Hello,
I would like to break the wintery silence on this list and give you a little update on the upcoming Core Updates:
We consider Core Update 127 ready for release after rebuilding it a couple of times and fixing some bugs that unfortunately made it into the image. We are going to release it next Wednesday.
On the same day (or preferably earlier), I would like to close Core Update 128 and upload it into testing. It does not have any new features, but brings a new kernel and OpenSSL 1.1.1. For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right? As soon as that is in, the update is ready to be closed from my point of view. Please let me know if you have any further patches.
Then, Core Update 129 will be open for patches. I have a branch that adds support for GRE/VTI routed IPsec tunnels. This is probably a little bit of a niche feature and only relevant for some people who use dynamic routing on IPFire, but it will be a headline feature nevertheless. This is also working very nicely on IPFire 3 for some time :)
Suricata is now tentatively scheduled for Core Update 130. I would have liked to have it in 129, but we still are not done testing. Feedback is a little bit slow and hopefully, we will see a fresh image this week to kick things off again. I have tested a little bit and it works a lot better than snort. It blocks more precisely, it makes good use of the hardware and therefore is a lot faster than snort and that is all in all a really nice thing. Please keep an eye open for this and help us testing. We also need to work on documentation together and make some benchmarks on various hardware to get a good feeling about the performance impact it has.
Best, -Michael
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
No worries, just wanted to coordinate and make sure that at least someone is working on it :)
On 31 Jan 2019, at 17:54, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
Hi,
On 31.01.2019 19:07, Michael Tremer wrote:
No worries, just wanted to coordinate and make sure that at least someone is working on it :)
Yep - that's the way I read it. ;-)
Testing took some time because of the problems that arouse here with the missing sse2 version of '/usr/lib/sse2/libcrypto.so.1.1' (running on an i586 system).
Problem: Despite all efforts I can't update this file without running into an openssl "Bus error". System is dead as a dodo after the update.
'openssl version' still gives me "OpenSSL *1.1.0j* 20 Nov 2018 (Library: OpenSSL *1.1.0i* 14 Aug 2018)" with 'libcrypto.so.1.1' being the culprit for the 1.1.0*i* version, IMHO.
Do you have any hints how to update this file without breaking the system? I tried recompiling Core 126 and just copying it but this doesn't work. All connections die almost immediately. Each time. Copying the old file back and rebooting makes the machine working again.
Besides that, Apache 2.4.38 is running here - patch follows...
Best, Matthias
On 31 Jan 2019, at 17:54, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
Hi,
Just a reminder for Core Update 129: I am planning to close this tomorrow.
Please let me know if you have any last-minute changes.
Otherwise we are ready to take patches for Core Update 130 from next week.
Best, -Michael
On 31 Jan 2019, at 18:29, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 19:07, Michael Tremer wrote:
No worries, just wanted to coordinate and make sure that at least someone is working on it :)
Yep - that's the way I read it. ;-)
Testing took some time because of the problems that arouse here with the missing sse2 version of '/usr/lib/sse2/libcrypto.so.1.1' (running on an i586 system).
Problem: Despite all efforts I can't update this file without running into an openssl "Bus error". System is dead as a dodo after the update.
'openssl version' still gives me "OpenSSL *1.1.0j* 20 Nov 2018 (Library: OpenSSL *1.1.0i* 14 Aug 2018)" with 'libcrypto.so.1.1' being the culprit for the 1.1.0*i* version, IMHO.
Do you have any hints how to update this file without breaking the system? I tried recompiling Core 126 and just copying it but this doesn't work. All connections die almost immediately. Each time. Copying the old file back and rebooting makes the machine working again.
Besides that, Apache 2.4.38 is running here - patch follows...
Best, Matthias
On 31 Jan 2019, at 17:54, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
Hello Michael,
I just read your call for last minute changes for Core Update 129 and want to ask whether my revised patch for the zabbix_agentd (https://patchwork.ipfire.org/patch/2086/) is ready to be merged and can still make it into it?
Regards, Alex
-------- Original-Nachricht -------- Von: michael.tremer@ipfire.org Gesendet: Thu, 7 Mar 2019 16:40:55 +0000 An: matthias.fischer@ipfire.org CC: development@lists.ipfire.org
Betreff: Re: Release planning for Core Update 127/128 and beyond...
Hi,
Just a reminder for Core Update 129: I am planning to close this tomorrow.
Please let me know if you have any last-minute changes.
Otherwise we are ready to take patches for Core Update 130 from next week.
Best, -Michael
On 31 Jan 2019, at 18:29, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 19:07, Michael Tremer wrote:
No worries, just wanted to coordinate and make sure that at least someone is working on it :)
Yep - that's the way I read it. ;-)
Testing took some time because of the problems that arouse here with the missing sse2 version of '/usr/lib/sse2/libcrypto.so.1.1' (running on an i586 system).
Problem: Despite all efforts I can't update this file without running into an openssl "Bus error". System is dead as a dodo after the update.
'openssl version' still gives me "OpenSSL *1.1.0j* 20 Nov 2018 (Library: OpenSSL *1.1.0i* 14 Aug 2018)" with 'libcrypto.so.1.1' being the culprit for the 1.1.0*i* version, IMHO.
Do you have any hints how to update this file without breaking the system? I tried recompiling Core 126 and just copying it but this doesn't work. All connections die almost immediately. Each time. Copying the old file back and rebooting makes the machine working again.
Besides that, Apache 2.4.38 is running here - patch follows...
Best, Matthias
On 31 Jan 2019, at 17:54, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
Hey Alex,
Thanks for the reminder. I will reply on email with the patch.
-Michael
On 8 Mar 2019, at 08:04, Alexander Koch ipfire@starkstromkonsument.de wrote:
Hello Michael,
I just read your call for last minute changes for Core Update 129 and want to ask whether my revised patch for the zabbix_agentd (https://patchwork.ipfire.org/patch/2086/) is ready to be merged and can still make it into it?
Regards, Alex
-------- Original-Nachricht -------- Von: michael.tremer@ipfire.org Gesendet: Thu, 7 Mar 2019 16:40:55 +0000 An: matthias.fischer@ipfire.org CC: development@lists.ipfire.org
Betreff: Re: Release planning for Core Update 127/128 and beyond...
Hi,
Just a reminder for Core Update 129: I am planning to close this tomorrow.
Please let me know if you have any last-minute changes.
Otherwise we are ready to take patches for Core Update 130 from next week.
Best, -Michael
On 31 Jan 2019, at 18:29, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 19:07, Michael Tremer wrote:
No worries, just wanted to coordinate and make sure that at least someone is working on it :)
Yep - that's the way I read it. ;-)
Testing took some time because of the problems that arouse here with the missing sse2 version of '/usr/lib/sse2/libcrypto.so.1.1' (running on an i586 system).
Problem: Despite all efforts I can't update this file without running into an openssl "Bus error". System is dead as a dodo after the update.
'openssl version' still gives me "OpenSSL *1.1.0j* 20 Nov 2018 (Library: OpenSSL *1.1.0i* 14 Aug 2018)" with 'libcrypto.so.1.1' being the culprit for the 1.1.0*i* version, IMHO.
Do you have any hints how to update this file without breaking the system? I tried recompiling Core 126 and just copying it but this doesn't work. All connections die almost immediately. Each time. Copying the old file back and rebooting makes the machine working again.
Besides that, Apache 2.4.38 is running here - patch follows...
Best, Matthias
On 31 Jan 2019, at 17:54, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 31.01.2019 13:06, Michael Tremer wrote:
For TLSv1.3 to work on the web UI, we still need the latest version of Apache and as far as I am aware of it Matthias is supposed to submit a patch for that, am I right?
Yes.
I'm in the midst of testing - won't take long...
Best, Matthias
-
Alexander Koch -
Matthias Fischer -
Michael Tremer