- update to 3.0.25:
* `correct_escapes` has been added back into the default configuration.
* A segfault when trying to proxy to zombie home servers has been fixed.
* A number of other small bugs and compiler warnings were fixed.
* Added support for building with PostgreSQL 14.
- Update to version 3.0.24 (jsc#SLE-21237)
Feature Improvements
* Add sanitizer options to configure script.
* Log information needed by Wireshark to decode TLS sessions.
* Allow more liberal SQL commands in rlm_sql_map.
* Update dictionary.apc, dictionary.h3c.
* Add new Acct-Status-Type Subsystem-On and Subsystem-Off See
dictionary.iana and
https://freeradius.org/rfc/acct_status_type_subsystem.html.
* Add reject_unknown_intermediate_ca. See mods-available/eap.
* Add dynamic loading of certificates via TLS-Session-Cert-File
See raddb/certs/realms/README.md.
* Add Server Name Indication (SNI) for outbound RadSec connections
See raddb/sites-available/tls, and the home server tls
configuration.
* Support SNI for inbound RadSec connections. Certificates will be
loaded from "realm_dir" in the "tls" section. SNI will be cached
in the TLS-Server-Name-Indication attribute.
* Preliminary support for haproxy "PROXY" protocol See sites-available/tls,
"proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
* Generate parse errors in more circumstances when we know that
the configuration is wrong.
* Add "weeklycounter" to sample sqlcounter configuration.
* Add certificate attributes to the request list, even if
OBS-URL: https://build.opensuse.org/request/show/924184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=87
- update to 3.0.21
Feature Improvements
* New stored procedure for allocating IPs with PostgreSQL
Rates of 1500 IPs per second are now possible
See raddb/mods-config/sql/ippool/postgresql/procedure.sql
* Add SQL IP pool support for Microsoft SQL Server
See raddb/mods-config/sql/ippool/mssql/
* Added RCNTEC dictionary. Closes#3168.
* Added Pica8 dictionary. Closes#3179.
* Add TLS-Client-Cert-Valid-Since attribute holding not
Before date Patch from Boris Lytochkin. Fixes#3157.
* Generate attributes containing unknown OIDs See raddb/sites-available/tls
* Update the WiMAX dictionary.
* Added ability to rlm_python(Python2) show a stacktrace
from errors. #2979.
* Add WiFi Alliance Policy OIDs.
See raddb/certs/xpextensions
* radmin now shows coa stats, too.
* Sample schema extensions for summarizing data in SQL
See mods-config/sql/main/*/process-radacct.sql
* Update dictionary.aerohive, dictionary.fortinet,
dictionary.arista and dictionary.erx.
* Added VAS Experts dictionary.
* Many updates to RPM and jenkins builds from Matthew Newton.
* Added %C (time now in seconds) and %c (microsecond component of now)
back-ported from the "master" branch.
* Add reload capability to systemd unit file in Debian and RedHat.
* Increase timestamp precision in postauth to maximum supported by each
database and simplify (and make more consistent between drivers)
the timestamps in SQL queries by using expansions.
OBS-URL: https://build.opensuse.org/request/show/787864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=81
Feature Improvements
* New stored procedure for allocating IPs with PostgreSQL
Rates of 1500 IPs per second are now possible
See raddb/mods-config/sql/ippool/postgresql/procedure.sql
* Add SQL IP pool support for Microsoft SQL Server
See raddb/mods-config/sql/ippool/mssql/
* Added RCNTEC dictionary. Closes#3168.
* Added Pica8 dictionary. Closes#3179.
* Add TLS-Client-Cert-Valid-Since attribute holding not
Before date Patch from Boris Lytochkin. Fixes#3157.
* Generate attributes containing unknown OIDs See raddb/sites-available/tls
* Update the WiMAX dictionary.
* Added ability to rlm_python(Python2) show a stacktrace
from errors. #2979.
* Add WiFi Alliance Policy OIDs.
See raddb/certs/xpextensions
* radmin now shows coa stats, too.
* Sample schema extensions for summarizing data in SQL
See mods-config/sql/main/*/process-radacct.sql
* Update dictionary.aerohive, dictionary.fortinet,
dictionary.arista and dictionary.erx.
* Added VAS Experts dictionary.
* Many updates to RPM and jenkins builds from Matthew Newton.
* Added %C (time now in seconds) and %c (microsecond component of now)
back-ported from the "master" branch.
* Add reload capability to systemd unit file in Debian and RedHat.
* Increase timestamp precision in postauth to maximum supported by each
database and simplify (and make more consistent between drivers)
the timestamps in SQL queries by using expansions.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=135
Feature Improvements
* Added Force10 dictionary.
* Update dictionary.hp with new attributes. #2690.
* Update dictionary.aruba with new attributes. #2696.
* Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510)
* Relax OpenSSL version checks, now that their API is both public, and stable.
* Note that tls_min_version/tls_max_version also support "1.3"
Since there is no standard yet for EAP with TLS 1.3, it will not work.
* Added tripplite dictionary from #2760.
* Switch to the async interface for rlm_sql_postgresql so that
we can enforce query_timeout.
* Added new LDAP option 'allow_dangling_group_ref'.
* Updated documentation and functionality for EAP session caching
See "cache" section of mods-available/eap.
* Tighten systemd unit file security. Fixes#2637.
* Disable TLS 1.0 and TLS 1.1 support in the default configuration
We STRONGLY recommend doing this for all installations.
* Add expansions for *outgoing* Radsec connections
"%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and
TLS-Cert-* attributes. Fixes#2839.
* Add %{listen:tls} which returns "yes" or "no" for
TLS or non-TLS connections.
* Update dictionary.lancom with new attributes. #2847.
* Added rlm_sql_mongo. See raddb/mods-available/sql.
Note that this module is experimental.
* Added more documentation in sites-available/robust-proxy-accounting.
* sqlippool now re-allocates unexpired leases, to prevent IP pool
exhaustion when clients perform multiple reauthentication attempts
* Add support to radmin keep the history in ~/.radmin_history.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133
- reformat changelog mostly by wrapping lines
- add missing bug numbers for security fixes
- update to 3.0.18
* cleanup_delay can now be 30 seconds. This helps with proxies that have packet loss.
* Do-Not-Respond policies can now be set in the "post-auth" section.
* Encode / Decode ADSL Forum DHCP options.
* Fix module ordering issues. e.g. when "sqlippool" needs "sql".
See the "instantiate" section of radiusd.conf.
* Add Big Switch dictionary. Fixes#2252.
* Add sql_session_start policy (raddb/policy.d/accounting)
This minimizes race conditions when using Simultaneous-Use (#2257).
* For rlm_perl, all variables are now tainted by default.
See raddb/mods-available/perl, and the "perl_flags" configuration item.
This change should only affect people who are using variables in
insecure ways.
* Allow "sqlcounter" module to be listed in "post-auth".
* Add support for IPv6 attributes in SQL. Fixes#2280
* The server is better at handling fail-over for outbound RadSec and
TCP connections. Fixes#2284.
* The server is now more aggressive about retrying failed outbound
RadSec and TCP connections. Fixes#2284.
* Add TLS-Session-Version and TLS-Session-Cipher-Suite to the "session_state" list.
* Add expansion for Radsec connections. "%{listen:TLS-...}" for
TLS-Client-Cert-* and TLS-Cert-* attributes.
* Add notes on running "ldapsearch" using the parameters from the LDAP module.
* "ipaddr" attributes can now be cast to "integer" type attributes
in an "update" section.
* Move main thread queue to using atomic queues. This should help
with contention in high load scenarios.
OBS-URL: https://build.opensuse.org/request/show/679792
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=75
