Hello *,
Core Update 157 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-157-available-for-testi...) is running here for about two days by now. While it did not introduce a major issue or a show-stopper, some minor quirks came to my attention:
(a) As several other testers already noticed, the update script is missing a "/usr/local/bin/sshctrl" call to apply changed SSH configurations. Patch https://patchwork.ipfire.org/patch/4351/ will fix that, bug #12627 has been filed for this.
(b) Currently, the update still misses an updated version of the backup.pl script, leaving users vulnerable to #12619. Patch https://patchwork.ipfire.org/patch/4352/ will fix that.
(c) Other parts of the https://patchwork.ipfire.org/project/ipfire/list/?series=2069 patch series clean up bits and pieces left over from pppd 2.4.8, and fix some permissions for NRPE plugins. Just mentioning that for the sake of completeness, none of that is critical.
(d) The output of "memory.cgi" file is missing some information due to insufficient parsing of "free" results. Bug #12628 has been filed for that - feel free to grab it and work on that, as the Perl script appears rather hacky to me -; this issue appeared on Core Update 156 as well.
Every now and then, I continue to suffer from an unknown bug causing VoIP calls not to be established properly (see: https://lists.ipfire.org/pipermail/development/2021-March/009656.html). The changelog file for Linux 4.14.222 (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.222) mentions a commit f66f9f73e0303e0b498529cc72febbbfa11e2103, which reads "netfilter: conntrack: skip identical origin tuple in same zone only" and _might_ be related to that.
Unfortunately, I can currently neither confirm nor deny that this issue has been fixed, as I am unable to install the testing update on a second, productive IPFire machine as well.
Tested IPFire functionalities in detail: - IPsec (N2N connections only) - Squid (authentication enabled, using an upstream proxy) - OpenVPN (RW connections only) - IPS/Suricata (with Emerging Threats community ruleset enabled) - Guardian - Quality of Service - DNS (using DNS over TLS and strict QNAME minimisation) - Dynamic DNS - Tor (relay mode)
(a) to (c) require rebuilding Core Update 157. After this has been done and validated to be fixing the problems mentioned, I look forward to the release of this Core Update.
Thanks, and best regards, Peter Müller