IPFire 2.27 – Core Update 173 releases
IPFire is a Linux distribution, which focuses on ease of equipment, easy operation, and a high level of security. It is an intuitive web-based interface for operational management, the interface for the novice and experienced system administrator to provide a lot of intuitive configuration options. IPFire is maintained by a group of developers who are concerned about security and frequently update the product to keep it safe. IPFire comes with a custom package manager called Pakfire, which can also be extended with a variety of attachments.
IPFire 2.27 – Core Update 173 releases.
Changelog
Introducing QMI support
The Qualcomm MSM Interface is a proprietary interface increasingly used by 4G and 5G cellular modems. Commencing with this Core Update, IPFire supports interacting with such modems, thus significantly expanding its hardware compatibility to QMI-only cellular modems, and providing a faster and more modern interface.
Thanks to Michael for implementing this feature. On that occasion, he also refactored related networking code.
Linux Kernel 6.1.11
Arne has updated the Linux kernel to the most recent stable series, 6.1.11, which has become the new long-term series. Aside from the usual improvements such major kernel updates bring like bug fixes, improved hardware support and security improvements, we took the occasion to bring several new hardening changes to IPFire users:
- System calls permitting processes to read or write other processes’ memory are no longer provided by the kernel.
- On EFI systems supporting it, the firmware is now instructed to wipe all memory when rebooting, to hamper cold boot attacks.
- Landlock support has been enabled.
- GCC’s “latent entropy” plugin has been disabled, since it does not generate cryptographically secure entropy.
- To cut attack surface, support for both the ACPI configuration file system and obsolete PCMCIA/CardBus subsystem has been removed.
- On 64-bit ARM installations, direct memory access via malicious PCI devices is no longer possible.
Miscellaneous
- The OpenVPN 2FA authenticator will no longer enter an infinite loop if the socket connection to OpenVPN is lost (#12963).
- A user group necessary for interaction between D-Bus and Avahi is now properly created while installing the latter add-on (#13017).
- The OpenVPN GUI has seen minor improvements and cleanups (#13030).
- A bug in the firewall engine permitting the creation of rules with invalid sources has been resolved.
- Input like
*.example.com
is now properly treated as a wildcard domain by the web interface (#12937). libtirpc
is now part of the core system, since it is needed as a dependency bylsof
(#13015).- The obsolete
spandsp
add-on has been dropped. - Updated packages: Apache 2.4.55,
bind
9.16.37,curl
7.87.0,ethtool
6.1,file
5.44,fontconfig
2.14.1,fuse
3.13.0,grep
3.8,harfbuzz
6.0.0,iana-etc
20221226,iproute2
6.1.0,ipset
7.17,iptables
1.8.9,iputils
20221126,iw
5.19,jquery
3.6.3,json-c
0.16,keyutils
1.6.3,knot
3.2.4,krb5
1.20.1,lcms2
2.14,less
608,libarchive
3.6.2,libcap
2.66,libconfig
1.7.3,libffi
3.4.4,libgpg-error
1.46,libidn
1.41,libinih
r56,libjpeg
2.1.4,libloc
0.9.16,libmpc
1.3.1,libpcap
1.10.3,libssh
0.10.4,libstatgrab
0.92.1,libtiff
4.5.0,libtool
2.4.7,libusb
1.0.26,libxslt
1.1.37,libyang
2.1.4,linux-firmware
20221214,logrotate
3.21.0,lz4
1.9.4,memtest86+
6.01,mpfr
4.2.0,nano
7.2,ncurses
6.4, OpenSSH 9.2p1, OpenSSL1.1.1t
,pcre2
10.42,perl-HTML-Parser
3.78,pixman
0.42.2,poppler
23.01.0,psmisc
23.6,rust
1.65,sdl2
2.26.2,shadow
4.13,sqlite
3400100,squid-asnbl
0.2.4 (resolving #13023),strongswan
5.9.9,sudo
1.9.12p2,suricata
6.0.10,xfsprogs
6.1.1,xz
5.4.1 - Updated add-ons:
alsa
1.2.8,bird
2.0.11,borgbackup
1.2.3 (resolving #13032), ClamAV 1.0.1,dbus
1.14.4,dnsdist
1.7.3,ghostscript
10.0.0,haproxy
2.7.1,igmpproxy
0.4,iotop
1.22,iperf
2.1.8,iperf3
3.12,libcdada
0.4.0,libexif
0.6.24,libpciaccess
0.17,libshout
2.4.6,libtalloc
2.3.4,libusbredir
0.13.0,libvirt
8.10.0,mc
4.8.29,nfs
2.6.2,nqptp
ad384f9,pcengines-apu-firmware
4.17.0.3,python3-packaging
23.0,samba
4.17.4,shairport-sync
4.1.1,strace
6.1,tcpdump
4.99.3, Tor 0.4.7.13