X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=doc%2FChangeLog;h=51e6617fb466b06b800d0543c9938a17d49114d2;hb=d5a382ecdadaa022a917b91f1ea96e73ef189150;hp=52e302c7abec8ad3a5049c00c0df3b5f63fea2b9;hpb=9b91f970ae5b9e654ce89b2eb477273fb0907153;p=freeradius.git diff --git a/doc/ChangeLog b/doc/ChangeLog index 52e302c..51e6617 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,11 +1,185 @@ -FreeRADIUS 3.0.11 Mon 05 Oct 2015 15:00:00 EDT urgency=medium +FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium + Feature improvements + * Add dictionary.rfc7930. Note that we do not implement + the RFC. + * Added 'cipher_server_preference' to mods-available/eap + Patch from #1797. + * OpenSSL 1.1.0 compatibility fixes. + * rlm_perl: radiusd::xlat to evaluate xlat string + within perl script + * Allow authentication retry in winbind. Patch from + Herwin Weststrate. See raddb/mods-available/mschap. + * Added "recv-coa" method to rlm_rest. It behaves the + same as "authorize". + * Document Trust Router tr_port option. Patch from + Stefan Paetow. + * Update elasticsearch/logstash examples so that they work + with elastic stack v5. Patch from Matthew Newton. + * Print information about packets, replies, and contents + in the detail file reader. + * Update abfab-tr policy. Pull request #1893 + from Stefan Paetow. + * Reject packets which contain User-Password and + EAP-Message. + * Add example for filtering Access-Challenge. + See sites-enabled/default. + * Pull symlink fixes from v4.0.x. Fixes #1859. + * Add systemd reload. Not everything is reloaded, but + some is. Fixes #1662. + * Better documentation for listen "ipaddr". Fixes #1921 + * Add dictionary.cnergee, updated dictionary.nomadix. + * radclient no longer needs -x to print statistics with -s. + + Bug fixes + * Minor typos. Fixes #1763 + * Fix typo in RPM build. Closes #1767. + * rlm_mschap check for password expiry only + if password was correct. Fixes #1762. + * Update debian build. + * update rlm_counter "man" page. Fixes #1775. + * Remove erroneous assert. Fixes #1778. + * fix mschap password change test. Fixes #1792. + * Cleanup config file on data remove. Fixes #1795. + * passwd module returns "notfound" if not found. + * Check for old OpenSSL, and don't build rlm_eap_fast + if it necessary. Fixes #1803 + * Cleanup memory better after ldap version query. + Patch from Aleksey Katargin. + * Rename lt_* functions to avoid linker issues with + libtool. Fixes #1277 + * Many miscellaneous fixes and typos. + * Allow long strings in %{%{foo} bar:-%{baz} blah". + Fixes #1866 + * Fix filtering operators, along with more documentation and + more tests for them. + * Fix OpenSSL fixes. Fixes #1876. + * Finish SQL select queries even when SELECT returns no rows. + Fixes #1879. + * Set Module-Failure-Message for more EAP errors. + * Correct typo in dictionary.rfc5580. Fixes #1882 + * Remove obselete systemd syslog.target. + * Client-Port-Balance load-balancing now uses client port. + * Radrelay examples fixed from Alex Clouter. + * Update systemd target. Pull request #1896. + * Trim starting whitespace in xlat strings. + * Get MySQL result lengths using normal API. + * suid down after fchown(). Fixes #1914. + * Fix cases of comparing pointer to NUL character. Fixes #1915. + * OpenSSL v1.1 fixes. Pull request #1921. + * Better Handle v4/v6 host names. Pull request #1919. + * Remove "Auth-Type = System" from docs and examples. + * Don't crash on malformed %{home_server}. Fixes #1922 + * fix erroneous use of talloc destructor in rlm_eap + * Issue trigger modules.sql.fail. Fixes #1923 + * Document python_path gotcha's. Fixes #1845 + * dlopen() the specific version of Python. Fixes #1592 + +FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium + Feature improvements + * Add support for =~ and !~ in update sections. + See "man unlang" + * Add dictionary.checkpoint. + * Simultaneous-Use prints out more information. + * Print WARNING in debug mode when packets may be + truncated. + * Added expansions %{home_server:state} and + %{home_server_pool:state}, which show the + state of the server / pool. + * Mark rlm_sql_freetds as stable. + * Make rlm_perl less fragile. Patch from + Herwin Weststrate. + * Allow extended attributes to have "encrypt=2" + * Update dictionary.aruba. + * Add support for EAP-FAST. This is an isolated + feature which does not affect anything else. + * Update OpenSSL vulnerability list. Use a version + of OpenSSL released after September 20, 2016. + * EAP certificate verification is now done when + "verify" is enabled and "ocsp" is disabled. + * New dhcpclient and rlm_rad_counter man pages. + * Minor abfab and moonshot additions. + * Pass CFLAGS through from environment in RPM builds. + Allows more custom builds. + * Build with Heimdal in addition to libkrb5. + + Bug fixes + * Use correct typedef for older versions of sqlite. + * Update mssql schema to add priority + * Don't complain on /dev/urandom in ldap + * Fix == operator in update sections + * Don't create DHCP strings with many trailing zeros. + Patch from Nicolas C. Fixes #1526. + * Allow MS-CHAP change passwords instead of complaining + on large buffer. + * Allow assignment or equality operator on SQL. + * Update aclocal tests for FreeBSD 10. Patches from + Mathieu Simon. + * Remove occasional hang in rlm_linelog. + * Copy VSAs to inner tunnel for TTLS and PEAP. + Fixes #1544 + * A few minor bugfixes caught in v3.1.x cleanup, and + back-ported to v3.0.x. + * do_not_respond again works in post-proxy + * Allow realm "~^.*$" {} and User-Name with no realm. + * Fix leak when creating unknown attributes + * Fix Debian / logrotate. + * Make OpenSSL error functions thread-safe. + * Fix crash with rlm_sql and updating SQL-User-Name. + * Debian build updates. + * Allow regular expression comparisons in radclient + fixes #1574. + * Fix memory leak on unknown attributes in detail file + reader. + * Update example paths in "man" pages when installing + them + * Build fixes for rlm_mschap. Fixes #1489. + * BSD build fixes. Patch from issue #1583. + * Be more careful about /lib/ when building. + Fixes #1585. + * Correct ifdef placement error. Fixes #1572. + * Allow for more files in internal "exfile" API + So it will be possible to open more than 64 + "detail" files at the same time. + * Remove support for statically built EAP modules. + Fixes #1591. + * Many fixes to rlm_python from Guillaume Pannatier. + * Use correct week adjustment in SQLcounter. + Fixes #1608 + * Minor fixes to allow compilation without DHCP, + VMPS, or TCP. + * Fix checks for module / config file change on HUP. + * Compile regex comparisons when sent via + "debug condition". Fixes #1632. + * Update filenames in documentation and examples. + Patch from Alan Buxey, #1655. + * Don't crash if SQL connection becomes unavailable. + Fixes #1640. + * Disallow originate_coa when proxy_requests = no + Fixes #1684. + * Free rad_perlconf_hv in correct perl context. + Fixes #1675. + * Multiple fixes for Debian builds. #1510, among + others. + * Set OpenSSL FIPS compatibility flag when necessary. + * Pulled fixes for the build system over from other + branches. + * Fix OCSP for RADIUS over TLS. + * Fix skip_if_ocsp_ok behavior. + * Better fixes for systems without closefrom() but + which have /proc. Fixes #1757. + * Minor build fixes back-ported from v4.0.x. + * build --whout-ascend-binary. Fixes #1761. + * Be more aggressive about not opening new connections + in debug mode after CTRL-C. Address #1604. + +FreeRADIUS 3.0.11 Mon 25 Jan 2016 14:00:00 EST urgency=medium Feature improvements * "unlang" comparisons of IP addresses to IP prefixes are now detected, and types automatically cast. * Allow shorthand form of ipv4prefix values e.g. 127/8. * Add "auto_chain" to raddb/mods-available/eap, tls - subsection. This allows the disablign of OpenSSL - auto-chaining of certificates. Which it can get wrong. + subsection. This allows the disabling of OpenSSL + auto-chaining of certificates. Which might be wrong. * Added printing of coa and disconnect stats (radmin). * radclient defaults to expecting Access-Accept responses to Status-Server. @@ -13,13 +187,32 @@ FreeRADIUS 3.0.11 Mon 05 Oct 2015 15:00:00 EDT urgency=medium * Portability fixes for Solaris. * More errors from ntlm_auth gets passed to MS-CHAP. * Update abfab-tr-idp virtual server. + * Added "filter_password" in policy.d/filter. This + removes embedded zero bytes in User-Password, for + compatibility with broken clients. + * The server now issues a WARNING message if duplicate + configuration items are found. + * TLS can skip the "verify" section if OCSP returns OK. + See raddb/mods-available/eap, "skip_if_ocsp_ok". + * Set TLS-OCSP-Cert-Valid = yes / no / skipped, which + is the result from the OCSP check. + * Interoperate with AD and "LmCompatibiltyLevel = 5", + by always setting WBC_MSV1_0_ALLOW_MSVCHAPV2 for + native winbind in rlm_mschap. + * TTLS and PEAP now require "virtual_server" to be a real server. + * Print WARNING when TTLS or PEAP identities are spoofed + or not properly anonymized. See RFC 7542 for requirements. + * Various rlm_python fixes from Herwin Weststrate. + * Allow setting Response-Packet-Type in "Post-Proxy-Type Fail", + which is useful when the home server does not respond. + * elasticsearch updates from Matthew Newton Bug fixes * Fix issue where field nas_type would not be accessible via the %{client:} xlat, for clients loaded from SQL. * Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types. - * Data type "ipv4prefix" are parsed correctly. + * Data type "ipv4prefix" is parsed correctly. * Use correct talloc context in rlm_exec. Fixes #1338. * Complain in unlang if "else" is used with no previous "if" or "elsif". @@ -35,6 +228,27 @@ FreeRADIUS 3.0.11 Mon 05 Oct 2015 15:00:00 EDT urgency=medium * Complain if the detail file reader does not have permission to read the "detail.work" file. Fixes #1398 * Fixed SoH. Attributes were not being copied to the virtual server. + * Used a wrong list to global statistics in "stats". + * Create EAP-PWD identity correctly. Prevents segfaults. + * Dynamically validate authentication types for PEAP and EAP-MSCHAPv2. + * Fix includes in installed headers. + * OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys correctly. + See raddb/mods-available/eap, "disable_tlsv1_2" + * Allow password change to work for MS-CHAP. This requires 'r=0', + because password changes are not retries. + * Fix home server fail-over for home servers using TCP and/or RadSec. + * Special characters in expanded regexes are now escaped + e.g. User-Name containing '.', and comparing /%{User-Name}/, + the '.' will now be escaped. See src/tests/keywords/regex-escape. + * Use correct authentication vector when sending Access-Reject replies + for RadSec. + * Set FreeRADIUS-Proxied-To in TTLS again. You should use the + "inner-tunnel" virtual server, instead of relying on this attribute. + * Fix debugging constants in rlm_perl. Patch from Herwin Weststrate. + * Add samba-dev / samba4-dev to debian builds so that rlm_mschap can + automatically use the new winbind API. + * Automatically skip zero-length attributes when sending packets, + instead of erroring out. FreeRADIUS 3.0.10 Mon 05 Oct 2015 15:00:00 EDT urgency=medium Feature improvements