Skip to content

Commit

Permalink
release 3.2.4
Browse files Browse the repository at this point in the history
  • Loading branch information
mcnewton committed May 29, 2024
1 parent 05a4bfc commit 7e8f34e
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 27 deletions.
2 changes: 1 addition & 1 deletion debian/changelog
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ freeradius (3.2.4+git) unstable; urgency=medium

* New upstream version.

-- Alan DeKok <[email protected]> Fri, 26 May 2023 12:00:00 -0500
-- Alan DeKok <[email protected]> Wed, 29 May 2024 12:00:00 -0500

freeradius (3.2.3+git) unstable; urgency=medium

Expand Down
55 changes: 29 additions & 26 deletions doc/ChangeLog
Original file line number Diff line number Diff line change
@@ -1,31 +1,43 @@
FreeRADIUS 3.2.4 Fri 26 May 2023 12:00:00 EDT urgency=low
FreeRADIUS 3.2.4 Wed 29 May 2024 12:00:00 EDT urgency=low
Configuration changes
* Better handle backslashes in strings in the configuration files.
If the configuration items contain backslashes, then behavior may change.
However, the previous behavior didn't work as expected, and therefore is not
likely to be used.
* reject_delay no longer applies to proxied packets. All servers should now
set "reject_delay = 1" for security and scalability.
* %{randstr:...} now returns the requested amount of data, instead of
one too many bytes.

Feature improvements
* Preliminary support for TEAP.
* Update EAP module pre_proxy checks to make them less restrictive.
This prevents the "middle box" effect from affecting future traffic.
* Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
* Many fixes and updates for docker images
* add dpsk module. See mods-available/dpsk
* Many fixes and updates for Docker images
* Add dpsk module. See mods-available/dpsk
* Print out what cause the TLS operations to be made, such as the EAP
method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
* Add auto_escape to sample SQL module config
* Add 'if not exists' to mysql create table queries. ref #5032 (#5137)
* Add lookback and more configuration to totp. See mods-available/totp
* Update dictionary.aruba; add dictionary.tplink, dictionary.alphion
* Allow for 'encrypt=1' attributes to be longer than 128 characters.
* Added "radsecret" program which generates strong secrets. See the
top of the "clients.conf" file for more information.
* radclient now prints packets as hex when using -xxx.
* Added "-t timeout" to radsniff. It will stop processing packets
after <timeout> seconds.
* Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
* The detail module now has a "dates_as_integer" configuration item.
See mods-available/detail for more information.
* Add lookback/lookforward steps and more configuration to totp. See
mods-available/totp.
* Add "time_since" xlat to calculate elapsed time in seconds, milliseconds
and microseconds.
* radclient prints packets as hex when using -xxx
* document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
* Allow for 'encrypt=1' attributes to be longer than 128 characters.
* Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from
Alexander Clouter. PR #5320.
* Add "proxy_dedup_window". See radiusd.conf.
* Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
* Add "dedup_key" for misbehaving supplicants. See mods-available/eap
* Add proxy_dedup_window. See radiusd.conf.
* Added "-t timeout" to radsniff. It will stop processing packets
after <timeout> seconds.
* Add "lookforward_steps" to rlm_totp.

Bug fixes
* Fix corner case with empty defaults in rlm_files. Fixes #5035
Expand All @@ -36,36 +48,27 @@ FreeRADIUS 3.2.4 Fri 26 May 2023 12:00:00 EDT urgency=low
* Don't send the global server stats when asked for client stats. They
use the same attributes, so the result is confusing.
* Fix multiple typos in MongoDB query.conf (#5130)
* add define for illumos. Fixes #5135
* add client configuration for TLS PSK.
* permit originate CoA after proxying to an internal virtual server
* Add define for illumos. Fixes #5135
* Add client configuration for TLS PSK.
* Permit originate CoA after proxying to an internal virtual server
* Use virtual server "default" when passed "-i" and "-p" on the command line.
* Fix locking issues with rlm_python3.
* Better handle backslashes in strings in the configuration files.
If the configuration items contain backslashes, then behavior may change.
However, the previous behavior didn't work as expected, and therefore is not
likely to be used.
* The detail file reader will catch bad times in the file, and will not
update Acct-Delay-Time with extreme values.
* The detail module now has a "dates_as_integer" configuration item.
See mods-available/detail for more information.
* Fix issue where Message-Authenticator was calculated incorrectly for
CoA / Disconnect ACK and NAK packets.
* reject_delay no longer applies to proxied packets. All servers should now
set "reject_delay = 1" for security and scalability.
* Update Python thread and error handling. Fixes #5208.
* Fix handling of Session-State when proxying. Fixes #5288.
* Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
* Add "limit" section to AWS health check configurtion. Fixes 35300.
* use MAX in sqlite queries instead of GREATEST.
* Use MAX in sqlite queries instead of GREATEST.
* Fix typo in Mongo queries. Fixes #5301.
* Fix occasional crash with bad home servers. Fixes #5308.
* Minor bug fixes to the SQL freetds modules.
* Fix blocking issue with RADIUS/TLS connection checks.
* Fix run-time crash on configuration typos of %{substr ...} instead
of %{substr:...} Fixes #5321.
* %{randstr:...} now returns the requested amount of data, instead of
one too many bytes.
* Fix crash with TLS Status-Server requests. Fixes #5326.

FreeRADIUS 3.2.3 Fri 26 May 2023 12:00:00 EDT urgency=low
Configuration changes
Expand Down

0 comments on commit 7e8f34e

Please sign in to comment.