IPFire 2.25 - Core Update 146 released

by Michael Tremer, June 29, 2020

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

The next Core Update for IPFire is available. It updates the IPFire kernel, enhances its hardening and adds mitigations for Intel's latest hardware vulnerabilities.

Linux 4.14.184

Arne has rebased the IPFire kernel on version 4.14.184 from the Linux kernel developers and integrated our custom patches into this release. It brings various stability and security fixes.

This kernel brings mitigations for processor vulnerabilities in Intel's processors and includes updates of Intel's microcode.

Discontinuing support for 32 bit systems with PAE

Since it is becoming more and more difficult to support 32 bit architectures, we have taken the decision to slowly ease it out. This will free development time which currently only very few users benefit from and will help us focus on features that are used by larger groups of the community.

On 32 bit Intel (i.e. i586), we have removed the optional PAE kernel. This kernel allowed addressing more than 4GB of memory even on 32 bit systems and brought some hardening that it not possible on processors that doe not support PAE and the NX bit.

Those systems are very few now and we recommend to upgrade to 64 bit, since this hardware very often supports 64 bit, too. For those who are still running a pure 32 bit installation, we recommend upgrading your hardware soon.

For now, we will continue to support 32 bit, but it definitely has become a second-class architecture for the Linux kernel developers as well as plenty of other software. Many major distributions have retired their ix86 ports many years ago and so maintaining it falls with fewer and fewer developers who do the work for fewer and fewer users. Fixes for the recent vulnerabilities predominantly in Intel's processors have not fully been backported to 32 bit either.

Additionally, we have retired the Xen installer tool for 32 bit paravirtualised systems. This was used on systems that do not support hardware virtualisation and not used by many people any more.