X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=doc%2FChangeLog;h=c42aace9481674d91a80fe2007e8127481f3b8d6;hb=d253cf86d79b024ff68378e146775aa6975b887a;hp=9c8d23cfd8a2ffd03043b052bf43399f4f9c79c2;hpb=35860e2fee2f5ca1a2f82297e5f29723826bc194;p=freeradius.git

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9c8d23c..c42aace 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,4 +1,109 @@
-FreeRADIUS 3.0.13 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
+FreeRADIUS 3.0.15 Mon 17 Jul 2017 09:00:00 EDT urgency=high
+	Feature improvements
+	* Provide HOSTNAME in default systemd files.
+	* Incorporate RedHat specific files
+	* Update dictionary.starent, dictionary.ruckus
+	* Allow builds without TCP or DHCP
+
+	Bug fixes
+	* Fix multiple issues.  See this web page for details:
+	  http://freeradius.org/security/fuzzer-2017.html
+	* Pass correct statement length into sqlite3_prepare[_v2]
+	* Bind the lifetime of program name and python path to the module
+	* Check input / output length in make_secret().
+	  FR-GV-201
+	* Fix read overflow when decoding DHCP option 63
+	  FR-GV-206
+	* Fix write overflow in data2vp_wimax()
+	  FR-GV-301
+	* Fix infinite loop and memory exhaustion with 'concat' attributes
+	  FR-GV-302
+	* Fix infinite read in dhcp_attr2vp()
+	  FR-GV-303
+	* Fix buffer over-read in fr_dhcp_decode_suboptions()
+	  FR-GV-304
+	* Decode 'signed' attributes correctly.
+	  FR-GV-305
+	* use strncmp() instead of memcmp() for bounded data
+	  FR-AD-001
+	* Bind the lifetime of program name and python path to the module
+	  FR-AD-002
+	* Pass correct statement length into sqlite3_prepare[_v2]
+	  FR-AD-003
+	* print messages when we see deprecated configuration
+	  items
+	* show reasons why we couldn't parse a certificate
+	  expiry time
+	* be more accepting about truncated ASN1 times.
+	* Fix OpenSSL API issue which could leak small amounts
+	  of memory.  Issue reported by Guido Vranken.
+	* For Access-Reject, call rad_authlog() after running
+	  the post-auth section, just like for Access-Accept.
+	* don't crash when reading corrupted data from session
+	  resumption cache.  Fixes #1999.
+	* Parse port in dhcpclient.  Fixes #2000.
+	* Don't leak memory for OpenSSL.
+	  Patch from Guido Vranken.
+	* Portability fixes taken from OpenBSD port collection.
+	* run rad_authlog after post-auth for Access-Reject.
+	* Don't process VMPS packets twice.
+	* Fix attribute truncation in rlm_perl
+	* Fix bug when processing huntgroups.
+
+FreeRADIUS 3.0.14 Fri 26 May 2017 13:00:00 EDT urgency=medium
+	Feature improvements
+	* Enforce TLS client certificate expiration on
+	  session resumption, and Session-Timeout.
+	  See CVE-2017-9148.
+	* Updated dictionary.cisco.vpn3000, dictionary.patton
+	* Added dictionary.dellemc
+	* Lowered the log output for failed PEAP sessions.
+	* ALlow utc in rlm_date.  Patch from
+	  Peter Lambrechtsen.
+	* The internal OpenSSL session cache has been
+	  disabled.  Please see mods-available/eap
+	* Update detail reader documentation.
+	  Patch from Matthew Newton.  Fixes #1973.
+	* Make outgoing RadSec connections non-blocking.
+	* Add SQL backing to Moonshot-*-TargetedId
+	  generation.  Patch from Stefan Paetow.
+
+	Bug fixes
+	* radtest uses Cleartext-Password for EAP, not
+	  User-Password.
+	* Update documentation for mods-enabled/ linking.
+	* Enhanced checks for moonshot salt.  Fixes #1933.
+	* Allow session resumption for RadSec connections.
+	  Fixes #1936.
+	* Update "huntgroups" file to note that port ranges
+	  are not supported.
+	* Fix OpenSSL permissions issues on default key files.
+	  Fixes #1941.
+	* Certificates are not required when PSK is used.
+	* Allow SubjectAltName as first extension in cert.
+	  Fixes #1946.
+	* Fixed talloc issue with TLS session resumption.
+	  Fixes #1980.
+	* "&Attr-26 := 0x01" now produces useful error messages.
+	* Handle connection error in rlm_ldap_cacheable_groupobj.
+	  Fixes #1951.
+	* Fix endian issues in DHCP.
+	* Multiple minor fixes for Coverity complaints.
+	* Handle unexpected regex.  Fixes #1959.
+	* Fix minor issues in dictionaries.
+	* Fix typos and grammar.  Patches from Alan Buxey.
+	* Fix erroneous VP creation in rlm_preproces.
+	* Fix MIB.  Patch from Jeff Gehlbach.
+	* Trust router updates from Alejandro Perez.
+	* Allow build with LibreSSL.  Fixes #1989
+	* Use correct packet for channel bindings.  Fixes #1990.
+	* Many fixes found by PVS-Studio.  Thanks to PVS-Studio
+	  for giving us a test license.  Please see the git commit
+	  history for more information.
+	* Fix incorrect length check in EAP-PWD.  This may
+	  be exploitable.
+
+FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
 	Feature improvements
 	* Add dictionary.rfc7930.  Note that we do not implement
 	  the RFC.
@@ -7,6 +112,28 @@ FreeRADIUS 3.0.13 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
 	* OpenSSL 1.1.0 compatibility fixes.
 	* rlm_perl: radiusd::xlat to evaluate xlat string
 	  within perl script
+	* Allow authentication retry in winbind. Patch from
+	  Herwin Weststrate. See raddb/mods-available/mschap.
+	* Added "recv-coa" method to rlm_rest.  It behaves the
+	  same as "authorize".
+	* Document Trust Router tr_port option.  Patch from
+	  Stefan Paetow.
+	* Update elasticsearch/logstash examples so that they work
+	  with elastic stack v5.  Patch from Matthew Newton.
+	* Print information about packets, replies, and contents
+	  in the detail file reader.
+	* Update abfab-tr policy.  Pull request #1893
+	  from Stefan Paetow.
+	* Reject packets which contain User-Password and
+	  EAP-Message.
+	* Add example for filtering Access-Challenge.
+	  See sites-enabled/default.
+	* Pull symlink fixes from v4.0.x.  Fixes #1859.
+	* Add systemd reload.  Not everything is reloaded, but
+	  some is.  Fixes #1662.
+	* Better documentation for listen "ipaddr".  Fixes #1921
+	* Add dictionary.cnergee, updated dictionary.nomadix.
+	* radclient no longer needs -x to print statistics with -s.
 
 	Bug fixes
 	* Minor typos.  Fixes #1763
@@ -28,6 +155,29 @@ FreeRADIUS 3.0.13 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
 	* Many miscellaneous fixes and typos.
 	* Allow long strings in %{%{foo} bar:-%{baz} blah".
 	  Fixes #1866
+	* Fix filtering operators, along with more documentation and
+	  more tests for them.
+	* Fix OpenSSL fixes.  Fixes #1876.
+	* Finish SQL select queries even when SELECT returns no rows.
+	  Fixes #1879.
+	* Set Module-Failure-Message for more EAP errors.
+	* Correct typo in dictionary.rfc5580.  Fixes #1882
+	* Remove obselete systemd syslog.target.
+	* Client-Port-Balance load-balancing now uses client port.
+	* Radrelay examples fixed from Alex Clouter.
+	* Update systemd target.  Pull request #1896.
+	* Trim starting whitespace in xlat strings.
+	* Get MySQL result lengths using normal API.
+	* suid down after fchown().  Fixes #1914.
+	* Fix cases of comparing pointer to NUL character.  Fixes #1915.
+	* OpenSSL v1.1 fixes.  Pull request #1921.
+	* Better Handle v4/v6 host names.  Pull request #1919.
+	* Remove "Auth-Type = System" from docs and examples.
+	* Don't crash on malformed %{home_server}.  Fixes #1922
+	* fix erroneous use of talloc destructor in rlm_eap
+	* Issue trigger modules.sql.fail.  Fixes #1923
+	* Document python_path gotcha's.  Fixes #1845
+	* dlopen() the specific version of Python.  Fixes #1592
 
 FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
 	Feature improvements