IPFire is a Linux-based distribution for network appliances like routers and firewalls. It is based on glibc 2.32, the standard library for all C programs, and GCC 10.2, the GNU Compiler Collection. The latest release IPFire 2.25 Core Update 149 focuses on performance improvements.
Several improvements, new features and security updates
IPFire 2.25 Core Update 149 comes with bug fixes and improvements. Mitigation Spectre 2 which caused userspace programs in IPFire has been removed. Additionally, there are many updated tools used for building IPFire as well as core libraries.
A new GCC feature, “stack clash protection” on x86_64 and aarch64, adds additional checks to mitigate exploits. This update also enables CF protection which hardens all software against attackers gaining control over a program flow and circumventing security checks like password or signature validation.
According to the announcement, there were various security vulnerabilities in the GRUB boot loader which is used in IPFire on x86_64, i586 and aarch64. These have now been patched in IPFire and the new boot loader is installed automatically.
A secondary architecture deprecating i586
This release also officially degrades the i586 architecture to a secondary architecture. Users can download the i586 architecture. The IPFire team explained the reason for this secondary architecture as,
“This is because various security mitigations are not available for i586 and development work on the Linux kernel and other software that IPFire relies on is mainly done for x86_64 or other modern 64 bit architectures.”