IPFire 2.19 - Core Update 100 released

by Michael Tremer, April 14, 2016

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

It is a great moment to us and we are very proud to release the 100th Core Update today.

This update will bring you IPFire 2.19 which we release for 64 bit on Intel (x86_64) for the first time. This release was delayed by the various security vulnerabilities in openssl and glibc, but is packed with many improvements under the hood and various bug fixes.

64 bit

There will be no automatic update path from a 32 bit installation to a 64 bit installation. It is required to manually reinstall the system for those who want to change, but a previously generated backup can be restored so that the entire procedure takes usually less than half an hour.

There are not too many advantages over a 64 bit version except some minor performance increases for some use cases and of course the ability to address more memory. IPFire is able to address up to 64GB of RAM on 32 bit, so there is not much need to migrate. We recommend to use 64 bit images for new installations and stick with existing installations as they are.

Kernel Update

As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger against common attacks like stack buffer overflows.

Many firmware blobs for wireless cards and other components have been updated just as the hardware database.

Hyper-V performance issues

A backport of a recent version of the Microsoft Hyper-V network driver module will allow transferring data at higher speeds again. Previous versions had only very poor throughput on some versions of Hyper-V.

Firewall Updates

It is now possible to enable or disable certain connection tracking modules. These Application Layer Gateway (ALG) modules help certain protocols like SIP or FTP to work with NAT. Some VoIP phones or PBXes have problems with those so that they can now be disabled. Some need them.

The firewall has also been optimised to allow more throughput with using slightly less system resources.

Misc

  • Many programs and tools of the toolchain that is used have been updated. A new version of the GNU Compiler Collections offers more efficient code, stronger hardening and compatibility for C++11
    • GCC 4.9.3, binutils 2.24, bison 3.0.4, grep 2.22, m4 1.4.17, sed 4.2.2, xz 5.2.2
  • dnsmasq, the IPFire-internal DNS proxy has been updated and many instability issues have been fixed
  • openvpn has been updated to version 2.3.7 and the generated configuration files have been updated to be compatible with upcoming versions of OpenVPN
  • IPFire will now wait with booting up when the time needs to synchronised and DHCP is used until the connection is established and then continue booting up
  • bind was updated to version 9.10.3-P2
  • ntp was updated to version 4.2.8p5
  • tzdata, the database for timezone definitions, was updated to version 2016b
  • Various cosmetic fixes were done on the web user interface
  • A bug causing VLAN devices not being created when the parent NIC comes up has been fixed
  • DHCP client: Resetting the MTU on broken NICs that lose link has been fixed
  • A ramdisk to store the databases of the graphs shown in the web user interface is now used by default again on installations that use the flash image when more than 400MB of memory is available
  • A bug that the Quality of Service could not be stopped has been fixed
  • Some old code has been refurbished and some unused code has been dropped in some internal IPFire components

Add-ons

  • owncloud has been updated to version 7.0.11
  • nano has been updated to version 2.5.1
  • rsync has been updated to version 3.1.2


We are currently crowdfunding a Captive Portal for IPFire and would like you to ask to check it out and support us!


Please help us to sustain the work on IPFire Project with your donation.