+FreeRADIUS 2.1.10 Mon 01 Sep 8:00:00 CEST 2010, urgency=medium
+ Feature improvements
+ * Install the "radcrypt" program.
+ * Enable radclient to send requests containing MS-CHAPv1
+ * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120
+ This change makes PEAP testing much easier.
+ * Added more documentation and examples for the "passwd" module.
+
+ Bug fixes
+ * Fix endless loop when there are multiple sub-options for
+ DHCP option 82.
+ * More debug output when sending / receiving DHCP packets.
+ * EAP-MSCHAPv2 should return the MPPE keys when used outside
+ of a TLS tunnel. This is needed for IKE.
+ * Added SSL "no ticket" option to prevent SSL from creating sessions
+ without IDs. We need the IDs, so this option should be set.
+ * Fix proxying of packets from inside a TTLS/PEAP tunnel.
+ Closes bug #25.
+ * Allow IPv6 address attributes to be created from domain names
+ Closes bug #82.
+ * Set the string length to the correct value when parsing double
+ quotes. Closes bug #88.
+ * No longer look users up in /etc/passwd in the default configuration.
+ This can be reverted by enabling "unix" in the "authorize" section.
+ * More #ifdef's to enable building on systems without certain
+ features.
+ * Fixed SQL-Group comparison to register only if the group
+ query is defined.
+ * Fixed SQL-Group comparison to register <instance>-SQL-Group,
+ just like rlm_ldap. This lets you have multiple SQL group checks.
+ * Fix scanning of octal numbers in "unlang". Closes bug #89.
+ * Be less aggressive about freeing "stuck" requests. Closes bug #35.
+ * Fix example in "originate-coa" to refer to the correct packet.
+ * Change default timeout for dynamic clients to 1 hour, not 1 day.
+ * Allow passwd module to map IP addresses, too.
+ * Allow passwd module to be used for CoA packets
+ * Put boot filename into DHCP header when DHCP-Boot-Filename
+ is specified.
+ * raddb/certs/Makefile no longer has certs depend on index.txt and
+ serial. Closes bug #64.
+ * Ignore NULL errorcode in PostgreSQL client. Closes bug #39
+ * Made Exec-Program and Exec-Program-Wait work in accounting
+ section again. See sites-available/default.
+ * Fix long-standing memory leak in esoteric conditions. Found
+ by Jerry Nichols.
+ * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
+ This will automatically convert more passwords.
+ * Updated rlm_pap to decode Password-With-Header, if it was base64
+ encoded, and to treat the contents as potentially binary data.
+ * Fix Novell eDir code to use the right function parameters.
+ Closes bug #86.
+ * Allow spaces to be escaped when executing external programs.
+ Closes bug #93.
+ * Be less restrictive about checking permissions on control socket.
+ If we're root, allow connecting to a non-root socket.
+ * Remove control socket on normal server exit. If the server isn't
+ running, the control socket should not exist.
+ * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP
+ calculations. It *MAY* be different (upper / lower case) from
+ the User-Name attribute. Closes bug #17.
+ * If the EAP module fails, more SSL errors are now in
+ Module-Failure-Message.
+ * Update Oracle configure scripts. Closes bug #57.
+ * Added text to DESC fields of doc/examples/openldap.schema
+
+FreeRADIUS 2.1.9 Mon 24 May 8:00:00 CEST 2010, urgency=medium
+ Feature improvements
+ * Add radmin command "stats detail <file>" to see what
+ is going on inside of a detail file reader.
+ * Added documentation for CoA. See raddb/sites-available/coa
+ * Add sub-option support for Option 82. See dictionary.dhcp
+ * Add "server" field to default SQL NAS table, and documented it.
+
+ Bug fixes
+ * Reset "received ping" counter for Status-Server checks. In some
+ corner cases it was not getting reset.
+ * Handle large VMPS attributes.
+ * Count accounting responses from a home server in SNMP / statistics
+ code.
+ * Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
+ * radmin packet counter statistics are now unsigned, for numbers
+ 2^31..2^32. After that they roll over to zero.
+ * Be more careful about expanding data in PAP and MS-CHAP modules.
+ This prevents login failures when passwords contain '{'.
+ * Clean up zombie children if there were many "exec" modules being
+ run for one packet, all with "wait = no".
+ * re-open log file after HUP. Closes bug #63.
+ * Fix "no response to proxied packet" complaint for Coa / Disconnect
+ packets. It shouldn't ignore replies to packets it sent.
+ * Calculate IPv6 netmasks correctly. Closes bug #69.
+ * Fix SQL module to re-open sockets if they unexpectedly close.
+ * Track scope for IPv6 addresses. This lets us use link-local
+ addresses properly. Closes bug #70.
+ * Updated Makefiles to no longer use the shell for recursing into
+ subdirs. "make -j 2" should now work.
+ * Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes
+ bug #75.
+ * Updated Makefiles so that "make reconfig" no longer uses the shell
+ for recursing into subdirs, and re-builds all "configure" files.
+ * Used above method to regenerate all configure scripts.
+ Closes bug #34.
+ * Updated SQL module to allow "server" field of "nas" table
+ to be blank: "". This means the same as it being NULL.
+ * Fixed regex realm example. Create Realm attribute with value
+ of realm from User-Name, not from regex. Closes bug #40.
+ * If processing a DHCP Discover returns "fail / reject", ignore
+ the packet rather than sending a NAK.
+ * Allow '%' to be escaped in sqlcounter module.
+ * Fix typo internal hash table.
+ * For PEAP and TTLS, the tunneled reply is added to the reply,
+ rather than integrated via the operators. This allows multiple
+ VSAs to be added, where they would previously be discarded.
+ * Make request number unsigned. This changes nothing other than
+ the debug output when the server receives more than 2^31 packets.
+ * Don't block when reading child output in 'exec wait'. This means
+ that blocked children get killed, instead of blocking the server.
+ * Enabled building without any proxy functionality
+ * radclient now prefers IPv4, to match the default server config.
+ * Print useful error when a realm regex is invalid
+ * relaxed rules for preprocess module "with_cisco_vsa_hack". The
+ attributes can now be integer, ipaddr, etc. (i.e. non-string)
+ * Allow rlm_ldap to build if ldap_set_rebind_proc() has only
+ 2 arguments.
+ * Update configure script for rlm_python to avoid dynamic linking
+ problems on some platforms.
+ * Work-around for bug #35
+ * Do suid to "user" when running in debug mode as root
+ * Make "allow_core_dumps" work in more situations.
+ * In detail file reader, treat bad records as EOF.
+ This allows it to continue working when the disk is full.
+ * Fix Oracle default accounting queries to work when there are no
+ gigawords attributes. Other databases already had the fix.
+ * Fix rlm_sql to show when it opens and closes sockets. It already
+ says when it cannot connect, so it should say when it can connect.
+ * "chmod -x" for a few C source files.
+ * Pull update spec files, etc. from RedHat into the redhat/ directory.
+ * Allow spaces when parsing integer values. This helps people who
+ put "too much" into an SQL value field.
+
+FreeRADIUS 2.1.8 Wed 30 Dec 16:44:50 CEST 2009, urgency=medium
+ Feature improvements
+ * Print more descriptive error message for too many EAP sessions.
+ This gives hints on what to do when "failed to store handler"
+ * Moved illegal attributes to dictionary.ascend.illegal and
+ dictionary.usr.illegal. You may need to manually re-enable them.
+ * Allow old-style dictionary formats, where the vendor name is the
+ last entry on a line.
+
+ Bug fixes
+ * DHCP sockets now set the broadcast flag before binding to a
+ socket. You should set "broadcast = yes" in the DHCP listener.
+ * Be more restrictive on string parsing in the config files
+ * Fix password length in scripts/create-users.pl
+ * Be more flexible about parsing the detail file. Allow
+ operators other than "=" to be used.
+ * Ensure that requests read from the detail file are cleaned up
+ (i.e. don't leak) if they are proxied without a response.
+
+FreeRADIUS 2.1.7 Mon Sept 14 11:20:00 CEST 2009; , urgency=medium
+ Feature improvements
+ * Full support for CoA and Disconnect packets as per RFC 3576
+ and RFC 5176. Both receiving and proxying CoA is supported.
+ * Added "src_ipaddr" configuration to "home_server". See
+ proxy.conf for details.
+ * radsniff now accepts -I, to read from a filename instead of
+ a device.
+ * radsniff also prints matching requests and any responses to those
+ requests when '-r' is used.
+ * Added example of attr_filter for Access-Challenge packets
+ * Added support for udpfromto in DHCP code
+ * radmin can now selectively mark modules alive/dead.
+ See "set module state".
+ * Added customizable messages on login success/fail.
+ See msg_goodpass && msg_badpass in log{} section of radiusd.conf
+ * Document "chase_referrals" and "rebind" in raddb/modules/ldap
+ * Preliminary implementation of DHCP relay.
+ * Made thread pool section optional. If it doesn't exist,
+ the server will run single-threaded.
+ * Added sample radrelay.conf for people upgrading from 1.x
+ * Made proxying more stable by failing over, rather than
+ rejecting the first request. See "response_window" in proxy.conf
+ * Allow home_server_pools to exist without realms.
+ * Add dictionary.iea (closes bug #7)
+ * Added support for RFC 5580
+ * Added experimental sql_freetds module from Gabriel Blanchard.
+ * Updated dictionary.foundry
+ * Added sample configuration for MySQL cluster in raddb/sql/ndb
+ See the README file for explanations.
+
+ Bug fixes
+ * Fixed corner case where proxied packets could have extra
+ character in User-Password attribute. Fix from Niko Tyni.
+ * Extended size of "attribute" field in SQL to 64.
+ * Fixes to ruby module to be more careful about when it builds.
+ * Updated Perl module "configure" script to check for broken
+ Perl installations.
+ * Fix "status_check = none". It would still send packets
+ in some cases.
+ * Set recursive flag on the proxy mutex, which enables safer
+ cleanup on some platforms.
+ * Copy the EAP username verbatim, rather than escaping it.
+ * Update handling so that robust-proxy-accounting works when
+ all home servers are down for extended periods of time.
+ * Look for DHCP option 53 anywhere in the packet, not just
+ at the start.
+ * Fix processing of proxy fail handler with virtual servers.
+ * DHCP code now prints out correct src/dst IP addresses
+ when sending packets.
+ * Removed requirement for DHCP to have clients
+ * Fixed handling of DHCP packets with message-type buried in the packet
+ * Fixed corner case with negation in unlang.
+ * Minor fixes to default MySQL & PostgreSQL schemas
+ * Suppress MSCHAP complaints in debugging mode.
+ * Fix SQL module for multiple instance, and possible crash on HUP
+ * Fix permissions for radius.log for sites that change user/group,
+ but which don't create the file before starting radiusd.
+ * Fix double counting of packets when proxying
+ * Make %l work
+ * Fix pthread keys in rlm_perl
+ * Log reasons for EAP failure (closes bug #8)
+ * Load home servers and pools that aren't referenced from a realm.
+ * Handle return codes from virtual attributes in "unlang"
+ (e.g. LDAP-Group). This makes "!(expr)" work for them.
+ * Enable VMPS to see contents of virtual server again
+ * Fix WiMAX module to be consistent with examples. (closes bug #10)
+ * Fixed crash with policies dependent on NAS-Port comparisons
+ * Allowed vendor IDs to be be higher than 32767.
+ * Fix crash on startup with certain regexes in "hints" file.
+ * Fix crash in attr_filter module when packets don't exist
+ * Allow detail file reader to be faster when "load_factor = 100"
+ * Add work-around for build failures with errors related to
+ lt__PROGRAM__LTX_preloaded_symbols. libltdl / libtool are horrible.
+ * Made ldap module "rebind" option aware of older, incompatible
+ versions of OpenLDAP.
+ * Check value of Fall-Through in attr_filter module.
+
+FreeRADIUS 2.1.6 Mon May 18 10:00:00 CEST 2009; urgency=medium
+ Feature improvements
+ * radclient exits with 0 on successful (accept / ack), and 1
+ otherwise (no response / reject)
+ * Added support for %{sql:UPDATE ..}, and insert/delete
+ Patch from Arran Cudbard-Bell
+ * Added sample "do not respond" policy. See raddb/policy.conf
+ and raddb/sites-available/do_not_respond
+ * Cleanups to Suse spec file from Norbert Wegener
+ * New VSAs for Juniper from Bjorn Mork
+ * Include more RFC dictionaries in the default install
+ * More documentation for the WiMAX module
+ * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
+ This helps with Active Directory. See raddb/modules/ldap
+ * Don't load pre/post-proxy if proxying is disabled.
+ * Added %{md5:...}, which returns MD5 hash in hex.
+ * Added configurable "retry_interval" and "poll_interval"
+ for "detail" listeners.
+ * Added "delete_mppe_keys" configuration option to rlm_wimax.
+ Apparently some WiMAX clients misbehave when they see those keys.
+ * Added experimental rlm_ruby from
+ http://github.com/Antti/freeradius-server/tree/master
+ * Add Tunnel attributes to ldap.attrmap
+ * Enable virtual servers to be reloaded on HUP. For now, only
+ the "authorize", "authenticate", etc. processing sections are
+ reloaded. Clients and "listen" sections are NOT reloaded.
+ * Updated "radwatch" script to be more robust. See scripts/radwatch
+ * Added certificate compatibility notes in raddb/certs/README,
+ for compatibility with different operating systems. (i.e. Windows)
+
+ Bug fixes
+ * Minor changes to allow building without VQP.
+ * Minor fixes from John Center
+ * Fixed raddebug example
+ * Don't crash when deleting attributes via unlang
+ * Be friendlier to very fast clients
+ * Updated the "detail" listener so that it only polls once,
+ and not many times in a row, leaking memory each time...
+ * Update comparison for Packet-Src-IP-Address (etc.) so that
+ the operators other than '==' work.
+ * Did autoconf magic to work around weird libtool bug
+ * Make rlm_perl keep tags for tagged attributes in more situations
+ * Update UID checking for radmin
+ * Added "include_length" field for TTLS. It's needed for RFC
+ compliance, but not (apparently) for interoperability.
+
+FreeRADIUS 2.1.5 Sun Jan 1 1:1:00 CEST 2009; , urgency=medium
+ * Release number skipped due to procedural issues.
+
+FreeRADIUS 2.1.4 Tue Mar 10 17:05:00 CEST 2009; , urgency=medium
+ Feature improvements
+ * Permit multiple "-e" in radmin.
+ * Add support for originating CoA-Request and Disconnect-Request.
+ See raddb/sites-available/originate-coa.
+ * Added "lifetime" and "max_queries" to raddb/sql.conf.
+ This helps address the problem of hung SQL sockets.
+ * Allow packets to be injected via radmin. See "inject help"
+ in radmin.
+ * Answer VMPS reconfirmation request. Patch from Hermann Lauer.
+ * Sample logrotate script in scripts/logrotate.freeradius
+ * Add configurable poll interval for "detail" listeners
+ * New "raddebug" command. This prints debugging information from
+ a running server. See "man raddebug.
+ * Add "require_message_authenticator" configuration to home_server
+ configuration. This makes the server add Message-Authenticator
+ to all outgoing Access-Request packets.
+ * Added smsotp module, as contributed by Siemens.
+ * Enabled the administration socket in the default install.
+ See raddb/sites-available/control-socket, and "man radmin"
+ * Handle duplicate clients, such as with replicated or
+ load-balanced SQL servers and "readclients = yes"
+
+ Bug fixes
+ * Clean up control sockets when they are closed, so that we don't
+ leak memory.
+ * Define SUN_LEN for systems that don't have it.
+ * Correct some boundary conditions in the conditional checker ("if")
+ in "unlang". Bug noted by Arran Cudbard-Bell.
+ * Work around minor building issues in gmake. This should only
+ have affected developers.
+ * Change how we manage unprivileged user/group, so that we do not
+ create control sockets owned by root.
+ * Fixed more minor issues found by Coverity.
+ * Allow raddb/certs/bootstrap to run when there is no "make"
+ command installed.
+ * In radiusd.conf, run_dir depends on the name of the program,
+ and isn't hard-coded to "..../radiusd"
+ * Check for EOF in more places in the "detail" file reader.
+ * Added Freeswitch dictionary.
+ * Chop ethernet frames in VMPS, rather than droppping packets.
+ * Fix EAP-TLS bug. Patch from Arnaud Ebalard
+ * Don't lose string for regex-compares in the "users" file.
+ * Expose more functions in rlm_sql to rlm_sqlippool, which
+ helps on systems where RTLD_GLOBAL is off.
+ * Fix typos in MySQL schemas for ippools.
+ * Remove macro that was causing build issues on some platforms.
+ * Fixed issues with dead home servers. Bug noted by Chris Moules.
+ * Fixed "access after free" with some dynamic clients.
+
+FreeRADIUS 2.1.3 Fri Dec 5 17:40:00 CEST 2008; , urgency=medium
+ Feature improvements
+ * Allow running with "user=radiusd" and binding to secure
+ sockets.
+ * Start sending Status-Server "are you alive" messages earlier,
+ which helps with proxying multiple realms to a home server.
+ * Removed thread pool code from rlm_perl. It's not necessary.
+ * Added example Perl configuration to raddb/modules/perl
+ * Force OpenSSL to support certificates with SHA256.
+ This seems to be necessary for WiMAX certs.
+
+ Bug fixes
+ * Fix Debian patch to allow it to build.
+ * Fix potential NULL dereference in debugging mode on certain
+ platforms for TTLS and PEAP inner tunnels.
+ * Fix uninitialized memory in handling of vendor definitions
+ * Fix parsing of quoted (but non-string) attributes in the "users"
+ file.
+ * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0
+ * use SUN_LEN in control socket, to avoid truncation on some
+ platforms.
+ * Correct internal handling of "debug condition" to prevent it
+ from being over-written.
+ * Check return code of regcomp in "unlang", so that invalid
+ regular expressions are caught rather than mishandled.
+ * Make rlm_sql use <ltdl.h>. Addresses bug #610.
+ * Document list "type = status" better. Closes bug #580.
+ * Set "default days" for certificates, because OpenSSL won't
+ do it. This closes bug #615.
+ * Reference correct list in example raddb/modules/ldap.
+ Closes #596.
+ * Increase default schema size for Acct-Session-Id to 64.
+ Closes #540.
+ * Fix use of temporary files in dialup-admin. Closes #605
+ and addresses CVE-2008-4474.
+ * Addressed a number of minor issues found by Coverity.
+ * Added DHCP option 150 to the dictionary. Closes #618.
+
+FreeRADIUS 2.1.2 Thurs Dec 3 10:47:00 CEST 2008; , urgency=medium
+ Due to packaging issues, 2.1.2 has been pulled from the net.
+
+FreeRADIUS 2.1.1 Thu Sep 25 11:03:00 CEST 2008; , urgency=medium
+ Feature improvements
+ * Many more options and features in radmin. See "man radmin" and
+ raddb/sites-available/control-socket
+ * Many more commands available via the control socket. Connect
+ via "radmin", and type "help" for more information.
+ * Added dictionary.networkphysics and dictionary.lancom.
+ * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+
+ Bug fixes
+ * Fixed bug that made radmin not work
+ * Fixed Suse && Debian package scripts
+ * Fixed issues with dynamic clients
+ * Fixed configure checks for -lreadline
+ * rlm_sqlippool no longer needs to be linked to rlm_sql.
+ * Add statistics for detail file listeners. This closes bug #593.
+ * Fixed printing of some WiMAX attributes.
+ * Fix double free on exit() in rlm_attr_filter
+ * Fixed build issues on Solaris.
+ * Fixed fast session resumption for EAP-TLS
+
FreeRADIUS 2.1.0 Fri Sep 5 13:20:01 CEST 2008; , urgency=medium
Feature improvements
* Clients may now be defined dynamically, based on IP address.
projects / freeradius.git / blobdiff