"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "doc/ChangeLog" between
freeradius-server-3.0.22.tar.bz2 and freeradius-server-3.0.23.tar.bz2

About: FreeRADIUS Server Project - a high performance and highly configurable RADIUS server.

ChangeLog  (freeradius-server-3.0.22.tar.bz2):ChangeLog  (freeradius-server-3.0.23.tar.bz2)
FreeRADIUS 3.0.23 Thu 10 Jun 2021 12:00:00 EDT urgency=low
Feature improvements
* Update dictionary.aruba
* Add "set home_server state ... down" in order to mark the
home server as administratively down. Use "alive" to bring
it back to life.
* Add Post-Auth-Type "Client-Lost" which should make it easier
to log when clients stop responding.
* Add sites-available/totp as an example of how to use TOTP.
* Add %{mschap:Domain-Name}, fixes #3944.
* Cache TLS messages in &session-state, for more debugging.
* Notes in eap configuration about TLS 1.0 / TLS 1.1, and setting
cipher_list = "DEFAULT@SECLEVEL=1"
* Added MANY warning messages about using TLS 1.3 with EAP.
In short, don't use it. Microsoft will support it in fall 2021.
Bug fixes
* Fix crash in some cases when home server is down, in debug mode.
* Fix (again) "read clients from SQL" functionality.
* Fix sql_map to return values in more situations.
* Silently ignore LEAP configuration instead of erroring out.
FreeRADIUS 3.0.22 Mon 17 May 2021 12:00:00 EDT urgency=low FreeRADIUS 3.0.22 Mon 17 May 2021 12:00:00 EDT urgency=low
Feature improvements Feature improvements
* Many new "unlang" documentation files. See "make docsite" * Many new "unlang" documentation files. See "make docsite"
and then see build/docsite/freeradius-server/*/index.html and then see build/docsite/freeradius-server/*/index.html
* Limited support for dynamic home servers. See proxy.conf * Limited support for dynamic home servers. See proxy.conf
and doc/configuration/dynamic_home_servers.md and doc/configuration/dynamic_home_servers.md
* Add support for prepend operator ^=. See "man unlang" for * Add support for prepend operator ^=. See "man unlang" for
for details. for details.
* Added rlm_totp, for use with the Google Authenticator app. * Added rlm_totp, for use with the Google Authenticator app.
See mods-available/totp. See mods-available/totp.
skipping to change at line 49 skipping to change at line 71
* The default configuration now replies with EAP-Key-Name, if it * The default configuration now replies with EAP-Key-Name, if it
is available, and was requested. is available, and was requested.
* Include extensions in generated certificates. * Include extensions in generated certificates.
* Ignore user-provided dhparams in FIPS mode. * Ignore user-provided dhparams in FIPS mode.
Patch from Alexander Scheel. Patch from Alexander Scheel.
* Remove native support for Cisco LEAP. It is insecure, and * Remove native support for Cisco LEAP. It is insecure, and
should not be used. Proxying LEAP is still supported. should not be used. Proxying LEAP is still supported.
* Allow use of password preparation methods with rlm_eap_pwd. * Allow use of password preparation methods with rlm_eap_pwd.
Patch from Michael Braun. Patch from Michael Braun.
* Many, many, improvements for DHCP from Nick Porter and Terry Burton. * Many, many, improvements for DHCP from Nick Porter and Terry Burton.
* More RFC complaince for various corner cases of DHCP, * More RFC compliance for various corner cases of DHCP,
* Use DHCP-specific schemas. * Use DHCP-specific schemas.
* Add stored procedures for DHCP lease allocation * Add stored procedures for DHCP lease allocation
* Add support for DHCP-Decline. * Add support for DHCP-Decline.
* Added mods-available/dhcp_sql which is a DHCP-specific instance * Added mods-available/dhcp_sql which is a DHCP-specific instance
of the SQL module. of the SQL module.
* Treat DHCP Discover and Request differently for lease allocation times. * Treat DHCP Discover and Request differently for lease allocation times.
* Add support for PBKDF2 keys. Fixes #2649 * Add support for PBKDF2 keys. Fixes #2649
* Update dictionary.mikrotik, dictionary.aruba, dictionary.paloalto, * Update dictionary.mikrotik, dictionary.aruba, dictionary.paloalto,
dictionary.juniper, dictionary.bskyb (#3339), dictionary.juniper, dictionary.bskyb (#3339),
dictionary.alcatel.sr (#3495). dictionary.alcatel.sr (#3495).
skipping to change at line 87 skipping to change at line 109
and FreeRADIUS-Stats-Server-IPv6-Address and FreeRADIUS-Stats-Server-IPv6-Address
* Add warnings if there is no "real" User-Name to identify users. * Add warnings if there is no "real" User-Name to identify users.
* Add sample configuration to update Stripped-User-Name and/or * Add sample configuration to update Stripped-User-Name and/or
Class for user sessions. See sites-available/default Class for user sessions. See sites-available/default
* Add configuration to suppress printing values for User-Name, etc. * Add configuration to suppress printing values for User-Name, etc.
See radiusd.conf, "suppress_secrets" See radiusd.conf, "suppress_secrets"
* Support dictionary.telrad, which is also in WiMAX format. * Support dictionary.telrad, which is also in WiMAX format.
* PEAP 'proxy_tunneled_request_as_eap' is now configurable * PEAP 'proxy_tunneled_request_as_eap' is now configurable
at runtime with Proxy-Tunneled-Request-As-EAP. at runtime with Proxy-Tunneled-Request-As-EAP.
* Debug output now lists client/server proposed TLS ciphers. * Debug output now lists client/server proposed TLS ciphers.
* Add support for TLS1.3, patches from Alexander Clouter
Bug fixes Bug fixes
* Fix long-term double free due to PCRE calling our "free" * Fix long-term double free due to PCRE calling our "free"
function twice. Fixes #1967, #3188, #3868. function twice. Fixes #1967, #3188, #3868.
* Respect the "log_reject" configuration item in more places. * Respect the "log_reject" configuration item in more places.
Fixes #3352. This lowers the number of "Login incorrect" Fixes #3352. This lowers the number of "Login incorrect"
messages when "log_reject = no". messages when "log_reject = no".
* Fix rpmbuild for Centos > 6. Patch from Matthew Newton. * Fix rpmbuild for Centos > 6. Patch from Matthew Newton.
* Run Post-Proxy-Type Fail... when all home servers are down. * Run Post-Proxy-Type Fail... when all home servers are down.
* Note that rlm_replicate can only use UDP, and not TCP or TLS. * Note that rlm_replicate can only use UDP, and not TCP or TLS.
skipping to change at line 116 skipping to change at line 139
* Do home_server failover immediately when an initial TCP / Radsec * Do home_server failover immediately when an initial TCP / Radsec
connection fails. connection fails.
* Port EAP-PWD constant time fixes from "master" branch. The issue * Port EAP-PWD constant time fixes from "master" branch. The issue
was verified by Mohamed Sabt, and a patch supplied by was verified by Mohamed Sabt, and a patch supplied by
Daniel De Almeida Braga. Daniel De Almeida Braga.
* Clear error on SQLITE_BUSY to prevent memory leak in corner cases. * Clear error on SQLITE_BUSY to prevent memory leak in corner cases.
Patch from Nick Porter. Patch from Nick Porter.
* Properly add SQL clients to virtual servers. * Properly add SQL clients to virtual servers.
* Update documentation for cert generation. Patch from Alexander Scheel. * Update documentation for cert generation. Patch from Alexander Scheel.
* Use better API when decoding DHCP packets, to avoid unnecessary work. * Use better API when decoding DHCP packets, to avoid unnecessary work.
This improves performance noticably. This improves performance noticeably.
* Parse locale-dependent dates. Fixes #3602. * Parse locale-dependent dates. Fixes #3602.
* Strip out "-frecord-gcc-switches" from rlm_python3 configure build. Fix es #3693 * Strip out "-frecord-gcc-switches" from rlm_python3 configure build. Fix es #3693
* Fix radiusd.conf ENV LD_PRELOAD function. * Fix radiusd.conf ENV LD_PRELOAD function.
* Update the "sql" module so that it uses fewer handles for group selecti on, * Update the "sql" module so that it uses fewer handles for group selecti on,
which means that it is less likely to complain that the which means that it is less likely to complain that the
connection pool is exhausted. connection pool is exhausted.
* Update the "sql" module to return "ok" when no rows have been updated * Update the "sql" module to return "ok" when no rows have been updated
for accounting on/off. for accounting on/off.
* Make the "date" module handle UTC more consistently. * Make the "date" module handle UTC more consistently.
* Check for, and complain about, inconsistent use of tls_min_version * Check for, and complain about, inconsistent use of tls_min_version
 End of changes. 4 change blocks. 
2 lines changed or deleted 25 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)