Michael Tremer

IPFire 2.19 - Core Update 100 is available for testing
by Michael Tremer, March 23, 2016

The one hundredth Core Update for IPFire is available for testing. This will bring you IPFire 2.19 which we will also release for 64 bit on Intel (x86_64). This release was delayed by the various security vulnerabilities in openssl and glibc, but is packed with many improvements under the hood and various bug fixes.

64 bit

There will be no automatic update path from a 32 bit installation to a 64 bit installation. It is required to manually reinstall the system, but a previously generated backup can be restored so that the entire procedure takes usually less than half an hour.

Update: The vnstat and rrd data for the graphs are incompatible so you need to remove it after restore a backup from a different architecture.

/etc/init.d/collectd stop
/etc/init.d/vnstat stop
rm -rf /var/log/rrd/*
rm -f /var/log/vnstat/*

and then reboot.

There are not too many advantages over a 64 bit version except some minor performance increases for some use cases and of course the ability to address more memory. IPFire is able to address up to 64GB of RAM on 32 bit, so there is not much need to migrate. We recommend to use 64 bit images for new installations.

Kernel Update

As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger common attacks like stack buffer overflows.

Many firmware blobs for wireless cards and other components have been updated just as the hardware database.

Hyper-V performance issues

A backport of a recent version of the Microsoft Hyper-V network driver module will allow transferring data at higher speeds again. Previous versions had only very poor throughput on some versions of Hyper-V.

Firewall Updates

It is now possible to enable or disable certain connection tracking modules. These Application Layer Gateway (ALG) modules help certain protocols like SIP or FTP to work with NAT. Some VoIP phones or PBXes have problems with those so that they can now be disabled. Some need them.

The firewall has also been optimised to allow more throughput with using slightly less system resources.

Misc

Add-ons


As always we ask our community to help testing and make sure that this release contains as few bugs as possible.


Download

x86_64i686armv5tel

Update

To update, please manually set the version in /opt/pakfire/etc/pakfire.conf to “2.19” (or “2.19-armv5tel” if you are using ARM). Then run pakfire update --force and pakfire upgrade.

Please send us any bug reports or other feedback.


Posted: March 23, 2016 • 3382 views