From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Core Update 157 (testing) report Date: Sun, 23 May 2021 18:15:47 +0200 Message-ID: <828220bc-761b-0db0-6c81-835d2ee26c8c@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2596402203228263668==" List-Id: --===============2596402203228263668== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello *, Core Update 157 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-= update-157-available-for-testing) is running here for about two days by now. While it did not introduce a major= issue or a show-stopper, some minor quirks came to my attention: (a) As several other testers already noticed, the update script is missing a = "/usr/local/bin/sshctrl" call to apply changed SSH configurations. Patch https://patchwork.ipfire.org/patc= h/4351/ will fix that, bug #12627 has been filed for this. (b) Currently, the update still misses an updated version of the backup.pl sc= ript, leaving users vulnerable to #12619. Patch https://patchwork.ipfire.org/patch/4352/ will fix that. (c) Other parts of the https://patchwork.ipfire.org/project/ipfire/list/?seri= es=3D2069 patch series clean up bits and pieces left over from pppd 2.4.8, and fix some permissions for N= RPE plugins. Just mentioning that for the sake of completeness, none of that is critical. (d) The output of "memory.cgi" file is missing some information due to insuff= icient parsing of "free" results. Bug #12628 has been filed for that - feel free to grab it and work on tha= t, as the Perl script appears rather hacky to me -; this issue appeared on Core Update 156 as well. Every now and then, I continue to suffer from an unknown bug causing VoIP cal= ls not to be established properly (see: https://lists.ipfire.org/pipermail/development/2021-March/009656.html). The c= hangelog file for Linux 4.14.222 (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.222) mentions a = commit f66f9f73e0303e0b498529cc72febbbfa11e2103, which reads "netfilter: conntrack: skip identical origin tuple in same zone o= nly" and _might_ be related to that. Unfortunately, I can currently neither confirm nor deny that this issue has b= een fixed, as I am unable to install the testing update on a second, productive IPFire machine as well. Tested IPFire functionalities in detail: - IPsec (N2N connections only) - Squid (authentication enabled, using an upstream proxy) - OpenVPN (RW connections only) - IPS/Suricata (with Emerging Threats community ruleset enabled) - Guardian - Quality of Service - DNS (using DNS over TLS and strict QNAME minimisation) - Dynamic DNS - Tor (relay mode) (a) to (c) require rebuilding Core Update 157. After this has been done and v= alidated to be fixing the problems mentioned, I look forward to the release of this Core Update. Thanks, and best regards, Peter M=C3=BCller --===============2596402203228263668==--