Michael Tremer

IPFire 2.19 - Core Update 118 is available for testing
by Michael Tremer, January 29

Hello community,

the next Core Update for IPFire is now ready for testing and will be released soon. Please support is with that to provide you with a number of security and bug fixes as well as some new features.

Thanks for the people who contributed to this Core Update by submitting their patches and please help us to support everyone’s work with your donation!

Spring Clean

It is the time of the year where we reviewed large parts of the distribution and decided to drop support for various packages and add-ons that cannot be maintained any more:

Most importantly, this Core Update drops support for PHP and therefore various add-ons that rely on it. We have taken that decision some while ago without any objections and first dropped all add-ons that are not supported and updated by their respective authors and maintainers. That left us with only one package that needed PHP but also be installed anywhere else.

PHP is a huge problem to maintain and does not really have a place on a firewall in 2018. Our web user interface is entirely independent and since we value security more than anything else, we have decided to drop support for PHP with this Core Update.

If you have anything installed manually that requires PHP, please move it to another web server before installing this Core Update.

Add-ons that have also been dropped: cacti, openmailadmin, phpSANE, nagios because icinga is available, nagiosql, mediatomb, owncloud

Meltdown/Spectre

This Core Update originally contained the microcode updates that Intel has now pulled from public release. Since they make the system very unstable and cause random reboots and reportedly can render some systems unbootable, we decided to remove them from the update again.

So far due to the hardening Meltdown exploits do not work on IPFire although this still is a hardware bug and software can only be modified to mitigate this massive problem. Over the coming days and weeks we will continue to work on providing a solution that mitigates all problems, but so far we are not in a position to have patches for Linux that fix them all and are at the same time complete and stable enough to be released.

Security Improvements

Update Accelerator Improvements

Justin Luth has contributed fixes and improvements for the Update Accelerator which has sometimes re-downloaded files with special characters in the URL (#10504).

He has also improved caching of Microsoft updates which is now based on a checksum of the update file (#11558).

Misc

Add-Ons

New Add-ons
Updates

Posted: January 29 • 1765 views