The one hundredth Core Update for IPFire is available for testing. This will bring you IPFire 2.19 which we will also release for 64 bit on Intel (x86_64). This release was delayed by the various security vulnerabilities in openssl
and glibc
, but is packed with many improvements under the hood and various bug fixes.
64 bit
There will be no automatic update path from a 32 bit installation to a 64 bit installation. It is required to manually reinstall the system, but a previously generated backup can be restored so that the entire procedure takes usually less than half an hour.
Update: The vnstat and rrd data for the graphs are incompatible so you need to remove it after restore a backup from a different architecture.
/etc/init.d/collectd stop
/etc/init.d/vnstat stop
rm -rf /var/log/rrd/*
rm -f /var/log/vnstat/*
and then reboot.
There are not too many advantages over a 64 bit version except some minor performance increases for some use cases and of course the ability to address more memory. IPFire is able to address up to 64GB of RAM on 32 bit, so there is not much need to migrate. We recommend to use 64 bit images for new installations.
Kernel Update
As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger common attacks like stack buffer overflows.
Many firmware blobs for wireless cards and other components have been updated just as the hardware database.
Hyper-V performance issues
A backport of a recent version of the Microsoft Hyper-V network driver module will allow transferring data at higher speeds again. Previous versions had only very poor throughput on some versions of Hyper-V.
Firewall Updates
It is now possible to enable or disable certain connection tracking modules. These Application Layer Gateway (ALG) modules help certain protocols like SIP or FTP to work with NAT. Some VoIP phones or PBXes have problems with those so that they can now be disabled. Some need them.
The firewall has also been optimised to allow more throughput with using slightly less system resources.
Misc
- Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
- GCC 4.9.3,
binutils
2.24,bison
3.0.4,grep
2.22,m4
1.4.17,sed
4.2.2,xz
5.2.2
- GCC 4.9.3,
dnsmasq
, the IPFire-internal DNS proxy has been updated and many instability issues have been fixedopenvpn
has been updated to version 2.3.7 and the generated configuration files have been updated to be compatible with upcoming versions of OpenVPN- IPFire will now wait with booting up when the time needs to synchronised and DHCP is used until the connection is established and then continue booting up
bind
was updated to version 9.10.3-P2ntp
was updated to version 4.2.8p5tzdata
, the database for timezone definitions, was updated to version 2016b- Various cosmetic fixes were done on the web user interface
- A bug causing VLAN devices not being created when the parent NIC comes up has been fixed
- DHCP client: Resetting the MTU on broken NICs that lose link has been fixed
- A ramdisk to store the databases of the graphs shown in the web user interface is now used by default again on installations that use the flash image when more than 400MB of memory is available
- A bug that the Quality of Service could not be stopped has been fixed
- Some old code has been refurbished and some unused code has been dropped in some internal IPFire components
Add-ons
owncloud
has been updated to version 7.0.11nano
has been updated to version 2.5.1rsync
has been updated to version 3.1.2
As always we ask our community to help testing and make sure that this release contains as few bugs as possible.
Download
Update
To update, please manually set the version in /opt/pakfire/etc/pakfire.conf
to “2.19” (or “2.19-armv5tel” if you are using ARM). Then run pakfire update --force
and pakfire upgrade
.
Please send us any bug reports or other feedback.