-FreeRADIUS 3.0.9 Wed 22 Apr 2015 13:30:00 EDT urgency=medium
+FreeRADIUS 3.0.10 Wed 08 Jul 2015 12:00:00 EDT urgency=medium
+ Feature improvements
+ * Do more optimization of unlang policies. This makes
+ run-time a bit faster.
+ * Re-name most of the functions in src/lib. Third-party
+ module authors will have to do the same.
+ * More documentation on contributing and how to write
+ modules.
+ * Update radiusd.service for systemd.
+ * Open IPv6 proxy socket if the server is listening on IPV6
+ auth / acct / coa packets.
+ * Create debian packages for DHCP. Fixes #1125.
+ * Add more tests for "update" section parsing.
+ * Update "man" pages.
+ * Update attributes for Alcatel 7750
+ * Add dictionary for Boingo Wi-Fi
+ * Add support for DHCP lease queries.
+ See raddb/sites-available/dhcp
+ * On HUP, check all modules for config files which have
+ changed. And only re-load those modules.
+ * Allow FreeRADIUS-Response-Delay(-USec) to be set for
+ RADIUS packets. Patch from Herwin Weststrate.
+ * Documentation fixes from Alan Buxey and Matthew Newton.
+ * Update "logrotate" script.
+ * Added more RFCs to doc/rfc for new standards implemented
+ by FreeRADIUS.
+ * Don't crash when doing "radmin -e "help hup".
+ Patch from Matthew Newton.
+
+ Bug fixes
+ * Fix rlm_files so that there are no collisions when loading
+ 10's of 1000's of users.
+ * Fix radclient to use our internal v4/v6 parsing functions.
+ v6 addresses with ports now work correctly.
+ * Fix sending/receiving packet messages to wrap v6 addresses
+ in square brackets '[]'.
+ * Check for sasl/sasl.h when building rlm_ldap, and disable
+ SASL functionality if unavailable.
+ * Fix issue which caused a non \0 terminated buffer to be
+ assigned to attributes if the value being assigned contained
+ an invalid escape sequence.
+ * Fix deadlock when reconnecting connections in the connection
+ pool.
+ * Fix potential overrun in functions that used fr_utf8_char
+ with a non nul terminated buffer.
+ * Fix decoding issue for Tunnel-Password type attributes
+ which were very long. Found by Denis Andzakovic.
+ * Fix radclient issue with TCP sockets on FreeBSD.
+ * The server now creates ${run_dir} and ${logdir} directories
+ in daemon mode, when running as "root".
+ * Handle tags when using maps. Fixes #1191.
+ * Fix crash when CoA packets time out.
+ * Fix parse error in rediswho
+ * Fix regex support in SQL radcheck the "users" file and radsniff.
+ * Register listen xlat earlier, so that it's available when the
+ virtual servers are being parsed.
+ * Parse Ascend-Data-Filter when given as "0x..."
+ * Print Ascend-Data-Filter correctly. Add test cases for both.
+ * Allow old-style clients again. They will be disallowed for
+ 3.1.0 and following.
+ * Complain instead of crash when "else" and "elsif" are in
+ the wrong place.
+ * Clean up memory more aggressively. This lowers the
+ maximum memory used, most typically for TLS based EAP methods.
+ * Prevent the server from unlinking the control socket of an
+ already running instance.
+ * Fallback to using the configured OCSP URL if one exists, and
+ no URL is provided in the certificate.
+ * Return CoA-NAK if proxying CoA fails. Based on patch from
+ Jorge Pereira.
+ * Lower peak memory usage by decreasing size of internal
+ memory pools.
+ * Allow virtual attributes in "switch". Fixes #1240.
+
+FreeRADIUS 3.0.9 Wed 08 Jul 2015 12:00:00 EDT urgency=medium
Feature improvements
* Make "pool" configurations more consistent, and
update documentation for them.
if the underlying file is unchanged.
* Allow the server to originate CoA requests from the post-auth
stage.
+ * The server creates ${run_dir} and ${logdir} in daemon mode,
+ if they do not already exist.
+ * Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server
+ now supports all mandatory and optional attributes for this
+ specification.
+ * HUP now re-loads the configuration only if the files have
+ changed. If all files are unchanged, HUP re-opens the
+ log file, and does nothing else.
+ * Much better debug messages for EAP-TLS, including which
+ attributes are cached, and when they are retrieved.
+ * Increase default max_requests to 16384. Memory is cheap now.
+ * Added "stats memory" commands to radmin. Debug build only.
+ * Aptilo controller dictionary updates.
+ * SQL modules now use Acct-Unique-Session-Id everywhere.
+ * The redis modules are now stable.
+ * The LDAP module now supports SASL "interactive bind" method.
+ This allows Kerberos based administrator and user binds.
+ * DHCP code is now in libfreeradius-dhcp.
+ * More DHCP encoding / decoding unit tests.
+ * rlm_replicate can now be listed in the "accounting" section.
+ * Better sqlite debugging output.
+ * Remove "required" option from many sql_ippool directives.
+ * Set default CA "basic constraints" to "critical". Fixes #1073
+ * Updates to help / man pages from Jorge Pereira.
+ * Added more tests.
Bug fixes
* Be more careful about unused config item warnings
passwords are expired.
* Allow "user=radiusd" when the server is already user
"radiusd"
+ * suid up/down works on non-Linux systems. This means
+ that the control socket should have the correct
+ ownership.
+ * Fix issue which caused the server to sometimes have problems
+ when a home server was marked zombie.
+ * Fix format.pl because Perl is now more picky.
+ * Fix proxy to Packet-Dst-IP-Address, so that it uses the
+ correct destination port.
+ * Fix corner case with cursor functions and removal.
+ * OpenDirectory fixes and documentation.
+ * Fix leaks in rlm_redis.
+ * RFC 6929 "evs" attributes are now encoded / decoded
+ properly.
+ * Fix talloc pool leaks when receiving malformed or
+ retransmitted Accounting/CoA requests.
+ * Printed attributes again use double quotes instead of
+ single quotes.
+ * Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl"
+ to eap.conf. Fixes oCert CVE-2015-4680.
+ * rlm_expr now errors out correctly on malformed attribute
+ references instead of triggering an assert.
+ * Make "break" work in "foreach" loops
+ * Allow dynamic expansions to work again in the "hints" file.
+ * Correct minor typos in comments and examples from Alan Buxy.
+ * Re-urlencode the path portion of ldapi:// urls before
+ passing it to ldap_initialise.
FreeRADIUS 3.0.8 Wed 22 Apr 2015 13:30:00 EDT urgency=medium
Feature improvements