From: The IPFire Project <ipfire-announce@lists.ipfire.org>
To: ipfire-announce@lists.ipfire.org
Subject: IPFire 2.19 - Core Update 119 released
Date: Tue, 13 Mar 2018 21:17:07 +0000 [thread overview]
Message-ID: <mailman.12.1520977237.16690.ipfire-announce@lists.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2378 bytes --]
https://www.ipfire.org/news/ipfire-2-19-core-update-119-released
This is the release announcement for IPFire 2.19 – Core Update 119. It
updates the toolchain of the distribution and fixes a number of smaller
bug and security issues. Therefore this update is another one of a
series of general housekeeping updates to make IPFire better, faster
and of course more secure!
Thanks for the people who contributed to this Core Update by submitting
their patches and please help us to support everyone’s work with your
donation!
Toolchain Updates
The toolchain is a collection of programs that is used to build the
distribution. One of the most important one is the compiler GCC which
has been updated to version 7.3.0 which mainly adds support for
retpoline. This is needed to build protection against Spectre into
newer kernels.
The main C library, glibc, has been updated to version 2.27 and brings
various stability fixes, performance improvents and bug fixes.
Other toolchain packages that have been updated: binutils 2.30, ccache
3.4.1, diffutils 3.1.6, swig 3.0.12
Security-Relevant Changes
* On the OpenVPN configuration page, ciphers that are considered weak
are now marked as such and we do not recommend using any of these.
* strongswan’s certificate parser had a vulnerability (CVE-2018-6459)
* Programs that use the C++ standard library are being recompiled to
perform extra out-of-bounds checks that are cheap, but add some
extra security.
* dma, the Dragonfly Mail Agent, was hardcoded to only use TLSv1.0
which has been patched to always use the best available protocol
version of TLS that is available.
* The Apache server signature is now fully hidden
Misc
* Reverse lookup zones did not work and have been fixed
* IPsec subnets for tunnels that route multiple networks are now shown
correctly on the start page
* Updated packages: hostname 3.20, iproute2 4.14.1, pam 1.30.0
* Support for ISDN was removed
* Userspace tools for I2C busses have been added
Add-Ons
The following packages have been updated: asterisk 13.18.5, bacula
9.0.6, bwm-ng 0.6.1-f54b3fa, flac 1.3.2, haproxy 1.8.0, nginx 1.13.7,
nut 2.7.4, openvmtools 10.2.0, postfix 3.2.4, powertop 2.9, sarg
2.3.11, stunnel 5.44
These packages have been dropped and will be removed with this Core
Update: lcr, mysql which was very outdated and is not needed by any
add-ons.
reply other threads:[~2018-03-13 21:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mailman.12.1520977237.16690.ipfire-announce@lists.ipfire.org \
--to=ipfire-announce@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox