-FreeRADIUS 2.0.0-pre0 ; $Date$, urgency=low
+FreeRADIUS 2.1.4 Thu Dec 25 17:40:00 CEST 2008; , urgency=medium
+ Feature improvements
+ * Permit multiple "-e" in radmin.
+
+ Bug fixes
+ * Clean up control sockets when they are closed, so that we don't
+ leak memory.
+ * Define SUN_LEN for systems that don't have it.
+ * Correct some boundary conditions in the conditional checker ("if")
+ in "unlang". Bug noted by Arran Cudbard-Bell.
+ * Work around minor building issues in gmake. This should only
+ have affected developers.
+ * Change how we manage unprivileged user/group, so that we do not
+ create control sockets owned by root.
+
+FreeRADIUS 2.1.3 Fri Dec 5 17:40:00 CEST 2008; , urgency=medium
+ Feature improvements
+ * Allow running with "user=radiusd" and binding to secure
+ sockets.
+ * Start sending Status-Server "are you alive" messages earlier,
+ which helps with proxying multiple realms to a home server.
+ * Removed thread pool code from rlm_perl. It's not necessary.
+ * Added example Perl configuration to raddb/modules/perl
+ * Force OpenSSL to support certificates with SHA256.
+ This seems to be necessary for WiMAX certs.
+
+ Bug fixes
+ * Fix Debian patch to allow it to build.
+ * Fix potential NULL dereference in debugging mode on certain
+ platforms for TTLS and PEAP inner tunnels.
+ * Fix uninitialized memory in handling of vendor definitions
+ * Fix parsing of quoted (but non-string) attributes in the "users"
+ file.
+ * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0
+ * use SUN_LEN in control socket, to avoid truncation on some
+ platforms.
+ * Correct internal handling of "debug condition" to prevent it
+ from being over-written.
+ * Check return code of regcomp in "unlang", so that invalid
+ regular expressions are caught rather than mishandled.
+ * Make rlm_sql use <ltdl.h>. Addresses bug #610.
+ * Document list "type = status" better. Closes bug #580.
+ * Set "default days" for certificates, because OpenSSL won't
+ do it. This closes bug #615.
+ * Reference correct list in example raddb/modules/ldap.
+ Closes #596.
+ * Increase default schema size for Acct-Session-Id to 64.
+ Closes #540.
+ * Fix use of temporary files in dialup-admin. Closes #605
+ and addresses CVE-2008-4474.
+ * Addressed a number of minor issues found by Coverity.
+ * Added DHCP option 150 to the dictionary. Closes #618.
+
+FreeRADIUS 2.1.2 Thurs Dec 3 10:47:00 CEST 2008; , urgency=medium
+ Due to packaging issues, 2.1.2 has been pulled from the net.
+
+FreeRADIUS 2.1.1 Thu Sep 25 11:03:00 CEST 2008; , urgency=medium
+ Feature improvements
+ * Many more options and features in radmin. See "man radmin" and
+ raddb/sites-available/control-socket
+ * Many more commands available via the control socket. Connect
+ via "radmin", and type "help" for more information.
+ * Added dictionary.networkphysics and dictionary.lancom.
+ * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+
+ Bug fixes
+ * Fixed bug that made radmin not work
+ * Fixed Suse && Debian package scripts
+ * Fixed issues with dynamic clients
+ * Fixed configure checks for -lreadline
+ * rlm_sqlippool no longer needs to be linked to rlm_sql.
+ * Add statistics for detail file listeners. This closes bug #593.
+ * Fixed printing of some WiMAX attributes.
+ * Fix double free on exit() in rlm_attr_filter
+ * Fixed build issues on Solaris.
+ * Fixed fast session resumption for EAP-TLS
+
+FreeRADIUS 2.1.0 Fri Sep 5 13:20:01 CEST 2008; , urgency=medium
+ Feature improvements
+ * Clients may now be defined dynamically, based on IP address.
+ See raddb/sites-available/dynamic-clients.
+ * SNMP support is now available through an experimental Perl script.
+ See scripts/snmp-proxy/README
+ * SNMP statistics are available through Status-Server packets.
+ See raddb/sites-available/status
+ * Added more Microsoft attributes from bug #568.
+ * The "linelog" module has more functionality and flexibility.
+ See raddb/modules/linelog.
+ * The debugging output has been sanitized. It should be much
+ more readable.
+ * Debug logs can now be turned on/off while the server is running, for
+ a user, group, realm, etc. See the "log" section of radiusd.conf.
+ * Added support for WiMAX Forum attributes. The dynamic keys
+ are not yet calculated. See share/dictionary.wimax
+ * Added session resumption for PEAP and TTLS.
+ See raddb/eap.conf, "cache" sub-section.
+ * Added "radmin" command-line tool for administering a running server.
+ See "man radmin" and raddb/sites-available/control-socket.
+
+ Bug fixes
+ * Double escaping of '\\' in the "users" (and some other) files
+ has been fixed. If you have '\\' in the "users" file, your
+ configuration WILL NEED TO BE CHECKED, AND FIXED!
+ * Parse "security" section in radiusd.conf. This was accidentally
+ deleted in 2.0.5. Closes bug #566.
+ * Bind to interface before IP, which allows DHCP sockets to
+ listen on "*" for multiple interfaces.
+ * Fix handling of giaddr in DHCP responses.
+ * Corrected parsing of status_check in home_server so that it works.
+ * Fix hints so that "Puser" works again.
+ * Removed length restrictions on attribute names in the dictionaries.
+ * Update socket code to avoid C compiler optimizations.
+
+FreeRADIUS 2.0.5 ; Date: 2008/06/07 17:17:00 , urgency=medium
+ Feature improvements
+ * Permit SQL authorize_reply_query to be empty.
+ * Allow setting response packet type in Post-Proxy-Type Fail
+ handler.
+ * Added install-chown target to set correct permission and ownership
+ make RADMIN=radmin RGROUP=radius install-chown
+ * Support for LDAP-Group and other dynamic comparison attributes
+ in unlang. Developed from a patch by Jason Alderfer.
+ * Added chroot support. See radiusd.conf for comments.
+ * Allow clients of 0/0. We do not recommend using this, though.
+ * Moved many module configurations into raddb/modules/*
+
+ Bug fixes
+ * Allow proxying to virtual servers for accounting packets, too.
+ * Added "num fields" function to PostgreSQL client.
+ * Updated proxy fallback mechanism to validate fallback servers,
+ and to process fallback requests in a child thread.
+ * rlm_realm returns "ok" for LOCAL realms, not "noop".
+ * Fixed some DHCP code handling. The examples should now work.
+
+FreeRADIUS 2.0.4 ; Date: 2008/04/30 08:56:40 , urgency=medium
+ Feature improvements
+ * Allow "virtual_server" in "realm" and "home_server" sections.
+ See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
+ * Allow "passwd" module to be listed in "accounting" and "post-auth".
+ * Added "fallback" to "home_server_pool" configuration, to handle
+ the case of all home servers being dead. See raddb/proxy.conf.
+ * Added sample text to raddb/sites-available/inner-tunnel which
+ can simplify debugging of inner tunnel configurations.
+ * Added regular expression matching in realm names. See
+ raddb/proxy.conf for examples.
+ * Added simple DHCP server functionality. For comments, see
+ raddb/sites-available/dhcp.
+ * Added file globbing capabilities to detail file reader
+ * Added sample raddb/sites-available/robust-proxy-accounting
+ * Clients in SQL can now refer to a virtual server.
+ Patch from Michael Bretterklieber.
+ * Added some examples of creating RADIUS administrator in SQL,
+ and assigning appropriate access rights.
+
+ Bug fixes
+ * Install all files in raddb/sites-available
+ * Allow non-threaded builds.
+ * Don't treat '0x' as special for known attributes that are not
+ of type "octets".
+ * Fix log error in rlm_pap.
+ * Remove documentation about non-existent functionality.
+ * Updated warning messages in debug output.
+ * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
+ This fix was supposed to go into 2.0.3, but did not make it.
+ * Fix event handling in debug mode for failed proxy requests.
+ * Fix memleak in fifos. Closes #537.
+ * Fix memleak on blocked threads. Closes #538.
+ * Perform additional checks on NULL realms. Closes #541.
+ * Fix handling of "clients" in "listen" section.
+ * When detail file cannot process a packet, sleep for longer
+ to let the rest of the server do something.
+ * Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
+ * Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
+ Closes #533.
+ * Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
+ correct place.
+ * Update rlm_attr_filter for some corner cases. Closes #543.
+ * Fixed memory leak in libfreeradius event handler.
+ * In the SQL Accounting on/off queries, remove the restriction
+ that the session time had to be zero.
+
+FreeRADIUS 2.0.3 ; Date: 2008/03/17 09:22:17 , urgency=medium
+ Feature improvements
+ * Updated raddb/certs/ca.cnf with extensions to allow ca.der
+ to be imported as a CA on Symbian and Windows Mobile devices.
+ Closes bug #524
+ * Enable multiple matches in "hints" via Fall-Through = Yes.
+ Closes bug #477
+ * Added preliminary SQLite driver, contibuted by Apple.
+ Untested, with no sample configuration. This address bug #470.
+ * Updated logging sub-system so that log messages from libfreeradius
+ can go to the log file, and not stdout.
+ * Added dictionary.rfc5176
+ * EAP module now checks for instance name, and uses that for
+ authentication. This avoids the need to set Auth-Type when
+ there are multiple instances of the EAP module.
+ * Added Module-Return-Code attribute, which contains the value
+ returned by the previous module (ok/fail/update/etc.)
+
+ Bug fixes
+ * Corrected typos in rlm_dbm. Closes bugs #521 and #522.
+ * Detail file "listen" sections now work much better.
+ * Don't allow old "log_*" to over-ride new format. Closes bug #525
+ * Initialize allocated memory in Oracle SQL driver. This fixes
+ occasional crashes on some systems. Closes bug #518
+ * Call correct function in rlm_protocol_filter. This enables the
+ module to build. Closes bug #512.
+ * Added deprecated flag to build for rlm_krb5. This allows it to
+ run on 64-bit systems. Closes bug #491
+ * Corrected error message when parsing invalid configurations
+ so it doesn't crash. Closes bug #527
+ * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
+ * Handle $INCLUDE's in "instantiate" section. Closes #528.
+ * Format updates to "man" pages from Stephen Gran.
+
+FreeRADIUS 2.0.2 ; Date: 2008/02/14 11:13:48 , urgency=medium
+ Feature improvements
+ * Added notes on how to debug the server in radiusd.conf
+ * Moved all "log_*" in radiusd.conf to log{} section.
+ The old configurations are still accepted, though.
+ * Added ca.der target in raddb/certs/Makefile. This is
+ needed for importing CA certs into Windows.
+ * Added ability send raw attributes via "Raw-Attribute = 0x0102..."
+ This is available only debug builds. It can be used
+ to create invalid packets! Use it with care.
+ * Permit "unlang" policies inside of Auth-Type{} sub-sections
+ of the authenticate{} section. This makes some policies easier
+ to implement.
+ * "listen" sections can now have "type = proxy". This lets you
+ control which IP is used for sending proxied requests.
+ * Added note on SSL performance to raddb/certs/README
+
+ Bug fixes
+ * Fixed reading of "detail" files.
+ * Allow inner EAP tunneled sessions to be proxied.
+ * Corrected MySQL schemas
+ * syslog now works in log{} section.
+ * Corrected typo in raddb/certs/client.cnf
+ * Updated raddb/sites-available/proxy-inner-tunnel to
+ permit authentication to work.
+ * Ignore zero-length attributes in received packets.
+ * Correct memcpy when dealing with unknown attributes.
+ * Corrected debugging messages in attr_rewrite.
+ * Corrected generation of State attribute in EAP. This
+ fixes the "failed to remember handler" issues.
+ * Fall back to DEFAULT realm if no realm was found.
+ Based on a patch from Vincent Magnin.
+ * Updated example raddb/sites-available/proxy-inner-tunnel
+ * Corrected behavior of attr_filter to match documentation.
+ This is NOT backwards compatible with previous versions!
+ See "man rlm_attr_filter" for details.
+
+FreeRADIUS 2.0.1 ; Date: 2008/01/22 13:29:37 , urgency=low
+ Feature improvements
+ * "unlang" has been expanded to do less run-time expansion,
+ and to have better handling of typed data. See "man unlang"
+ for documentation and new examples.
+
+ Bug fixes
+ * The 'acct_unique' module has been updated to understand
+ the deprecated (but still used) Client-IP-Address attribute.
+ * The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in
+ packets.
+ * Fixed crash in rlm_dbm.
+ * Fixed parsing of syslog configuration.
+
+FreeRADIUS 2.0.0 ; Date: 2007/11/24 08:33:09 , urgency=low
Feature improvements
- * Initial pre-release of 2.0.
* Debugging mode is much clearer and easier to read.
- * EAP-TLS and OpenSSL certificates "just work".
+ * A new policy language makes many configurations trivial.
+ See "man unlang" for a complete description.
+ * Virtual servers are now supported. This permits clear separation
+ of policies. See raddb/sites-available/README
+ * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
See raddb/certs/README for details.
- * Proxying works much better than in 1.x. We mean *MUCH* better.
- See proxy.conf for details.
- * rlm_unix no longer has an "authenticate" section.
- See "man rlm_unix" for details.
- * The server has full support for IPv6.
- * The server has much more complete support for SNMP MIBs.
- * radiusd.conf has limited support for "if/then/else".
- See doc/configurable_failover for details.
- * "listen" sections can have per-socket clients.
- * Replaced "radrelay" and "radsqlrelay".
- See "man radrelay.conf" for details.
- * Post-Proxy-Type "Fail" section is executed when a home server
- fails to respond to a request. See "radiusd.conf" for details.
- * Many internal data structures have been updated to use trees
- rather than linked lists for performance.
- * "virtual" modules can now be used.
- See "virtual" in the "instantiate" section of "radiusd.conf".
- * The server header files have been cleaned up.
- * Configuration files can now "$INCLUDE directory/", to automatically
- load all files in that directory. Use with caution!
+ * Proxying is much more configurable than before.
+ See proxy.conf for documentation on pools, and new config items.
+ * Full support for IPv6.
+ * Much more complete support for the RADIUS SNMP MIBs.
+ * HUP now works. Only some modules are re-loaded,
+ and the server configuation is *not* reloaded.
+ * "check config" option now works. See "man radiusd"
+ * radrelay functionality is now included in the server core.
+ See raddb/sites-available/copy-acct-to-home-server
+ * VMPS support. It is minimal, but functional.
+ * Cleaned up internal API's and names, including library names.
Bug fixes
- *
+ * Many.