14 DAY TRIAL // Michael Tremer announced today the release and general availability of a new major update of the professional and hardened Linux firewall distribution known as IPFire.
IPFire 2.21 Core Update 122 is now available to download as a drop-in replacement to the three-months-old IPFire 2.19 Core Update 120 and finally bump the version number from 2.19 to 2.21. However, this being a major update, it was split into two parts, so you'll have first to install the IPFire 2.19 Core Update 121 to be able to run the IPFire 2.21 Core Update 122 release.
"Please note, that we have split this update into two parts. First, you will need to install IPFire 2.19 – Core Update 121 and then, the second part will automatically be installed after. Please be patient and let the system complete the update. When everything is done, please reboot into the new kernel," said Michael Tremer in today's announcement.
Here's what's new in IPFire 2.21 Core Update 122
The most prominent new feature in IPFire 2.21 Core Update 122 is the Linux 4.14.50 kernel, which contains mitigations for both the Meltdown and Spectre security vulnerabilities on various hardware architectures, along with a microcode firmware update for Intel processors. However, the grsecurity patches for the Linux kernel were removed due to them being incompatible with this kerenel.
The developers noted the fact that IPFire remains hardened and secure despite the grsecurity security enhancement patches being removed as many of their features were backported. The new kernel version also renders IPFire incompatible with ARM systems, which means that users would have to do a fresh install of IPFire and restore from a recent backup.
In an attempt to make IPFire faster and smaller in size, the developers merged the flash images together into one image capable of booting on machines with normal video output and serial console. Furthermore, the new IPFire 2.21 images are compressed with the XZ compression algorithm for faster downloads and quicker decompress.
Another interesting change of the IPFire 2.21 Core Update 122 release is the fact that the partition layout was modified to no longer include the /var partition used for logs and system data collection, which are now included into a single partition as part of the rest of the operating system. Also, the /boot partition's size was increased to 128MB.
Other noteworthy changes include an updated list of trusted Certificate Authorities (CA), updated firmware for several baseboards and drivers, and an improved web-based UI that's now capable of displaying logged in users on the console. IPFire 2.21 Core Update 122 also comes with the ClamAV 0.100.0 and nagios-nrpe 3.2.1 add-ons.
Updated components include GCC 7.3.0, GRUB 2.02, CMake 3.11.2, ISC dhcp 4.4.1, dhcpcd 6.11.5, GNU nano 2.9.7, GNU wget 1.19.5, xz 5.2.4, tar 1.30, diffutils 3.1.6, htop 2.2.0, Nmap 7.70, OpenSSH 7.7p1, PowerTOP 2.9, PCRE 8.42, Unbound 1.7.1, xtables-addons 2.13, bwm-ng 0.6.1-f54b3fa, crda 3.18, u-boot 2018.03, iw 4.14, sarg 2.3.11, rng-tools 6.2, beep 1.3, libidn 1.34, and Apache 2.4.