IPFire 2.21 - Core Update 125 released

The IPFire Project ipfire-announce at lists.ipfire.org
Mon Nov 26 11:14:51 GMT 2018


Finally, the next release of IPFire is available: IPFire 2.21 - Core Update 125
This update comes with various security and bug fixes as well as cleanups and
some new features.

Thank you very much to all of you who have supported our Donations Challenge [1]
so far. We have received a lot of nice words and support from you, but we are
not there, yet! Please support our project and donate!

802.11ac WiFi

The IPFire Access Point add-on now supports 802.11ac WiFi if the chipset
supports it. This allows better coverage and higher network throughputs.
Although IPFire might not be the first choice as a wireless access point in
larger environments, it is perfect to run a single office or apartment.

Additionally, a new switch allows to disable the so called neighbourhood scan
where the access point will search for other wireless networks in the area. If
those are found, 40 MHz channel bandwidth is disabled leading to slower


* strongswan 5.7.1: This updated fixes various security vulnerabilities filed
  under CVE-2018-16151, CVE-2018-16152 and CVE-2018-17540. Several flaws in the
  implementation that parsed and verified RSA signatures in the gmp plugin may
  allow for Bleichenbacher-style low-exponent signature forgery in certificates
  and during IKE authentication.
* The IO graphs now support NVMe disks
* The SFTP subsystem is enabled again in the OpenSSH Server
* Swap behaviour has been changed so that the kernel will make space for a large
  process when not enough physical memory is available. Before, sudden jumps in
  memory consumption where not possible and the process requesting that memory
  was terminated.
* The backup scripts have been rewritten in Shell and now package all add-ons
  backups with the main backup. Now, it is no longer required to save any add-on
  configuration separately.
* Updated packages: apache 2.4.35, bind 9.11.4-P2, coreutils 8.30, dhcpcd 7.0.8,
  e2fsprogs 1.44.4, eudev 3.2.6, glibc 2.28, gnutls 3.5.19, json-c 0.13.1,
  keyutils 1.5.11, kmod 25, LVM2 2.02.181, ntfs-3g 2017.3.23, reiserfsprogs
  3.6.27, sqlite, squid 3.5.28, tzdata 2018g, xfsprogs 4.18.0

New Add-Ons

* dehydrated - A lightweight client to retrieve certificates from Let's Encrypt
  written in bash
* frr, an IP routing protocol suite and BGP and OSPF are supported on IPFire.
  Find out more on their website [2].
* observium-agent - An xinet.d-based agent for Observium [3], a network
  monitoring platform

Updated Add-Ons

* clamav has been updated to 0.100.2 and the virus database files have been
  moved to the /var partition. This makes more space available on the root
* nfs 2.3.3, haproxy 1.8.14, hostapd 2.6, libvirt 4.6.0, tor

Thanks for the people who contributed to this Core Update.

Please help us to support everyone’s work with your donation [4]!

[1] https://blog.ipfire.org/post/donations-challenge
[2] https://frrouting.org/
[3] https://observium.org/
[4] https://www.ipfire.org/donate

More information about the IPFire-Announce mailing list