844352a7d7
FreeRADIUS 3.0.20 Thu 14 Nov 2019 12:00:00 EDT urgency=medium Feature improvements * Add Jenkins continuous integration. Used to build http://packages.networkradius.com/ * Added Force10 dictionary. * Update dictionary.hp with new attributes. * Update dictionary.aruba with new attributes. * Update logrotate settings to rotate as non-root user. * Fix side-channel leak in EAP-PWD. Patch from Mathy Vanhoef. * Relax OpenSSL version checks, now that their API is both public, and stable. * Note that tls_min_version/tls_max_version also support "1.3" Since there is no standard yet for EAP with TLS 1.3, it will not work. * Added tripplite dictionary. * Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout. * Added new LDAP option 'allow_dangling_group_ref'. * Updated documentation and functionality for EAP session caching. See "cache" section of mods-available/eap. * Tighten systemd unit file security. * Disable TLS 1.0 and TLS 1.1 support in the default configuration. We STRONGLY recommend doing this for all installations. * Add expansions for *outgoing* Radsec connections. "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. * Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections. * Update dictionary.lancom with new attributes. * Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental. * Added more documentation in sites-available/robust-proxy-accounting * sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts. Patch from Terry Burton. * Add support to radmin keep the history in ~/.radmin_history * Add support for ENV and LD_PRELOAD in radiusd.conf. See the new ENV sub-section of radiusd.conf. * Update dictionary.aptilo. * Update dictionary.airespace. * Add sites-available/coa-relay, which makes CoA easier. Patch from Terry Burton. * Add example stored procedure for IP Pools in MySQL. See mods-config/sql/ippool/mysql/procedure.sql Patch from Terry Burton. * Update dictionary.dhcp dictionary with the recent hardware types. * Add experimental rlm_python3. This should largely work the same as rlm_python, which was Python2 only. * Add Dockerfiles for Debian10 and CentOS8. * Add RPM spec file compatibility for RHEL/CentOS 8. * Notes on iOS 13 certificate issues. See https://support.apple.com/en-us/HT210176. * Notes on certificate constraints. See raddb/certs/server.cnf. * Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585. Bug fixes * Allow listen.ipaddr to reference an IPv6-only host. * ERX-Acct-Request-Reason is "integer". * Fix a slow memory leak in the file management code. * Try to fix file permissions if they get modified while the server is running. * Fix slow memory leak with clients. * Fix request and connection timeouts in rlm_rest. * Fix systemd issues. Patches from Daniele Rondina. * Fixes from clang analyzer. * Fix missing include for the dictionaries: alcatel.esam, altiga,alvarion.wimax.v2_2,aptis,asn,audiocodes,avaya,bristol, columbia_university,freedhcp,garderos,infoblox,motorola.illegal, starent.vsa1, telkom, wimax.wichorus. * Fix internal sanity check when running with "-Xx" * Allow "inner-tunnel" virtual servers to work better with "accept" and "reject" policies. * Fix dictionary.huawei data types for Huawei-DNS-Server-IPv6-address and Huawei-Framed-IPv6-Address. * Framed-Interface-ID in postgresql/queries.conf is string, not inet * Fix rlm_cache to complain on unknown attributes in the "update" section of its configuration. * Add configure checks for -latomic. This helps on armel, mips and mipsel. * Add support to Oracle 19 and 18. * Add support for decoding tags in rlm_rest. * Use correct passwords when updating CRLs in raddb/certs/ * Properly separate "originate-coa" packets when accounting packets are read from the detail file reader. * Use the correct virtual server for pre/post-proxy. * radsqlrelay fixes backported from "master" branch. Patches from Terry Burton. * Fix DoS issues due to multithreaded BN_CTX access. Patch from Mathy Vanhoef. CVE-2019-17185 |
||
---|---|---|
.. | ||
DESCR | ||
Makefile | ||
PLIST |