IPFire 2.25 Core Update 154 is now generally available. IPFire has added WPA3 client support and made DNS faster and more resilient against broken connections. The company also stated that the update is necessary to keep the system modern and adopt any fixes from upstream projects.
DNS resolution improvements and WPA3 client support
IPFire’s DNS proxy will now reuse any TLS and TCP connections for DNS resolution making it substantially faster. Before the update, a TCP or TLS connection had to be opened and closed after a response was received causing a lot of overhead.
WPA3 support for access points is now complimented by adding it for the client-side, too. Users running the RED interface as a client to another wireless, it can now use WPA3 to authenticate to the network and to encrypt packets. WPA2 is also improved by optionally using SHA256 over SHA1 if the access point supports it.
Various changes in this release:
- Various command injections and privilege escalations where reported by Albert Schwarzkopf in the security layer between the web user-interface and the operating system. With those, an authenticated unprivileged user could gain root access to the operating system.
- DDNS: The UI has been improved for providers that support “token authentication”
- SSH sometimes failed to end itself when the system was shut down which caused an unnecessary delay
- IPsec: XFRM policy lookup has been disabled for VTI interfaces
- Keyboard support on virtualised systems on Microsoft Hyper-V was sometimes not working and has now been fixed.
- Various cosmetic fixes for the web user interface and various code cleanup has been conducted by Matthias and Leo.
- Updated packages: acl 2.2.53, acpid 2.0.32, automake 1.16.3, arping 2.21, bind 9.11.26, ccache 3.7.12, curl 7.75, dbus 1.12.20, dhcpcd 9.3.4, dma 0.13, fcron 3.2.1, findutils 4.8.0, fuse 3.10.1, hyperscan 5.4.0, iproute2 5.10.0, ipset 7.10, iptables 1.8.7, iw 5.9, less 563, libassuan 2.5.4, libgcrypt 1.9.1, libgpg-error 1.41, libhtp 0.5.36, libloc 0.9.5, libseccomp 2.5.1, logrotate 3.18.0, logwatch 7.5.5, lzip 1.22, kmod 28, knot 3.0.5, newt 0.52.21, OpenSSL 1.1.1j, PAM 1.5.1, pptp 1.10.0, sed 4.8, sqlite 3.34.0, texinfo 6.7, tzdata 2021a, procps 3.3.16, sudo 1.9.5p1, unbound 1.13.0, wget 1.21