IPFire 2.29 - Core Update 186 is available for testing
It is time to test the upcoming release of IPFire 2.29 - Core Update 186. It comes with a refreshed kernel, experimental support for Btrfs, as well as various bug fixes.
A Fresh Kernel
This update brings a refresh of the IPFire Kernel, based on Linux 6.6.30.
It has mitigations for the latest Register File Data Sampling (RFDS, CVE-2024-28746) in Intel processors and fixes issues with the CPU graph for processors when some virtual cores are offline. The Raspberry Pi has received support for CPU frequency scaling.
Experimental Support for Btrfs
This release introduces experimental support for Btrfs in IPFire. Currently this has been implemented to test out what benefits IPFire could draw from this new design of a filesystem. It enables compression of all data it holds and allows to create snapshots which might become useful for the development process and enable easier rollbacks.
Misc.
- Firewall Blocklists
- Spamhaus EDROP has been merged into DROP. Users who had EDROP enabled will automatically have DROP enabled after installing this update.
- The discontinued Alienvault list has been removed.
- Suricata haș been enabled to use Linux Landlock which is supposed to protect against any unauthorised file system access from exploits.
- The Unbound/DHCP Leases bridge has been patched to avoid unnecessary reloads of Unbound. Thanks to Nick Howitt for his first-time contribution.
- Some unnecessary warnings during the boot process have been silenced.
- Updated packages: Apache2 2.4.59, BIND 9.16.49, kmod 32, libhtp 0.5.48, SQLite 3.45.3, squid 6.9, strongSwan 5.9.14, Suricata 7.0.5, tzdata 2024a
Add-ons
- Icinga has been removed, as announced in February
- The broken sslh add-on has been removed
- Updated packages: Bacula 13.0.4, dnsdist 1.9.3, Lynis 3.1.1, mympd 14.1.2, Tor 0.4.8.11
IPFire 2.29 - Core Update 186 is now ready for testing. Core Update 186 brings a new kernel, experimental support for Btrfs, and bug fixes. The upgrade, which is based on Linux 6.6.30, contains mitigations for Register File Data Sampling in Intel processors as well as CPU graph adjustments. It also includes experimental support for Btrfs, which enables data compression and snapshot creation for development and quicker rollbacks. Other modifications include merging Spamhaus EDROP into DROP, eliminating Alienvault, allowing Suicata to use Linux Landlock, updating the Unbound/DHCP Leases bridge, and silencing boot process warnings.
