1 FreeRADIUS 2.1.10 Mon 01 Sep 8:00:00 CEST 2010, urgency=medium
3 * Install the "radcrypt" program.
4 * Enable radclient to send requests containing MS-CHAPv1
5 * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120
6 This change makes PEAP testing much easier.
7 * Added more documentation and examples for the "passwd" module.
10 * Fix endless loop when there are multiple sub-options for
12 * More debug output when sending / receiving DHCP packets.
13 * EAP-MSCHAPv2 should return the MPPE keys when used outside
14 of a TLS tunnel. This is needed for IKE.
15 * Added SSL "no ticket" option to prevent SSL from creating sessions
16 without IDs. We need the IDs, so this option should be set.
17 * Fix proxying of packets from inside a TTLS/PEAP tunnel.
19 * Allow IPv6 address attributes to be created from domain names
21 * Set the string length to the correct value when parsing double
22 quotes. Closes bug #88.
23 * No longer look users up in /etc/passwd in the default configuration.
24 This can be reverted by enabling "unix" in the "authorize" section.
25 * More #ifdef's to enable building on systems without certain
27 * Fixed SQL-Group comparison to register only if the group
29 * Fixed SQL-Group comparison to register <instance>-SQL-Group,
30 just like rlm_ldap. This lets you have multiple SQL group checks.
31 * Fix scanning of octal numbers in "unlang". Closes bug #89.
32 * Be less aggressive about freeing "stuck" requests. Closes bug #35.
33 * Fix example in "originate-coa" to refer to the correct packet.
34 * Change default timeout for dynamic clients to 1 hour, not 1 day.
35 * Allow passwd module to map IP addresses, too.
36 * Allow passwd module to be used for CoA packets
37 * Put boot filename into DHCP header when DHCP-Boot-Filename
39 * raddb/certs/Makefile no longer has certs depend on index.txt and
40 serial. Closes bug #64.
41 * Ignore NULL errorcode in PostgreSQL client. Closes bug #39
42 * Made Exec-Program and Exec-Program-Wait work in accounting
43 section again. See sites-available/default.
44 * Fix long-standing memory leak in esoteric conditions. Found
46 * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
47 This will automatically convert more passwords.
48 * Updated rlm_pap to decode Password-With-Header, if it was base64
49 encoded, and to treat the contents as potentially binary data.
50 * Fix Novell eDir code to use the right function parameters.
52 * Allow spaces to be escaped when executing external programs.
54 * Be less restrictive about checking permissions on control socket.
55 If we're root, allow connecting to a non-root socket.
56 * Remove control socket on normal server exit. If the server isn't
57 running, the control socket should not exist.
58 * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP
59 calculations. It *MAY* be different (upper / lower case) from
60 the User-Name attribute. Closes bug #17.
61 * If the EAP module fails, more SSL errors are now in
62 Module-Failure-Message.
63 * Update Oracle configure scripts. Closes bug #57.
64 * Added text to DESC fields of doc/examples/openldap.schema
66 FreeRADIUS 2.1.9 Mon 24 May 8:00:00 CEST 2010, urgency=medium
68 * Add radmin command "stats detail <file>" to see what
69 is going on inside of a detail file reader.
70 * Added documentation for CoA. See raddb/sites-available/coa
71 * Add sub-option support for Option 82. See dictionary.dhcp
72 * Add "server" field to default SQL NAS table, and documented it.
75 * Reset "received ping" counter for Status-Server checks. In some
76 corner cases it was not getting reset.
77 * Handle large VMPS attributes.
78 * Count accounting responses from a home server in SNMP / statistics
80 * Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
81 * radmin packet counter statistics are now unsigned, for numbers
82 2^31..2^32. After that they roll over to zero.
83 * Be more careful about expanding data in PAP and MS-CHAP modules.
84 This prevents login failures when passwords contain '{'.
85 * Clean up zombie children if there were many "exec" modules being
86 run for one packet, all with "wait = no".
87 * re-open log file after HUP. Closes bug #63.
88 * Fix "no response to proxied packet" complaint for Coa / Disconnect
89 packets. It shouldn't ignore replies to packets it sent.
90 * Calculate IPv6 netmasks correctly. Closes bug #69.
91 * Fix SQL module to re-open sockets if they unexpectedly close.
92 * Track scope for IPv6 addresses. This lets us use link-local
93 addresses properly. Closes bug #70.
94 * Updated Makefiles to no longer use the shell for recursing into
95 subdirs. "make -j 2" should now work.
96 * Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes
98 * Updated Makefiles so that "make reconfig" no longer uses the shell
99 for recursing into subdirs, and re-builds all "configure" files.
100 * Used above method to regenerate all configure scripts.
102 * Updated SQL module to allow "server" field of "nas" table
103 to be blank: "". This means the same as it being NULL.
104 * Fixed regex realm example. Create Realm attribute with value
105 of realm from User-Name, not from regex. Closes bug #40.
106 * If processing a DHCP Discover returns "fail / reject", ignore
107 the packet rather than sending a NAK.
108 * Allow '%' to be escaped in sqlcounter module.
109 * Fix typo internal hash table.
110 * For PEAP and TTLS, the tunneled reply is added to the reply,
111 rather than integrated via the operators. This allows multiple
112 VSAs to be added, where they would previously be discarded.
113 * Make request number unsigned. This changes nothing other than
114 the debug output when the server receives more than 2^31 packets.
115 * Don't block when reading child output in 'exec wait'. This means
116 that blocked children get killed, instead of blocking the server.
117 * Enabled building without any proxy functionality
118 * radclient now prefers IPv4, to match the default server config.
119 * Print useful error when a realm regex is invalid
120 * relaxed rules for preprocess module "with_cisco_vsa_hack". The
121 attributes can now be integer, ipaddr, etc. (i.e. non-string)
122 * Allow rlm_ldap to build if ldap_set_rebind_proc() has only
124 * Update configure script for rlm_python to avoid dynamic linking
125 problems on some platforms.
126 * Work-around for bug #35
127 * Do suid to "user" when running in debug mode as root
128 * Make "allow_core_dumps" work in more situations.
129 * In detail file reader, treat bad records as EOF.
130 This allows it to continue working when the disk is full.
131 * Fix Oracle default accounting queries to work when there are no
132 gigawords attributes. Other databases already had the fix.
133 * Fix rlm_sql to show when it opens and closes sockets. It already
134 says when it cannot connect, so it should say when it can connect.
135 * "chmod -x" for a few C source files.
136 * Pull update spec files, etc. from RedHat into the redhat/ directory.
137 * Allow spaces when parsing integer values. This helps people who
138 put "too much" into an SQL value field.
140 FreeRADIUS 2.1.8 Wed 30 Dec 16:44:50 CEST 2009, urgency=medium
142 * Print more descriptive error message for too many EAP sessions.
143 This gives hints on what to do when "failed to store handler"
144 * Moved illegal attributes to dictionary.ascend.illegal and
145 dictionary.usr.illegal. You may need to manually re-enable them.
146 * Allow old-style dictionary formats, where the vendor name is the
147 last entry on a line.
150 * DHCP sockets now set the broadcast flag before binding to a
151 socket. You should set "broadcast = yes" in the DHCP listener.
152 * Be more restrictive on string parsing in the config files
153 * Fix password length in scripts/create-users.pl
154 * Be more flexible about parsing the detail file. Allow
155 operators other than "=" to be used.
156 * Ensure that requests read from the detail file are cleaned up
157 (i.e. don't leak) if they are proxied without a response.
159 FreeRADIUS 2.1.7 Mon Sept 14 11:20:00 CEST 2009; , urgency=medium
161 * Full support for CoA and Disconnect packets as per RFC 3576
162 and RFC 5176. Both receiving and proxying CoA is supported.
163 * Added "src_ipaddr" configuration to "home_server". See
164 proxy.conf for details.
165 * radsniff now accepts -I, to read from a filename instead of
167 * radsniff also prints matching requests and any responses to those
168 requests when '-r' is used.
169 * Added example of attr_filter for Access-Challenge packets
170 * Added support for udpfromto in DHCP code
171 * radmin can now selectively mark modules alive/dead.
172 See "set module state".
173 * Added customizable messages on login success/fail.
174 See msg_goodpass && msg_badpass in log{} section of radiusd.conf
175 * Document "chase_referrals" and "rebind" in raddb/modules/ldap
176 * Preliminary implementation of DHCP relay.
177 * Made thread pool section optional. If it doesn't exist,
178 the server will run single-threaded.
179 * Added sample radrelay.conf for people upgrading from 1.x
180 * Made proxying more stable by failing over, rather than
181 rejecting the first request. See "response_window" in proxy.conf
182 * Allow home_server_pools to exist without realms.
183 * Add dictionary.iea (closes bug #7)
184 * Added support for RFC 5580
185 * Added experimental sql_freetds module from Gabriel Blanchard.
186 * Updated dictionary.foundry
187 * Added sample configuration for MySQL cluster in raddb/sql/ndb
188 See the README file for explanations.
191 * Fixed corner case where proxied packets could have extra
192 character in User-Password attribute. Fix from Niko Tyni.
193 * Extended size of "attribute" field in SQL to 64.
194 * Fixes to ruby module to be more careful about when it builds.
195 * Updated Perl module "configure" script to check for broken
197 * Fix "status_check = none". It would still send packets
199 * Set recursive flag on the proxy mutex, which enables safer
200 cleanup on some platforms.
201 * Copy the EAP username verbatim, rather than escaping it.
202 * Update handling so that robust-proxy-accounting works when
203 all home servers are down for extended periods of time.
204 * Look for DHCP option 53 anywhere in the packet, not just
206 * Fix processing of proxy fail handler with virtual servers.
207 * DHCP code now prints out correct src/dst IP addresses
208 when sending packets.
209 * Removed requirement for DHCP to have clients
210 * Fixed handling of DHCP packets with message-type buried in the packet
211 * Fixed corner case with negation in unlang.
212 * Minor fixes to default MySQL & PostgreSQL schemas
213 * Suppress MSCHAP complaints in debugging mode.
214 * Fix SQL module for multiple instance, and possible crash on HUP
215 * Fix permissions for radius.log for sites that change user/group,
216 but which don't create the file before starting radiusd.
217 * Fix double counting of packets when proxying
219 * Fix pthread keys in rlm_perl
220 * Log reasons for EAP failure (closes bug #8)
221 * Load home servers and pools that aren't referenced from a realm.
222 * Handle return codes from virtual attributes in "unlang"
223 (e.g. LDAP-Group). This makes "!(expr)" work for them.
224 * Enable VMPS to see contents of virtual server again
225 * Fix WiMAX module to be consistent with examples. (closes bug #10)
226 * Fixed crash with policies dependent on NAS-Port comparisons
227 * Allowed vendor IDs to be be higher than 32767.
228 * Fix crash on startup with certain regexes in "hints" file.
229 * Fix crash in attr_filter module when packets don't exist
230 * Allow detail file reader to be faster when "load_factor = 100"
231 * Add work-around for build failures with errors related to
232 lt__PROGRAM__LTX_preloaded_symbols. libltdl / libtool are horrible.
233 * Made ldap module "rebind" option aware of older, incompatible
234 versions of OpenLDAP.
235 * Check value of Fall-Through in attr_filter module.
237 FreeRADIUS 2.1.6 Mon May 18 10:00:00 CEST 2009; urgency=medium
239 * radclient exits with 0 on successful (accept / ack), and 1
240 otherwise (no response / reject)
241 * Added support for %{sql:UPDATE ..}, and insert/delete
242 Patch from Arran Cudbard-Bell
243 * Added sample "do not respond" policy. See raddb/policy.conf
244 and raddb/sites-available/do_not_respond
245 * Cleanups to Suse spec file from Norbert Wegener
246 * New VSAs for Juniper from Bjorn Mork
247 * Include more RFC dictionaries in the default install
248 * More documentation for the WiMAX module
249 * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
250 This helps with Active Directory. See raddb/modules/ldap
251 * Don't load pre/post-proxy if proxying is disabled.
252 * Added %{md5:...}, which returns MD5 hash in hex.
253 * Added configurable "retry_interval" and "poll_interval"
254 for "detail" listeners.
255 * Added "delete_mppe_keys" configuration option to rlm_wimax.
256 Apparently some WiMAX clients misbehave when they see those keys.
257 * Added experimental rlm_ruby from
258 http://github.com/Antti/freeradius-server/tree/master
259 * Add Tunnel attributes to ldap.attrmap
260 * Enable virtual servers to be reloaded on HUP. For now, only
261 the "authorize", "authenticate", etc. processing sections are
262 reloaded. Clients and "listen" sections are NOT reloaded.
263 * Updated "radwatch" script to be more robust. See scripts/radwatch
264 * Added certificate compatibility notes in raddb/certs/README,
265 for compatibility with different operating systems. (i.e. Windows)
268 * Minor changes to allow building without VQP.
269 * Minor fixes from John Center
270 * Fixed raddebug example
271 * Don't crash when deleting attributes via unlang
272 * Be friendlier to very fast clients
273 * Updated the "detail" listener so that it only polls once,
274 and not many times in a row, leaking memory each time...
275 * Update comparison for Packet-Src-IP-Address (etc.) so that
276 the operators other than '==' work.
277 * Did autoconf magic to work around weird libtool bug
278 * Make rlm_perl keep tags for tagged attributes in more situations
279 * Update UID checking for radmin
280 * Added "include_length" field for TTLS. It's needed for RFC
281 compliance, but not (apparently) for interoperability.
283 FreeRADIUS 2.1.5 Sun Jan 1 1:1:00 CEST 2009; , urgency=medium
284 * Release number skipped due to procedural issues.
286 FreeRADIUS 2.1.4 Tue Mar 10 17:05:00 CEST 2009; , urgency=medium
288 * Permit multiple "-e" in radmin.
289 * Add support for originating CoA-Request and Disconnect-Request.
290 See raddb/sites-available/originate-coa.
291 * Added "lifetime" and "max_queries" to raddb/sql.conf.
292 This helps address the problem of hung SQL sockets.
293 * Allow packets to be injected via radmin. See "inject help"
295 * Answer VMPS reconfirmation request. Patch from Hermann Lauer.
296 * Sample logrotate script in scripts/logrotate.freeradius
297 * Add configurable poll interval for "detail" listeners
298 * New "raddebug" command. This prints debugging information from
299 a running server. See "man raddebug.
300 * Add "require_message_authenticator" configuration to home_server
301 configuration. This makes the server add Message-Authenticator
302 to all outgoing Access-Request packets.
303 * Added smsotp module, as contributed by Siemens.
304 * Enabled the administration socket in the default install.
305 See raddb/sites-available/control-socket, and "man radmin"
306 * Handle duplicate clients, such as with replicated or
307 load-balanced SQL servers and "readclients = yes"
310 * Clean up control sockets when they are closed, so that we don't
312 * Define SUN_LEN for systems that don't have it.
313 * Correct some boundary conditions in the conditional checker ("if")
314 in "unlang". Bug noted by Arran Cudbard-Bell.
315 * Work around minor building issues in gmake. This should only
316 have affected developers.
317 * Change how we manage unprivileged user/group, so that we do not
318 create control sockets owned by root.
319 * Fixed more minor issues found by Coverity.
320 * Allow raddb/certs/bootstrap to run when there is no "make"
322 * In radiusd.conf, run_dir depends on the name of the program,
323 and isn't hard-coded to "..../radiusd"
324 * Check for EOF in more places in the "detail" file reader.
325 * Added Freeswitch dictionary.
326 * Chop ethernet frames in VMPS, rather than droppping packets.
327 * Fix EAP-TLS bug. Patch from Arnaud Ebalard
328 * Don't lose string for regex-compares in the "users" file.
329 * Expose more functions in rlm_sql to rlm_sqlippool, which
330 helps on systems where RTLD_GLOBAL is off.
331 * Fix typos in MySQL schemas for ippools.
332 * Remove macro that was causing build issues on some platforms.
333 * Fixed issues with dead home servers. Bug noted by Chris Moules.
334 * Fixed "access after free" with some dynamic clients.
336 FreeRADIUS 2.1.3 Fri Dec 5 17:40:00 CEST 2008; , urgency=medium
338 * Allow running with "user=radiusd" and binding to secure
340 * Start sending Status-Server "are you alive" messages earlier,
341 which helps with proxying multiple realms to a home server.
342 * Removed thread pool code from rlm_perl. It's not necessary.
343 * Added example Perl configuration to raddb/modules/perl
344 * Force OpenSSL to support certificates with SHA256.
345 This seems to be necessary for WiMAX certs.
348 * Fix Debian patch to allow it to build.
349 * Fix potential NULL dereference in debugging mode on certain
350 platforms for TTLS and PEAP inner tunnels.
351 * Fix uninitialized memory in handling of vendor definitions
352 * Fix parsing of quoted (but non-string) attributes in the "users"
354 * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0
355 * use SUN_LEN in control socket, to avoid truncation on some
357 * Correct internal handling of "debug condition" to prevent it
358 from being over-written.
359 * Check return code of regcomp in "unlang", so that invalid
360 regular expressions are caught rather than mishandled.
361 * Make rlm_sql use <ltdl.h>. Addresses bug #610.
362 * Document list "type = status" better. Closes bug #580.
363 * Set "default days" for certificates, because OpenSSL won't
364 do it. This closes bug #615.
365 * Reference correct list in example raddb/modules/ldap.
367 * Increase default schema size for Acct-Session-Id to 64.
369 * Fix use of temporary files in dialup-admin. Closes #605
370 and addresses CVE-2008-4474.
371 * Addressed a number of minor issues found by Coverity.
372 * Added DHCP option 150 to the dictionary. Closes #618.
374 FreeRADIUS 2.1.2 Thurs Dec 3 10:47:00 CEST 2008; , urgency=medium
375 Due to packaging issues, 2.1.2 has been pulled from the net.
377 FreeRADIUS 2.1.1 Thu Sep 25 11:03:00 CEST 2008; , urgency=medium
379 * Many more options and features in radmin. See "man radmin" and
380 raddb/sites-available/control-socket
381 * Many more commands available via the control socket. Connect
382 via "radmin", and type "help" for more information.
383 * Added dictionary.networkphysics and dictionary.lancom.
384 * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
387 * Fixed bug that made radmin not work
388 * Fixed Suse && Debian package scripts
389 * Fixed issues with dynamic clients
390 * Fixed configure checks for -lreadline
391 * rlm_sqlippool no longer needs to be linked to rlm_sql.
392 * Add statistics for detail file listeners. This closes bug #593.
393 * Fixed printing of some WiMAX attributes.
394 * Fix double free on exit() in rlm_attr_filter
395 * Fixed build issues on Solaris.
396 * Fixed fast session resumption for EAP-TLS
398 FreeRADIUS 2.1.0 Fri Sep 5 13:20:01 CEST 2008; , urgency=medium
400 * Clients may now be defined dynamically, based on IP address.
401 See raddb/sites-available/dynamic-clients.
402 * SNMP support is now available through an experimental Perl script.
403 See scripts/snmp-proxy/README
404 * SNMP statistics are available through Status-Server packets.
405 See raddb/sites-available/status
406 * Added more Microsoft attributes from bug #568.
407 * The "linelog" module has more functionality and flexibility.
408 See raddb/modules/linelog.
409 * The debugging output has been sanitized. It should be much
411 * Debug logs can now be turned on/off while the server is running, for
412 a user, group, realm, etc. See the "log" section of radiusd.conf.
413 * Added support for WiMAX Forum attributes. The dynamic keys
414 are not yet calculated. See share/dictionary.wimax
415 * Added session resumption for PEAP and TTLS.
416 See raddb/eap.conf, "cache" sub-section.
417 * Added "radmin" command-line tool for administering a running server.
418 See "man radmin" and raddb/sites-available/control-socket.
421 * Double escaping of '\\' in the "users" (and some other) files
422 has been fixed. If you have '\\' in the "users" file, your
423 configuration WILL NEED TO BE CHECKED, AND FIXED!
424 * Parse "security" section in radiusd.conf. This was accidentally
425 deleted in 2.0.5. Closes bug #566.
426 * Bind to interface before IP, which allows DHCP sockets to
427 listen on "*" for multiple interfaces.
428 * Fix handling of giaddr in DHCP responses.
429 * Corrected parsing of status_check in home_server so that it works.
430 * Fix hints so that "Puser" works again.
431 * Removed length restrictions on attribute names in the dictionaries.
432 * Update socket code to avoid C compiler optimizations.
434 FreeRADIUS 2.0.5 ; Date: 2008/06/07 17:17:00 , urgency=medium
436 * Permit SQL authorize_reply_query to be empty.
437 * Allow setting response packet type in Post-Proxy-Type Fail
439 * Added install-chown target to set correct permission and ownership
440 make RADMIN=radmin RGROUP=radius install-chown
441 * Support for LDAP-Group and other dynamic comparison attributes
442 in unlang. Developed from a patch by Jason Alderfer.
443 * Added chroot support. See radiusd.conf for comments.
444 * Allow clients of 0/0. We do not recommend using this, though.
445 * Moved many module configurations into raddb/modules/*
448 * Allow proxying to virtual servers for accounting packets, too.
449 * Added "num fields" function to PostgreSQL client.
450 * Updated proxy fallback mechanism to validate fallback servers,
451 and to process fallback requests in a child thread.
452 * rlm_realm returns "ok" for LOCAL realms, not "noop".
453 * Fixed some DHCP code handling. The examples should now work.
455 FreeRADIUS 2.0.4 ; Date: 2008/04/30 08:56:40 , urgency=medium
457 * Allow "virtual_server" in "realm" and "home_server" sections.
458 See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
459 * Allow "passwd" module to be listed in "accounting" and "post-auth".
460 * Added "fallback" to "home_server_pool" configuration, to handle
461 the case of all home servers being dead. See raddb/proxy.conf.
462 * Added sample text to raddb/sites-available/inner-tunnel which
463 can simplify debugging of inner tunnel configurations.
464 * Added regular expression matching in realm names. See
465 raddb/proxy.conf for examples.
466 * Added simple DHCP server functionality. For comments, see
467 raddb/sites-available/dhcp.
468 * Added file globbing capabilities to detail file reader
469 * Added sample raddb/sites-available/robust-proxy-accounting
470 * Clients in SQL can now refer to a virtual server.
471 Patch from Michael Bretterklieber.
472 * Added some examples of creating RADIUS administrator in SQL,
473 and assigning appropriate access rights.
476 * Install all files in raddb/sites-available
477 * Allow non-threaded builds.
478 * Don't treat '0x' as special for known attributes that are not
480 * Fix log error in rlm_pap.
481 * Remove documentation about non-existent functionality.
482 * Updated warning messages in debug output.
483 * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
484 This fix was supposed to go into 2.0.3, but did not make it.
485 * Fix event handling in debug mode for failed proxy requests.
486 * Fix memleak in fifos. Closes #537.
487 * Fix memleak on blocked threads. Closes #538.
488 * Perform additional checks on NULL realms. Closes #541.
489 * Fix handling of "clients" in "listen" section.
490 * When detail file cannot process a packet, sleep for longer
491 to let the rest of the server do something.
492 * Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
493 * Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
495 * Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
497 * Update rlm_attr_filter for some corner cases. Closes #543.
498 * Fixed memory leak in libfreeradius event handler.
499 * In the SQL Accounting on/off queries, remove the restriction
500 that the session time had to be zero.
502 FreeRADIUS 2.0.3 ; Date: 2008/03/17 09:22:17 , urgency=medium
504 * Updated raddb/certs/ca.cnf with extensions to allow ca.der
505 to be imported as a CA on Symbian and Windows Mobile devices.
507 * Enable multiple matches in "hints" via Fall-Through = Yes.
509 * Added preliminary SQLite driver, contibuted by Apple.
510 Untested, with no sample configuration. This address bug #470.
511 * Updated logging sub-system so that log messages from libfreeradius
512 can go to the log file, and not stdout.
513 * Added dictionary.rfc5176
514 * EAP module now checks for instance name, and uses that for
515 authentication. This avoids the need to set Auth-Type when
516 there are multiple instances of the EAP module.
517 * Added Module-Return-Code attribute, which contains the value
518 returned by the previous module (ok/fail/update/etc.)
521 * Corrected typos in rlm_dbm. Closes bugs #521 and #522.
522 * Detail file "listen" sections now work much better.
523 * Don't allow old "log_*" to over-ride new format. Closes bug #525
524 * Initialize allocated memory in Oracle SQL driver. This fixes
525 occasional crashes on some systems. Closes bug #518
526 * Call correct function in rlm_protocol_filter. This enables the
527 module to build. Closes bug #512.
528 * Added deprecated flag to build for rlm_krb5. This allows it to
529 run on 64-bit systems. Closes bug #491
530 * Corrected error message when parsing invalid configurations
531 so it doesn't crash. Closes bug #527
532 * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
533 * Handle $INCLUDE's in "instantiate" section. Closes #528.
534 * Format updates to "man" pages from Stephen Gran.
536 FreeRADIUS 2.0.2 ; Date: 2008/02/14 11:13:48 , urgency=medium
538 * Added notes on how to debug the server in radiusd.conf
539 * Moved all "log_*" in radiusd.conf to log{} section.
540 The old configurations are still accepted, though.
541 * Added ca.der target in raddb/certs/Makefile. This is
542 needed for importing CA certs into Windows.
543 * Added ability send raw attributes via "Raw-Attribute = 0x0102..."
544 This is available only debug builds. It can be used
545 to create invalid packets! Use it with care.
546 * Permit "unlang" policies inside of Auth-Type{} sub-sections
547 of the authenticate{} section. This makes some policies easier
549 * "listen" sections can now have "type = proxy". This lets you
550 control which IP is used for sending proxied requests.
551 * Added note on SSL performance to raddb/certs/README
554 * Fixed reading of "detail" files.
555 * Allow inner EAP tunneled sessions to be proxied.
556 * Corrected MySQL schemas
557 * syslog now works in log{} section.
558 * Corrected typo in raddb/certs/client.cnf
559 * Updated raddb/sites-available/proxy-inner-tunnel to
560 permit authentication to work.
561 * Ignore zero-length attributes in received packets.
562 * Correct memcpy when dealing with unknown attributes.
563 * Corrected debugging messages in attr_rewrite.
564 * Corrected generation of State attribute in EAP. This
565 fixes the "failed to remember handler" issues.
566 * Fall back to DEFAULT realm if no realm was found.
567 Based on a patch from Vincent Magnin.
568 * Updated example raddb/sites-available/proxy-inner-tunnel
569 * Corrected behavior of attr_filter to match documentation.
570 This is NOT backwards compatible with previous versions!
571 See "man rlm_attr_filter" for details.
573 FreeRADIUS 2.0.1 ; Date: 2008/01/22 13:29:37 , urgency=low
575 * "unlang" has been expanded to do less run-time expansion,
576 and to have better handling of typed data. See "man unlang"
577 for documentation and new examples.
580 * The 'acct_unique' module has been updated to understand
581 the deprecated (but still used) Client-IP-Address attribute.
582 * The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in
584 * Fixed crash in rlm_dbm.
585 * Fixed parsing of syslog configuration.
587 FreeRADIUS 2.0.0 ; Date: 2007/11/24 08:33:09 , urgency=low
589 * Debugging mode is much clearer and easier to read.
590 * A new policy language makes many configurations trivial.
591 See "man unlang" for a complete description.
592 * Virtual servers are now supported. This permits clear separation
593 of policies. See raddb/sites-available/README
594 * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
595 See raddb/certs/README for details.
596 * Proxying is much more configurable than before.
597 See proxy.conf for documentation on pools, and new config items.
598 * Full support for IPv6.
599 * Much more complete support for the RADIUS SNMP MIBs.
600 * HUP now works. Only some modules are re-loaded,
601 and the server configuation is *not* reloaded.
602 * "check config" option now works. See "man radiusd"
603 * radrelay functionality is now included in the server core.
604 See raddb/sites-available/copy-acct-to-home-server
605 * VMPS support. It is minimal, but functional.
606 * Cleaned up internal API's and names, including library names.