Skip to content

release_3_0_9
Compare
Choose a tag to compare
@arr2036 arr2036 released this 08 Jul 17:12
· 35173 commits to master since this release
release_3_0_9
8a1cbd0

Feature improvements

  • Make "pool" configurations more consistent, and
    update documentation for them.
  • Move connection pool logic to "most recently started",
    instead of MRU. This should help with pool stability.
  • More VSAs for 3GPP2
  • Added examples of multi-value attributes to rlm_perl.
  • LDAP-Group and SQL-Group attributes are now dynamically
    allocated.
  • Only the "sql" module registers SQL-Group. Other instances
    register "instance-name-SQL-Group", similarly to "ldap".
  • Unknown attributes are now complained about more often
    when used in unlang statements. e.g. if (Foo-Bar == 3)
    used to be a string to string comparison. It is now a
    parse error.
  • Rename RLM_COMPONENT_* to MOD_* in the code.
    This makes many things easier.
  • Move to C99 initializers for modules.
  • Load modules in raddb/mods-enabled. This allows attributes
    like "LDAP-Group" to be used in the "files" module,
    without explicit ordering or listing in "instantiate".
  • Added 'bootstrap' section to modules. Third-party modules
    will need to be updated.
  • When adding clients from a DB, add them to a virtual server
    if that virtual server has a "listen" section. Otherwise,
    add the clients to the global list.
  • When reading dynamic clients from a file, don't expire them
    if the underlying file is unchanged.
  • Allow the server to originate CoA requests from the post-auth
    stage.
  • The server creates ${run_dir} and ${logdir} in daemon mode,
    if they do not already exist.
  • Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server
    now supports all mandatory and optional attributes for this
    specification.
  • HUP now re-loads the configuration only if the files have
    changed. If all files are unchanged, HUP re-opens the
    log file, and does nothing else.
  • Much better debug messages for EAP-TLS, including which
    attributes are cached, and when they are retrieved.
  • Increase default max_requests to 16384. Memory is cheap now.
  • Added "stats memory" commands to radmin. Debug build only.
  • Aptilo controller dictionary updates.
  • SQL modules now use Acct-Unique-Session-Id everywhere.
  • The redis modules are now stable.
  • The LDAP module now supports SASL "interactive bind" method.
    This allows Kerberos based administrator and user binds.
  • DHCP code is now in libfreeradius-dhcp.
  • More DHCP encoding / decoding unit tests.
  • rlm_replicate can now be listed in the "accounting" section.
  • Better sqlite debugging output.
  • Remove "required" option from many sql_ippool directives.
  • Set default CA "basic constraints" to "critical". Fixes #1073
  • Updates to help / man pages from Jorge Pereira.
  • Added more tests.

Bug fixes

  • Be more careful about unused config item warnings
    when using -Xx.
  • Move more defines to be auto-generated.
  • Allow virtual servers in proxy fallback.
  • Allow %{module:} to work.
  • Don't crash in RadSec. Closes #980.
  • Return better errors when a unix group / user
    is not found.
  • Re-enable detail module "locking" parameter.
  • Don't crash when logging replies from Status-Server packets.
  • The couchbase module now uses "update" instead of "map",
    for consistent with the rest of the server. See
    raddb/mods-available/couchbase
  • Don't require NT-Password for MS-CHAP password changes.
  • Be a bit more careful about decrypting MS-CHAP-MPPE-Key
    attributes. Closes #1013. There is no perfect fix, tho.
  • Fix security issues with EAP-PWD.
    See http://freeradius.org/security.html#eap-pwd-2015
  • Fix dynamic clients read from SQL in non-debug mode
  • MS-CHAP now allows retries (i.e. password change) when
    passwords are expired.
  • Allow "user=radiusd" when the server is already user
    "radiusd"
  • suid up/down works on non-Linux systems. This means
    that the control socket should have the correct
    ownership.
  • Fix issue which caused the server to sometimes have problems
    when a home server was marked zombie.
  • Fix format.pl because Perl is now more picky.
  • Fix proxy to Packet-Dst-IP-Address, so that it uses the
    correct destination port.
  • Fix corner case with cursor functions and removal.
  • OpenDirectory fixes and documentation.
  • Fix leaks in rlm_redis.
  • RFC 6929 "evs" attributes are now encoded / decoded
    properly.
  • Fix talloc pool leaks when receiving malformed or
    retransmitted Accounting/CoA requests.
  • Printed attributes again use double quotes instead of
    single quotes.
  • Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl"
    to eap.conf. Fixes oCert CVE-2015-4680.
  • rlm_expr now errors out correctly on malformed attribute
    references instead of triggering an assert.
  • Make "break" work in "foreach" loops
  • Allow dynamic expansions to work again in the "hints" file.
  • Correct minor typos in comments and examples from Alan Buxy.
  • Re-urlencode the path portion of ldapi:// urls before
    passing it to ldap_initialise.
Assets 2
Loading