This is the official release announcement for the next major release of IPFire: IPFire 2.27 - Core Update 159. It comes with a brand new kernel based on Linux 5.10 and an updated toolchain as well as general bug fixes and a large number of improvements.
Before we talk about what is new, I would like to ask you for your support for our project. IPFire is a small team of people from a range of backgrounds sharing one goal: make the Internet a safer place for everyone. Like many of our open source friends, we’ve taken a hit this year and would like to ask for your continued support. Please follow the link below where your donation can help fund our continued development: https://www.ipfire.org/donate.
The New Kernel - Better Security and Performance
This is a major update for IPFire, as it rebases the IPFire kernel on Linux 5.10, the latest long-term supported release of the Linux kernel. Arne has been working through a long spring getting IPFire ported on this release and it is now finally ready for prime-time. It features:
- Support for many new drivers, improved support and performance for existing drivers making IPFire more compatible with new, and powerful with existing hardware. Most notably are many network drivers as well as virtualised communication with the hypervisor in the cloud.
- Networking throughput has been increased through zero-copy TCP receive and UDP and Bottleneck Bandwidth and RTT congestion control (BBR). Those changes will also decrease the latency of the firewall in the network when forwarding packets.
- Wireless will have improved throughput and better latency with Airtime Queue Limits which practically enables use of all the "Bufferbloat" algorithms on wireless
- Support for 64-bit ARM hardware has been massively improved and we were able to drop a large amount of custom patches who have been upstreamed into the Linux kernel.
- Furthermore we have improved security of the system through improved protection against CPU hardware bugs additional hardening from attacks from the user-space.
This update is a huge step for everything that is going on under the hood of IPFire. We are hopeful to build many new features on this and make IPFire a much more modern and better to use system. If you want to support this effort, please help us with your donation.
Another important part of every distribution is the toolchain. This is what developers call the collection of compilers, linkers, the C standard library and basic tools that are required to build the distribution. These tools have been updated to GCC 11.1, glibc 2.33, binutils 2.36.1
The 32 bit ARM architecture has been changed from armv5tel
to armv6l
. We originally selected the ARMv5 instruction set as a common denominator for all ARM systems. There were only a few systems on the the market which have now all long been discontinued. To be able to remain compatible with existing setups and code, we remained with this architecture which is however not very well supported any more. This release changes to the slightly more modern ARMv6 instruction set which allows us to make a seamless transition; but eventually we will drop support for 32 bit ARM altogether. If you are using hardware on either ARM or x86 that is capable of running a 64 bit system but still running a 32 bit version of IPFire, we recommend to upgrade as soon as possible.
Misc.
- The system image on the ISO installation image is now compressed using Zstandard for faster decompression during installation and faster compression during the build process
- Installer: The unattended mode is now started correctly even on EFI systems
Add-ons
- Updated packages:
clamav
0.103.3,samba
4.14.6,tftpd
5.2,tshark
3.4.7