[ANN] Release 3.0.7 rc0

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Feb 2 16:46:05 CET 2015

A preview release of 3.0.7 is available here:

We're creating a release candidate for 3.0.7 as there have been many modifications to error reporting, and error categorisation in rlm_sql.

One major change is in the logging API used by SQL drivers to report errors. Instead of using static buffers, they now use talloc pools, which are as efficient, but avoid thread safety issues. They can now log errors with different priorities, and log multiple error messages.

This is used by the rlm_sql_mysql driver to output the result of SHOW WARNINGs if additional warnings are available on the server.

Another big change is how the the drivers report failures. For rlm_sql_mysql and rlm_sql_sqlite, the drivers now distinguish between constraints violations, server errors and malformed queries. For those drivers rlm_sql.accounting will now return noop (if no more alternative queries), fail, and invalid respectively. Previously it would just return noop.

More work is needed to bring this functionality to other drivers. Please send patches if you think this will be useful for you.

These changes could not be tested fully as we don't have access to the various databases. If a particular driver is important for your deployment, please test 3.0.7 before it's released.

Here's the changelog so far:

Feature improvements
	* Allow coa home_servers to be derived from client
	  sections if a coa_server section is provided.
	* Automatically determine the correct port if no port is
	  provided for a home server.
	* Allow foreach to operate over lists.
	* Add compile time features to ${feature.*} and versions
	  of core libraries to ${version.*}.  Feature and version
	  names match output of radiud -xv. %v is now deprecated.
	* Add support for PATCH method in rlm_rest.
	* Validate more module xlats on startup, and warn if an
	  xlat expansion is found in a double quoted config item
	  which will not be expanded.
	* Add support for sub-second timeouts in rlm_rest.
	* Add support for connection timeouts in rlm_rest.
	* Add %{jsonquote:<str>} xlat to escape strings for insertion
	  into json documents.
	* Add %{ldapquote:<str>} xlat to escape strings for insertion
	  into json documents.
	* Add %{explode:&ref <char>}, splits value of &ref on
	  <char> and creates new &ref type attributes with the
	* Allow rlm_ldap to use attribute references for base_dn and
	  filter config items. The attribute references are not
	  escaped, allowing DNs and filters to be created dynamically.
	* Add %{nexttime:[<int>]h|d|w|y} to calculate the number of
	  seconds before the next <int> hour(s), day(s), week(s),
	  or year(s).
	* Allow the left side of update sections to be xlat expansions.
	  The result of the expansion is then used to reference the
	  attribute to be modified.
	* Added %{lpad:&Attribute-Name 7 x} and rpad.  These produce
	  fixed-width output strings, with padding to the left (lpad)
	  or the right (rpad).
	* For some SQL drivers (MySQL, sqlite) distinguish between
	  constraints violations (on insert), invalid queries, and
	  server errors, and return noop, invalid, and error respectively.
	* Call SHOW WARNINGS in the MySQL driver and write them to
	  the request log, if libmysqlclient indicates warnings are
	  available on the server.
	* Provide mechanism to create non-standard VSAs.
	* Make dhcpclient work with raw sockets and various other
	  improvements - Contributed by nchaigne
	* Add support for SSHA2 - Contributed by PDD.
	* Add perle dictionary - Contributed by Hachmer
	* Modernise init scripts for RHEL, SUSE and Debian.

Bug fixes
	* Fix issues parsing LDAP hostnames with non-standard ports.
	* Fix issues with realms containing regular expressions.
	* Allow unary negation before parantheses in rlm_expr.
	* Fix infinite loop in kevent event loop code. Issue only
	  presented on FreeBSD.
	* Be more careful to define Auth-Types before loading modules.
	* Link libfreeradius-radius against OpenSSL too, to avoid
	  multi-version symbols in SSL libraries.
	* When rlm_ldap rebinds a connection, it should use bind
	  credentials from the module that created the connection
	  pool, not credentials from the module referencing it.
	* Empty server config pairs should be allowed in rlm_ldap
	  instances that reference another module's connection pool.
	* Don't try and change the permissions of unix sockets used
	  for the control socket on non-linux systems. Instead
	  inform the user that permissions need to be changed on
	  parent directory. Unix socket permissions are a Linux
	* Mark rlm_always as huppable, so its rcode can be changed
	  via radmin (allows policy toggles).
	* Emit warnings when ignoring user configured pool values.
	* Fix issue that would cause radclient to complain
	  intermittently about differing numbers of filters and
	* Fix cosmetic issues in connection pool logging, that made
	  it appear as if the same connection was being opened
	  multiple times.
	* Fix threadsafety issues in SQL drivers, where a static
	  buffer was used to store error messages.
	* Log RERROR, RWARN, RINFO to the global log if request
	  logging is not enabled.
	* Link to libldap instead of libldap_r. Linking to libldap_r
	  is not supported for use by projects outside of OpenLDAP.
	* Set connection timeout correctly in rlm_sql_mysql.
	* Build with older versions of libcurl, and use CFLAGS from
	* Honour Packet-Src-Port and Packet-Src-IP-address in radclient.
	* Initialise ldapai_info_version field, so libldap will report
	  its vendor and version.
	* Fix log rotation scripts by using the copyrotate option.
	* Fix issue that caused opening control sockets to always
	  fail on non-Linux systems, if a user or group was set.
	* Save Session-State after proxying.
	* Additional fixes for reading CoA/DM requests from flat files.


Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

More information about the Freeradius-Users mailing list