From mboxrd@z Thu Jan 1 00:00:00 1970 From: The IPFire Project To: ipfire-announce@lists.ipfire.org Subject: IPFire 2.23 - Core Update 137 released Date: Fri, 15 Nov 2019 10:14:52 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2741547529613245034==" List-Id: --===============2741547529613245034== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://blog.ipfire.org/post/ipfire-2-23-core-update-137-released We are happy to announce the release of IPFire 2.23 - Core Update 137. It com= es with an updated kernel, a reworked Quality of Service and various bug and = security fixes. Development around the Quality of Service and tackling some of the bugs requi= red an exceptional amount of team effort in very short time and I am very hap= py that we are now able to deliver the result to you to improve your networks= . Please help us to keep these things coming to you with your donation [1]! An improved and faster QoS As explained in detail in a separate blog post from the engine room [2], we h= ave been working hard on improving our Quality of Service (QoS). It allows to pass a lot more traffic on smaller systems as well as reduces pa= cket latency on faster ones to create a more responsive and faster network. To take full advantage of these changes, we recommend to reboot the system af= ter installing the update. Linux 4.14.150 The IPFire Kernel has been rebased on Linux 4.14.150 and equipped with our us= ual hardening and other patches. The kernel has been tuned to deliver more throughput for IP connections as we= ll as reducing latency to a minimum to keep your network as responsive and fa= st as possible. An especially nasty bug that caused the system to drop DNS packets when the I= ntrusion Detection System was enabled has been tracked down by a large group = of IPFire developers and additional help of the suricata team. Misc. =E2=80=A2 Downloaded GeoIP databases were not always cleaned up from /tmp whe= n a download was unsuccessful. This can cause that the script is filling up t= he root partition. You can reboot your system to free up space if this has ha= ppened to you, too. The script has now been cleaned up, and catches any error= s to cleanup afterwards. =E2=80=A2 IPsec now supports Curve 448 with 224 bit of security. It is a ligh= tweight and slightly faster alternative to Curve25519 and enabled by default = for new connections. =E2=80=A2 Tim Fitzgeorge contributed a patch that restarts the syslog daemon = after a backup is being restored to close old log files and write to the rest= ored ones =E2=80=A2 /var/log/mail is now being rotated =E2=80=A2 Updated packages: bind 9.11.12, iptables 1.8.3, iproute2 5.3.0, kno= t 2.8.4, libhtp 0.5.30, libnetfilter_queue 1.0.4, libpcap 1.9.1, libssh 0.9.0= , Net-SSLeay 1.88, pcre 8.43, strongswan 5.8.1, suricata 4.1.5, tzdata 2019c,= unbound 1.9.4, wpa_supplicant 2.9 Add-ons New: speedtest-cli This is a handy tool to perform a regular speedtest on the console. It was pa= ckaged to test the QoS but is handy to test throughput of the firewall to and= from the Internet on the console. Updated Packages =E2=80=A2 bird 2.0.6 now supports RPKI validation by connecting to a process = that holds the key material either via TCP or using SSH =E2=80=A2 sane has been updated to version 1.0.28 and now supports more hardw= are =E2=80=A2 A French translation is now available for the Who is Online? add-on =E2=80=A2 Others: clamav 0.102.0, hostapd 2.9, ipset 7.3, mtr 0.93, nano 4.5,= ncat 7.80, nmap 7.80, shairport-sync 3.3.2, tcpdump 4.9.3, tor 0.4.1.6, tsha= rk 3.0.5 [1] https://www.ipfire.org/donate [2] https://blog.ipfire.org/post/on-quadrupling-throughput-of-our-quality-of-= service --===============2741547529613245034==--