IPFire 2.19 - Core Update 100

The IPFire Project ipfire-announce at lists.ipfire.org
Thu Apr 14 11:35:40 CEST 2016


http://www.ipfire.org/news/ipfire-2-19-core-update-100-released

It is a great moment to us and we are very proud to release the 100th Core
Update today.

This update will bring you IPFire 2.19 which we release for 64 bit on Intel
(x86_64) for the first time. This release was delayed by the various security
vulnerabilities in openssl and glibc, but is packed with many improvements under
the hood and various bug fixes.


64 bit

There will be no automatic update path from a 32 bit installation to a 64 bit
installation. It is required to manually reinstall the system for those who want
to change, but a previously generated backup can be restored so that the entire
procedure takes usually less than half an hour.

There are not too many advantages over a 64 bit version except some minor
performance increases for some use cases and of course the ability to address
more memory. IPFire is able to address up to 64GB of RAM on 32 bit, so there is
not much need to migrate. We recommend to use 64 bit images for new
installations and stick with existing installations as they are.


Kernel Update

As with all major releases, this one comes with an updated Linux kernel to fix
bugs and improve hardware compatibility. Linux 3.14.65 with many backported
drivers from Linux 4.2 is also hardened stronger against common attacks like
stack buffer overflows.

Many firmware blobs for wireless cards and other components have been updated
just as the hardware database.


Hyper-V performance issues

A backport of a recent version of the Microsoft Hyper-V network driver module
will allow transferring data at higher speeds again. Previous versions had only
very poor throughput on some versions of Hyper-V.


Firewall Updates

It is now possible to enable or disable certain connection tracking modules.
These Application Layer Gateway (ALG) modules help certain protocols like SIP or
FTP to work with NAT. Some VoIP phones or PBXes have problems with those so that
they can now be disabled. Some need them.

The firewall has also been optimised to allow more throughput with using
slightly less system resources.


Misc

* Many programs and tools of the toolchain that is used have been updated. A
  new version of the GNU Compiler Collections offers more efficient code,
  stronger hardening and compatibility for C++11
  * GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2,
    xz 5.2.2
* dnsmasq, the IPFire-internal DNS proxy has been updated and many instability 
  issues have been fixed
* openvpn has been updated to version 2.3.7 and the generated configuration
  files have been updated to be compatible with upcoming versions of OpenVPN
* IPFire will now wait with booting up when the time needs to synchronised and
  DHCP is used until the connection is established and then continue booting up
* bind was updated to version 9.10.3-P2
* ntp was updated to version 4.2.8p5
* tzdata, the database for timezone definitions, was updated to version 2016b
* Various cosmetic fixes were done on the web user interface
* A bug causing VLAN devices not being created when the parent NIC comes up has
  been fixed
* DHCP client: Resetting the MTU on broken NICs that lose link has been fixed
* A ramdisk to store the databases of the graphs shown in the web user
  interface is now used by default again on installations that use the flash
  image when more than 400MB of memory is available
* A bug that the Quality of Service could not be stopped has been fixed
* Some old code has been refurbished and some unused code has been dropped in
  some internal IPFire components


Add-ons

* owncloud has been updated to version 7.0.11
* nano has been updated to version 2.5.1
* rsync has been updated to version 3.1.2

We are currently crowdfunding a Captive Portal for IPFire [1] and would like you
to ask to check it out and support us!

Please help us to sustain the work on IPFire Project with your donation [2].

[1] http://wishlist.ipfire.org/wish/the-ipfire-captive-portal
[2] http://www.ipfire.org/donate


More information about the IPFire-Announce mailing list