From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.23 - Core Update 133 has been released Date: Sun, 23 Jun 2019 10:10:02 +0100 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0776576545507994205==" List-Id: --===============0776576545507994205== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://blog.ipfire.org/post/ipfire-2-23-core-update-133-has-been-released It is time for the next Core Update. Number 133! Another bug-fix release with= many changes under the hood. As always, we recommend to install this update = as soon as possible to benefit from the fixes and to help us keeping those co= ming and to support our developers, please donate now! Toolchain Updates This update brings many updates on the core libraries of the system. Various = changes to our build systemare also helping us to build a more modern distrib= ution, faster. The toolchain is now based on GCC 8.3.0, binutils 2.32 and gli= bc 2.29 which bring various bugfixes, performance improvements and some new f= eatures. Although these might not be the most exciting changes, we recommend upgrading= as soon as possible since this is essential hardening for backbone component= s of the user-space. Disabling SMT - Intel's Security Issues Disabling SMT has also been fine-tuned. It is now also being disabled on syst= ems that are vulnerable to "Foreshadow". Probably all processors that are vul= nerable to MDS are vulnerable to Foreshadow, too, so this won't affect many s= ystems, but it is more correct to do so. Increasing throughput of the new Intrusion Prevention System As announced before, we were working on increasing the throughput of the IPS.= This is being shipped now with this update and integrates a library from Int= el which is optimised to perform pattern matching very fast on huge data sets= . Its name is hyperscan. This library comes in multiple versions which are all shipped at the same tim= e and is being compiled with support for various CPU instructions which are e= nabled when the hardware supports them. Those are for example AVX2, AVX and o= f course all of the SSE series. By utilising those optimised instructions, the processor can process more dat= a by executing only one instruction which is a lot faster. We are soon going = to release benchmarks, but first tests have shown that larger systems are ben= efitting hugely from this and even some smaller embedded processors gain slig= htly. This feature is automatically configured and will always be enabled when supp= orted. Another change on the IPS is coming from Tim Fitzgeorge who investigated that= the IPS was occasionally dropping some packets which it was not meant to wit= hout logging. The rule generation was patched accordingly so that won't happe= n any more and rules will automatically updated when installing this Core Upd= ate. Misc. =E2=80=A2 A long-standing bug in adding fixed DHCP leases has been fixed. Th= ose are now saved right away on the first click, but it is possible to edit t= he entry. =E2=80=A2 An incorrect list of cipher suites was generated for IPsec connect= ions when PFS was disabled. This updates fixes that and updates all connectio= ns with the correct settings. =E2=80=A2 ddns: Some new provides have been added =E2=80=A2 Package updates: bind 9.11.7, jansson 2.12, knot 2.8.2, linux-pam = 1.3.1, monit 5.25.3, openssl1.1.1.c, rrdtool 1.7.2, squid 4.7, strongswan 5.8= .0, wpa_supplicant 2.8 Add-ons New Packages =E2=80=A2 tshark A CLI version of Wireshark which is like tcpdump, but has b= etter support for decoding captured packets. Updated Packages =E2=80=A2 hostapd has been updated to version 2.8 which fixes various securi= ty vulnerabilities and other bugs =E2=80=A2 tor: some bugs that didn't allow the service to start after the la= st update have been fixed =E2=80=A2 wio: A problem which caused the IPFire system to unexpectedly shut= down has been solved =E2=80=A2 miau, an IRC bouncer, which was unmaintained since 2010 has been d= ropped --===============0776576545507994205==--