siosios
09-30-2023, 12:27 PM
It is time to upgrade your systems to IPFire 2.27 - Core Update 179. It will bring you Indirect Brand Tracking in user space in order to better mitigate any injected code, a completely rewritten ExtraHD and a large number of package updates & the usual bunch of bug fixes.
But before we start talking about the changes in detail, we would like to take a moment and ask for your donation (https://www.ipfire.org/donate). We put a lot of effort into building and testing this update and could not do any of this without your donation. Please, donate to the project helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!
Indirect Branch Tracking for User SpaceThis technology uses a CPU extension which (if available) will check if a program returns from a function or jump correctly. If not, for example in case of injected code, an exception is being raised and the program is being terminated.
This is a follow-up after hardening our kernel against the same attack vector in Core Update 177 (https://blog.ipfire.org/post/ipfire-2-27-core-update-177-released) and had to be split off to keep updates an easier to handle smaller size.
ExtraHDThis feature that allows mounting any extra storage into IPFire has been entirely rewritten. The code was hard to extend and some smaller issues became hard to fix which resulted in us making the decision for a rewrite. It should now be a lot more robust and easy to use.
Misc.
An issue where connected OpenVPN clients were shown disconnected (#13190 (https://bugzilla.ipfire.org/show_bug.cgi?id=13190))
A non-critical validation error of location group names as been fixed.
Package updates: cURL 8.2.1, eudev 3.2.12, fmt 10.0.0, freefont 20100919, fuse 3.15.0, glib 2.77.0, GNU Gettext 0.22, GMP 6.3.0, groff 1.23.0, harfbuzz 8.1.1, libarchive 3.7.0, libxcrypt 4.4.36, libxml2 2.11.4, LVM2 2.03.22, meson 1.2.0, mpfr 4.2.0p12, ninja 1.11.1, ntfs-3g 2022.10.3, rpcsvc-proto 1.4.4, oauth-toolkit 2.6.9, OpenLDAP 2.6.5, openjpeg 2.5.0, OpenSSL 3.1.2, popt 1.19, poppler 23.08.0, PPP 2.5.0, qpdf 11.5.0, SDL2 2.28.1, smartmontools 7.4, suricata 6.0.14, GNU tar 1.35, xfsprogs 6.4.0, XZ 5.4.4
Samba has UNIX filesystem extensions disabled by default now (#13193 (https://bugzilla.ipfire.org/show_bug.cgi?id=13193))
Updated add-ons: ebtables 2.0.11, FreeRADIUS 3.2.3, FRR 8.5.2, Git 2.41.0, HAProxy 2.8.1, hplip 3.23.5, MPD 0.23.13, ncat 7.94, nmap 7.94, Observium Agent 23.1, oci-cli 3.29.4, oci-python-sdk 2.107.0, QEMU + Guest Agent 8.0.3, Zabbix Agent 6.0.19 (LTS)
The sox package has been dropped as it is only useful in combination with Asterisk which has been dropped some while ago
As always, we thank all people contributing to this release.
More... (https://blog.ipfire.org/post/ipfire-2-27-core-update-179-released)
But before we start talking about the changes in detail, we would like to take a moment and ask for your donation (https://www.ipfire.org/donate). We put a lot of effort into building and testing this update and could not do any of this without your donation. Please, donate to the project helping us to put more resources to bring you more and better updates. It is very much appreciated by all of us here!
Indirect Branch Tracking for User SpaceThis technology uses a CPU extension which (if available) will check if a program returns from a function or jump correctly. If not, for example in case of injected code, an exception is being raised and the program is being terminated.
This is a follow-up after hardening our kernel against the same attack vector in Core Update 177 (https://blog.ipfire.org/post/ipfire-2-27-core-update-177-released) and had to be split off to keep updates an easier to handle smaller size.
ExtraHDThis feature that allows mounting any extra storage into IPFire has been entirely rewritten. The code was hard to extend and some smaller issues became hard to fix which resulted in us making the decision for a rewrite. It should now be a lot more robust and easy to use.
Misc.
An issue where connected OpenVPN clients were shown disconnected (#13190 (https://bugzilla.ipfire.org/show_bug.cgi?id=13190))
A non-critical validation error of location group names as been fixed.
Package updates: cURL 8.2.1, eudev 3.2.12, fmt 10.0.0, freefont 20100919, fuse 3.15.0, glib 2.77.0, GNU Gettext 0.22, GMP 6.3.0, groff 1.23.0, harfbuzz 8.1.1, libarchive 3.7.0, libxcrypt 4.4.36, libxml2 2.11.4, LVM2 2.03.22, meson 1.2.0, mpfr 4.2.0p12, ninja 1.11.1, ntfs-3g 2022.10.3, rpcsvc-proto 1.4.4, oauth-toolkit 2.6.9, OpenLDAP 2.6.5, openjpeg 2.5.0, OpenSSL 3.1.2, popt 1.19, poppler 23.08.0, PPP 2.5.0, qpdf 11.5.0, SDL2 2.28.1, smartmontools 7.4, suricata 6.0.14, GNU tar 1.35, xfsprogs 6.4.0, XZ 5.4.4
Samba has UNIX filesystem extensions disabled by default now (#13193 (https://bugzilla.ipfire.org/show_bug.cgi?id=13193))
Updated add-ons: ebtables 2.0.11, FreeRADIUS 3.2.3, FRR 8.5.2, Git 2.41.0, HAProxy 2.8.1, hplip 3.23.5, MPD 0.23.13, ncat 7.94, nmap 7.94, Observium Agent 23.1, oci-cli 3.29.4, oci-python-sdk 2.107.0, QEMU + Guest Agent 8.0.3, Zabbix Agent 6.0.19 (LTS)
The sox package has been dropped as it is only useful in combination with Asterisk which has been dropped some while ago
As always, we thank all people contributing to this release.
More... (https://blog.ipfire.org/post/ipfire-2-27-core-update-179-released)