With the release of IPFire 2.27 - Core Update 179, we have made the next update available for testing: IPFire 2.27 - Core Update 180 comes with an updated toolchain, a large number of package updates and deprecates ReiserFS.

Toolchain Update

IPFire has been rebased on the latest version of the GNU toolchain comprising of glibc 2.38, GCC 13.2.0 & binutils 2.41. This allows us to keep IPFire modern, taking advantage of the latest advances in hardware support and acceleration, but most importantly use the latest hardening technologies available to us.

ReiserFS Deprecation

The Linux kernel maintainers have deprecated support for ReiserFS.

This filesystem has been available for installation in IPFire in the past, but we have removed the option to create new systems in Core Update 167. Therefore we do not expect many people to be using this on IPFire. If you do, you will see a warning on the web console that will warn you about using ReiserFS. Unfortunately, you will need to backup your system and perform a reinstall with a different filesystem, and finally restore the backup.

If you don't use see the warning, you ware using a different filesystem and no action is required.

Misc.

  • Package updates: Boost 1.83.0, dhcpcd 10.0.2, freetype 2.13.2, gzip 1.3, hwdata, iana-etc 20230810, json-c 0.17, krb5 1.21.2, libedit 20230828-3.1, libgudev 238, libtiff 4.5.1, libnl-3 3.8.0, mpfr 4.2.1, OpenSSH 9.4p1, procps 4.0.4, sqlite 3.43.0, squid 6.3, tcl 8.6.13, tzdata 2023c, unbound 1.18.0, util-linux 2.39.2, wireless-regdb 2023-05-03, vnstat 2.11, wget 1.21.4, whois 5.5.18, zlib 1.3
  • Updated add-ons: bacula 11.0.6, clamav 1.2.0, foomatic 4.0.13, Git 2.42.0, mc 4.8.30, ncdu 1.18.1, samba 4.19.0, SDL 2.28.3, Tor 0.4.8.5, traceroute 2.1.2, transmission 4.0.4, xinetd 2.3.15.4, zabbix-agent 6.0.21
  • Jonatan Schlag cleaned up some no longer used functionality from the network scripts
  • wtmp files are now rotated monthly, keeping them for one year

Although this change log does not read very long, the update is a large step and moves IPFire forward to become an even better firewall. If you would like to support us, please donate!


It is time to upgrade your systems to IPFire 2.27 - Core Update 179. It will bring you Indirect Brand Tracking in user space in order to better mitigate any injected code, a completely rewritten ExtraHD and a large number of package updates & the usual bunch of bug fixes.

But before we start talking about the changes in detail, we would like to take a moment and ask for your donation. We put a lot of effort into building and testing this update and could not do any of this without your donation. Please, donate to the project helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!

Indirect Branch Tracking for User Space

This technology uses a CPU extension which (if available) will check if a program returns from a function or jump correctly. If not, for example in case of injected code, an exception is being raised and the program is being terminated.

This is a follow-up after hardening our kernel against the same attack vector in Core Update 177 and had to be split off to keep updates an easier to handle smaller size.

ExtraHD

This feature that allows mounting any extra storage into IPFire has been entirely rewritten. The code was hard to extend and some smaller issues became hard to fix which resulted in us making the decision for a rewrite. It should now be a lot more robust and easy to use.

Misc.

  • An issue where connected OpenVPN clients were shown disconnected (#13190)
  • A non-critical validation error of location group names as been fixed.
  • Package updates: cURL 8.2.1, eudev 3.2.12, fmt 10.0.0, freefont 20100919, fuse 3.15.0, glib 2.77.0, GNU Gettext 0.22, GMP 6.3.0, groff 1.23.0, harfbuzz 8.1.1, libarchive 3.7.0, libxcrypt 4.4.36, libxml2 2.11.4, LVM2 2.03.22, meson 1.2.0, mpfr 4.2.0p12, ninja 1.11.1, ntfs-3g 2022.10.3, rpcsvc-proto 1.4.4, oauth-toolkit 2.6.9, OpenLDAP 2.6.5, openjpeg 2.5.0, OpenSSL 3.1.2, popt 1.19, poppler 23.08.0, PPP 2.5.0, qpdf 11.5.0, SDL2 2.28.1, smartmontools 7.4, suricata 6.0.14, GNU tar 1.35, xfsprogs 6.4.0, XZ 5.4.4
  • Samba has UNIX filesystem extensions disabled by default now (#13193)
  • Updated add-ons: ebtables 2.0.11, FreeRADIUS 3.2.3, FRR 8.5.2, Git 2.41.0, HAProxy 2.8.1, hplip 3.23.5, MPD 0.23.13, ncat 7.94, nmap 7.94, Observium Agent 23.1, oci-cli 3.29.4, oci-python-sdk 2.107.0, QEMU + Guest Agent 8.0.3, Zabbix Agent 6.0.19 (LTS)
  • The sox package has been dropped as it is only useful in combination with Asterisk which has been dropped some while ago

As always, we thank all people contributing to this release.


Just after releasing Core Update 178 which was added into our release cycle to address Intel's and AMD's latest CPU vulnerabilities, we are back on track with our regular schedule. This release features Indirect Branch Tracking for user space, a completely rewritten ExtraHD amongst a large number of package updates and the usual bunch of bug fixes.

Indirect Branch Tracking for User Space

This technology uses a CPU extension which (if available) will check if a program returns from a function or jump correctly. If not, for example in case of injected code, an exception is being raised and the program is being terminated.

This is a follow-up after hardening our kernel against the same attack vector in Core Update 177 and had to be split off to keep updates an easier to handle smaller size.

ExtraHD

This feature that allows mounting any extra storage into IPFire has been entirely rewritten. The code was hard to extend and some smaller issues became hard to fix which resulted in us making the decision for a rewrite. It should now be a lot more robust and easy to use.

Misc.

  • An issue where connected OpenVPN clients were shown disconnected (#13190)
  • A non-critical validation error of location group names as been fixed.
  • Package updates: cURL 8.2.1, eudev 3.2.12, fmt 10.0.0, freefont 20100919, fuse 3.15.0, glib 2.77.0, GNU Gettext 0.22, GMP 6.3.0, groff 1.23.0, harfbuzz 8.1.1, libarchive 3.7.0, libxcrypt 4.4.36, libxml2 2.11.4, LVM2 2.03.22, meson 1.2.0, mpfr 4.2.0p12, ninja 1.11.1, ntfs-3g 2022.10.3, rpcsvc-proto 1.4.4, oauth-toolkit 2.6.9, OpenLDAP 2.6.5, openjpeg 2.5.0, OpenSSL 3.1.2, popt 1.19, poppler 23.08.0, PPP 2.5.0, qpdf 11.5.0, SDL2 2.28.1, smartmontools 7.4, GNU tar 1.35, xfsprogs 6.4.0, XZ 5.4.4
  • Samba has UNIX filesystem extensions disabled by default now (#13193)
  • Updated add-ons: ebtables 2.0.11, FreeRADIUS 3.2.3, FRR 8.5.2, Git 2.41.0, HAProxy 2.8.1, hplip 3.23.5, MPD 0.23.13, ncat 7.94, nmap 7.94, Observium Agent 23.1, oci-cli 3.29.4, oci-python-sdk 2.107.0, QEMU + Guest Agent 8.0.3, Zabbix Agent 6.0.19 (LTS)
  • The sox package has been dropped as it is only useful in combination with Asterisk which has been dropped some while ago

As always, we thank all people contributing to this release.

IPFire is backed by volunteers, maintaining and improving this distribution in their spare time - should you like what we are doing, please donate to keep the lights on.