Just after releasing Core Update 178 which was added into our release cycle to address Intel's and AMD's latest CPU vulnerabilities, we are back on track with our regular schedule. This release features Indirect Branch Tracking for user space, a completely rewritten ExtraHD amongst a large number of package updates and the usual bunch of bug fixes.
Indirect Branch Tracking for User Space
This technology uses a CPU extension which (if available) will check if a program returns from a function or jump correctly. If not, for example in case of injected code, an exception is being raised and the program is being terminated.
This is a follow-up after hardening our kernel against the same attack vector in Core Update 177 and had to be split off to keep updates an easier to handle smaller size.
ExtraHD
This feature that allows mounting any extra storage into IPFire has been entirely rewritten. The code was hard to extend and some smaller issues became hard to fix which resulted in us making the decision for a rewrite. It should now be a lot more robust and easy to use.
Misc.
- An issue where connected OpenVPN clients were shown disconnected (#13190)
- A non-critical validation error of location group names as been fixed.
- Package updates: cURL 8.2.1, eudev 3.2.12,
fmt
10.0.0,freefont
20100919,fuse
3.15.0, glib 2.77.0, GNU Gettext 0.22, GMP 6.3.0, groff 1.23.0,harfbuzz
8.1.1,libarchive
3.7.0,libxcrypt
4.4.36,libxml2
2.11.4, LVM2 2.03.22,meson
1.2.0,mpfr
4.2.0p12,ninja
1.11.1,ntfs-3g
2022.10.3,rpcsvc-proto
1.4.4,oauth-toolkit
2.6.9, OpenLDAP 2.6.5,openjpeg
2.5.0, OpenSSL 3.1.2,popt
1.19,poppler
23.08.0, PPP 2.5.0,qpdf
11.5.0, SDL2 2.28.1,smartmontools
7.4, GNU tar 1.35,xfsprogs
6.4.0, XZ 5.4.4 - Samba has UNIX filesystem extensions disabled by default now (#13193)
- Updated add-ons:
ebtables
2.0.11, FreeRADIUS 3.2.3, FRR 8.5.2, Git 2.41.0, HAProxy 2.8.1,hplip
3.23.5, MPD 0.23.13,ncat
7.94,nmap
7.94, Observium Agent 23.1,oci-cli
3.29.4,oci-python-sdk
2.107.0, QEMU + Guest Agent 8.0.3, Zabbix Agent 6.0.19 (LTS) - The
sox
package has been dropped as it is only useful in combination with Asterisk which has been dropped some while ago
As always, we thank all people contributing to this release.
IPFire is backed by volunteers, maintaining and improving this distribution in their spare time - should you like what we are doing, please donate to keep the lights on.