IPFire 2.17 - Core Update 94 released
The IPFire Project
ipfire-announce at lists.ipfire.org
Tue Oct 27 22:31:56 CET 2015
This is the official release announcement for IPFire 2.17 – Core Update
94 which is a release with smaller security fixes and a maintenance
release in general.
OpenSSH was updated to version 7.1p1. With that we added support for
elliptic curves (ECDSA and ED25519) and removed support for DSA which
is considered broken. Too small RSA keys are removed as well and
regenerated. These changes may require to import the keys of the IPFire
system on your admin computer again.
Internal mail agent
An internal mail agent was added that is used by internal services
to send out reports or alerts. So far only a few services use this
(like the squid accounting add-on), but we expect to add more things
in the future.
This is a very simple and lightweight mail agent that can be
configured on the web user interface and will usually require an
upstream mail server.
A new checkbox in the advanced settings page of an IPsec connections
has been added. It allows to force using MOBIKE, a technology for IPsec
to traverse NAT better. Sometimes when behind faulty routers, IPsec
connections can be established, but no data can be transferred and the
connection breaks very quickly (some routers have difficulties with
forwarding DPD packets). MOBIKE circumvents that by using UDP port 4500
for IKE messages.
* Required fields are now marked with a star. Previously this was
the other way round so that optional fields where marked with a star,
which is not seen anywhere on the web any more.
* A monthly forced ddns update is removed since ddns is taking care
itself of keeping all records up to date and refreshing them after 30
days if necessary.
* fireinfo: Some crashes were fixed with IDs that only contain 0xff
bind 9.10.2-P4, coreutils 8.24, dnsmasq got the latest changes
imported, file 5.24, glibc (security fixes), hdparm 9.48, iproute2
4.2.0, libgcrypt 1.6.4, libgpg-error 1.20, pcre (fixes for more buffer
overflows), rrdtool 1.5.4, squid 3.4.14
This update does not require a reboot, though it is recommended.
Please help us to sustain the work on IPFire Project with your donation
More information about the IPFire-Announce