Michael Tremer

IPFire 2.17 - Core Update 94 is available for testing
by Michael Tremer, September 27, 2015

IPFire 2.17 – Core Update 94 has been pushed to the testing tree. It contains smaller security fixes and is a maintenance release in general. Please test!

OpenSSH

OpenSSH was updated to version 7.1p1. With that we added support for elliptic curves (ECDSA and ED25519) and removed support for DSA which is considered broken. Too small RSA keys are removed as well and regenerated. These may required to import the keys of the IPFire system on your admin computer again.

Internal mail agent

An internal mail agent was added that is used by internal services to send out reports or alerts. So far only a few services use this (like the squid accounting add-on), but we expect to add more things in the future.

This is a very simple and lightweight mail agent that can be configured on the web user interface and will usually require an upstream mail server.

IPsec MOBIKE

A new checkbox in the advanced settings page of an IPsec connections has been added. It allows to force using MOBIKE, a technology for IPsec to traverse NAT better. Sometimes when behind faulty routers, IPsec connections can be established, but no data can be transferred and the connection breaks very quickly (some routers have difficulties with forwarding DPD packets). MOBIKE circumvents that by using UDP port 4500 for IKE messages.

Misc

Updated packages

bind 9.10.2-P4, coreutils 8.24, dnsmasq got the latest changes imported, file 5.24, glibc (security fixes), hdparm 9.48, iproute2 4.2.0, libgcrypt 1.6.4, libgpg-error 1.20, pcre (fixes for more buffer overflows), rrdtool 1.5.4, squid 3.4.14

Please help us testing this release. For our very keen testers, we now also have nightly builds.

This update does not require a reboot, though it is recommended.


Posted: September 27, 2015 • 2419 views