X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=doc%2FChangeLog;h=b53326dcbc2bb9e8e78d1dee089ab3f3c8f78752;hb=86b280f53d5cad01130a3245adb82cda6adb93ef;hp=054634220fd79978b26999cc7e06848af84540af;hpb=313cb7f132b2a2d49e1835151a7d235d5bd9ba49;p=freeradius.git diff --git a/doc/ChangeLog b/doc/ChangeLog index 0546342..b53326d 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,22 +1,178 @@ -FreeRADIUS 3.0.11 Mon 05 Oct 2015 15:00:00 EDT urgency=medium +FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium + Feature improvements + * Add support for =~ and !~ in update sections. + See "man unlang" + * Add dictionary.checkpoint. + * Simultaneous-Use prints out more information. + * Print WARNING in debug mode when packets may be + truncated. + * Added expansions %{home_server:state} and + %{home_server_pool:state}, which show the + state of the server / pool. + * Mark rlm_sql_freetds as stable. + * Make rlm_perl less fragile. Patch from + Herwin Weststrate. + * Allow extended attributes to have "encrypt=2" + * Update dictionary.aruba. + * Add support for EAP-FAST. This is an isolated + feature which does not affect anything else. + * Update OpenSSL vulnerability list. Use a version + of OpenSSL released after September 20, 2016. + * EAP certificate verification is now done when + "verify" is enabled and "ocsp" is disabled. + * New dhcpclient and rlm_rad_counter man pages. + * Minor abfab and moonshot additions. + * Pass CFLAGS through from environment in RPM builds. + Allows more custom builds. + * Build with Heimdal in addtion to libkrb5. + + Bug fixes + * Use correct typedef for older versions of sqlite. + * Update mssql schema to add priority + * don't complain on /dev/urandom in ldap + * fix == operator in update sections + * Don't create DHCP strings with many trailing zeros. + Patch from Nicolas C. Fixes #1526. + * Allow MS-CHAP change passwords instead of complaining + on large buffer. + * Allow assignment or equality operator on SQL. + * Update aclocal tests for FreeBSD 10. Patches from + Mathieu Simon. + * Remove occasional hang in rlm_linelog. + * Copy VSAs to inner tunnel for TTLS and PEAP. + Fixes #1544 + * A few minor bugfixes caught in v3.1.x cleanup, and + back-ported to v3.0.x. + * do_not_respond again works in post-proxy + * Allow realm "~^.*$" {} and User-Name with no realm. + * Fix leak when creating unknown attributes + * Fix Debian / logrotate. + * Make OpenSSL error functions thread-safe. + * Fix crash with rlm_sql and updating SQL-User-Name. + * Debian build updates. + * Allow regular expression comparisons in radclient + fixes #1574. + * Fix memory leak on unknown attributes in detail file + reader. + * Update example paths in "man" pages when installing + them + * Build fixes for rlm_mschap. Fixes #1489. + * BSD build fixes. Patch from issue #1583. + * Be more careful about /lib/ when building. + Fixes #1585. + * Correct ifdef placement error. Fixes #1572. + * Allow for more files in internal "exfile" API + So it will be possible to open more than 64 + "detail" files at the same time. + * Remove support for statically built EAP modules. + Fixes #1591. + * Many fixes to rlm_python from Guillaume Pannatier. + * Use correct week adjustment in SQLcounter. + Fixes #1608 + * Minor fixes to allow compilation without DHCP, + VMPS, or TCP. + * Fix checks for module / config file change on HUP. + * Compile regex comparisons when sent via + "debug condition". Fixes #1632. + * Update filenames in documentation and examples. + Patch from Alan Buxey, #1655. + * Don't crash if SQL connection becomes unavailable. + Fixes #1640. + * Disallow originate_coa when proxy_requests = no + Fixes #1684. + * Free rad_perlconf_hv in correct perl context. + Fixes #1675. + * Multiple fixes for Debian builds. #1510, among + others. + * Set OpenSSL FIPS compatibility flag when necessary. + * Pulled fixes for the build system over from other + branches. + * Fix OCSP for RADIUS over TLS. + * Fix skip_if_ocsp_ok behavior. + * Better fixes for systems without closefrom() but + which have /proc. Fixes #1757. + * Minor build fixes back-ported from v4.0.x. + * build --whout-ascend-binary. Fixes #1761. + * Be more aggressive about not opening new connections + in debug mode after CTRL-C. Address #1604. + +FreeRADIUS 3.0.11 Mon 25 Jan 2016 14:00:00 EST urgency=medium Feature improvements * "unlang" comparisons of IP addresses to IP prefixes are now detected, and types automatically cast. * Allow shorthand form of ipv4prefix values e.g. 127/8. * Add "auto_chain" to raddb/mods-available/eap, tls - subsection. This allows the disablign of OpenSSL - auto-chaining of certificates. Which it can get wrong. + subsection. This allows the disabling of OpenSSL + auto-chaining of certificates. Which might be wrong. * Added printing of coa and disconnect stats (radmin). + * radclient defaults to expecting Access-Accept responses + to Status-Server. + * Updated dictionary.lancom, dictionary.starent. + * Portability fixes for Solaris. + * More errors from ntlm_auth gets passed to MS-CHAP. + * Update abfab-tr-idp virtual server. + * Added "filter_password" in policy.d/filter. This + removes embedded zero bytes in User-Password, for + compatibility with broken clients. + * The server now issues a WARNING message if duplicate + configuration items are found. + * TLS can skip the "verify" section if OCSP returns OK. + See raddb/mods-available/eap, "skip_if_ocsp_ok". + * Set TLS-OCSP-Cert-Valid = yes / no / skipped, which + is the result from the OCSP check. + * Interoperate with AD and "LmCompatibiltyLevel = 5", + by always setting WBC_MSV1_0_ALLOW_MSVCHAPV2 for + native winbind in rlm_mschap. + * TTLS and PEAP now require "virtual_server" to be a real server. + * Print WARNING when TTLS or PEAP identities are spoofed + or not properly anonymized. See RFC 7542 for requirements. + * Various rlm_python fixes from Herwin Weststrate. + * Allow setting Response-Packet-Type in "Post-Proxy-Type Fail", + which is useful when the home server does not respond. + * elasticsearch updates from Matthew Newton Bug fixes * Fix issue where field nas_type would not be accessible via the %{client:} xlat, for clients loaded from SQL. * Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to msg_callback with 'pseudo' content types. - * Data type "ipv4prefix" are parsed correctly. + * Data type "ipv4prefix" is parsed correctly. * Use correct talloc context in rlm_exec. Fixes #1338. + * Complain in unlang if "else" is used with no previous + "if" or "elsif". + * Send accounting status packets to the accounting port. + Fixes #1364. + * Print out CFLAGS when doing "radiusd -Xxv" * Fixed bug with coa/acct stats value #1339. Based on patch from Jorge Pereira. + * Fixes for LEAP proxying. Don't use LEAP! + * Fix issue with "directory already exists" seen when doing + "make install". + * Fixed bug with radmin related to the option "stats detail " + * Complain if the detail file reader does not have permission + to read the "detail.work" file. Fixes #1398 + * Fixed SoH. Attributes were not being copied to the virtual server. + * Used a wrong list to global statistics in "stats". + * Create EAP-PWD identity correctly. Prevents segfaults. + * Dynamically validate authentication types for PEAP and EAP-MSCHAPv2. + * Fix includes in installed headers. + * OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys correctly. + See raddb/mods-available/eap, "disable_tlsv1_2" + * Allow password change to work for MS-CHAP. This requires 'r=0', + because password changes are not retries. + * Fix home server fail-over for home servers using TCP and/or RadSec. + * Special characters in expanded regexes are now escaped + e.g. User-Name containing '.', and comparing /%{User-Name}/, + the '.' will now be escaped. See src/tests/keywords/regex-escape. + * Use correct authentication vector when sending Access-Reject replies + for RadSec. + * Set FreeRADIUS-Proxied-To in TTLS again. You should use the + "inner-tunnel" virtual server, instead of relying on this attribute. + * Fix debugging constants in rlm_perl. Patch from Herwin Weststrate. + * Add samba-dev / samba4-dev to debian builds so that rlm_mschap can + automatically use the new winbind API. + * Automatically skip zero-length attributes when sending packets, + instead of erroring out. FreeRADIUS 3.0.10 Mon 05 Oct 2015 15:00:00 EDT urgency=medium Feature improvements