IPFire 2.29 - Core Update 192 is available for testing

by Michael Tremer, February 10, Updated February 10

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

Today it is time to start testing the latest large release of IPFire. It comes with a brand new kernel based on Linux 6.12, collectd 5, faster compression and decompression for the DELFATE algorithm, and lots of smaller bug and security fixes. Please don't forget to send us your feedback about these changes and please support our work with your donation.

Kernel 6.12

This release rebases the IPFire kernel on Linux 6.12 which is the latest long-term supported version of the Linux kernel. Since the last version, IPFire is going to benefit from various improvements from the Linux kernel development community:

  • Intel & AMD CPUs that support VAES & AVX-512 will have a 162% faster AES-GCM encryption/decryption which will massively improve IPsec throughput
  • Memory alignment optimisation has improved TCP performance of up to 40% due to smaller structs that result in more CPU cache hits.
  • TCP fraglist GRO support has been added, allowing chaining multiple TCP packages together which might improve throughput for PPPoE connections on systems which lack basic checksum offloading
  • A lot of work has been spent on scheduling which result in the system being able to respond quicker to any load spikes. For IPFire this will result in lower latency when processing packets.
  • New driver support has been added and extended for various network devices, both wired and wireless; for example rtl8192du

Overall, there has been a lot valuable work gone into the kernel release which will bring you the most secure version of IPFire - and it is the most snappy one. On various hardware, the system responds a lot faster and provides better throughput throughout.

Together with this kernel update we are shipping a new driver for Realtek's 8812au chipsets, a set of firmware for Raspberry Pi SBCs, and an updated version 2024.10 of U-Boot which adds support for the Orange Pi PC 2 SBC.

collectd 5

collectd, the service that is collecting statistics about the status of the IPFire operating system, has been updated to version 5.12.0. Due to some technical limitations and necessary migration of the databases, this update has been postponed for a long time. But now it is here! This release comes with a large number of bug fixes and generally there won't be any changes to the graphs that IPFire generates from the data that collectd gathers; but under the hood, there are improvements and better efficiency.

zlib-ng

zlib-ng replaces the legacy DEFLATE zlib compression library which has recently not been receiving many updates. zlib-ng is a fork which has merged various patches by Intel and Cloudflare that have been maintained elsewhere into a new version as well as adding lots of new code for faster compression/decompression on modern processors that support SSE2, SSSE, AVX2, Neon, and so on. With those and the removal of hacks for ancient compilers and architectures, zlib-ng achieves a significant performance boost in both compression and decompression.

zlib is a very essential core library in the IPFire operating system and we are glad that there is some new work going into it. Although there won't be general performance improvements as we usually don't compress large amounts of data using DEFLATE, some features like using IPFire as a reverse proxy will benefit from this and increase throughput.

Misc.

  • Rust has been updated to 1.83.0 and together with this all crates that we are shipping were updated, too. Since Rust only supports static linking, this update ships all code that includes Rust code. Thank you to Adolf Belka for spending extended time on this.
  • Logos uploaded to the IPFire Captive Portal will now be displayed correctly in all browsers regardless of their image format (#13795)
  • Various improvements for the French translation have been submitted by Phil SCAR
  • The DNS root zone has been updated
  • Updated packages: collectd 5.12.0, dbus 1.16.0, dma 0.14, e2fsprogs 1.47.2, fping 5.3, hwdata 0.391, kbd 2.7.1, libpng 1.6.45, liburcu 0.15.0, mdadm 4.4, nettle 3.10.1, PPP 2.5.2, protobuf 29.3, Ruby 3.4.1

Add-ons

  • Updated packages:
    • ClamAV 1.4.2 - which includes a fix for CVE-2025-20128
    • dnsdist 1.9.8
    • fetchmail 6.5.2
    • FRR 10.2.1
    • mympd 19.0.2
    • nano 8.3
    • Postfix 3.9.1
    • QEMU & QEMU Guest Agent 9.2.0
    • Samba 4.21.3
    • strace 6.12
    • tshark 4.4.3
  • speedtest-cli has received a fix so it can actually be launched at the top of the hour and thirty minutes past the hour (#13805)
  • CUPS has been removed, as previously announced
    • Together with CUPS, various packages that were a dependency have been removed as well as there is no use for them as a standalone package: CUPS Filters, CUPS PDF, Foomatic, Gutenprint, HP & EPSON Inkjet Printer drivers as well as some auxiliary libraries like libcms2, libtiff, openjpg, poppler and QPDF