- update to version 3.2.1:
Feature Improvements
* Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
* Add simultaneous-use queries for MS SQL
* Add radmin command for "stats pool <module-name>"
which prints out statistics about the connection pools.
* Client statistics now shows "conflicts",
to count conflicting packets.
* New optional "lightweight accounting-on/off" strategy.
When refreshing queries.conf you should also add the new
nasreload table and corresponding GRANTs to your DB schema.
* Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
with Eduroam.
* Allow auth+acct for TCP sockets, too.
* Add rlm_cache_redis. See raddb/mods-available/cache for details.
* Allow radmin to look up home servers by name, too.
* Ensure that dynamic clients don't create loops on duplicates
* Removed rlm_sqlhpwippool. There was no documentation, no configuration,
and the module was ~15 years old with no one using it.
* Marked rlm_python3 as stable.
* Add sigalgs_list. See raddb/mods-available/eap
* For rlm_linelog, when opening files in /dev, look at "permissions"
to see whether to open them r/w.
* More flexibility for dynamic home servers. See
doc/configuration/dynamic_home_servers.md and
raddb/home_servers/README.md.
* Allow setting of application_name for PostgreSQL.
See mods-available/sql.
Bug Fixes
* Correct test for open sessions in radacct for MS SQL.
OBS-URL: https://build.opensuse.org/request/show/1063506
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=93
Feature Improvements
* Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
* Add simultaneous-use queries for MS SQL
* Add radmin command for "stats pool <module-name>"
which prints out statistics about the connection pools.
* Client statistics now shows "conflicts",
to count conflicting packets.
* New optional "lightweight accounting-on/off" strategy.
When refreshing queries.conf you should also add the new
nasreload table and corresponding GRANTs to your DB schema.
* Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
with Eduroam.
* Allow auth+acct for TCP sockets, too.
* Add rlm_cache_redis. See raddb/mods-available/cache for details.
* Allow radmin to look up home servers by name, too.
* Ensure that dynamic clients don't create loops on duplicates
* Removed rlm_sqlhpwippool. There was no documentation, no configuration,
and the module was ~15 years old with no one using it.
* Marked rlm_python3 as stable.
* Add sigalgs_list. See raddb/mods-available/eap
* For rlm_linelog, when opening files in /dev, look at "permissions"
to see whether to open them r/w.
* More flexibility for dynamic home servers. See
doc/configuration/dynamic_home_servers.md and
raddb/home_servers/README.md.
* Allow setting of application_name for PostgreSQL.
See mods-available/sql.
Bug Fixes
* Correct test for open sessions in radacct for MS SQL.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=159
- update to 3.0.25:
* `correct_escapes` has been added back into the default configuration.
* A segfault when trying to proxy to zombie home servers has been fixed.
* A number of other small bugs and compiler warnings were fixed.
* Added support for building with PostgreSQL 14.
- Update to version 3.0.24 (jsc#SLE-21237)
Feature Improvements
* Add sanitizer options to configure script.
* Log information needed by Wireshark to decode TLS sessions.
* Allow more liberal SQL commands in rlm_sql_map.
* Update dictionary.apc, dictionary.h3c.
* Add new Acct-Status-Type Subsystem-On and Subsystem-Off See
dictionary.iana and
https://freeradius.org/rfc/acct_status_type_subsystem.html.
* Add reject_unknown_intermediate_ca. See mods-available/eap.
* Add dynamic loading of certificates via TLS-Session-Cert-File
See raddb/certs/realms/README.md.
* Add Server Name Indication (SNI) for outbound RadSec connections
See raddb/sites-available/tls, and the home server tls
configuration.
* Support SNI for inbound RadSec connections. Certificates will be
loaded from "realm_dir" in the "tls" section. SNI will be cached
in the TLS-Server-Name-Indication attribute.
* Preliminary support for haproxy "PROXY" protocol See sites-available/tls,
"proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
* Generate parse errors in more circumstances when we know that
the configuration is wrong.
* Add "weeklycounter" to sample sqlcounter configuration.
* Add certificate attributes to the request list, even if
OBS-URL: https://build.opensuse.org/request/show/924184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=87
- update to 3.0.21
Feature Improvements
* New stored procedure for allocating IPs with PostgreSQL
Rates of 1500 IPs per second are now possible
See raddb/mods-config/sql/ippool/postgresql/procedure.sql
* Add SQL IP pool support for Microsoft SQL Server
See raddb/mods-config/sql/ippool/mssql/
* Added RCNTEC dictionary. Closes#3168.
* Added Pica8 dictionary. Closes#3179.
* Add TLS-Client-Cert-Valid-Since attribute holding not
Before date Patch from Boris Lytochkin. Fixes#3157.
* Generate attributes containing unknown OIDs See raddb/sites-available/tls
* Update the WiMAX dictionary.
* Added ability to rlm_python(Python2) show a stacktrace
from errors. #2979.
* Add WiFi Alliance Policy OIDs.
See raddb/certs/xpextensions
* radmin now shows coa stats, too.
* Sample schema extensions for summarizing data in SQL
See mods-config/sql/main/*/process-radacct.sql
* Update dictionary.aerohive, dictionary.fortinet,
dictionary.arista and dictionary.erx.
* Added VAS Experts dictionary.
* Many updates to RPM and jenkins builds from Matthew Newton.
* Added %C (time now in seconds) and %c (microsecond component of now)
back-ported from the "master" branch.
* Add reload capability to systemd unit file in Debian and RedHat.
* Increase timestamp precision in postauth to maximum supported by each
database and simplify (and make more consistent between drivers)
the timestamps in SQL queries by using expansions.
OBS-URL: https://build.opensuse.org/request/show/787864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=81
Feature Improvements
* New stored procedure for allocating IPs with PostgreSQL
Rates of 1500 IPs per second are now possible
See raddb/mods-config/sql/ippool/postgresql/procedure.sql
* Add SQL IP pool support for Microsoft SQL Server
See raddb/mods-config/sql/ippool/mssql/
* Added RCNTEC dictionary. Closes#3168.
* Added Pica8 dictionary. Closes#3179.
* Add TLS-Client-Cert-Valid-Since attribute holding not
Before date Patch from Boris Lytochkin. Fixes#3157.
* Generate attributes containing unknown OIDs See raddb/sites-available/tls
* Update the WiMAX dictionary.
* Added ability to rlm_python(Python2) show a stacktrace
from errors. #2979.
* Add WiFi Alliance Policy OIDs.
See raddb/certs/xpextensions
* radmin now shows coa stats, too.
* Sample schema extensions for summarizing data in SQL
See mods-config/sql/main/*/process-radacct.sql
* Update dictionary.aerohive, dictionary.fortinet,
dictionary.arista and dictionary.erx.
* Added VAS Experts dictionary.
* Many updates to RPM and jenkins builds from Matthew Newton.
* Added %C (time now in seconds) and %c (microsecond component of now)
back-ported from the "master" branch.
* Add reload capability to systemd unit file in Debian and RedHat.
* Increase timestamp precision in postauth to maximum supported by each
database and simplify (and make more consistent between drivers)
the timestamps in SQL queries by using expansions.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=135
Feature Improvements
* Added Force10 dictionary.
* Update dictionary.hp with new attributes. #2690.
* Update dictionary.aruba with new attributes. #2696.
* Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510)
* Relax OpenSSL version checks, now that their API is both public, and stable.
* Note that tls_min_version/tls_max_version also support "1.3"
Since there is no standard yet for EAP with TLS 1.3, it will not work.
* Added tripplite dictionary from #2760.
* Switch to the async interface for rlm_sql_postgresql so that
we can enforce query_timeout.
* Added new LDAP option 'allow_dangling_group_ref'.
* Updated documentation and functionality for EAP session caching
See "cache" section of mods-available/eap.
* Tighten systemd unit file security. Fixes#2637.
* Disable TLS 1.0 and TLS 1.1 support in the default configuration
We STRONGLY recommend doing this for all installations.
* Add expansions for *outgoing* Radsec connections
"%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and
TLS-Cert-* attributes. Fixes#2839.
* Add %{listen:tls} which returns "yes" or "no" for
TLS or non-TLS connections.
* Update dictionary.lancom with new attributes. #2847.
* Added rlm_sql_mongo. See raddb/mods-available/sql.
Note that this module is experimental.
* Added more documentation in sites-available/robust-proxy-accounting.
* sqlippool now re-allocates unexpired leases, to prevent IP pool
exhaustion when clients perform multiple reauthentication attempts
* Add support to radmin keep the history in ~/.radmin_history.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133