-FreeRADIUS 3.0.2 Mon 13 Jan 2014 14:30:00 EDT urgency=medium
+FreeRADIUS 3.0.2 Fri 21 Mar 2014 08:30:00 EDT urgency=medium
Feature improvements
* secret keys and LDAP / SQL passwords are now printed as
- '<<< secret >>>' in debugging mode. Use -Xx to see them.
- * Print out more information about passwords in -Xx
+ '<<< secret >>>' in debugging mode. Use -Xx to see the
+ actual passwords.
+ * Print out more information about passwords in -Xx,
+ including hashes, comparisons, etc.
* Allow cast (and implicit conversion) of integers to IPv4 addresses
* More xlats allow attribute references. This means they can
operate on binary data. e.g. expr, base64, md5, sha1.
* The dictionaries are now auto-loaded. raddb/dictionary
should no longer have $INCLUDE ${prefix}/share/dictionary
* A "panic_action" can be set to have the server dump a gdb
- log on SEGV or other fatal error.
+ log on SEGV or other fatal error. See radiusd.conf
* Add support for SHA-224, SHA-256, SHA-384, SHA-512 to rlm_pap.
* Add "%{sha256:}" and "%{sha512:}" xlat functions.
* Cache CUI in EAP session resumption.
* Added more instances of the "always" module, for all return
codes.
* Suppress broken NASes when proxying. Retransmits which occur
- more than once per second are limited to only once per second.
+ more than once per second are rate-limited to once per second.
* Allow '&' in more xlat expansions.
* Update PostgreSQL schema and queries to record last updated
time, and accounting interim.
doesn't have a {...} header.
* Added "unpack" module. It can unpack binary data from horrible
VSA formats. See raddb/mods-available/unpack
- * Added example IP Pool for DHCP, using sqlite.
+ * Added example IP Pool for DHCP, using sqlite. From Matthew Newton
See raddb/mods-config/sql/ippool-dhcp/
Bug fixes
is not in_use.
* Fix %{mschap:User-Name} xlat.
* Allow comparisons of signed integers and of ethernet addresses.
- * Fix parsing of text based ascend binary filters.
+ * Fix parsing of text-based ascend binary filters.
* Fix a few minor Coverity and clang analyzer issues.
* Log WARNING and ERROR prefixes only once, not twice.
* Fix attribute truncation seen in Perl and other places.
* Use /dev/urandom for raddb/certs/random, if it exists.
* Issue WARNING that old-style clients should no longer be used.
* Auto-set secret to "radsec" for tcp+tls home servers.
- * Fix double free in home_server_add, when there is a parse error
+ * Fix double free in home_server_add when there is a parse error
on startup.
- * rlm_unix checks if the dictionaries are broken.
+ * rlm_unix checks if the dictionaries are broken, instead of crashing
* Fix potential memory corruption when normalising salted password
hashes from hex, where the combined hash and salt was > 64 bytes.
- * Register rlm_sqlcounter attributes correctly, and fix other issues
+ * Register sqlcounter attributes correctly, and other issues with it
* treat 127.0.0.1/32 as being identical to 127.0.0.1
* Don't mangle error output of SQL drivers like PostgreSQL
* Fix usage of "tls = ${tls}". It could previously cause problems
- when used multiple times.
+ when the reference was used multiple times.
* Fix TLS session leak for incoming sockets.
* Try harder to clean up memory on exit when using "-mM"
* Fix memory leak when home server is down for RadSec connections
- * Fix minor warnings as noted by clang analyzer.
* rate-limit outgoing connection attempts when the home server
is down. It will retry no more than once per second.
* When parsing ipv6 address prefixes, always mask off the host
portion.
- * Correct rlm_counter so that it does not create two reply
+ * Fix rlm_counter so that it does not create two reply
attributes.
* Fix issues with DHCP Sub-TLVs where the value of the first
Sub-TLV would appear corrupted, and subsequent TLVs would