wouldn't use methods it knew about.
* Add more sanity checks in dynamic_clients code so the server won't
crash if it attempts to load a badly formated client definition.
-
-FreeRADIUS 2.1.12 Fri 30 Sept 2011 16:57:38 CEST, urgency=medium
- Feature improvements
- * Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
- dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
- * Added support for PCRE from Phil Mayers
- * Configurable file permission in rlm_linelog
- * Added "relaxed" option to rlm_attr_filter. This copies attributes
- if at least one match occurred.
- * Added documentation on dynamic clients.
- See raddb/modules/dynamic_clients.
- * Added support for elliptical curve cryptography.
- See ecdh_curve in raddb/eap.conf.
- * Added support for 802.1X MIBs in checkrad
- * Added support for %{rand:...}, which generates a uniformly
- distributed number between 0 and the number you specify.
- * Created "man" pages for all installed commands, and documented
- options for all commands. Patch from John Dennis.
- * Allow radsniff to decode encrypted VSAs and CoA packets.
- Patch from Bjorn Mork.
- * Always send Message-Authenticator in radtest. Patch from John Dennis.
- radclient continues to be more flexible.
- * Updated Oracle schema and queries
- * Added SecurID module. See src/modules/rlm_securid/README
-
- Bug fixes
- * Fix memory leak in rlm_detail
- * Fix "failed to insert event"
- * Allow virtual servers to be reloaded on HUP.
- It no longer complains about duplicate virtual servers.
- * Fix %{string:...} expansion
- * Fix "server closed socket" loop in radmin
- * Set ownership of control socket when starting up
- * Always allow root to connect to control socket, even if
- "uid" is set. They're root. They can already do anything.
- * Save all attributes in Access-Accept when proxying inner-tunnel
- EAP-MSCHAPv2
- * Fixes for DHCP relaying.
- * Check certificate validity when using OCSP.
- * Updated Oracle "configure" script
- * Fixed typos in dictionary.alvarion
- * WARNING on potential proxy loop.
- * Be more aggressive about clearing old requests from the
- internal queue
- * Don't open network sockets when using -C
-
-FreeRADIUS 2.1.11 Mon 20 Jun 2011 12:57:38 CEST, urgency=medium
- Feature improvements
- * Added doc/rfc/rfc6158.txt: RADIUS Design Guidelines.
- All vendors need to read it and follow its directions.
- * Microsoft SoH support for PEAP from Phil Mayers.
- See doc/SoH.txt
- * Certificate "bootstrap" script now checks for certificate expiry.
- See comments in raddb/eap.conf, and then "make_cert_command".
- * Support for dynamic expansion of EAP-GTC challenges.
- Patch from Alexander Clouter.
- * OCSP support from Alex Bergmann. See raddb/eap.conf, "ocsp"
- section.
- * Updated dictionary.huawei, dictionary.3gpp, dictionary.3gpp3.
- * Added dictionary.eltex, dictionary.motorola, and dictionary.ukerna.
- * Experimental redis support from Gabriel Blanchard.
- See raddb/modules/redis and raddb/modules/rediswho
- * Add "key" to rlm_fastusers. Closes bug #126.
- * Added scripts/radtee from original software at
- http://horde.net/~jwm/software/misc/comparison-tee
- * Updated radmin "man" page for new commands.
- * radsniff now prints the hex decoding of the packet (-x -x -x)
- * mschap module now reloads its configuration on HUP
- * Added experimental "replicate" module. See raddb/modules/replicate
- * Policy "foo" can now refer to module "foo". This lets you
- over-ride the behavior of a module.
- * Policy "foo.authorize" can now over-ride the behavior of module
- "foo", "authorize" method.
- * Produce errors in more situations when the configuration files
- have invalid syntax.
-
- Bug fixes
- * Ignore pre/post-proxy sections if proxying is disabled
- * Add configure checks for pcap_fopen*.
- * Fix call to otp_write in rlm_otp
- * Fix issue with Access-Challenge checking from 2.1.10, when the
- debug flag was set after server startup. Closes #116 and #117.
- * Fix typo in zombie period start time.
- * Fix leak in src/main/valuepair.c. Patch from James Ballantine.
- * Allow radtest to use spaces in shared secret.
- Patch from Cedric Carree.
- * Remove extra calls to HMAC_CTX_init() in rlm_wimax, fixing leak.
- Patch from James Ballantine.
- * Remove MN-FA key generation. The NAS does this, not AAA.
- Patch from Ben Weichman.
- * Include dictionary.mikrotik by default. Closes bug #121.
- * Add group membership query to MS-SQL examples. Closes bug #120.
- * Don't cast NAS-Port to integer in Postgresql queries.
- Closes bug #112.
- * Fixes for libtool and autoconf from Sam Hartman.
- * radsniff should read the dictionaries in more situations.
- * Use fnmatch to check for detail file reader==writer.
- Closes bug #128.
- * Check for short writes (i.e. disk full) in rlm_detail.
- Closes bug #130. Patches and testing from John Morrissey.
- * Fix typo in src/lib/token.c. Closes bug #124
- * Allow workstation trust accounts to use MS-CHAP.
- Closes bug #123.
- * Assigning foo=`/bin/echo hello` now produces a syntax error
- if it is done outside of an "update" section.
- * Fix "too many open file descriptors" problem when using
- "verify client" in eap.conf.
- * Many fixes to dialup_admin for PHP5, by Stefan Winter.
- * Allow preprocess module to have "hints = " and "huntgroups =",
- which allows them to be empty or non-existent.
- * Renamed "php3" files to "php" in dialup_admin/
- * Produce error when sub-TLVs are used in a dictionary. They are
- supported only in the "master" branch, and not in 2.1.x.
- * Minor fix in dictionary.redback. Closes bug #138.
- * Fixed MySQL "NULL" issues in ippool.conf. Closes bug #129.
- * Fix to Access-Challenge warning from Ken-ichirou Matsuzawa.
- Closes bug #118.
- * DHCP fixes to send unicast packets in more situations.
- * Fix to udpfromto, to enable it to work on IPv6 networks.
- * Fixes to the Oracle accounting_onoff_query.
- * When using both IPv4 and IPv6 home servers, ensure that we use the
- correct local socket for proxying. Closes bug #143.
- * Suppress messages when thread pool is nearly full, all threads
- are busy, and we can't create new threads.
- * IPv6 is now enabled for udpfromto. Closes bug #141
- * Make sqlippool query buffer the same size as sql module.
- Closes bug #139.
- * Make Coa / Disconnect proxying work again.
- * Configure scripts for rlm_caching from Nathaniel McCallum
- * src/lib/dhcp.c and src/include/libradius.h are LGPL, not GPL.
- * Updated password routines to use time-insensitive comparisons.
- This prevents timing attacks (though none are known).
- * Allow sqlite module to do normal SELECT queries.
- * rlm_wimax now has a configure script
- * Moved Ascend, USR, and Motorola "illegal" dictionaries to separate
- files. See share/dictionary for explanations.
- * Check for duplicate module definitions in the modules{} section,
- and refuse to start if duplicates are found.
- * Check for duplicate virtual servers, and refuse to start if
- duplicates are found.
- * Don't use udpfromto if source is INADDR_ANY. Closes bug #148.
- * Check pre-conditions before running radmin "inject file".
- * Don't over-ride "no match" with "match" for regexes.
- Closes bug #152.
- * Make retry and error message configurable in mschap.
- See raddb/modules/mschap
- * Allow EAP-MSCHAPv2 to send error message to client. This change
- allows some clients to prompt the user for a new password.
- See raddb/eap.conf, mschapv2 section, "send_error".
- * Load the default virtual server before any others.
- This matches what users expect, and reduces confusion.
- * Fix configure checks for udpfromto. Fixes Debian bug #606866
- * Definitive fix for bug #35, where the server could crash under
- certain loads. Changes src/lib/packet.c to use RB trees.
- * Updated "configure" checks to allow IPv6 udpfromto on Linux.
- * SQL module now returns NOOP if the accounting start/interim/stop
- queries don't do anything.
- * Allow %{outer.control: ... } in string expansions
- * home_server coa config now matches raddb/proxy.conf
- * Never send a reply to a DHCP Release.
-
-FreeRADIUS 2.1.10 Tue 28 Sep 12:00:00 CEST 2010, urgency=medium
- Feature improvements
- * Install the "radcrypt" program.
- * Enable radclient to send requests containing MS-CHAPv1
- Send packets with: MS-CHAP-Password = "password". It will
- be automatically converted to the correct MS-CHAP attributes.
- * Added "-t" command-line option to radtest. You can use "-t pap",
- "-t chap", "-t mschap", or "-t eap-md5". The default is "-t pap"
- * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120
- This change and the previous one makes PEAP testing much easier.
- * Added more documentation and examples for the "passwd" module.
- * Added dictionaries for RFC 5607 and RFC 5904.
- * Added note in proxy.conf that we recommend setting
- "require_message_authenticator = yes" for all home servers.
- * Added example of second "files" configuration, with documentation.
- This shows how and where to use two instances of a module.
- * Updated radsniff to have it write pcap files, too. See '-w'.
- * Print out large WARNING message if we send an Access-Challenge
- for EAP, and receive no follow-up messages from the client.
- * Added Cached-Session-Policy for EAP session resumption. See
- raddb/eap.conf.
- * Added support for TLS-Cert-* attributes. For details, see
- raddb/sites-available/default, "post-auth" section.
- * Added sample raddb/modules/{opendirectory,dynamic_clients}
- * Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
- * Added RFCs 5607, 5904, and 5997.
- * For EAP-TLS, client certificates can now be validated using an
- external command. See eap.conf, "validate" subsection of "tls".
- * Made rlm_pap aware of {nthash} prefix, for compatibility with
- legacy RADIUS systems.
- * Add Module-Failure-Message for mschap module (ntlm_auth)
- * made rlm_sql_sqlite database configurable. Use "filename"
- in sql{} section.
- * Added %{tolower: ...string ... }, which returns the lowercase
- version of the string. Also added %{toupper: ... } for uppercase.
-
- Bug fixes
- * Fix endless loop when there are multiple sub-options for
- DHCP option 82.
- * More debug output when sending / receiving DHCP packets.
- * EAP-MSCHAPv2 should return the MPPE keys when used outside
- of a TLS tunnel. This is needed for IKE.
- * Added SSL "no ticket" option to prevent SSL from creating sessions
- without IDs. We need the IDs, so this option should be set.
- * Fix proxying of packets from inside a TTLS/PEAP tunnel.
- Closes bug #25.
- * Allow IPv6 address attributes to be created from domain names
- Closes bug #82.
- * Set the string length to the correct value when parsing double
- quotes. Closes bug #88.
- * No longer look users up in /etc/passwd in the default configuration.
- This can be reverted by enabling "unix" in the "authorize" section.
- * More #ifdef's to enable building on systems without certain
- features.
- * Fixed SQL-Group comparison to register only if the group
- query is defined.
- * Fixed SQL-Group comparison to register <instance>-SQL-Group,
- just like rlm_ldap. This lets you have multiple SQL group checks.
- * Fix scanning of octal numbers in "unlang". Closes bug #89.
- * Be less aggressive about freeing "stuck" requests. Closes bug #35.
- * Fix example in "originate-coa" to refer to the correct packet.
- * Change default timeout for dynamic clients to 1 hour, not 1 day.
- * Allow passwd module to map IP addresses, too.
- * Allow passwd module to be used for CoA packets
- * Put boot filename into DHCP header when DHCP-Boot-Filename
- is specified.
- * raddb/certs/Makefile no longer has certs depend on index.txt and
- serial. Closes bug #64.
- * Ignore NULL errorcode in PostgreSQL client. Closes bug #39
- * Made Exec-Program and Exec-Program-Wait work in accounting
- section again. See sites-available/default.
- * Fix long-standing memory leak in esoteric conditions. Found
- by Jerry Nichols.
- * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
- This will automatically convert more passwords.
- * Updated rlm_pap to decode Password-With-Header, if it was base64
- encoded, and to treat the contents as potentially binary data.
- * Fix Novell eDir code to use the right function parameters.
- Closes bug #86.
- * Allow spaces to be escaped when executing external programs.
- Closes bug #93.
- * Be less restrictive about checking permissions on control socket.
- If we're root, allow connecting to a non-root socket.
- * Remove control socket on normal server exit. If the server isn't
- running, the control socket should not exist.
- * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP
- calculations. It *MAY* be different (upper / lower case) from
- the User-Name attribute. Closes bug #17.
- * If the EAP-TLS methods have problems, more SSL errors are now
- available in the Module-Failure-Message attribute.
- * Update Oracle configure scripts. Closes bug #57.
- * Added text to DESC fields of doc/examples/openldap.schema
- * Updated more documentation to use "Restructured Text" format.
- Thanks to James Lockie.
- * Fixed typos in raddb/sql/mssql/dialup.conf. Closes bug #11.
- * Return error for potential proxy loops when using "-XC"
- * Produce better error messages when slow databases block
- the server.
- * Added notes on DHCP broadcast packets for FreeBSD.
- * Fixed crash when parsing some date strings. Closes bug #98
- * Improperly formatted Attributes are now printed as "Attr-##".
- If they are not correct, they should not use the dictionary name.
- * Fix rlm_digest to be check the format of the Digest attributes,
- and return "noop" rather than "fail" if they're not right.
- * Enable "digest" in raddb/sites-available/default. This change
- enables digest authentication to work "out of the box".
- * Be less aggressive about marking home servers as zombie.
- If they are responding to some packets, they are still alive.
- * Added Packet-Transmit-Counter, to track detail file retransmits.
- Closes bug #13.
- * Added configure check for lt_dladvise_init(). If it exists, then
- using it solves some issues related to libraries loading libraries.
- * Added indexes to the MySQL IP Pool schema.
- * Print WARNING message if too many attributes are put into a packet.
- * Include dhcp test client (not built by default)
- * Added checks for LDAP constraint violation. Closes bug #18.
- * Change default raddebug timeout to 60 seconds.
- * Made error / warning messages more consistent.
- * Correct back-slash handling in variable expansion. Closes bug #46.
- You SHOULD check your configuration for backslash expansion!
- * Fix typo in "configure" script (--enable-libltdl-install)
- * Use local libltdl in more situations. This helps to avoid
- compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols.
- * Fix hang on startup when multiple home servers were defined
- with "src_ipaddr" field.
- * Fix 32/64 bit issue in rlm_ldap. Closes bug #105.
- * If the first "listen" section defines 127.0.0.1, don't use that
- as a source IP for proxying. It won't work.
- * When Proxy-To-Realm is set to a non-existent realm, the EAP module
- should handle the request, rather than expecting it to be proxied.
- * Fix IPv4 issues with udpfromto. Closes bug #110.
- * Clean up child processes of raddebug. Closes bugs #108 and #109
- * retry OTP if the OTP daemon fails. Closes bug #58.
- * Multiple calls to ber_printf seem to work better. Closes #106.
- * Fix "unlang" so that "attribute not found" is treated as a "false"
- comparison, rather than a syntax error in the configuration.
- * Fix issue with "Group" attribute.
-
-FreeRADIUS 2.1.9 Mon 24 May 8:00:00 CEST 2010, urgency=medium
- Feature improvements
- * Add radmin command "stats detail <file>" to see what
- is going on inside of a detail file reader.
- * Added documentation for CoA. See raddb/sites-available/coa
- * Add sub-option support for Option 82. See dictionary.dhcp
- * Add "server" field to default SQL NAS table, and documented it.
-
- Bug fixes
- * Reset "received ping" counter for Status-Server checks. In some
- corner cases it was not getting reset.
- * Handle large VMPS attributes.
- * Count accounting responses from a home server in SNMP / statistics
- code.
- * Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
- * radmin packet counter statistics are now unsigned, for numbers
- 2^31..2^32. After that they roll over to zero.
- * Be more careful about expanding data in PAP and MS-CHAP modules.
- This prevents login failures when passwords contain '{'.
- * Clean up zombie children if there were many "exec" modules being
- run for one packet, all with "wait = no".
- * re-open log file after HUP. Closes bug #63.
- * Fix "no response to proxied packet" complaint for Coa / Disconnect
- packets. It shouldn't ignore replies to packets it sent.
- * Calculate IPv6 netmasks correctly. Closes bug #69.
- * Fix SQL module to re-open sockets if they unexpectedly close.
- * Track scope for IPv6 addresses. This lets us use link-local
- addresses properly. Closes bug #70.
- * Updated Makefiles to no longer use the shell for recursing into
- subdirs. "make -j 2" should now work.
- * Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes
- bug #75.
- * Updated Makefiles so that "make reconfig" no longer uses the shell
- for recursing into subdirs, and re-builds all "configure" files.
- * Used above method to regenerate all configure scripts.
- Closes bug #34.
- * Updated SQL module to allow "server" field of "nas" table
- to be blank: "". This means the same as it being NULL.
- * Fixed regex realm example. Create Realm attribute with value
- of realm from User-Name, not from regex. Closes bug #40.
- * If processing a DHCP Discover returns "fail / reject", ignore
- the packet rather than sending a NAK.
- * Allow '%' to be escaped in sqlcounter module.
- * Fix typo internal hash table.
- * For PEAP and TTLS, the tunneled reply is added to the reply,
- rather than integrated via the operators. This allows multiple
- VSAs to be added, where they would previously be discarded.
- * Make request number unsigned. This changes nothing other than
- the debug output when the server receives more than 2^31 packets.
- * Don't block when reading child output in 'exec wait'. This means
- that blocked children get killed, instead of blocking the server.
- * Enabled building without any proxy functionality
- * radclient now prefers IPv4, to match the default server config.
- * Print useful error when a realm regex is invalid
- * relaxed rules for preprocess module "with_cisco_vsa_hack". The
- attributes can now be integer, ipaddr, etc. (i.e. non-string)
- * Allow rlm_ldap to build if ldap_set_rebind_proc() has only
- 2 arguments.
- * Update configure script for rlm_python to avoid dynamic linking
- problems on some platforms.
- * Work-around for bug #35
- * Do suid to "user" when running in debug mode as root
- * Make "allow_core_dumps" work in more situations.
- * In detail file reader, treat bad records as EOF.
- This allows it to continue working when the disk is full.
- * Fix Oracle default accounting queries to work when there are no
- gigawords attributes. Other databases already had the fix.
- * Fix rlm_sql to show when it opens and closes sockets. It already
- says when it cannot connect, so it should say when it can connect.
- * "chmod -x" for a few C source files.
- * Pull update spec files, etc. from RedHat into the redhat/ directory.
- * Allow spaces when parsing integer values. This helps people who
- put "too much" into an SQL value field.
-
-FreeRADIUS 2.1.8 Wed 30 Dec 16:44:50 CEST 2009, urgency=medium
- Feature improvements
- * Print more descriptive error message for too many EAP sessions.
- This gives hints on what to do when "failed to store handler"
- * Commands received from radmin are now printed on stdout when
- in debugging mode.
- * Allow accounting packets to be written to a detail file, even
- if they were read from a different detail file.
- * Added OpenSSL license exception (src/LICENSE.openssl)
-
- Bug fixes
- * DHCP sockets can now set the broadcast flag before binding to a
- socket. You need to set "broadcast = yes" in the DHCP listener.
- * Be more restrictive on string parsing in the config files
- * Fix password length in scripts/create-users.pl
- * Be more flexible about parsing the detail file. This allows
- it to read files where the attributes have been edited.
- * Ensure that requests read from the detail file are cleaned up
- (i.e. don't leak) if they are proxied without a response.
- * Write the PID file after opening sockets, not before
- (closes bug #29)
- * Proxying large numbers of packets no longer gives error
- "unable to open proxy socket".
- * Avoid mutex locks in libc after fork
- * Retry packet from detail file if there was no response.
- * Allow old-style dictionary formats, where the vendor name is the
- last field in an ATTRIBUTE definition.
- * Removed all recursive use of mutexes. Some systems just don't
- support this.
- * Allow !* to work as documented.
- * make templates work (see templates.conf)
- * Enabled "allow_core_dumps" to work again
- * Print better errors when reading invalid dictionaries
- * Sign client certificates with CA, rather than server certs.
- * Fix potential crash in rlm_passwd when file was closed
- * Fixed corner cases in conditional dynamic expansion.
- * Use InnoDB for MySQL IP Pools, to gain transactional support
- * Apply patch to libltdl for CVE-2009-3736.
- * Fixed a few issues found by LLVM's static checker
- * Keep track of "bad authenticators" for accounting packets
- * Keep track of "dropped packets" for auth/acct packets
- * Synced the "debian" directory with upstream
- * Made "unlang" use unsigned 32-bit integers, to match the
- dictionaries.
-
-FreeRADIUS 2.1.7 Mon Sept 14 11:20:00 CEST 2009; , urgency=medium
- Feature improvements
- * Full support for CoA and Disconnect packets as per RFC 3576
- and RFC 5176. Both receiving and proxying CoA is supported.
- * Added "src_ipaddr" configuration to "home_server". See
- proxy.conf for details.
- * radsniff now accepts -I, to read from a filename instead of
- a device.
- * radsniff also prints matching requests and any responses to those
- requests when '-r' is used.
- * Added example of attr_filter for Access-Challenge packets
- * Added support for udpfromto in DHCP code
- * radmin can now selectively mark modules alive/dead.
- See "set module state".
- * Added customizable messages on login success/fail.
- See msg_goodpass && msg_badpass in log{} section of radiusd.conf
- * Document "chase_referrals" and "rebind" in raddb/modules/ldap
- * Preliminary implementation of DHCP relay.
- * Made thread pool section optional. If it doesn't exist,
- the server will run single-threaded.
- * Added sample radrelay.conf for people upgrading from 1.x
- * Made proxying more stable by failing over, rather than
- rejecting the first request. See "response_window" in proxy.conf
- * Allow home_server_pools to exist without realms.
- * Add dictionary.iea (closes bug #7)
- * Added support for RFC 5580
- * Added experimental sql_freetds module from Gabriel Blanchard.
- * Updated dictionary.foundry
- * Added sample configuration for MySQL cluster in raddb/sql/ndb
- See the README file for explanations.
-
- Bug fixes
- * Fixed corner case where proxied packets could have extra
- character in User-Password attribute. Fix from Niko Tyni.
- * Extended size of "attribute" field in SQL to 64.
- * Fixes to ruby module to be more careful about when it builds.
- * Updated Perl module "configure" script to check for broken
- Perl installations.
- * Fix "status_check = none". It would still send packets
- in some cases.
- * Set recursive flag on the proxy mutex, which enables safer
- cleanup on some platforms.
- * Copy the EAP username verbatim, rather than escaping it.
- * Update handling so that robust-proxy-accounting works when
- all home servers are down for extended periods of time.
- * Look for DHCP option 53 anywhere in the packet, not just
- at the start.
- * Fix processing of proxy fail handler with virtual servers.
- * DHCP code now prints out correct src/dst IP addresses
- when sending packets.
- * Removed requirement for DHCP to have clients
- * Fixed handling of DHCP packets with message-type buried in the packet
- * Fixed corner case with negation in unlang.
- * Minor fixes to default MySQL & PostgreSQL schemas
- * Suppress MSCHAP complaints in debugging mode.
- * Fix SQL module for multiple instance, and possible crash on HUP
- * Fix permissions for radius.log for sites that change user/group,
- but which don't create the file before starting radiusd.
- * Fix double counting of packets when proxying
- * Make %l work
- * Fix pthread keys in rlm_perl
- * Log reasons for EAP failure (closes bug #8)
- * Load home servers and pools that aren't referenced from a realm.
- * Handle return codes from virtual attributes in "unlang"
- (e.g. LDAP-Group). This makes "!(expr)" work for them.
- * Enable VMPS to see contents of virtual server again
- * Fix WiMAX module to be consistent with examples. (closes bug #10)
- * Fixed crash with policies dependent on NAS-Port comparisons
- * Allowed vendor IDs to be be higher than 32767.
- * Fix crash on startup with certain regexes in "hints" file.
- * Fix crash in attr_filter module when packets don't exist
- * Allow detail file reader to be faster when "load_factor = 100"
- * Add work-around for build failures with errors related to
- lt__PROGRAM__LTX_preloaded_symbols. libltdl / libtool are horrible.
- * Made ldap module "rebind" option aware of older, incompatible
- versions of OpenLDAP.
- * Check value of Fall-Through in attr_filter module.
-
-FreeRADIUS 2.1.6 Mon May 18 10:00:00 CEST 2009; urgency=medium
- Feature improvements
- * radclient exits with 0 on successful (accept / ack), and 1
- otherwise (no response / reject)
- * Added support for %{sql:UPDATE ..}, and insert/delete
- Patch from Arran Cudbard-Bell
- * Added sample "do not respond" policy. See raddb/policy.conf
- and raddb/sites-available/do_not_respond
- * Cleanups to Suse spec file from Norbert Wegener
- * New VSAs for Juniper from Bjorn Mork
- * Include more RFC dictionaries in the default install
- * More documentation for the WiMAX module
- * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
- This helps with Active Directory. See raddb/modules/ldap
- * Don't load pre/post-proxy if proxying is disabled.
- * Added %{md5:...}, which returns MD5 hash in hex.
- * Added configurable "retry_interval" and "poll_interval"
- for "detail" listeners.
- * Added "delete_mppe_keys" configuration option to rlm_wimax.
- Apparently some WiMAX clients misbehave when they see those keys.
- * Added experimental rlm_ruby from
- http://github.com/Antti/freeradius-server/tree/master
- * Add Tunnel attributes to ldap.attrmap
- * Enable virtual servers to be reloaded on HUP. For now, only
- the "authorize", "authenticate", etc. processing sections are
- reloaded. Clients and "listen" sections are NOT reloaded.
- * Updated "radwatch" script to be more robust. See scripts/radwatch
- * Added certificate compatibility notes in raddb/certs/README,
- for compatibility with different operating systems. (i.e. Windows)
-
- Bug fixes
- * Minor changes to allow building without VQP.
- * Minor fixes from John Center
- * Fixed raddebug example
- * Don't crash when deleting attributes via unlang
- * Be friendlier to very fast clients
- * Updated the "detail" listener so that it only polls once,
- and not many times in a row, leaking memory each time...
- * Update comparison for Packet-Src-IP-Address (etc.) so that
- the operators other than '==' work.
- * Did autoconf magic to work around weird libtool bug
- * Make rlm_perl keep tags for tagged attributes in more situations
- * Update UID checking for radmin
- * Added "include_length" field for TTLS. It's needed for RFC
- compliance, but not (apparently) for interoperability.
-
-FreeRADIUS 2.1.5 Sun Jan 1 1:1:00 CEST 2009; , urgency=medium
- * Release number skipped due to procedural issues.
-
-FreeRADIUS 2.1.4 Tue Mar 10 17:05:00 CEST 2009; , urgency=medium
- Feature improvements
- * Permit multiple "-e" in radmin.
- * Add support for originating CoA-Request and Disconnect-Request.
- See raddb/sites-available/originate-coa.
- * Added "lifetime" and "max_queries" to raddb/sql.conf.
- This helps address the problem of hung SQL sockets.
- * Allow packets to be injected via radmin. See "inject help"
- in radmin.
- * Answer VMPS reconfirmation request. Patch from Hermann Lauer.
- * Sample logrotate script in scripts/logrotate.freeradius
- * Add configurable poll interval for "detail" listeners
- * New "raddebug" command. This prints debugging information from
- a running server. See "man raddebug.
- * Add "require_message_authenticator" configuration to home_server
- configuration. This makes the server add Message-Authenticator
- to all outgoing Access-Request packets.
- * Added smsotp module, as contributed by Siemens.
- * Enabled the administration socket in the default install.
- See raddb/sites-available/control-socket, and "man radmin"
- * Handle duplicate clients, such as with replicated or
- load-balanced SQL servers and "readclients = yes"
-
- Bug fixes
- * Clean up control sockets when they are closed, so that we don't
- leak memory.
- * Define SUN_LEN for systems that don't have it.
- * Correct some boundary conditions in the conditional checker ("if")
- in "unlang". Bug noted by Arran Cudbard-Bell.
- * Work around minor building issues in gmake. This should only
- have affected developers.
- * Change how we manage unprivileged user/group, so that we do not
- create control sockets owned by root.
- * Fixed more minor issues found by Coverity.
- * Allow raddb/certs/bootstrap to run when there is no "make"
- command installed.
- * In radiusd.conf, run_dir depends on the name of the program,
- and isn't hard-coded to "..../radiusd"
- * Check for EOF in more places in the "detail" file reader.
- * Added Freeswitch dictionary.
- * Chop ethernet frames in VMPS, rather than droppping packets.
- * Fix EAP-TLS bug. Patch from Arnaud Ebalard
- * Don't lose string for regex-compares in the "users" file.
- * Expose more functions in rlm_sql to rlm_sqlippool, which
- helps on systems where RTLD_GLOBAL is off.
- * Fix typos in MySQL schemas for ippools.
- * Remove macro that was causing build issues on some platforms.
- * Fixed issues with dead home servers. Bug noted by Chris Moules.
- * Fixed "access after free" with some dynamic clients.
-
-FreeRADIUS 2.1.3 Fri Dec 5 17:40:00 CEST 2008; , urgency=medium
- Feature improvements
- * Allow running with "user=radiusd" and binding to secure
- sockets.
- * Start sending Status-Server "are you alive" messages earlier,
- which helps with proxying multiple realms to a home server.
- * Removed thread pool code from rlm_perl. It's not necessary.
- * Added example Perl configuration to raddb/modules/perl
- * Force OpenSSL to support certificates with SHA256.
- This seems to be necessary for WiMAX certs.
-
- Bug fixes
- * Fix Debian patch to allow it to build.
- * Fix potential NULL dereference in debugging mode on certain
- platforms for TTLS and PEAP inner tunnels.
- * Fix uninitialized memory in handling of vendor definitions
- * Fix parsing of quoted (but non-string) attributes in the "users"
- file.
- * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0
- * use SUN_LEN in control socket, to avoid truncation on some
- platforms.
- * Correct internal handling of "debug condition" to prevent it
- from being over-written.
- * Check return code of regcomp in "unlang", so that invalid
- regular expressions are caught rather than mishandled.
- * Make rlm_sql use <ltdl.h>. Addresses bug #610.
- * Document list "type = status" better. Closes bug #580.
- * Set "default days" for certificates, because OpenSSL won't
- do it. This closes bug #615.
- * Reference correct list in example raddb/modules/ldap.
- Closes #596.
- * Increase default schema size for Acct-Session-Id to 64.
- Closes #540.
- * Fix use of temporary files in dialup-admin. Closes #605
- and addresses CVE-2008-4474.
- * Addressed a number of minor issues found by Coverity.
- * Added DHCP option 150 to the dictionary. Closes #618.
-
-FreeRADIUS 2.1.2 Thurs Dec 3 10:47:00 CEST 2008; , urgency=medium
- Due to packaging issues, 2.1.2 has been pulled from the net.
-
-FreeRADIUS 2.1.1 Thu Sep 25 11:03:00 CEST 2008; , urgency=medium
- Feature improvements
- * Many more options and features in radmin. See "man radmin" and
- raddb/sites-available/control-socket
- * Many more commands available via the control socket. Connect
- via "radmin", and type "help" for more information.
- * Added dictionary.networkphysics and dictionary.lancom.
- * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
-
- Bug fixes
- * Fixed bug that made radmin not work
- * Fixed Suse && Debian package scripts
- * Fixed issues with dynamic clients
- * Fixed configure checks for -lreadline
- * rlm_sqlippool no longer needs to be linked to rlm_sql.
- * Add statistics for detail file listeners. This closes bug #593.
- * Fixed printing of some WiMAX attributes.
- * Fix double free on exit() in rlm_attr_filter
- * Fixed build issues on Solaris.
- * Fixed fast session resumption for EAP-TLS
-
-FreeRADIUS 2.1.0 Fri Sep 5 13:20:01 CEST 2008; , urgency=medium
- Feature improvements
- * Clients may now be defined dynamically, based on IP address.
- See raddb/sites-available/dynamic-clients.
- * SNMP support is now available through an experimental Perl script.
- See scripts/snmp-proxy/README
- * SNMP statistics are available through Status-Server packets.
- See raddb/sites-available/status
- * Added more Microsoft attributes from bug #568.
- * The "linelog" module has more functionality and flexibility.
- See raddb/modules/linelog.
- * The debugging output has been sanitized. It should be much
- more readable.
- * Debug logs can now be turned on/off while the server is running, for
- a user, group, realm, etc. See the "log" section of radiusd.conf.
- * Added support for WiMAX Forum attributes. The dynamic keys
- are not yet calculated. See share/dictionary.wimax
- * Added session resumption for PEAP and TTLS.
- See raddb/eap.conf, "cache" sub-section.
- * Added "radmin" command-line tool for administering a running server.
- See "man radmin" and raddb/sites-available/control-socket.
-
- Bug fixes
- * Double escaping of '\\' in the "users" (and some other) files
- has been fixed. If you have '\\' in the "users" file, your
- configuration WILL NEED TO BE CHECKED, AND FIXED!
- * Parse "security" section in radiusd.conf. This was accidentally
- deleted in 2.0.5. Closes bug #566.
- * Bind to interface before IP, which allows DHCP sockets to
- listen on "*" for multiple interfaces.
- * Fix handling of giaddr in DHCP responses.
- * Corrected parsing of status_check in home_server so that it works.
- * Fix hints so that "Puser" works again.
- * Removed length restrictions on attribute names in the dictionaries.
- * Update socket code to avoid C compiler optimizations.
-
-FreeRADIUS 2.0.5 ; Date: 2008/06/07 17:17:00 , urgency=medium
- Feature improvements
- * Permit SQL authorize_reply_query to be empty.
- * Allow setting response packet type in Post-Proxy-Type Fail
- handler.
- * Added install-chown target to set correct permission and ownership
- make RADMIN=radmin RGROUP=radius install-chown
- * Support for LDAP-Group and other dynamic comparison attributes
- in unlang. Developed from a patch by Jason Alderfer.
- * Added chroot support. See radiusd.conf for comments.
- * Allow clients of 0/0. We do not recommend using this, though.
- * Moved many module configurations into raddb/modules/*
-
- Bug fixes
- * Allow proxying to virtual servers for accounting packets, too.
- * Added "num fields" function to PostgreSQL client.
- * Updated proxy fallback mechanism to validate fallback servers,
- and to process fallback requests in a child thread.
- * rlm_realm returns "ok" for LOCAL realms, not "noop".
- * Fixed some DHCP code handling. The examples should now work.
-
-FreeRADIUS 2.0.4 ; Date: 2008/04/30 08:56:40 , urgency=medium
- Feature improvements
- * Allow "virtual_server" in "realm" and "home_server" sections.
- See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
- * Allow "passwd" module to be listed in "accounting" and "post-auth".
- * Added "fallback" to "home_server_pool" configuration, to handle
- the case of all home servers being dead. See raddb/proxy.conf.
- * Added sample text to raddb/sites-available/inner-tunnel which
- can simplify debugging of inner tunnel configurations.
- * Added regular expression matching in realm names. See
- raddb/proxy.conf for examples.
- * Added simple DHCP server functionality. For comments, see
- raddb/sites-available/dhcp.
- * Added file globbing capabilities to detail file reader
- * Added sample raddb/sites-available/robust-proxy-accounting
- * Clients in SQL can now refer to a virtual server.
- Patch from Michael Bretterklieber.
- * Added some examples of creating RADIUS administrator in SQL,
- and assigning appropriate access rights.
-
- Bug fixes
- * Install all files in raddb/sites-available
- * Allow non-threaded builds.
- * Don't treat '0x' as special for known attributes that are not
- of type "octets".
- * Fix log error in rlm_pap.
- * Remove documentation about non-existent functionality.
- * Updated warning messages in debug output.
- * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
- This fix was supposed to go into 2.0.3, but did not make it.
- * Fix event handling in debug mode for failed proxy requests.
- * Fix memleak in fifos. Closes #537.
- * Fix memleak on blocked threads. Closes #538.
- * Perform additional checks on NULL realms. Closes #541.
- * Fix handling of "clients" in "listen" section.
- * When detail file cannot process a packet, sleep for longer
- to let the rest of the server do something.
- * Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
- * Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
- Closes #533.
- * Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
- correct place.
- * Update rlm_attr_filter for some corner cases. Closes #543.
- * Fixed memory leak in libfreeradius event handler.
- * In the SQL Accounting on/off queries, remove the restriction
- that the session time had to be zero.
-
-FreeRADIUS 2.0.3 ; Date: 2008/03/17 09:22:17 , urgency=medium
- Feature improvements
- * Updated raddb/certs/ca.cnf with extensions to allow ca.der
- to be imported as a CA on Symbian and Windows Mobile devices.
- Closes bug #524
- * Enable multiple matches in "hints" via Fall-Through = Yes.
- Closes bug #477
- * Added preliminary SQLite driver, contibuted by Apple.
- Untested, with no sample configuration. This address bug #470.
- * Updated logging sub-system so that log messages from libfreeradius
- can go to the log file, and not stdout.
- * Added dictionary.rfc5176
- * EAP module now checks for instance name, and uses that for
- authentication. This avoids the need to set Auth-Type when
- there are multiple instances of the EAP module.
- * Added Module-Return-Code attribute, which contains the value
- returned by the previous module (ok/fail/update/etc.)
-
- Bug fixes
- * Corrected typos in rlm_dbm. Closes bugs #521 and #522.
- * Detail file "listen" sections now work much better.
- * Don't allow old "log_*" to over-ride new format. Closes bug #525
- * Initialize allocated memory in Oracle SQL driver. This fixes
- occasional crashes on some systems. Closes bug #518
- * Call correct function in rlm_protocol_filter. This enables the
- module to build. Closes bug #512.
- * Added deprecated flag to build for rlm_krb5. This allows it to
- run on 64-bit systems. Closes bug #491
- * Corrected error message when parsing invalid configurations
- so it doesn't crash. Closes bug #527
- * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
- * Handle $INCLUDE's in "instantiate" section. Closes #528.
- * Format updates to "man" pages from Stephen Gran.
-
-FreeRADIUS 2.0.2 ; Date: 2008/02/14 11:13:48 , urgency=medium
- Feature improvements
- * Added notes on how to debug the server in radiusd.conf
- * Moved all "log_*" in radiusd.conf to log{} section.
- The old configurations are still accepted, though.
- * Added ca.der target in raddb/certs/Makefile. This is
- needed for importing CA certs into Windows.
- * Added ability send raw attributes via "Raw-Attribute = 0x0102..."
- This is available only debug builds. It can be used
- to create invalid packets! Use it with care.
- * Permit "unlang" policies inside of Auth-Type{} sub-sections
- of the authenticate{} section. This makes some policies easier
- to implement.
- * "listen" sections can now have "type = proxy". This lets you
- control which IP is used for sending proxied requests.
- * Added note on SSL performance to raddb/certs/README
-
- Bug fixes
- * Fixed reading of "detail" files.
- * Allow inner EAP tunneled sessions to be proxied.
- * Corrected MySQL schemas
- * syslog now works in log{} section.
- * Corrected typo in raddb/certs/client.cnf
- * Updated raddb/sites-available/proxy-inner-tunnel to
- permit authentication to work.
- * Ignore zero-length attributes in received packets.
- * Correct memcpy when dealing with unknown attributes.
- * Corrected debugging messages in attr_rewrite.
- * Corrected generation of State attribute in EAP. This
- fixes the "failed to remember handler" issues.
- * Fall back to DEFAULT realm if no realm was found.
- Based on a patch from Vincent Magnin.
- * Updated example raddb/sites-available/proxy-inner-tunnel
- * Corrected behavior of attr_filter to match documentation.
- This is NOT backwards compatible with previous versions!
- See "man rlm_attr_filter" for details.
-
-FreeRADIUS 2.0.1 ; Date: 2008/01/22 13:29:37 , urgency=low
- Feature improvements
- * "unlang" has been expanded to do less run-time expansion,
- and to have better handling of typed data. See "man unlang"
- for documentation and new examples.
-
- Bug fixes
- * The 'acct_unique' module has been updated to understand
- the deprecated (but still used) Client-IP-Address attribute.
- * The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in
- packets.
- * Fixed crash in rlm_dbm.
- * Fixed parsing of syslog configuration.
-
-FreeRADIUS 2.0.0 ; Date: 2007/11/24 08:33:09 , urgency=low
- Feature improvements
- * Debugging mode is much clearer and easier to read.
- * A new policy language makes many configurations trivial.
- See "man unlang" for a complete description.
- * Virtual servers are now supported. This permits clear separation
- of policies. See raddb/sites-available/README
- * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
- See raddb/certs/README for details.
- * Proxying is much more configurable than before.
- See proxy.conf for documentation on pools, and new config items.
- * Full support for IPv6.
- * Much more complete support for the RADIUS SNMP MIBs.
- * HUP now works. Only some modules are re-loaded,
- and the server configuation is *not* reloaded.
- * "check config" option now works. See "man radiusd"
- * radrelay functionality is now included in the server core.
- See raddb/sites-available/copy-acct-to-home-server
- * VMPS support. It is minimal, but functional.
- * Cleaned up internal API's and names, including library names.
-
- Bug fixes
- * Many.
projects / thirdparty / freeradius-server.git / commitdiff
