-FreeRADIUS 3.0.14 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
+FreeRADIUS 3.0.15 Mon 17 Jul 2017 09:00:00 EDT urgency=high
Feature improvements
+ * Provide HOSTNAME in default systemd files.
+ * Incorporate RedHat specific files
+ * Update dictionary.starent, dictionary.ruckus
+ * Allow builds without TCP or DHCP
+
+ Bug fixes
+ * Fix multiple issues. See this web page for details:
+ http://freeradius.org/security/fuzzer-2017.html
+ * Pass correct statement length into sqlite3_prepare[_v2]
+ * Bind the lifetime of program name and python path to the module
+ * Check input / output length in make_secret().
+ FR-GV-201
+ * Fix read overflow when decoding DHCP option 63
+ FR-GV-206
+ * Fix write overflow in data2vp_wimax()
+ FR-GV-301
+ * Fix infinite loop and memory exhaustion with 'concat' attributes
+ FR-GV-302
+ * Fix infinite read in dhcp_attr2vp()
+ FR-GV-303
+ * Fix buffer over-read in fr_dhcp_decode_suboptions()
+ FR-GV-304
+ * Decode 'signed' attributes correctly.
+ FR-GV-305
+ * use strncmp() instead of memcmp() for bounded data
+ FR-AD-001
+ * Bind the lifetime of program name and python path to the module
+ FR-AD-002
+ * Pass correct statement length into sqlite3_prepare[_v2]
+ FR-AD-003
+ * print messages when we see deprecated configuration
+ items
+ * show reasons why we couldn't parse a certificate
+ expiry time
+ * be more accepting about truncated ASN1 times.
+ * Fix OpenSSL API issue which could leak small amounts
+ of memory. Issue reported by Guido Vranken.
+ * For Access-Reject, call rad_authlog() after running
+ the post-auth section, just like for Access-Accept.
+ * don't crash when reading corrupted data from session
+ resumption cache. Fixes #1999.
+ * Parse port in dhcpclient. Fixes #2000.
+ * Don't leak memory for OpenSSL.
+ Patch from Guido Vranken.
+ * Portability fixes taken from OpenBSD port collection.
+ * run rad_authlog after post-auth for Access-Reject.
+ * Don't process VMPS packets twice.
+ * Fix attribute truncation in rlm_perl
+ * Fix bug when processing huntgroups.
+
+FreeRADIUS 3.0.14 Fri 26 May 2017 13:00:00 EDT urgency=medium
+ Feature improvements
+ * Enforce TLS client certificate expiration on
+ session resumption, and Session-Timeout.
+ See CVE-2017-9148.
+ * Updated dictionary.cisco.vpn3000, dictionary.patton
+ * Added dictionary.dellemc
+ * Lowered the log output for failed PEAP sessions.
+ * ALlow utc in rlm_date. Patch from
+ Peter Lambrechtsen.
+ * The internal OpenSSL session cache has been
+ disabled. Please see mods-available/eap
+ * Update detail reader documentation.
+ Patch from Matthew Newton. Fixes #1973.
+ * Make outgoing RadSec connections non-blocking.
+ * Add SQL backing to Moonshot-*-TargetedId
+ generation. Patch from Stefan Paetow.
Bug fixes
* radtest uses Cleartext-Password for EAP, not
User-Password.
+ * Update documentation for mods-enabled/ linking.
+ * Enhanced checks for moonshot salt. Fixes #1933.
+ * Allow session resumption for RadSec connections.
+ Fixes #1936.
+ * Update "huntgroups" file to note that port ranges
+ are not supported.
+ * Fix OpenSSL permissions issues on default key files.
+ Fixes #1941.
+ * Certificates are not required when PSK is used.
+ * Allow SubjectAltName as first extension in cert.
+ Fixes #1946.
+ * Fixed talloc issue with TLS session resumption.
+ Fixes #1980.
+ * "&Attr-26 := 0x01" now produces useful error messages.
+ * Handle connection error in rlm_ldap_cacheable_groupobj.
+ Fixes #1951.
+ * Fix endian issues in DHCP.
+ * Multiple minor fixes for Coverity complaints.
+ * Handle unexpected regex. Fixes #1959.
+ * Fix minor issues in dictionaries.
+ * Fix typos and grammar. Patches from Alan Buxey.
+ * Fix erroneous VP creation in rlm_preproces.
+ * Fix MIB. Patch from Jeff Gehlbach.
+ * Trust router updates from Alejandro Perez.
+ * Allow build with LibreSSL. Fixes #1989
+ * Use correct packet for channel bindings. Fixes #1990.
+ * Many fixes found by PVS-Studio. Thanks to PVS-Studio
+ for giving us a test license. Please see the git commit
+ history for more information.
+ * Fix incorrect length check in EAP-PWD. This may
+ be exploitable.
FreeRADIUS 3.0.13 Mon 06 Mar 2017 13:00:00 EDT urgency=medium
Feature improvements