Turris OS 5.1.9 is in the Testing branch

Dear Turris users,

We released just a few minutes ago (on Saturday) a new version of Turris OS 5.1.9 to the Testing branch.

This release fixes three recently discovered security vulnerabilities:

  • CVE-2021-3156 (Baron Samedit) found in sudo
  • P2P group information processing in wpa_supplicant
  • CVE-2020-36177 found in wolfSSL
    This requires an immediate restart of your router to have working Wi-Fi.

Among other things, there was an update for sentinel-minipot. It fixes an issue, which was happening only on Turris 1.x routers, where it was using one of the cores at 100% usage. There is also an update for reforis-snapshots-plugin, which should be now shown in reForis while using Netboot.

As usual, there was an update of kernel, luci and some other packages.

We want to hear your voices how you like this update!


If there are any issues with this update, please let us know. You can do it here or on our GitLab and reaching our Technical support department.

4 Likes

MOX classic, WiFi, .5 GB, 5.1.8 HBK, simple config, update to 5.1.9 OK, all seem working. I only can’t remember if there was “Storage” part in reForis before for in 5.1.9 it’s not there.

The storage part is not present in Turris OS 5.1.9 in reForis. That’s going to be one of the main features of the upcoming Turris OS 5.2.0.

Thanks for clearing this point (maybe you’d mentioned it somewhere before… be it so, I apologise).

Hello
I’ve checked this release with my USB stick, but it does not help.
I’m back on 5.1.7

Hi! Thanks for the great work, as always.

I have a suggestion: please include actual dates for such updates rather than mentioning “this week” or such relative terms for the benefit of folks seeing this discussion at later dates.

The forum post at least has dates, so one can calculate, but the header talking about security updates is difficult to place the timeframe for.

Thanks!

Dear Turris users,

Today (16th February) in the Czech Republic, we released another RC of Turris OS 5.1.9.

The most exciting change compared to the previous RC is that we reverted the hostapd update, which means that your router will downgrade to the version of hostapd, which is in HBS. Unfortunately, this change affected routers already in HBT/HBK/HBL/HBD branches.

What does it mean to you, in other words?

If you are using: hostapd-common_2019-08-08-ca8c2bd2-5, everything stays as it is, and after applying the update, there will be Wi-Fi networks. Unfortunately, if you are using anything else than -5 (last number in versioning), there is a downgrade, and after applying it, you most likely don’t have working Wi-Fi.
There are two workarounds:

  1. /etc/init.d/network restart
  2. reboot your router.
    We are sorry for any inconvenience caused by this issue, and we are looking to this issue so it won’t happen in the future.

We decided to do it by this approach, which is quick for users who have their routers in HBS and will not be affected by this issue after switching to HBT/HBK or just moving HBT to HBS in favor of applying security fixes.

Other changes in this version compared to the previous RC version:

  • removed empty OpenWisp feed (it just shows a harmless warning, but update continues, nothing to worry about)
  • updated kernel to version 4.14.221
  • fix CVE-2021-3336 in wolfSSL
  • updated htop to version 3.0.5
  • updated python-paho-mqtt to version 1.5.0
  • updated zetotier to version 1.6.3 and it is there again for Turris MOX routers
  • updated mosqitto to version 1.6.13

and other changes.

Any feedback is appreciated.

3 Likes

I see. Good point. Thank you for your feedback. I will consider it.

1 Like

As usually - MOX classic, WiFi, .5 GB, 5.1.9 HBK (i.e
latest RC), simple config, update OK, all seem working. Small glitch: after 1st successful reboot (5th in row) only one WiFi came alive, after next reboot there were both :wink:

Can’t you release a one-off package that would do the needed networking restart automatically?

We want to make this Wi-Fi update smooth for all stable users. This blocks the release currently so we decided to revert it for now to take some time and solve it in the next release. That means, testing users suffers this “need for restart” twice in 5.1.9 HBT/release candidates, but stable users won’t be affected.

We really appreciate all HBT users and we apologize for this inconveniences. We will focus to not repeat this issue again.

Thanks for the feedback

1 Like

This nOOb has no clue what version is used here…how to find out?

edit: thxs janvolec, works, got the correct version on mox and omnia

One way is to execute opkg list_installed |grep hostap in the shell

1 Like

We will force a restart of your network in upcoming updates immediately after the hostapd/wpad is updated.

Here goes, another RC version of Turris OS 5.1.9. It makes it in the total 3rd version in the Testing branch.

What’s new?

This release is based on the tagged OpenWrt 19.07.7 version, and I am confident that it will be announced so soon on the OpenWrt mailing list.

It results in an updated kernel to version 4.14.221, and there is updated OpenSSL to version 1.1.1j, which fixes 3 CVEs.

There is also updated package kmod-fs-ksmbd, but it can not be updated or installed in this version due to missing dependency. More details.

Otherwise, there might be additional updates, which are not so crucial as these three things to mention.

We hope that you will enjoy this release and if anything goes wrong, please let us know!

2 Likes

This time all seem OK, working… BTW , you seems to enjoy long working hours, isn’t it? (just joking :wink:

1 Like

Haha, no worries. In my case, it is a little bit complicated as I’m working as I can to match my schedules, which I have. Also, these days, I am used to working during evenings as it’s better for several reasons, but too bad when you need something from colleagues. :smiley:

2 Likes

I did a double RC update on my Omnia (from RC1 directly to RC3). Reforis asked me for two approvals (in succession, one after installing the other). The router has completely restarted out of nothing and without my request.

After the restart, I saw this error:

Updater failed: 

runtime: [string "requests"]:417: [string "utils"]:422: Unable to finish URI (https://repo.turris.cz/hbt/omnia/lists/pkglists/netboot.lua): Download failed

But everything seems to be working.

Here’s the end of the syslog before the unwanted reboot:

Summary
01:42:17 notice netifd[]: Network device 'guest_turris_1' link is down
01:42:17 notice netifd[]: Network device 'guest_turris_0' link is down
01:42:17 info kernel[]: [529401.281856] br-guest_turris: port 2(guest_turris_0) entered disabled state
01:42:17 info kernel[]: [529401.336384] device guest_turris_1 left promiscuous mode
01:42:17 info kernel[]: [529401.336401] br-guest_turris: port 1(guest_turris_1) entered disabled state
01:42:17 notice netifd[]: bridge 'br-guest_turris' link is down
01:42:17 notice netifd[]: Interface 'guest_turris' has link connectivity loss
01:42:17 info kernel[]: [529401.486928] device guest_turris_0 left promiscuous mode
01:42:17 info kernel[]: [529401.486941] br-guest_turris: port 2(guest_turris_0) entered disabled state
01:42:17 info kernel[]: [529401.567236] br-lan: port 7(wlan1) entered disabled state
01:42:17 notice netifd[]: Network device 'wlan1' link is down
01:42:17 notice hostapd[]: wlan1: INTERFACE-DISABLED 
01:42:18 notice netifd[]: Network device 'wlan0' link is down
01:42:18 info kernel[]: [529401.767080] br-lan: port 6(wlan0) entered disabled state
01:42:18 notice hostapd[]: wlan0: INTERFACE-DISABLED 
01:42:18 info kernel[]: [529401.846788] device wlan1 left promiscuous mode
01:42:18 info kernel[]: [529401.846798] br-lan: port 7(wlan1) entered disabled state
01:42:18 info kernel[]: [529401.976474] device wlan0 left promiscuous mode
01:42:18 info kernel[]: [529401.976487] br-lan: port 6(wlan0) entered disabled state
01:42:19 info kernel[]: [529402.803494] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
01:42:19 notice hostapd[]: wlan1: INTERFACE-ENABLED 
01:42:19 err hostapd[]: Failed to set beacon parameters
01:42:19 err hostapd[]: Configuration file: /var/run/hostapd-phy1.conf
01:42:19 err hostapd[]: nl80211: Could not configure driver mode
01:42:19 notice hostapd[]: nl80211: deinit ifname=wlan1 disabled_11b_rates=0
01:42:19 err hostapd[]: nl80211 driver initialization failed.
01:42:19 notice hostapd[]: wlan1: interface state UNINITIALIZED->DISABLED
01:42:19 notice hostapd[]: guest_turris_1: AP-DISABLED 
01:42:19 notice hostapd[]: guest_turris_1: CTRL-EVENT-TERMINATING 
01:42:19 err hostapd[]: hostapd_free_hapd_data: Interface guest_turris_1 wasn't started
01:42:19 notice hostapd[]: wlan1: AP-DISABLED 
01:42:19 notice hostapd[]: wlan1: CTRL-EVENT-TERMINATING 
01:42:19 err hostapd[]: hostapd_free_hapd_data: Interface wlan1 wasn't started
01:42:19 notice netifd[]: radio1 (3189): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process 6556 path (/proc/6556/exe)
01:42:19 err hostapd[]: Configuration file: /var/run/hostapd-phy0.conf
01:42:19 notice netifd[]: radio1 (3189): Device setup failed: HOSTAPD_START_FAILED
01:42:19 notice hostapd[]: wlan1: INTERFACE-DISABLED 
01:42:21 warning kernel[]: [529405.203253] ath10k_pci 0000:02:00.0: pdev param 0 not supported by firmware
01:42:21 notice hostapd[]: wlan0: INTERFACE-ENABLED 
01:42:21 info kernel[]: [529405.225186] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
01:42:21 err hostapd[]: Failed to set beacon parameters
01:42:21 notice hostapd[]: wlan0: INTERFACE-DISABLED 
01:42:21 err hostapd[]: Failed to set beacon parameters
01:42:21 err hostapd[2481]: Last message 'Failed to set beacon' repeated 1 times, suppressed by syslog-ng on turris
01:42:21 err hostapd[]: nl80211: Could not configure driver mode
01:42:21 notice hostapd[]: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
01:42:21 err hostapd[]: nl80211 driver initialization failed.
01:42:21 notice hostapd[]: wlan0: interface state UNINITIALIZED->DISABLED
01:42:21 notice hostapd[]: guest_turris_0: AP-DISABLED 
01:42:21 notice hostapd[]: guest_turris_0: CTRL-EVENT-TERMINATING 
01:42:21 err hostapd[]: hostapd_free_hapd_data: Interface guest_turris_0 wasn't started
01:42:21 notice hostapd[]: wlan0: AP-DISABLED 
01:42:21 notice hostapd[]: wlan0: CTRL-EVENT-TERMINATING 
01:42:21 err hostapd[]: hostapd_free_hapd_data: Interface wlan0 wasn't started
01:42:21 notice netifd[]: radio0 (3231): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process 13948 path (/proc/13948/exe)
01:42:21 notice netifd[]: radio0 (3231): Device setup failed: HOSTAPD_START_FAILED
01:42:22 err hostapd[]: Failed to set beacon parameters
01:43:21 notice syslog-ng[5757]: syslog-ng starting up; version='3.30.1'
01:43:21 info kernel[]: [    0.000000] Booting Linux on physical CPU 0x0

It seems hostapd-related.

We fixed regression, which we mentioned yesterday, so here goes another RC version of 5.1.9, and this hopefully be the last one before it reaches the Stable branch.

Today, there was an officially released version of OpenWrt 19.07.7 - changelog.

What’s new in this RC4 version against the previous version RC3?

  • fixed dependency in kmod-fs-ksmbd
  • updated luci-app-ddns, which fixes multiple authenticated RCEs

If anything goes wrong, please let us know ASAP. There are plans to release it to the HBS today.

2 Likes