IPFire 2.19 - Core Update 119 released

by Michael Tremer, March 13, 2018

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

This is the release announcement for IPFire 2.19 – Core Update 119. It updates the toolchain of the distribution and fixes a number of smaller bug and security issues. Therefore this update is another one of a series of general housekeeping updates to make IPFire better, faster and of course more secure!

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyone’s work with your donation!

Toolchain Updates

The toolchain is a collection of programs that is used to build the distribution. One of the most important one is the compiler GCC which has been updated to version 7.3.0 which mainly adds support for retpoline. This is needed to build protection against Spectre into newer kernels.

The main C library, glibc, has been updated to version 2.27 and brings various stability fixes, performance improvents and bug fixes.

Other toolchain packages that have been updated: binutils 2.30, ccache 3.4.1, diffutils 3.1.6, swig 3.0.12

Security-Relevant Changes

  • On the OpenVPN configuration page, ciphers that are considered weak are now marked as such and we do not recommend using any of these.
  • strongswan’s certificate parser had a vulnerability (CVE-2018-6459)
  • Programs that use the C++ standard library are being recompiled to perform extra out-of-bounds checks that are cheap, but add some extra security.
  • dma, the Dragonfly Mail Agent, was hardcoded to only use TLSv1.0 which has been patched to always use the best available protocol version of TLS that is available.
  • The Apache server signature is now fully hidden

Misc

  • Reverse lookup zones did not work and have been fixed
  • IPsec subnets for tunnels that route multiple networks are now shown correctly on the start page
  • Updated packages: hostname 3.20, iproute2 4.14.1, pam 1.30.0
  • Support for ISDN was removed
  • Userspace tools for I2C busses have been added

Add-Ons

The following packages have been updated: asterisk 13.18.5, bacula 9.0.6, bwm-ng 0.6.1-f54b3fa, flac 1.3.2, haproxy 1.8.0, nginx 1.13.7, nut 2.7.4, openvmtools 10.2.0, postfix 3.2.4, powertop 2.9, sarg 2.3.11, stunnel 5.44

These packages have been dropped and will be removed with this Core Update: lcr, mysql which was very outdated and is not needed by any add-ons.