182516
The Checkpoint systems drop packets containing Message-Authenticator,
which violates the RFCs and is completely ridiculous.
* Fix duplicate CoA packet issue. #5397
* Several fixes in the event code
* Don't leak memory in rlm_sql_sqlite. #5392
* Don't stop processing RadSec data too early.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commit
