ChangeLog   [plain text]

FreeRADIUS 2.1.2 Fri Dec 5 17:40:00 CEST 2008;  , urgency=medium
	Feature improvements
	* Allow running with "user=radiusd" and binding to secure
	* Start sending Status-Server "are you alive" messages earlier,
	  which helps with proxying multiple realms to a home server.
	* Removed thread pool code from rlm_perl.  It's not necessary.
	* Added example Perl configuration to raddb/modules/perl
	* Force OpenSSL to support certificates with SHA256.
	  This seems to be necessary for WiMAX certs.

	Bug fixes
	* Fix Debian patch to allow it to build.
	* Fix potential NULL dereference in debugging mode on certain
	  platforms for TTLS and PEAP inner tunnels.
	* Fix uninitialized memory in handling of vendor definitions
	* Fix parsing of quoted (but non-string) attributes in the "users"
	* Initialize uknown NAS IP to, rather than
	* use SUN_LEN in control socket, to avoid truncation on some
	* Correct internal handling of "debug condition" to prevent it
	  from being over-written.
	* Check return code of regcomp in "unlang", so that invalid
	  regular expressions are caught rather than mishandled.
	* Make rlm_sql use <ltdl.h>.  Addresses bug #610.
	* Document list "type = status" better.  Closes bug #580.
	* Set "default days" for certificates, because OpenSSL won't
	  do it.  This closes bug #615.
	* Reference correct list in example raddb/modules/ldap.
	  Closes #596.
	* Increase default schema size for Acct-Session-Id to 64.
	  Closes #540.
	* Fix use of temporary files in dialup-admin.  Closes #605
	  and addresses CVE-2008-4474.
	* Addressed a number of minor issues found by Coverity.
	* Added DHCP option 150 to the dictionary.  Closes #618.

FreeRADIUS 2.1.2 Thurs Dec 3 10:47:00 CEST 2008;  , urgency=medium
	Due to packaging issues, 2.1.2 has been pulled from the net.

FreeRADIUS 2.1.1 Thu Sep 25 11:03:00 CEST 2008;  , urgency=medium
	Feature improvements
	* Many more options and features in radmin.  See "man radmin" and
	* Many more commands available via the control socket.  Connect
	  via "radmin", and type "help" for more information.
	* Added dictionary.networkphysics and dictionary.lancom.
	* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.

	Bug fixes
	* Fixed bug that made radmin not work
	* Fixed Suse && Debian package scripts
	* Fixed issues with dynamic clients
	* Fixed configure checks for -lreadline
	* rlm_sqlippool no longer needs to be linked to rlm_sql.
	* Add statistics for detail file listeners.  This closes bug #593.
	* Fixed printing of some WiMAX attributes.
	* Fix double free on exit() in rlm_attr_filter
	* Fixed build issues on Solaris.
	* Fixed fast session resumption for EAP-TLS

FreeRADIUS 2.1.0 Fri Sep  5 13:20:01 CEST 2008;  , urgency=medium
	Feature improvements
	* Clients may now be defined dynamically, based on IP address.
	  See raddb/sites-available/dynamic-clients.
	* SNMP support is now available through an experimental Perl script.
	  See scripts/snmp-proxy/README
	* SNMP statistics are available through Status-Server packets.
	  See raddb/sites-available/status
	* Added more Microsoft attributes from bug #568.
	* The "linelog" module has more functionality and flexibility.
	  See raddb/modules/linelog.
	* The debugging output has been sanitized.  It should be much
	  more readable.
	* Debug logs can now be turned on/off while the server is running, for
	  a user, group, realm, etc.  See the "log" section of radiusd.conf.
	* Added support for WiMAX Forum attributes.  The dynamic keys
	  are not yet calculated.  See share/dictionary.wimax
	* Added session resumption for PEAP and TTLS.
	  See raddb/eap.conf, "cache" sub-section.
	* Added "radmin" command-line tool for administering a running server.
	  See "man radmin" and raddb/sites-available/control-socket.

	Bug fixes
	* Double escaping of '\\' in the "users" (and some other) files
	  has been fixed.  If you have '\\' in the "users" file, your
	* Parse "security" section in radiusd.conf.  This was accidentally
	  deleted in 2.0.5.  Closes bug #566.
	* Bind to interface before IP, which allows DHCP sockets to
	  listen on "*" for multiple interfaces.
	* Fix handling of giaddr in DHCP responses.
	* Corrected parsing of status_check in home_server so that it works.
	* Fix hints so that "Puser" works again.
	* Removed length restrictions on attribute names in the dictionaries.
	* Update socket code to avoid C compiler optimizations.

FreeRADIUS 2.0.5 ; Date: 2008/06/07 17:17:00 , urgency=medium
	Feature improvements
	* Permit SQL authorize_reply_query to be empty.
	* Allow setting response packet type in Post-Proxy-Type Fail
	* Added install-chown target to set correct permission and ownership
	  make RADMIN=radmin RGROUP=radius install-chown
	* Support for LDAP-Group and other dynamic comparison attributes
	  in unlang.  Developed from a patch by	Jason Alderfer.
	* Added chroot support.  See radiusd.conf for comments.
	* Allow clients of 0/0.  We do not recommend using this, though.
	* Moved many module configurations into raddb/modules/*
	Bug fixes
	* Allow proxying to virtual servers for accounting packets, too.
	* Added "num fields" function to PostgreSQL client.
	* Updated proxy fallback mechanism to validate fallback servers,
	  and to process fallback requests in a child thread.
	* rlm_realm returns "ok" for LOCAL realms, not "noop".
	* Fixed some DHCP code handling.  The examples should now work.

FreeRADIUS 2.0.4 ; Date: 2008/04/30 08:56:40  , urgency=medium
	Feature improvements
	* Allow "virtual_server" in "realm" and "home_server" sections.
	  See raddb/proxy.conf and raddb/sites-available/
	* Allow "passwd" module to be listed in "accounting" and "post-auth".
	* Added "fallback" to "home_server_pool" configuration, to handle
	  the case of all home servers being dead.  See raddb/proxy.conf.
	* Added sample text to raddb/sites-available/inner-tunnel which
	  can simplify debugging of inner tunnel configurations.
	* Added regular expression matching in realm names.  See
	  raddb/proxy.conf for examples.
	* Added simple DHCP server functionality.  For comments, see
	* Added file globbing capabilities to detail file reader
	* Added sample raddb/sites-available/robust-proxy-accounting
	* Clients in SQL can now refer to a virtual server.
	  Patch from Michael Bretterklieber.
	* Added some examples of creating RADIUS administrator in SQL,
	  and assigning appropriate access rights.
	Bug fixes
	* Install all files in raddb/sites-available
	* Allow non-threaded builds.
	* Don't treat '0x' as special for known attributes that are not
	  of type "octets".
	* Fix log error in rlm_pap.
	* Remove documentation about non-existent functionality.
	* Updated warning messages in debug output.
	* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
	  This fix was supposed to go into 2.0.3, but did not make it.
	* Fix event handling in debug mode for failed proxy requests.
	* Fix memleak in fifos.  Closes #537.
	* Fix memleak on blocked threads.  Closes #538.
	* Perform additional checks on NULL realms.  Closes #541.
	* Fix handling of "clients" in "listen" section.
	* When detail file cannot process a packet, sleep for longer
	  to let the rest of the server do something.
	* Add missing table to raddb/sql/mssql/schema.sql.  Closes #545.
	* Updated rlm_sql_postgresql to build with PostgreSQL 7.x. 
	  Closes #533.
	* Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
	  correct place.
	* Update rlm_attr_filter for some corner cases.  Closes #543.
	* Fixed memory leak in libfreeradius event handler.
	* In the SQL Accounting on/off queries, remove the restriction
	  that the session time had to be zero.
FreeRADIUS 2.0.3 ; Date: 2008/03/17 09:22:17  , urgency=medium
	Feature improvements
	* Updated raddb/certs/ca.cnf with extensions to allow ca.der
	  to be imported as a CA on Symbian and Windows Mobile devices.
	  Closes bug #524
	* Enable multiple matches in "hints" via Fall-Through = Yes.
	  Closes bug #477
	* Added preliminary SQLite driver, contibuted by Apple.
	  Untested, with no sample configuration.  This address bug #470.
	* Updated logging sub-system so that log messages from libfreeradius
	  can go to the log file, and not stdout.
	* Added dictionary.rfc5176
	* EAP module now checks for instance name, and uses that for
	  authentication.  This avoids the need to set Auth-Type when
	  there are multiple instances of the EAP module.
	* Added Module-Return-Code attribute, which contains the value
	  returned by the previous module (ok/fail/update/etc.)

	Bug fixes
	* Corrected typos in rlm_dbm.  Closes bugs #521 and #522.
	* Detail file "listen" sections now work much better.
	* Don't allow old "log_*" to over-ride new format.  Closes bug #525
	* Initialize allocated memory in Oracle SQL driver.  This fixes
	  occasional crashes on some systems.  Closes bug #518
	* Call correct function in rlm_protocol_filter.  This enables the
	  module to build.  Closes bug #512.
	* Added deprecated flag to build for rlm_krb5.  This allows it to
	  run on 64-bit systems.  Closes bug #491
	* Corrected error message when parsing invalid configurations
	  so it doesn't crash.  Closes bug #527
	* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
	* Handle $INCLUDE's in "instantiate" section.  Closes #528.
	* Format updates to "man" pages from Stephen Gran.

FreeRADIUS 2.0.2 ; Date: 2008/02/14 11:13:48  , urgency=medium
	Feature improvements
	* Added notes on how to debug the server in radiusd.conf
	* Moved all "log_*" in radiusd.conf to log{} section.
	  The old configurations are still accepted, though.
	* Added ca.der target in raddb/certs/Makefile.  This is
	  needed for importing CA certs into Windows.
	* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
	  This is available only debug builds.  It can be used
	  to create invalid packets! Use it with care.
	* Permit "unlang" policies inside of Auth-Type{} sub-sections
	  of the authenticate{} section.  This makes some policies easier
	  to implement.
	* "listen" sections can now have "type = proxy".  This lets you
	  control which IP is used for sending proxied requests.
	* Added note on SSL performance to raddb/certs/README

	Bug fixes
	* Fixed reading of "detail" files.
	* Allow inner EAP tunneled sessions to be proxied.
	* Corrected MySQL schemas
	* syslog now works in log{} section.
	* Corrected typo in raddb/certs/client.cnf
	* Updated raddb/sites-available/proxy-inner-tunnel to
	  permit authentication to work.
	* Ignore zero-length attributes in received packets.
	* Correct memcpy when dealing with unknown attributes.
	* Corrected debugging messages in attr_rewrite.
	* Corrected generation of State attribute in EAP.  This
	  fixes the "failed to remember handler" issues.
	* Fall back to DEFAULT realm if no realm was found.
	  Based on a patch from Vincent Magnin.
	* Updated example raddb/sites-available/proxy-inner-tunnel
	* Corrected behavior of attr_filter to match documentation.
	  This is NOT backwards compatible with previous versions!
	  See "man rlm_attr_filter" for details.

FreeRADIUS 2.0.1 ; Date: 2008/01/22 13:29:37  , urgency=low
	Feature improvements
	* "unlang" has been expanded to do less run-time expansion,
	  and to have better handling of typed data.  See "man unlang"
	  for documentation and new examples.
	Bug fixes
	* The 'acct_unique' module has been updated to understand
	  the deprecated (but still used) Client-IP-Address attribute.
	* The EAP-MSCHAPv2 module no longer leaks MS-CHAP2-Success in
	* Fixed crash in rlm_dbm.
	* Fixed parsing of syslog configuration.

FreeRADIUS 2.0.0 ; Date: 2007/11/24 08:33:09 , urgency=low
	Feature improvements
	* Debugging mode is much clearer and easier to read.
        * A new policy language makes many configurations trivial.
	  See "man unlang" for a complete description.
	* Virtual servers are now supported.  This permits clear separation
	  of policies.  See raddb/sites-available/README
	* EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
	  See raddb/certs/README for details.
	* Proxying is much more configurable than before.
	  See proxy.conf for documentation on pools, and new config items.
	* Full support for IPv6.
	* Much more complete support for the RADIUS SNMP MIBs.
	* HUP now works.  Only some modules are re-loaded,
	  and the server configuation is *not* reloaded.
	* "check config" option now works.  See "man radiusd"
	* radrelay functionality is now included in the server core.
	  See raddb/sites-available/copy-acct-to-home-server
	* VMPS support.  It is minimal, but functional.
	* Cleaned up internal API's and names, including library names.
	Bug fixes
	* Many.