It is time for another important and exciting update for IPFire. IPFire 2.25 - Core Update 146 is available for testing and updates the IPFire kernel and enhances its hardening against attacks as well as improving its performance.
Linux 4.14.184
Arne has rebased the IPFire kernel on version 4.14.184 from the Linux kernel developers and integrated our custom patches into this release. It brings various stability and security fixes.
This kernel brings mitigations for processor vulnerabilities in Intel's processors and includes updates of Intel's microcode.
Discontinuing support for 32 bit systems with PAE
Since it is becoming more and more difficult to support 32 bit architectures, we have taken the decision to slowly ease it out. This will free development time which currently only very few users benefit from and will help us focus on features that are used by larger groups of the community.
On 32 bit Intel (i.e. i586), we have removed the optional PAE kernel. This kernel allowed addressing more than 4GB of memory even on 32 bit systems and brought some hardening that it not possible on processors that doe not support PAE and the NX bit.
Those systems are very few now and we recommend to upgrade to 64 bit, since this hardware very often supports 64 bit, too. For those who are still running a pure 32 bit installation, we recommend upgrading your hardware soon.
For now, we will continue to support 32 bit, but it definitely has become a second-class architecture for the Linux kernel developers as well as plenty of other software. Many major distributions have retired their ix86 ports many years ago and so maintaining it falls with fewer and fewer developers who do the work for fewer and fewer users. Fixes for the recent vulnerabilities predominantly in Intel's processors have not fully been backported to 32 bit either.
Additionally, we have retired the Xen installer tool for 32 bit paravirtualised systems. This was used on systems that do not support hardware virtualisation and not used by many people any more.
Please support our work
Please support us by helping us test this release, so that we can release it as soon as possible and introducing as few regressions as possible.
You can also donate to the project to fund the developer's work and make IPFire better!