-FreeRADIUS 1.1.0 ; $Date$, urgency=low
+FreeRADIUS 1.1.3 ; $Date$, urgency=low
+
+ Feature improvements
+ * rlm_otp now talks to otpd for OTP verification, rather than
+ doing the work itself; this improves portability and security
+ (access to OTP token keys is now much more limited)
+
+ Bug fixes
+ * Fixed configure/make error for Solaris (set HAVE_CLOSEFROM).
+ * Update libtool and ltdl to 1.5.22, to fix 'make install R=';
+ also improve integration by importing unmodified original
+ source
+
+FreeRADIUS 1.1.2 ; $Date$, urgency=low
+
+ Feature improvements
+ * Allow tagged VSA's for Juniper. Closes bugs #367 and #368.
+ * Allow Ascend "abinary" format to be specified as octets,
+ (e.g. Ascend-Data-Filter = 0x010203...)
+ * Added "cipher_list" configuration to the EAP-TLS module.
+ See "eap.conf" and "man 1 cipher" for details.
+ * Added "check_cert_issuer" configuration to the EAP-TLS module.
+ See "eap.conf" for details. (closes: #346)
+ * Added "suppress" configuration entry to rlm_detail,
+ to suppress certain attributes (e.g. User-Password).
+ This closes bug #359.
+ * More dictionary updates
+ * Write SSL errors to log file, rather than stderr.
+ This closes bug #347.
+ * Allow a core dump on uid change on Linux (closes: #361)
+
+ Bug fixes
+ * Return better error codes in SQL IODBC module. Closes bug #341.
+ * Corrected list of EAP handlers.
+ * Initialize variable in rlm_ldap.c. This fixes RedHat
+ bug #136468.
+ * Escape more ldap strings, so configuration entries
+ that have magic LDAP characters don't break LDAP.
+ This closes bug #360.
+ * Updated doc/rlm_ldap. This closes bug #353.
+ * Updated redhat/freeradius.spec. This closes bug #330.
+ * Don't forcibly over-write Auth-Type in the mschap module.
+ This prevents an earlier module from forcing reject.
+ * Use the correct module reference in the authenticate section,
+ where Auth-Type wasn't explicitely specified.
+ * If there are typos in a subsection in radiusd.conf, exit
+ after printing an error, rather than continuing.
+ * Print Ascend "abinary" format as text rather than octets
+ when we receive it.
+ * Silently drop packets with bad Message-Authenticators, as per RFC3579
+ * Unbreak ./configure --disable-static (closes: #350)
+ * Unbreak ./configure --prefix (closes: #354)
+
+FreeRADIUS 1.1.1 ; Date: 2006/03/17 19:50:34, urgency=low
+
+ Security fixes
+ * Additional state checking in the EAP-MSCHAPv2 module.
+ Bug found by Steffen Schuster.
+
+ Feature improvements
+ * More dictionary updates
+ * Additional tests and fixes for Digest module from Phillipe Sultan.
+ * Add new "phone" response mode to rlm_otp/cryptocard.
+ * Put the eap sessions into a tree, so that looking them up is very
+ fast, and no longer O(n) in the number of sessions.
+ * Install the schema examples for a set of backends with the rest
+ of the documentation.
+ * Add support for xlat expansion of attributes from LDAP.
+
+ Bug fixes
+ * Fix rlm_perl crash. (closes: #348)
+ * Fix handling of CoA-Request packets (close #344). Also correct
+ name of CoA packets.
+ * Fix an error on x86_64 machines when reading dictionaries.
+ (closes: #312)
+ * Fix compilation errors on FreeBSD and NetBSD because of rlm_otp
+ module. (closes: #314 #328)
+ * Workaround Cisco bug in State attribute handling in rlm_otp.
+ * Support LP64 for async mode in rlm_otp.
+ * Fix libtool problems on Debian with rlm_eap_peap and rlm_eap_ttls
+ modules. (closes: #75)
+ * Make "use_tunneled_reply" work properly for PEAP.
+ * Copy the whole string when getting a one-to-one-mapped attribute
+ from LDAP (closes: #261)
+ * Fix net-snmp's ucd-snmp compatibility mode.
+
+FreeRADIUS 1.1.0 ; Date: 2006/01/04 05:55:19, urgency=low
+
+ Feature improvements
+ * rlm_ldap has "set_auth_type" configuration option, which should
+ address some configuration problems when using it.
+ * Fix MIT Kerberos bug
+ * Modules can be load balanced, both in isolation and redundantly.
+ See doc/load-balance.txt for more information.
+ * rlm_perl is now marked "stable"
+ * N-tier certificate patch from Mohammed Petiwala.
* Copied dictionaries from the CVS head (many, many, more vendors)
* Enabled support for weird VSA formats, like Lucent and Starent.
* Support encrypted IP address and integers, for Juniper clients.
+ * Add PEAP machine authentication support in module "rlm_mschap".
+ * Support User-Password field encryption in digest mode.
+ * rlm_x99_token has become rlm_otp (with lots of changes).
+ * Add rlm_sqlcounter to the list of stable modules.
+ * Read MySQL specific options in sections [freeradius] and [client]
+ from file "my.cnf".
+ * Support the ${Cisco-AVPair[n]} syntax.
+ * Execute modules in {Pre,Post}-Proxy-Type stanzas.
+ * Add new options to radclient to run stress tests on the server.
+ * New module "rlm_sql_log" to postpone the storage of accounting data
+ in a SQL database. See rlm_sql_log(5) manpage.
+ * New program "radsqlrelay" which sends the SQL logfile according to
+ the SQL server's capabilities.
+
+ Bug fixes
+ * #306 (HUP when built with threads, but executed with -s)
+ * #285 (more attributes in dictionary.cisco.vpn3000)
+ * rlm_digest has a number of bug fixes to authentication types.
* Don't leak memory in module "rlm_sql".
* Update the dictionaries, so that VALUEs with the same name,
but different numbers, aren't allowed.
- * Add PEAP machine authentication support in module "rlm_mschap".
* Queue the request before looking for available threads.
* Don't free the check items after we received the proxy reply.
* Expand config variables in included files, too.
spotted by Konstantin Kubatkin.
* Removed (for almost all uses) length restrictions on vendor names
and VALUE names.
+ * Don't leak memory when proxying an Access-Challenge response.
+ * Make the sleep time user-defined, so radrelay can send more than
+ 7 requests/s.
+ * Fix a memory leak in rlm_checkval.
+ * radclient doesn't resend countless times packets with invalid
+ signature.
+ * Fix segfault and mem leak in rlm_pam.
FreeRADIUS 1.0.5 ; Date: 2005/09/04 16:23:00, urgency=medium
+
Security Fixes
* SQL injection attack in the module "rlm_sqlcounter".
* Buffer overflows in the module "rlm_sqlcounter".
* Don't copy VSA's to an Access-Reject packet.
FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
+
* Fix installation problem.
* Increase a buffer size, so radrelay doesn't truncate values.
* Updates in the documentation. Patches from Thor Spruyt.
FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
+
Security Fixes
* Always escape the strings in the SQL module.
* Check buffer bound when input character needs escaping in
is different from string.
FreeRADIUS 1.0.2 ; Date: 2005/02/13 01:03:20, urgency=medium
+
* Novell eDirectoty support. Patch from Novell.
* localweb & Trapeze dictionary updates.
* EAP-SIM fixes.
* Fix building SNMP support on Solaris 9, which needs -lkstat
FreeRADIUS 1.0.1 ; Date: 2004/09/02 10:52:03 , urgency=high
+
Denial-of-Service Security Fix
* Fix two remote crashes and a memory leak in RADIUS packet
decoding.
* Update dictionaries to deal with the above change.
FreeRADIUS 1.0.0 ; Date: 2004/07/17 06:31:32, urgency=low
+
pre3 -> release
* Fix LDAP dictionary map loading.
* Check login time allowance to packet timestampe where available.
projects / freeradius.git / blobdiff