IPFire 2.17 - Core Update 96 released

[The IPFire Project <ipfire-announce@lists.ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3240 bytes --]

http://www.ipfire.org/news/ipfire-2-17-core-update-96-released

This is the official release announcement for IPFire 2.17 – Core Update
96. This update comes with many smaller changes and security fixes.


Ramdisk usage change

IPFire uses round-robin databases to collect system data and generate
beautiful graphs. The databases have usually been kept in memory. This
change was made in early versions of IPFire to keep the amount of
writes to the block device to a minimum. However, the number of the
databases has been growing and many systems don’t have enough capacity
in memory. The objective was also that ordinary flash storage is quite
slow. These systems are now however less commonly used which makes this
change unnecessary.

To give an example, many of the ALIX boards use very slow compact flash
storage and do only have 256 or even 128 MB of memory. So neither is
really an option. Systems you will purchase today usually come with
fast SSD storage and a few gigabytes of memory. So both is a viable
option to store these databases.

New installed IPFire systems will now only use the persistent storage
to store these database files. All updates systems will stick with the
old behaviour if they have about 512 MB of RAM or more. Otherwise
upgraded systems will also fall back to the persistent storage.


Misc

* openssl has been updated to version 1.0.2e which fixes various 
  security vulnerabilities: CVE-2015-3193, CVE-2015-3194,
  CVE-2015-3195, CVE-2015-3196
* The NTP service was unable to communicate with the local clock and 
  therefore not able to provide time to the network.
* strongswan is updated to version 5.3.5 which fixes various security 
  issues
  * The connection list in the web user interface when IPsec subnets 
    with multiple local or remote subnets are used.
* The firewall engine handles SNAT rules more restrictive and avoids 
  overmatching of packages that are sent over an IPsec network
* Various patches to improve dnsmasq have been imported from upstream
* curl wasn’t able to validate publicly signed SSL certificates
  because it could not find the certificate store. This is now fixed.
* dma, the internal mail agent, now handles authentication against
  remote mail servers better due to a patch sent to the project by the
  IPFire developers
* Support for cryptodev has been dropped
* mdadm has been updated to version 3.3.4, arping has been updated to 
  version 2.15, rrdtool has been updated to version 1.5.5,
  libnet 1.1.6 is now shipped with the core distribution
* On x86-based systems, GRUB, the bootloader, has been patched against
  an integer overflow vulnerability filed under CVE-2015-8370 which
  allowed users to bypass authentication after pressing backspace for
  28 times
* Snort now also monitors alias address on red if any have been
  configured
* The Turkish translation has been updated
	

Updated add-ons

* nano has been updated to 2.5.0
* Midnight Commander has been updated to 4.8.15
* clamav has been updated to version 0.99
* openvmtools have been updated to version 10.0.5
* squid-accounting has received minor bug fixes
* tripwire has been dropped

Please support the IPFire project and don't forget to donate:
  http://www.ipfire.org/donate