+FreeRADIUS 3.0.15 Mon 17 Jul 2017 09:00:00 EDT urgency=high
+ Feature improvements
+ * Provide HOSTNAME in default systemd files.
+ * Incorporate RedHat specific files
+ * Update dictionary.starent, dictionary.ruckus
+ * Allow builds without TCP or DHCP
+
+ Bug fixes
+ * Fix multiple issues. See this web page for details:
+ http://freeradius.org/security/fuzzer-2017.html
+ * Pass correct statement length into sqlite3_prepare[_v2]
+ * Bind the lifetime of program name and python path to the module
+ * Check input / output length in make_secret().
+ FR-GV-201
+ * Fix read overflow when decoding DHCP option 63
+ FR-GV-206
+ * Fix write overflow in data2vp_wimax()
+ FR-GV-301
+ * Fix infinite loop and memory exhaustion with 'concat' attributes
+ FR-GV-302
+ * Fix infinite read in dhcp_attr2vp()
+ FR-GV-303
+ * Fix buffer over-read in fr_dhcp_decode_suboptions()
+ FR-GV-304
+ * Decode 'signed' attributes correctly.
+ FR-GV-305
+ * use strncmp() instead of memcmp() for bounded data
+ FR-AD-001
+ * Bind the lifetime of program name and python path to the module
+ FR-AD-002
+ * Pass correct statement length into sqlite3_prepare[_v2]
+ FR-AD-003
+ * print messages when we see deprecated configuration
+ items
+ * show reasons why we couldn't parse a certificate
+ expiry time
+ * be more accepting about truncated ASN1 times.
+ * Fix OpenSSL API issue which could leak small amounts
+ of memory. Issue reported by Guido Vranken.
+ * For Access-Reject, call rad_authlog() after running
+ the post-auth section, just like for Access-Accept.
+ * don't crash when reading corrupted data from session
+ resumption cache. Fixes #1999.
+ * Parse port in dhcpclient. Fixes #2000.
+ * Don't leak memory for OpenSSL.
+ Patch from Guido Vranken.
+ * Portability fixes taken from OpenBSD port collection.
+ * run rad_authlog after post-auth for Access-Reject.
+ * Don't process VMPS packets twice.
+ * Fix attribute truncation in rlm_perl
+ * Fix bug when processing huntgroups.
+
+FreeRADIUS 3.0.14 Fri 26 May 2017 13:00:00 EDT urgency=medium
+ Feature improvements
+ * Enforce TLS client certificate expiration on
+ session resumption, and Session-Timeout.
+ See CVE-2017-9148.
+ * Updated dictionary.cisco.vpn3000, dictionary.patton
+ * Added dictionary.dellemc
+ * Lowered the log output for failed PEAP sessions.
+ * ALlow utc in rlm_date. Patch from
+ Peter Lambrechtsen.
+ * The internal OpenSSL session cache has been
+ disabled. Please see mods-available/eap
+ * Update detail reader documentation.
+ Patch from Matthew Newton. Fixes #1973.
+ * Make outgoing RadSec connections non-blocking.
+ * Add SQL backing to Moonshot-*-TargetedId
+ generation. Patch from Stefan Paetow.
+
+ Bug fixes
+ * radtest uses Cleartext-Password for EAP, not
+ User-Password.
+ * Update documentation for mods-enabled/ linking.
+ * Enhanced checks for moonshot salt. Fixes #1933.
+ * Allow session resumption for RadSec connections.
+ Fixes #1936.
+ * Update "huntgroups" file to note that port ranges
+ are not supported.
+ * Fix OpenSSL permissions issues on default key files.
+ Fixes #1941.
+ * Certificates are not required when PSK is used.
+ * Allow SubjectAltName as first extension in cert.
+ Fixes #1946.
+ * Fixed talloc issue with TLS session resumption.
+ Fixes #1980.
+ * "&Attr-26 := 0x01" now produces useful error messages.
+ * Handle connection error in rlm_ldap_cacheable_groupobj.
+ Fixes #1951.
+ * Fix endian issues in DHCP.
+ * Multiple minor fixes for Coverity complaints.
+ * Handle unexpected regex. Fixes #1959.
+ * Fix minor issues in dictionaries.
+ * Fix typos and grammar. Patches from Alan Buxey.
+ * Fix erroneous VP creation in rlm_preproces.
+ * Fix MIB. Patch from Jeff Gehlbach.
+ * Trust router updates from Alejandro Perez.
+ * Allow build with LibreSSL. Fixes #1989
+ * Use correct packet for channel bindings. Fixes #1990.
+ * Many fixes found by PVS-Studio. Thanks to PVS-Studio
+ for giving us a test license. Please see the git commit
+ history for more information.
+ * Fix incorrect length check in EAP-PWD. This may
+ be exploitable.
+
+FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
+ Feature improvements
+ * Add dictionary.rfc7930. Note that we do not implement
+ the RFC.
+ * Added 'cipher_server_preference' to mods-available/eap
+ Patch from #1797.
+ * OpenSSL 1.1.0 compatibility fixes.
+ * rlm_perl: radiusd::xlat to evaluate xlat string
+ within perl script
+ * Allow authentication retry in winbind. Patch from
+ Herwin Weststrate. See raddb/mods-available/mschap.
+ * Added "recv-coa" method to rlm_rest. It behaves the
+ same as "authorize".
+ * Document Trust Router tr_port option. Patch from
+ Stefan Paetow.
+ * Update elasticsearch/logstash examples so that they work
+ with elastic stack v5. Patch from Matthew Newton.
+ * Print information about packets, replies, and contents
+ in the detail file reader.
+ * Update abfab-tr policy. Pull request #1893
+ from Stefan Paetow.
+ * Reject packets which contain User-Password and
+ EAP-Message.
+ * Add example for filtering Access-Challenge.
+ See sites-enabled/default.
+ * Pull symlink fixes from v4.0.x. Fixes #1859.
+ * Add systemd reload. Not everything is reloaded, but
+ some is. Fixes #1662.
+ * Better documentation for listen "ipaddr". Fixes #1921
+ * Add dictionary.cnergee, updated dictionary.nomadix.
+ * radclient no longer needs -x to print statistics with -s.
+
+ Bug fixes
+ * Minor typos. Fixes #1763
+ * Fix typo in RPM build. Closes #1767.
+ * rlm_mschap check for password expiry only
+ if password was correct. Fixes #1762.
+ * Update debian build.
+ * update rlm_counter "man" page. Fixes #1775.
+ * Remove erroneous assert. Fixes #1778.
+ * fix mschap password change test. Fixes #1792.
+ * Cleanup config file on data remove. Fixes #1795.
+ * passwd module returns "notfound" if not found.
+ * Check for old OpenSSL, and don't build rlm_eap_fast
+ if it necessary. Fixes #1803
+ * Cleanup memory better after ldap version query.
+ Patch from Aleksey Katargin.
+ * Rename lt_* functions to avoid linker issues with
+ libtool. Fixes #1277
+ * Many miscellaneous fixes and typos.
+ * Allow long strings in %{%{foo} bar:-%{baz} blah".
+ Fixes #1866
+ * Fix filtering operators, along with more documentation and
+ more tests for them.
+ * Fix OpenSSL fixes. Fixes #1876.
+ * Finish SQL select queries even when SELECT returns no rows.
+ Fixes #1879.
+ * Set Module-Failure-Message for more EAP errors.
+ * Correct typo in dictionary.rfc5580. Fixes #1882
+ * Remove obselete systemd syslog.target.
+ * Client-Port-Balance load-balancing now uses client port.
+ * Radrelay examples fixed from Alex Clouter.
+ * Update systemd target. Pull request #1896.
+ * Trim starting whitespace in xlat strings.
+ * Get MySQL result lengths using normal API.
+ * suid down after fchown(). Fixes #1914.
+ * Fix cases of comparing pointer to NUL character. Fixes #1915.
+ * OpenSSL v1.1 fixes. Pull request #1921.
+ * Better Handle v4/v6 host names. Pull request #1919.
+ * Remove "Auth-Type = System" from docs and examples.
+ * Don't crash on malformed %{home_server}. Fixes #1922
+ * fix erroneous use of talloc destructor in rlm_eap
+ * Issue trigger modules.sql.fail. Fixes #1923
+ * Document python_path gotcha's. Fixes #1845
+ * dlopen() the specific version of Python. Fixes #1592
+
FreeRADIUS 3.0.12 Thur 29 Sep 2016 13:00:00 EDT urgency=medium
Feature improvements
* Add support for =~ and !~ in update sections.
* Minor abfab and moonshot additions.
* Pass CFLAGS through from environment in RPM builds.
Allows more custom builds.
- * Build with Heimdal in addtion to libkrb5.
+ * Build with Heimdal in addition to libkrb5.
Bug fixes
* Use correct typedef for older versions of sqlite.
* Update mssql schema to add priority
- * don't complain on /dev/urandom in ldap
- * fix == operator in update sections
+ * Don't complain on /dev/urandom in ldap
+ * Fix == operator in update sections
* Don't create DHCP strings with many trailing zeros.
Patch from Nicolas C. Fixes #1526.
* Allow MS-CHAP change passwords instead of complaining
branches.
* Fix OCSP for RADIUS over TLS.
* Fix skip_if_ocsp_ok behavior.
- in debug mode after CTRL-C. Address #1604.
* Better fixes for systems without closefrom() but
which have /proc. Fixes #1757.
* Minor build fixes back-ported from v4.0.x.
* build --whout-ascend-binary. Fixes #1761.
* Be more aggressive about not opening new connections
+ in debug mode after CTRL-C. Address #1604.
FreeRADIUS 3.0.11 Mon 25 Jan 2016 14:00:00 EST urgency=medium
Feature improvements
projects / freeradius.git / blobdiff