From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project <ipfire-announce@lists.ipfire.org> To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.21 - Core Update 122 released Date: Mon, 30 Jul 2018 11:24:30 +0100 Message-ID: <mailman.127.1532946323.2872.ipfire-announce@lists.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2927760703491351848==" List-Id: <ipfire-announce.lists.ipfire.org> --===============2927760703491351848== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://www.ipfire.org/news/ipfire-2-21-core-update-122-released This is the official release announcement for IPFire 2.21 =E2=80=93 Core Upda= te 122. It rebases the distribution on the long-term supported Linux kernel 4.14 and many more improvements and bug fixes have found their way into the distribution. Please help us to support everyone=E2=80=99s work with your donation [1]! Please note, that we have split this update into two parts. First, you will n= eed to install IPFire 2.19 =E2=80=93 Core Update 121 and then, the second part wi= ll automatically be installed after. Please be patient and let the system comple= te the update. When everything is done, please reboot into the new kernel. Highlight: Linux 4.14 The distribution was rebased from our old long-term supported kernel to the n= ew kernel 4.14.50. Most importantly, this kernel improves the security of the system, increases performance and makes the core of IPFire more up to date and modern again. Th= is update also enables mitigation against Meltdown and Spectre on some architectures. On Intel-based platforms, we update the microcode of the CPUs when the system boots up to avoid any performance penalties caused by the mitigation techniques. Unfortunately, grsecurity is incompatible with any newer kernels and has been removed. This is connected to the decision of the grsecurity project to no longer open source their patches. Luckily the kernel developers have backport= ed many features so that this kernel is still hardened and secure. ARM systems won=E2=80=99t be able to install this update due to the kernel ch= ange which also requires changes on some bootloaders. For those users, we recommend to backup the system, reinstall and then restore the backup. The re-installed system will only come with a single ARM kernel instead of multiple for differ= ent platforms that we had before. It helps us to keep the distribution smaller and makes development efforts easier. Misc. * Updated packages: apache 2.4, beep 1.3 with fixes for CVE-2018-0492, bwm-ng 0.6.1-f54b3fa, cmake 3.11.2, crda 3.18, ISC dhcp 4.4.1, dhcpcd 6.11.5, diffutils 3.1.6, gcc 7.3.0, grub 2.02, htop 2.2.0, iw 4.14, libidn 1.34, na= no 2.9.7, nmap 7.70, openssh 7.7p1, pcre 8.42, powertop 2.9, rng-tools 6.2, sa= rg 2.3.11, tar 1.30, u-boot 2018.03, unbound 1.7.1, wget 1.19.5, xtables-addons 2.13, xz 5.2.4 * The list of trusted Certificate Authorities has been updated and many have been removed * Also we updated firmware for various drivers and baseboards * The Web User Interface now shows any users logged in on the console Smaller images due to more efficient compression We have tried to make the download of the distribution faster and make it use less space on our servers [2]. As a first step, the flash images have been merged together and there is only one image that boots on systems with serial console and normal video output. Secondly, we now compress all images with the XZ algorithm so that they download faster and even decompress quicker, too. New partition layout This release also changes the partition layout of the distribution. We have dropped the /var partition which was used for log files and data that the sys= tem collected. This data is now located on a single partition together with the O= S. The size of the /boot partition has been increased to 128MB in the default partition layout. Add-ons Updated Packages: clamav 0.100.0, nagios-nrpe 3.2.1 [1] https://www.ipfire.org/donate [2] https://planet.ipfire.org/post/increasing-download-installation-speed-ben= efits-of-a-smaller-iso-image --===============2927760703491351848==--