Turris OS 3.11.4 is released!



Dear Turris users,

We have just released Turris OS 3.11.4. It contains security updates and updates for some packages.
As Easter is coming, we would like to wish you Happy Easter.

Release notes are:
• mosquitto, libatsha204, libssh2, dovecot: security updates
• unbound, netdata, nextcloud, youtube-dl, ca-certificates, czmq: update
• python3-certifi, python3-urllib3: new packages
• pakon: minor fixes
• kernel: update

If you encounter any issues, let us know about them.

Enjoy the release and as well with Easter.

made this a banner . It will appear at the top of every page until it is dismissed by the user. #2


There is some easter egg in that version, isn’t it? :slight_smile:

##### Error notifications #####
Updater selhal: Failed operations:




Thank you for your reporting. It should be harmless. It just means that post-install script of Pakon crashed and there is no output. Can you please run the following command to see if it was restarted successfully?
/etc/init.d/suricata-pakon restart


In the header of the error message, there is a short instruction what you need to do with it. You are suggested to save it and send it to tech.support@turris.cz together with a short description that led to the error.

In the Foris error, there might be sensitive data, so you shouldn’t put it here. Forum is not meant to be bug tracker and you’re advised to follow our article for Error reporting.

Also, your message here is too long. While you’re writing a post here, there are a few buttons. Some of those are a spoiler, preformatted text, which you can use. The better one is [code][/code], which would be really useful for you.

However, I asked one of our developers to look at your error message, and we will see if there is anything that could be done about that.


Just installed Update and so far no errors. Installation includes several VLANs, wire-connected accesspoints and switches, openvpn server + client as well as tor/tor-geoip.


There seems to be a bug with ucitrack, which to my understanding maps config file names to init scripts or custom commands and is used by LuCI for reloading the correct services when a given config file was changed by the ui.

WARN:Collision with existing path. Moving /etc/config/ucitrack to /usr/share/updater/collided/etc/config

Comparing both files it appears that the file placed by the update has some entries missing (which should not!)

config firewall
	list affects 'sqm'
	list affects 'vpn-policy-routing'

config ahcpd
	option init 'ahcpd'

config sqm
	option init 'sqm'

config vpn-policy-routing
	option init 'vpn-policy-routing'

whilst others been added (despite upnpd being removed from the system) that should not have been added

config upnpd
	option init 'miniupnpd'


Three restarts needed: 1 - enable installation - download; 2 - installation; 3 - Some changes will not take effect until you restart.

Foris - new settings time zone

Foris - DHCP clients ??

First run Pakon high CPU level - Foris dead - kill Pakon process in terminal is twice needed


I have the same issue


Tried to change time zone in Time configuration in the Foris interface. After Save operation interface had crashed and since then it is not possible to login to Foris; LuCi interface works…


I confirm. I have the same issue (1970-01-01).
And small issue in PAKON, page 0.
Turris 1.0


I do have the same issue with DHCP lease time set to 1970-01-01 00:00 . This seems to be the case only for clients with fixed IP address which are currently not connected to the network.


the DHCP date issue (disconnected clients with fixed ip) seems to be a sole Foris bug which also happens with odhcp instead of dnsmasq


A new kind of error occurred in in Syslog: “err foris-controller

EDIT: new by me :slight_smile:

019-04-18 12:11:01 info /usr/sbin/cron[27960]: (root) CMD (/usr/bin/get-api-crl)
2019-04-18 12:11:01 info /usr/sbin/cron[27961]: (root) CMD (/usr/share/server-uplink/registration_code.sh)
2019-04-18 12:11:01 info /usr/sbin/cron[27959]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:12:01 info /usr/sbin/cron[28071]: (root) CMD (/root/connCheck.sh > /dev/null 2>&1)
2019-04-18 12:12:01 info /usr/sbin/cron[28074]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:12:01 info /usr/sbin/cron[28073]: (root) CMD (nethist_stats.lua)
2019-04-18 12:12:01 info /usr/sbin/cron[28075]: (root) CMD (/usr/sbin/logrotate -s /tmp/logrotate.state /etc/logrotate.conf)
2019-04-18 12:12:27 err foris-controller[5561]: WARNING:turrishw:unsupported TOS version (on omnia): 3
2019-04-18 12:12:32 err foris-controller[5237]: Last message 'WARNING:turrishw:uns' repeated 1 times, suppressed by syslog-ng on Omnia
2019-04-18 12:13:01 info /usr/sbin/cron[28155]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:14:01 info /usr/sbin/cron[28185]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:14:01 info /usr/sbin/cron[28186]: (root) CMD (nethist_stats.lua)
2019-04-18 12:15:01 info /usr/sbin/cron[28218]: (root) CMD (   /usr/bin/notifier)
2019-04-18 12:15:01 info /usr/sbin/cron[28219]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:15:01 info /usr/sbin/cron[28217]: (root) CMD (/root/connCheck.sh > /dev/null 2>&1)
2019-04-18 12:16:01 info /usr/sbin/cron[28321]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-04-18 12:16:01 info /usr/sbin/cron[28322]: (root) CMD (nethist_stats.lua)


It is not new but known/reported since at least RC 3.11 back in Nov’18, if you search the forum for

unsupported TOS version


@n8v8r: Ucitrack is now added as a conffile. It will be part of the next release.

@JardaB: Why did you kill Pakon? You shouldn’t do it during the update.

@Radovan_Haban: Can you please provide us more details about the crash in the Region and Time tab in Foris? Do you have an error message from that? It would be great if you can send it to tech.support@turris.cz so we can look at it.

About the DHCP expiration lease time, it’s a good catch. Thank you for reporting. We have been able to reproduce it. It is just a cosmetic issue and it isn’t related to anything that @n8v8r said. It doesn’t affect anything. Right now, the Foris read the value 0 and interpret it as 1970-01-01 00:00. In the next release, it will show N/A.


Not sure I get what change that would make? Does it parse/compare the current file and inherits user specific settings and incorporates those into the new file?


@Pepe When I started Pakon after updating the router to 3.11.4, it demanded 100% of the CPU and blocked the traffic Foris (Luci is functional). In the terminal, I ended two high-workload processes related to Pakon and reentered Foris. Again attempt to view Pakon and again 100% CPU and subsequent kill two processes Pakon. For the third time to enter the main screen Foris and only now Pakon started


15 hours after auto restart due to the OS update (3.11.4). 5g WiFi died

using ath10-*-ct modules because the were more stable so far (until now :frowning: )

[52110.481096] ------------[ cut here ]------------
[52110.481131] WARNING: CPU: 1 PID: 1148 at /home/beast/beast/workspace/omnia-stable/build_dir/target-arm_cortex-a9+vfpv3_musl-1.1.15_eabi/linux-mvebu/compat-wireless-2017-01-31/net/mac80211/driver-ops.h:17 drv_remove_interface+0x70/0x74 [mac80211]()
[52110.481135] wlan0:  Failed check-sdata-in-driver check, flags: 0x9
[52110.481137] Modules linked in: qcserial option iptable_nat ath9k usb_wwan rndis_host qmi_wwan pppoe nf_nat_pptp nf_nat_ipv4 nf_nat_amanda nf_conntrack_pptp nf_conntrack_netlink nf_conntrack_ipv6 nf_conntrack_ipv4 nf_conntrack_amanda ipt_REJECT ipt_MASQUERADE ebtable_nat ebtable_filter ebtable_broute cdc_ether ath9k_common xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_id xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_DSCP xt_CT xt_CLASSIFY usbserial usbnet ums_usbat ums_sddr55 ums_sddr09 ums_karma ums_jumpshot ums_isd200 ums_freecom ums_datafab ums_cypress ums_alauda ts_kmp ts_fsm ts_bm pppox ppp_mppe ppp_async nfnetlink nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast nf_conntrack mvsdio iptable_raw iptable_mangle iptable_filter ipt_ECN ip_tables ebtables ebt_vlan ebt_stp ebt_redirect ebt_pkttype ebt_mark_m ebt_mark ebt_limit ebt_among ebt_802_3 crc_ccitt cdc_wdm ath9k_hw armada_thermal fuse sch_teql sch_tbf sch_sfq sch_red sch_prio sch_pie sch_netem sch_htb sch_gred sch_fq sch_dsmark sch_codel em_text em_nbyte em_meta em_cmp cls_basic act_vlan act_police act_pedit act_nat act_ipt act_gact act_csum act_bpf act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_hfsc sch_ingress ledtrig_usbdev ledtrig_oneshot xt_LED ledtrig_morse ledtrig_heartbeat ledtrig_gpio cryptodev ath10k_pci ath10k_core thermal_sys hwmon ath mac80211 cfg80211 compat ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables pppoatm ppp_generic slhc nfsd nfsv3 msdos ip_gre gre ifb sit ip6_tunnel tunnel6 tunnel4 ip_tunnel tun snd_compress snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_rawmidi snd_seq_device snd_hwdep snd input_core soundcore rxkad vfat fat udf crc_itu_t ntfs nfs_layout_nfsv41_files nfsv4 nfs auth_rpcgss oid_registry lockd sunrpc grace minix isofs hfsplus hfs cramfs configfs cifs autofs4 kafs af_rxrpc dns_resolver dm_crypt dm_mirror dm_region_hash dm_log dm_mod br2684 atm multipath fscache raid456 async_raid6_recov async_pq async_xor async_memcpy async_tx raid10 raid1 raid0 linear md_mod nls_utf8 nls_koi8_r nls_cp1255 nls_iso8859_6 nls_iso8859_2 nls_iso8859_15 nls_iso8859_13 nls_iso8859_1 nls_cp932 nls_cp866 nls_cp864 nls_cp862 nls_cp852 nls_cp850 nls_cp775 nls_cp437 nls_cp1251 nls_cp1250 xts algif_skcipher algif_hash af_alg sha512_generic sha256_generic sha1_generic seqiv jitterentropy_rng drbg pcbc md5 md4 marvell_cesa hmac gf128mul fcrypt ecb des_generic ctr cmac ccm cbc authenc xhci_plat_hcd xhci_pci xhci_hcd uhci_hcd ledtrig_transient ahci_platform uas xfs libcrc32c jfs f2fs exfat mii aead crypto_null
[52110.481455] CPU: 1 PID: 1148 Comm: kworker/1:3 Tainted: G        W       4.4.178-7bc33afbb1b35f5830b2b1b42c9cd8a0-0 #1
[52110.481458] Hardware name: Marvell Armada 380/385 (Device Tree)
[52110.481484] Workqueue: events_freezable ieee80211_restart_work [mac80211]
[52110.481487] Backtrace:
[52110.481494] [<c001c504>] (dump_backtrace) from [<c001c744>] (show_stack+0x18/0x1c)
[52110.481497]  r6:00000000 r5:60000013 r4:c0770d28 r3:00000006
[52110.481508] [<c001c72c>] (show_stack) from [<c02ffd7c>] (dump_stack+0x98/0xac)
[52110.481514] [<c02ffce4>] (dump_stack) from [<c0029234>] (warn_slowpath_common+0x8c/0xbc)
[52110.481517]  r6:00000011 r5:bf66f0b4 r4:ccfdbd18 r3:00000006
[52110.481526] [<c00291a8>] (warn_slowpath_common) from [<c002929c>] (warn_slowpath_fmt+0x38/0x40)
[52110.481529]  r8:00000000 r7:ec952480 r6:ed370c3c r5:ed370ba0 r4:ec952480
[52110.481560] [<c0029268>] (warn_slowpath_fmt) from [<bf66f0b4>] (drv_remove_interface+0x70/0x74 [mac80211])
[52110.481563]  r3:ec952000 r2:bf6c4fac
[52110.481614] [<bf66f044>] (drv_remove_interface [mac80211]) from [<bf68098c>] (ieee80211_add_virtual_monitor+0x75c/0x9bc [mac80211])
[52110.481617]  r4:ec953064
[52110.481666] [<bf680424>] (ieee80211_add_virtual_monitor [mac80211]) from [<bf680c04>] (ieee80211_stop+0x18/0x20 [mac80211])
[52110.481669]  r10:c0764c12 r9:00000000 r8:00000001 r7:ccfdbe10 r6:ed370000 r5:ccfdbe10
[52110.481677]  r4:ec952000
[52110.481705] [<bf680bec>] (ieee80211_stop [mac80211]) from [<c04a38c0>] (__dev_close_many+0x90/0xd8)
[52110.481711] [<c04a3830>] (__dev_close_many) from [<c04a397c>] (dev_close_many+0x74/0xf8)
[52110.481714]  r5:ed370b58 r4:ec952488
[52110.481722] [<c04a3908>] (dev_close_many) from [<c04a7820>] (dev_close.part.8+0x38/0x50)
[52110.481724]  r8:00000000 r7:ed370ba0 r6:ed370000 r5:ed370b58 r4:ec952488
[52110.481735] [<c04a77e8>] (dev_close.part.8) from [<c04a7854>] (dev_close+0x1c/0x24)
[52110.481755] [<c04a7838>] (dev_close) from [<bf6288f0>] (cfg80211_shutdown_all_interfaces+0x44/0xc8 [cfg80211])
[52110.481795] [<bf6288ac>] (cfg80211_shutdown_all_interfaces [cfg80211]) from [<bf69a518>] (ieee80211_queue_delayed_work+0x124/0x128 [mac80211])
[52110.481798]  r6:ed371370 r5:ed37137c r4:ed370ba0 r3:00000001
[52110.481853] [<bf69a450>] (ieee80211_queue_delayed_work [mac80211]) from [<bf69c7b0>] (ieee80211_reconfig+0x2d4/0xaf0 [mac80211])
[52110.481856]  r6:ed370ba0 r5:ffffff92 r4:ed371230 r3:00000200
[52110.481908] [<bf69c4dc>] (ieee80211_reconfig [mac80211]) from [<bf66c1ac>] (ieee80211_restart_work+0x8c/0xb8 [mac80211])
[52110.481911]  r10:c0764c12 r9:00000000 r8:00000000 r7:ed370ba0 r6:ed370ba0 r5:ed371230
[52110.481919]  r4:ed371230
[52110.481946] [<bf66c120>] (ieee80211_restart_work [mac80211]) from [<c003ea48>] (process_one_work+0x140/0x358)
[52110.481949]  r7:ef6e0e00 r6:ef6dd600 r5:ed3714dc r4:e7245d00
[52110.481958] [<c003e908>] (process_one_work) from [<c003eca8>] (worker_thread+0x48/0x524)
[52110.481960]  r10:c0764c12 r9:ef6dd600 r8:00000008 r7:e7245d18 r6:ef6dd614 r5:ef6dd600
[52110.481969]  r4:e7245d00
[52110.481974] [<c003ec60>] (worker_thread) from [<c0044120>] (kthread+0x110/0x124)
[52110.481977]  r10:00000000 r9:00000000 r8:00000000 r7:c003ec60 r6:e7245d00 r5:00000000
[52110.481985]  r4:e7027900
[52110.481991] [<c0044010>] (kthread) from [<c0009dd0>] (ret_from_fork+0x14/0x24)
[52110.481994]  r7:00000000 r6:00000000 r5:c0044010 r4:e7027900
[52110.482000] ---[ end trace ace0f5541ac1abd5 ]---