IPFire 2.17 - Core Update 94 released

The IPFire Project ipfire-announce at lists.ipfire.org
Tue Oct 27 22:31:56 CET 2015


This is the official release announcement for IPFire 2.17 – Core Update
94 which is a release with smaller security fixes and a maintenance
release in general.


OpenSSH was updated to version 7.1p1. With that we added support for
elliptic curves (ECDSA and ED25519) and removed support for DSA which
is considered broken. Too small RSA keys are removed as well and
regenerated. These changes may require to import the keys of the IPFire
system on your admin computer again.

Internal mail agent

An internal mail agent was added that is used by internal services 
to send out reports or alerts. So far only a few services use this
(like  the squid accounting add-on), but we expect to add more things
in the future.

This is a very simple and lightweight mail agent that can be 
configured on the web user interface and will usually require an 
upstream mail server.


A new checkbox in the advanced settings page of an IPsec connections
has been added. It allows to force using MOBIKE, a technology for IPsec
to traverse NAT better. Sometimes when behind faulty routers, IPsec
connections can be established, but no data can be transferred and the
connection breaks very quickly (some routers have difficulties with
forwarding DPD packets). MOBIKE circumvents that by using UDP port 4500
for IKE messages.


* Required fields are now marked with a star. Previously this was
  the other way round so that optional fields where marked with a star,
  which is not seen anywhere on the web any more.
* A monthly forced ddns update is removed since ddns is taking care 
  itself of keeping all records up to date and refreshing them after 30
  days if necessary.
* fireinfo: Some crashes were fixed with IDs that only contain 0xff

Updated packages

bind 9.10.2-P4, coreutils 8.24, dnsmasq got the latest changes 
imported, file 5.24, glibc (security fixes), hdparm 9.48, iproute2 
4.2.0, libgcrypt 1.6.4, libgpg-error 1.20, pcre (fixes for more buffer 
overflows), rrdtool 1.5.4, squid 3.4.14

This update does not require a reboot, though it is recommended.

Please help us to sustain the work on IPFire Project with your donation

[1] http://www.ipfire.org/donate

More information about the IPFire-Announce mailing list