From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project <ipfire-announce@lists.ipfire.org> To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.25 - Core Update 141 released Date: Tue, 25 Feb 2020 16:41:42 +0000 Message-ID: <mailman.165.1582648928.943.ipfire-announce@lists.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2077185291683990875==" List-Id: <ipfire-announce.lists.ipfire.org> --===============2077185291683990875== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://blog.ipfire.org/post/ipfire-2-25-core-update-141-release ATTENTION! You are receiving this email because you are subscribed to our ann= ouncement mailing list. This list is going to be shut down soon. To keep rece= iving important announcements like this one, please sign up at https://people= .ipfire.org/register, if you did not already do so. The first exciting big update of the year is ready: IPFire 2.25 - Core Update= 141! It comes with a totally reworked DNS system which adds many new feature= s like DNS-over-TLS. On top of that, this update fixes many bugs. DNS Updates The biggest set of changes in this release is around DNS. We have cleaned up = many scripts and the UI which allowed us to add new functionality: =E2=80=A2 A unified page with all DNS settings =E2=80=A2 More than two DNS servers can be added for better load-balancing an= d resiliency. The fastest servers will be used automatically. =E2=80=A2 Enhanced privacy with DNS-over-TLS and strict QNAME minimisation =E2=80=A2 Safe Search, to filter adult content from the entire network withou= t using the web proxy =E2=80=A2 Better workarounds for users with ISPs that filter DNS responses/br= eak DNSSEC. TLS and TCP can be used as transport instead. =E2=80=A2 Faster boot because of fewer checks being executed at boot time In order to combat MTU issues, we are following guidelines and have set the E= DNS buffer size to 1232 bytes. This avoids large DNS replies being fragmented= even on Internet lines with smaller MTUs. All DNS settings will automatically be converted. This is also compatible whe= n older backups are being restored. Updates Under The Hood IPFire is a modern distribution as we change and update many essential system= components regularly. That allows us to keep you safe, support new features = and of course be fast by taking advantage of modern hardware. In this update, we have rebased the system on GCC 9 and added support for Go = and Rust. We have included Python 3 to the base system and deprecated Python = 2 which is out of support by now. Not everything has been converted to use Py= thon 3 yet, but we will hopefully soon be able to drop support for Python 2 a= ltogether. Unfortunately the system is growing larger and larger with every update. Soft= ware in general is quite bloated although we are trying our best to keep IPFi= re as small as possible. On systems that have a 2GB root partition and many a= dd-ons installed, disk space might be running out. This update clears a lot o= f files that are no longer needed. We have also improved stripping our binary= files from debugging symbols which are not needed on a production system in = order to keep those files smaller. =E2=80=A2 elinks, the text-based browser is also no longer an add-on any more= , but shipped with the core system. =E2=80=A2 LVM devices are now supported in IPFire. =E2=80=A2 Updated packages: efivar 35, gcc 9.2.0, file 5.38, knot 2.9.2, libh= tp 0.5.32, mdadm 4.1, mpc1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unboun= d 1.9.6 =E2=80=A2 New packages: rfkill Misc. =E2=80=A2 The Intrusion Prevention System now filters packets from and to Ope= nVPN clients, too =E2=80=A2 Pakfire initially used HTTP for downloading the first mirror list. = It would have been redirected to HTTPS by the server, but this has been now c= hanged that the first connection attempt is using HTTPS. =E2=80=A2 As announced in a separate blog post, we are shipping the latest ve= rsion of Maxmind's GeoIP database =E2=80=A2 IPsec: To enhance compatibility with many clients, newly generated = root certificates will include a valid Subject Alternative Name which can als= o be freely configured Add-ons =E2=80=A2 Updated: dehydrated 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools = 11.0.0, tor 0.4.2.5, tshark 3.0.7 =E2=80=A2 New: amazon-ssm-agent for better integration into the Amazon cloud --===============2077185291683990875==--