FreeRADIUS Server version 2.1.8 has been released

Wed Dec 30 16:57:22 CET 2009

  We have released version 2.1.8 of the server, which is the final
version of the 2.1.x series.  We will release 2.1.9 only if there are
major bugs or security problems with 2.1.8.

  This version is targeted towards bug fixes.  New features have been
kept to a minimum, with the goal of making a highly stable release.

  One major change in 2.1.8 is a license change to permit distribution
of binaries linked to OpenSSL.  This allows Debian && Ubuntu systems to
ship a version with EAP enabled, which will make it much easier to
install FreeRADIUS on those systems.

  In the new year, we will release version 2.2.0 of the server.  This
version will include many new features, such as support for RADIUS over
TCP, and potentially many other useful things!

  The complete change log for 2.1.8 is below

  Alan DeKok.
--

 Feature improvements
 * Print more descriptive error message for too many EAP sessions.
   This gives hints on what to do when "failed to store handler"
 * Commands received from radmin are now printed on stdout when
   in debugging mode.
 * Allow accounting packets to be written to a detail file, even
   if they were read from a different detail file.
 * Added OpenSSL license exception (src/LICENSE.openssl)

 Bug fixes
 * DHCP sockets can now set the broadcast flag before binding to a
   socket.  You need to set "broadcast = yes" in the DHCP listener.
 * Be more restrictive on string parsing in the config files
 * Fix password length in scripts/create-users.pl
 * Be more flexible about parsing the detail file.  This allows
   it to read files where the attributes have been edited.
 * Ensure that requests read from the detail file are cleaned up
   (i.e. don't leak) if they are proxied without a response.
 * Write the PID file after opening sockets, not before
   (closes bug #29)
 * Proxying large numbers of packets no longer gives error
   "unable to open proxy socket".
 * Avoid mutex locks in libc after fork
 * Retry packet from detail file if there was no response.
 * Allow old-style dictionary formats, where the vendor name is the
   last field in an ATTRIBUTE definition.
 * Removed all recursive use of mutexes.  Some systems just don't
   support this.
 * Allow !* to work as documented.
 * make templates work (see templates.conf)
 * Enabled "allow_core_dumps" to work again
 * Print better errors when reading invalid dictionaries
 * Sign client certificates with CA, rather than server certs.
 * Fix potential crash in rlm_passwd when file was closed
 * Fixed corner cases in conditional dynamic expansion.
 * Use InnoDB for MySQL IP Pools, to gain transactional support
 * Apply patch to libltdl for CVE-2009-3736.
 * Fixed a few issues found by LLVM's static checker
 * Keep track of "bad authenticators" for accounting packets
 * Keep track of "dropped packets" for auth/acct packets
 * Synced the "debian" directory with upstream
 * Made "unlang" use unsigned 32-bit integers, to match the
   dictionaries.