X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=ChangeLog;h=f01767e0d0b5229ef8759ece2fbefcd2eeb5e391;hb=refs%2Fheads%2Fmaint-1.6;hp=ed858cb9c0418c71252db26e3ece9146a1d28a20;hpb=a423a83ffa5e5a79ffa206fa63dac4f1a1b8f4d4;p=radsecproxy.git diff --git a/ChangeLog b/ChangeLog index ed858cb..f01767e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,23 +1,90 @@ -2011-04-11 1.6-dev +2013-09-06 1.6.5 + Bug fixes: + - Fix a crash bug introduced in 1.6.4. Fixes RADSECPROXY-53, + bugfix on 1.6.4. + +2013-09-05 1.6.4 + Bug fixes: + - Keeping Proxy-State attributes in all replies to clients + (RADSECPROXY-52). Reported by Stefan Winter. + +2013-09-05 1.6.3 + Enhancements: + - Threads are allocated with a 32 KB stack rather than what + happens to be the default. Patch by Fabian Mauchle. + - On systems with mallopt(3), freed memory is returned to the + system more aggressively. Patch by Fabian Mauchle. + + Bug fixes: + - radsecproxy-hash(1) no longer prints the hash four times. + Reported by Simon Lundström and jocar. + - Escaped slashes in regular expressions now works. Reported by + Duarte Fonseca. (RADSECPROXY-51) + - The duplication cache is purged properly. Patch by Fabian + Mauchle. + - Stop freeing a shared piece of memory manifesting itself as a + crash when using dynamic discovery. Patch by Fabian Mauchle. + - Closing and freeing TLS clients properly. Patch by Fabian + Mauchle. + - Timing out on TLS clients not closing the connection properly. + Patch by Fabian Mauchle. + +2012-10-25 1.6.2 + Bug fixes (security): + - Fix the issue with verification of clients when using multiple + 'tls' config blocks (RADSECPROXY-43) for DTLS too. Fixes + CVE-2012-4566 (CVE id corrected 2012-11-01, after the release of + 1.6.2). Reported by Raphael Geissert. + +2012-09-14 1.6.1 + Bug fixes (security): + - When verifying clients, don't consider config blocks with CA + settings ('tls') which differ from the one used for verifying the + certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43, + CVE-2012-4523). + + Bug fixes: + - Make naptr-eduroam.sh check NAPTR type case insensitively. + Fix from Adam Osuchowski. + +2012-04-27 1.6 Incompatible changes: - The default shared secret for TLS and DTLS connections change from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12 section 2.3 (4). Please make sure to specify a secret in both client and server blocks to avoid unwanted surprises. (RADSECPROXY-19) + - The default place to look for a configuration file has changed + from /etc to /usr/local/etc. Let radsecproxy know where your + configuration file can be found by using the `-c' command line + option. Or configure radsecproxy with --sysconfdir=/etc to + restore the old behaviour. (RADSECPROXY-31) New features: - Improved F-Ticks logging options. F-Ticks can now be sent to a separate syslog facility and the VISINST label can now be configured explicitly. This was implemented by Maja Gorecka-Wolniewicz and Paweł Gołaszewski. (RADSECPROXY-29) - - Add config option PidFile. (RADSECPROXY-32) + - New config option PidFile. (RADSECPROXY-32) + - Preliminary support for DynamicLookupCommand added. It's for + TLS servers only at this point. Also, beware of risks for memory + leaks. In addition to this, for extra adventurous users, there's + a new configure option --enable-experimental-dyndisc which enables + even more new code for handling of dynamic discovery of TLS + servers. + - Address family (IPv4 or IPv6) can now be specified for clients + and servers. (RADSECPROXY-37) Bug fixes: - Stop the autoconfery from warning about defining variables conditionally and unconditionally. - Honour configure option --sysconfdir. (RADSECPROXY-31) - - Other bugs. (RADSECPROXY-26, -28, -34, -35) + - Don't crash on failing DynamicLookupCommand scripts. Fix made + with help from Ralf Paffrath. (RADSECPROXY-33) + - When a DynamicLookupCommand script is failing, fall back to + other server(s) in the realm. The timeout depends on the kind of + failure. + - Other bugs. (RADSECPROXY-26, -28, -34, -35, -39, -40) 2011-10-08 1.5 New features: