-2011-09-28 1.5-dev
+2013-09-06 1.6.5
+ Bug fixes:
+ - Fix a crash bug introduced in 1.6.4. Fixes RADSECPROXY-53,
+ bugfix on 1.6.4.
+
+2013-09-05 1.6.4
+ Bug fixes:
+ - Keeping Proxy-State attributes in all replies to clients
+ (RADSECPROXY-52). Reported by Stefan Winter.
+
+2013-09-05 1.6.3
+ Enhancements:
+ - Threads are allocated with a 32 KB stack rather than what
+ happens to be the default. Patch by Fabian Mauchle.
+ - On systems with mallopt(3), freed memory is returned to the
+ system more aggressively. Patch by Fabian Mauchle.
+
+ Bug fixes:
+ - radsecproxy-hash(1) no longer prints the hash four times.
+ Reported by Simon Lundström and jocar.
+ - Escaped slashes in regular expressions now works. Reported by
+ Duarte Fonseca. (RADSECPROXY-51)
+ - The duplication cache is purged properly. Patch by Fabian
+ Mauchle.
+ - Stop freeing a shared piece of memory manifesting itself as a
+ crash when using dynamic discovery. Patch by Fabian Mauchle.
+ - Closing and freeing TLS clients properly. Patch by Fabian
+ Mauchle.
+ - Timing out on TLS clients not closing the connection properly.
+ Patch by Fabian Mauchle.
+
+2012-10-25 1.6.2
+ Bug fixes (security):
+ - Fix the issue with verification of clients when using multiple
+ 'tls' config blocks (RADSECPROXY-43) for DTLS too. Fixes
+ CVE-2012-4566 (CVE id corrected 2012-11-01, after the release of
+ 1.6.2). Reported by Raphael Geissert.
+
+2012-09-14 1.6.1
+ Bug fixes (security):
+ - When verifying clients, don't consider config blocks with CA
+ settings ('tls') which differ from the one used for verifying the
+ certificate chain. Reported by Ralf Paffrath. (RADSECPROXY-43,
+ CVE-2012-4523).
+
+ Bug fixes:
+ - Make naptr-eduroam.sh check NAPTR type case insensitively.
+ Fix from Adam Osuchowski.
+
+2012-04-27 1.6
+ Incompatible changes:
+ - The default shared secret for TLS and DTLS connections change
+ from "mysecret" to "radsec" as per draft-ietf-radext-radsec-12
+ section 2.3 (4). Please make sure to specify a secret in both
+ client and server blocks to avoid unwanted surprises.
+ (RADSECPROXY-19)
+ - The default place to look for a configuration file has changed
+ from /etc to /usr/local/etc. Let radsecproxy know where your
+ configuration file can be found by using the `-c' command line
+ option. Or configure radsecproxy with --sysconfdir=/etc to
+ restore the old behaviour. (RADSECPROXY-31)
+
+ New features:
+ - Improved F-Ticks logging options. F-Ticks can now be sent to a
+ separate syslog facility and the VISINST label can now be
+ configured explicitly. This was implemented by Maja
+ Gorecka-Wolniewicz and Paweł Gołaszewski. (RADSECPROXY-29)
+ - New config option PidFile. (RADSECPROXY-32)
+ - Preliminary support for DynamicLookupCommand added. It's for
+ TLS servers only at this point. Also, beware of risks for memory
+ leaks. In addition to this, for extra adventurous users, there's
+ a new configure option --enable-experimental-dyndisc which enables
+ even more new code for handling of dynamic discovery of TLS
+ servers.
+ - Address family (IPv4 or IPv6) can now be specified for clients
+ and servers. (RADSECPROXY-37)
+
+ Bug fixes:
+ - Stop the autoconfery from warning about defining variables
+ conditionally and unconditionally.
+ - Honour configure option --sysconfdir. (RADSECPROXY-31)
+ - Don't crash on failing DynamicLookupCommand scripts. Fix made
+ with help from Ralf Paffrath. (RADSECPROXY-33)
+ - When a DynamicLookupCommand script is failing, fall back to
+ other server(s) in the realm. The timeout depends on the kind of
+ failure.
+ - Other bugs. (RADSECPROXY-26, -28, -34, -35, -39, -40)
+
+2011-10-08 1.5
New features:
- Support for F-Ticks logging.
- New binary radsecproxy-hash.
+ - A DynamicLookupCommand script can now signal "server not found"
+ by exiting with code 10. The scripts in the tools directory now
+ do this.
Incompatible changes:
- catgconf renamed to radsecproxy-conf.
Bug fixes:
- - All compiler warnings removed. Building with -Werror.
+ - All compiler warnings removed. Now compiling with -Werror.
2011-07-22 1.4.3
Notes:
projects / radsecproxy.git / blobdiff