This is the official release announcement for IPFire 2.17 – Core Update 96. This update comes with many smaller changes and security fixes.
Ramdisk usage change
IPFire uses round-robin databases to collect system data and generate beautiful graphs. The databases have usually been kept in memory. This change was made in early versions of IPFire to keep the amount of writes to the block device to a minimum. However, the number of the databases has been growing and many systems don’t have enough capacity in memory. The objective was also that ordinary flash storage is quite slow. These systems are now however less commonly used which makes this change unnecessary.
To give an example, many of the ALIX boards use very slow compact flash storage and do only have 256 or even 128 MB of memory. So neither is really an option. Systems you will purchase today usually come with fast SSD storage and a few gigabytes of memory. So both is a viable option to store these databases.
New installed IPFire systems will now only use the persistent storage to store these database files. All updates systems will stick with the old behaviour if they have about 512 MB of RAM or more. Otherwise upgraded systems will also fall back to the persistent storage.
opensslhas been updated to version 1.0.2e which fixes various security vulnerabilities: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196
- The NTP service was unable to communicate with the local clock and therefore not able to provide time to the network.
strongswanis updated to version 5.3.5 which fixes various security issues
- The connection list in the web user interface when IPsec subnets with multiple local or remote subnets are used.
- The firewall engine handles SNAT rules more restrictive and avoids overmatching of packages that are sent over an IPsec network
- Various patches to improve
dnsmasqhave been imported from upstream
curlwasn’t able to validate publicly signed SSL certificates because it could not find the certificate store. This is now fixed.
dma, the internal mail agent, now handles authentication against remote mail servers better due to a patch sent to the project by the IPFire developers
- Support for
cryptodevhas been dropped
mdadmhas been updated to version 3.3.4,
arpinghas been updated to version 2.15,
rrdtoolhas been updated to version 1.5.5,
libnet1.1.6 is now shipped with the core distribution
- On x86-based systems, GRUB, the bootloader, has been patched against an integer overflow vulnerability filed under CVE-2015-8370 which allowed users to bypass authentication after pressing backspace for 28 times
- Snort now also monitors alias address on red if any have been configured
- The Turkish translation has been updated
nanohas been updated to 2.5.0
- Midnight Commander has been updated to 4.8.15
clamavhas been updated to version 0.99
openvmtoolshave been updated to version 10.0.5
squid-accountinghas received minor bug fixes
tripwirehas been dropped