The upcoming Core Update is available for testing. The release will be called IPFire 2.15 Core Update 84 and we are planning to release it as soon as possible, as it includes critical patches for GNU bash and the squid web proxy.
GNU bash fixes
As you may have already seen on the news, the Shellshock issues made more people look into the code of the default shell of many *nix systems. Those people found many more programming errors and provided fixes for them which have been applied in this release. IPFire is now shipping GNU bash 4.3.30 and the companion library readline
in version 6.3.
squid web proxy
There have been some Denial-of-Service issues in the squid
web proxy which have been fixed in release 3.4.8. Those are of minor severity only and quite possibly cannot be exploited to inject code.
Firewall changes
The firewall got a couple of new features which I explained in detail in a post on the IPFire planet. Both enhance the firewall to better protect hosted services from Denial-of-Service attacks and similar things by limiting the number of new connections that can be opened within a certain span of time or by limiting the overall number of open connections by a host on the Internet.
Using NAT for rules where the source and destination is in the same subnet is now possible. Some code has been cleaned up and made more robust. The firewall.local
script will now also be reloaded when settings of the firewall are changed on the web user interface.
P2P block
The P2P block feature of the firewall has not been very effective for many protocols. The detection has now been improved and blocking unwanted P2P protocols from your network works now much better but will result in a bit more load.
DNS Proxy
dnsmasq
, the DNS proxy working inside of IPFire, has been updated to version 2.72 which includes some stability fixes and fixes some of the crashes some IPFire users have been experiencing especially in conjunction with (faulty) DNSSEC-enabled DNS recursors on the Internet.
Misc
- Applying static routes at boot has been improved, as sometimes not all routes were correctly applied.
- URL-Filter
- The “safe search” feature has been fixed for Google News and been introduced for Bing Search as well.
- Blocking downloads of files by extension has been improved, too.
- Some spelling fixes for the English language throughout the whole web interface.
parted
has been updated to version 3.1.
Thanks to all contributors of this release. Please help us getting this well tested by sending us positive feedback if everything is working well for you, or by sending us bug reports in case anything broke.