- Feature improvements
* Print more descriptive error message for too many EAP sessions.
This gives hints on what to do when "failed to store handler"
* Commands received from radmin are now printed on stdout when
in debugging mode.
* Allow accounting packets to be written to a detail file, even
if they were read from a different detail file.
* Added OpenSSL license exception (src/LICENSE.openssl)
- Bug fixes
* DHCP sockets can now set the broadcast flag before binding to a
socket. You need to set "broadcast = yes" in the DHCP listener.
* Be more restrictive on string parsing in the config files
* Fix password length in scripts/create-users.pl
* Be more flexible about parsing the detail file. This allows
it to read files where the attributes have been edited.
* Ensure that requests read from the detail file are cleaned up
(i.e. don't leak) if they are proxied without a response.
* Write the PID file after opening sockets, not before
(closes bug #29)
* Proxying large numbers of packets no longer gives error
"unable to open proxy socket".
* Avoid mutex locks in libc after fork
* Retry packet from detail file if there was no response.
* Allow old-style dictionary formats, where the vendor name is the
last field in an ATTRIBUTE definition.
* Removed all recursive use of mutexes. Some systems just don't
support this.
* Allow !* to work as documented.
* make templates work (see templates.conf)
* Enabled "allow_core_dumps" to work again
* Print better errors when reading invalid dictionaries
* Sign client certificates with CA, rather than server certs.
* Fix potential crash in rlm_passwd when file was closed
* Fixed corner cases in conditional dynamic expansion.
* Use InnoDB for MySQL IP Pools, to gain transactional support
* Apply patch to libltdl for CVE-2009-3736.
* Fixed a few issues found by LLVM's static checker
* Keep track of "bad authenticators" for accounting packets
* Keep track of "dropped packets" for auth/acct packets
* Synced the "debian" directory with upstream
* Made "unlang" use unsigned 32-bit integers, to match the
dictionaries.
While here fix broken user destination directory installation as well.
* Permit multiple "-e" in radmin.
* Add support for originating CoA-Request and Disconnect-Request.
See raddb/sites-available/originate-coa.
* Added "lifetime" and "max_queries" to raddb/sql.conf.
This helps address the problem of hung SQL sockets.
* Allow packets to be injected via radmin. See "inject help" in radmin.
* Answer VMPS reconfirmation request.
* Sample logrotate script in scripts/logrotate.freeradius
* Add configurable poll interval for "detail" listeners
* New "raddebug" command. This prints debugging information from
a running server.
* Add "require_message_authenticator" configuration to home_server
configuration. This makes the server add Message-Authenticator
to all outgoing Access-Request packets.
* Added smsotp module.
* Enabled the administration socket in the default install.
See raddb/sites-available/control-socket, and "man radmin"
* Handle duplicate clients, such as with replicated or
load-balanced SQL servers and "readclients = yes"
* Bug fixes
with previous versions, but also to have many new features, such as:
* simple policy language (see "man unlang")
* virtual servers (raddb/sites-available/README)
* IPv6 support
* better proxy support (raddb/proxy.conf)
* More EAP types
* Debugging output should be MUCH easier to understand
* VMPS support
* More modules are marked "stable" (python, etc.)
* SQL configuration has been cleaned up (see raddb/sql/*)
* limited support for HUP
* check configuration and exit (radiusd -C)
* Server core is now event based (simpler, more powerful)
