Skip to content

release_3_0_10
Compare
Choose a tag to compare
@arr2036 arr2036 released this 25 Jan 21:44
· 35173 commits to master since this release
release_3_0_10
d33a1dc

Feature improvements

  • Do more optimization of unlang policies. This makes
    run-time a bit faster.
  • Re-name most of the functions in src/lib. Third-party
    module authors will have to do the same.
  • More documentation on contributing and how to write
    modules.
  • Update radiusd.service for systemd.
  • Open IPv6 proxy socket if the server is listening on IPV6
    auth / acct / coa packets.
  • Create debian packages for DHCP. Fixes #1125.
  • Add more tests for "update" section parsing.
  • Update "man" pages.
  • Update attributes for Alcatel 7750
  • Add dictionary for Boingo Wi-Fi
  • Add support for DHCP lease queries.
    See raddb/sites-available/dhcp
  • On HUP, check all modules for config files which have
    changed. And only re-load those modules.
  • Allow FreeRADIUS-Response-Delay(-USec) to be set for
    RADIUS packets. Patch from Herwin Weststrate.
  • Documentation fixes from Alan Buxey and Matthew Newton.
  • Update "logrotate" script.
  • Added more RFCs to doc/rfc for new standards implemented
    by FreeRADIUS.
  • Don't crash when doing "radmin -e "help hup".
    Patch from Matthew Newton.
  • The dictionary parser now does more sanity checks, which
    prevents run-time problems with invalid attributes.
  • Update debian packages. Patches from Christopher Hoskin.
  • Many other debian packaging fixes from Matthew Netwon
    and Herwin Weststrate.
  • Add "session-state" to Perl. Patch from Herwin Weststrate.

Bug fixes

  • Fix rlm_files so that there are no collisions when loading
    10's of 1000's of users.
  • Fix radclient to use our internal v4/v6 parsing functions.
    v6 addresses with ports now work correctly.
  • Fix sending/receiving packet messages to wrap v6 addresses
    in square brackets '[]'.
  • Check for sasl/sasl.h when building rlm_ldap, and disable
    SASL functionality if unavailable.
  • Fix issue which caused a non \0 terminated buffer to be
    assigned to attributes if the value being assigned contained
    an invalid escape sequence.
  • Fix deadlock when reconnecting connections in the connection
    pool.
  • Fix potential overrun in functions that used fr_utf8_char
    with a non nul terminated buffer.
  • Fix decoding issue for Tunnel-Password type attributes
    which were very long. Found by Denis Andzakovic.
  • Fix radclient issue with TCP sockets on FreeBSD.
  • The server now creates ${run_dir} and ${logdir} directories
    in daemon mode, when running as "root".
  • Handle tags when using maps. Fixes #1191.
  • Fix crash when CoA packets time out.
  • Fix parse error in rediswho
  • Fix regex support in SQL radcheck the "users" file and radsniff.
  • Register listen xlat earlier, so that it's available when the
    virtual servers are being parsed.
  • Parse Ascend-Data-Filter when given as "0x..."
  • Print Ascend-Data-Filter correctly. Add test cases for both.
  • Allow old-style clients again. They will be disallowed for
    3.1.0 and following.
  • Complain instead of crash when "else" and "elsif" are in
    the wrong place.
  • Clean up memory more aggressively. This lowers the
    maximum memory used, most typically for TLS based EAP methods.
  • Prevent the server from unlinking the control socket of an
    already running instance.
  • Fallback to using the configured OCSP URL if one exists, and
    no URL is provided in the certificate.
  • Return CoA-NAK if proxying CoA fails. Based on patch from
    Jorge Pereira.
  • Lower peak memory usage by decreasing size of internal
    memory pools.
  • The control socket is now left in place if a second copy
    of the server is accidentally started.
  • Allow virtual attributes in "switch", "case", etc.
    Fixes #1240 and #1265.
  • Many spell check / typo fixes in comments and example
    configuration files.
  • Better handle multiple DHCP listeners.
  • Don't print secrets for old-style realms. Fixes #1267.
  • Don't fall through in empty "case" statements.
    Fixes #1274.
  • Update EAP-TTLS so that MPPE keys are correctly calculated with TLSv1.2.
  • Always delete MS-MPPE-* from the TTLS inner tunnel. This allows
    TTLS / EAP-MSCHAPv2 to work. Fixes #1206.
  • Fix off by one error that caused some MSCHAP-Error messages to
    be sent without the password change version (V=3) and the textual
    message component (M=).
  • Always include C= V= and M= in MSCHAPv2 errors. RFC 2759 does not say
    that any of these fields are optional, and not including V= caused
    errors with wpa_supplicant.
  • Do not include M= in MSCHAPv1 errors. It's not supported.
Assets 2
Loading