-FreeRADIUS 3.0.3 Fri 21 Mar 2014 08:30:00 EDT urgency=medium
+FreeRADIUS 3.0.4 Mon 12 May 2014 15:30:00 EDT urgency=medium
+ Feature improvements
+ * Home server "response_window" can now take fractions of a
+ second. See proxy.conf.
+ * radmin now supports "show module status", as the counterpart
+ to "set module status"
+ * Added dictionary ericsson.packet.ccore.networks
+ * Add %{tag:} expansion to get the tag value of an attribute.
+ * Report 'application_name' in connections to PostgreSQL servers.
+ FreeRADIUS connections will now appear as
+ 'FreeRADIUS <version> - <name>' in pg_stat_activity.
+ * All config item fields are now type checked at compile time
+ to prevent issues similar to #634 occuring again.
+ * Modify pairparsevalue to deal with embedded NULLs better,
+ and use the binary versions of attribute values in rlm_ldap.
+ * "ipaddr" will now use v6 if no v4 address is present. You should
+ use "ipv4addr" or "ipv6addr" to force v4/v6 addresses.
+ * The above applies to "listen", "home_server", and "client" sections.
+ * "client" sections will allow prefixes as "192.192.0/24". The old
+ "netmask" is still accepted, but the new format is preferred.
+ * Allow custom HTTP headers to be set for rlm_rest requests using
+ control:REST-HTTP-Header (attributes consumed after use).
+ * Extend format of %{rest:} expansion to allow HTTP method and POST
+ data to be specified
+ e.g. %{rest:POST http://example.org/api foo=bar&baz=boink}.
+ * Add %{hmacsha1:&data &key} and %{hmacmd5:&data &key} expansions
+ for signing data in requests.
+ * rlm_cache now consumes its control attributes to make runtime
+ configuration easier.
+ * Add control:Cache-Read-Only which when set to 'yes' will make the
+ cache module merge existing cache data, but not create new entries.
+ * Add %{unescape:} and %{urlunquote:} expansions to reverse escaping
+ and urlquoting.
+ * Add support for aliases in rlm_ldap.
+
+ Bug fixes
+ * make case-insensitive regular expressions work again.
+ * Added tests for the above
+ * A few more talloc parenting issues
+ * Fix delayed proxy reply handling. Closes #637
+ * Fix OpenSSL initialization order when using
+ RADIUS/TLS. Fixes #646
+ * Don't double-quote strings in debugging messages
+ * Fix foreach / break. Fixes #639
+ * Chargeable-User-Identifier, ADSL-Agent-Circuit-Id and
+ ADSL-Agent-Remote-Id should be "octets" types in the default
+ dictionary.
+ * Fix typo in mainconfig. Fixes #634
+ * More rlm_perl fixes. Fixes #635
+ * Free OpenSSL memory on clean exit.
+ * Fix <attr>[0] !* ANY - Was removing all instances of <attr>
+ * Fix case where multiple attributes were returned from LHS of
+ mapping, as with rlm_ldap. Fixes #652
+ * Fix corner case in cursor where using fr_cursor_next_by_da
+ after calling fr_cursor_remove may of resulted in a read of
+ uninitialised memory.
+ * Don't SEGV if all connections to a database server go away.
+ Fixes #651.
+ * Fix issue where <attr> -= <value> was not removing tagged
+ instances of <attr> equal to <value> (only untagged).
+ * Fix issue where tag values were not being set on attributes
+ created with unlang/ldap update blocks.
+ * Create rlm_sqlcounter attributes as integer64 types instead
+ of integer types, so large counter values can be specified.
+ * Fix issue where specifying a dynamic client IP addresss using
+ FreeRADIUS-Client-IPv6-Prefix or FreeRADIUS-Client-IP-Prefix
+ may have caused a validation error.
+ * Don't print two "&" for messages about attribute or list
+ references.
+ * Fix urlquote and escape to encode Unicode characters correctly.
+ * Fix redundant-load-balance blocks to try other modules in
+ the group if one fails.
+ * Fix issue with rlm_pap password normalisation where
+ 'known good' password strings stored in octets type attributes,
+ would be sometimes misnormalised as base64.
+ * Don't stop processing DHCP options if we find a 0x00 padding
+ option.
+ * Fix issue where modifying the value of an attribute created
+ from a template with a literal value, may have resulted in the
+ template literal being freed.
+ * Fix parenting issues in tls code which may have resulted in
+ memory corruption and crashes.
+ * Fix issue in radsniff where writing to PCAP files and using
+ -R response filters, where the requests would still be written
+ to the PCAP for non matching responses.
+ * Define __APPLE_USE_RFC_2292 so that the server builds with IPv6
+ support on OSX.
+ * Fix LDAP group lookups for named rlm_ldap instances.
+ Note that attribute references should be used when
+ checking LDAP-Group attributes. e.g. if (&LDAP-Group == 'foo').
+ * Delayed attribute references can now be used in unlang
+ existence checks. i.e. if (&Attribute-Name) { ... }
+
+FreeRADIUS 3.0.3 Mon 12 May 2014 15:30:00 EDT urgency=medium
Feature improvements
* Everything now builds with no warnings from the C compiler,
- Coverity, clang static analyzer, or cppcheck.
+ clang static analyzer, or cppcheck.
* rlm_ldap now supports defining the LDAP attribute name via
backticked expansion (i.e. shell command) in
RADIUS <-> LDAP mappings.
are allowed in "unlang".
* many enhancements to radsniff, including output
to collectd, ipv6 support and packet loss statistics.
- * Many dictionary updates (ZTE, Brocade, Motorola)
+ * Many dictionary updates (ZTE, Brocade, Motorola).
+ * rlm_yubikey now automatically splits passwords from OTP
+ strings.
+ * The detail file reader is now threaded by default.
+ This should improve performance reading the files.
Bug fixes
* Fix xlat expression %{attribute[n]} so that it actually
need double escaping (\\) of the backslash.
* The connection pools no longer have one connection used twice
in certain rare conditions.
- * Use self pipes for internal signals. The code was there, but for
- some reason was unused.
+ * Use self pipes for internal signals. The code was there, but was
+ unused.
+ * Don't crash if there are outstanding EAP sessions and were told to
+ exit gracefully.
+ * Fix typo in dictionary.rfc4072
FreeRADIUS 3.0.2 Fri 21 Mar 2014 08:30:00 EDT urgency=medium
Feature improvements