Turris OS 5.2.5 is released!

Dear Turris users,

We would like to inform you that we released Turris OS 5.2.5 from the Testing branch and after 2 RC versions to all of you!

What’s new in this release?
Based on OpenWrt 19.07.08

  • Updated kernel to version 4.14.243
  • Updated Knot DNS to version 3.0.8
  • Updated turrishw to version 0.5.1
  • Fixed issue to resolve cronie and vixie-cron while upgrading from Turris OS 3.x
  • Updated adblock, https-dns-proxy
  • Some improvements in ubus/libubox

There could be a short restart of your network related to some package updates, e.g. netifd and wpad which depend on ubus.

When this update will be downloaded and applied?

  • If you are using automatic updates, then yes. We suggest updating from Turris OS 5.2.4.
    This release is for Turris 1.x, Turris Omnia, Turris MOX and Turris Shield devices.
  • If you are not using automatic updates, then check reForis to approve update.

I found some bug, what should I do?

As always, we appreciate any feedback regarding this release.

7 Likes

Kudos for mentioning the network restart :+1:, hoping for some wifi improvements with the new atk10k-ct driver.

I guess a restart will be mandatory as there is a kernel update.

MOX A+D update from 5.2.4 stalled on reboot, needed to powercycle, otherwise ok.

Thank you team!

Luci - Statistics are not working after today’s update and reboot. Packages in reForis do not respond and enable or disable a this package.

Edit: … So Statistics (graphs) began to work but erased the previous history :frowning:

Just finished rebooting after 5.2.5 update
Noticing that the Linux Kernel version does not match the post…

Newer is always better, right? It happened because this version was prepared for some time and we were internally testing and before releasing RC, there was kernel update in OpenWrt 19.07 branch and I forgot to update it in the OP. Mea culpa! :frowning:

2 Likes

thanks for update, but after update to 5.2.5 i lost https-dns-proxy package

console

➜ ~ opkg find https-dns-proxy
➜ ~ opkg find luci-app-https-dns-proxy
luci-app-https-dns-proxy - 2021-07-29-1-1 - Provides Web UI for DNS Over HTTPS Proxy
➜ ~

Unfortunately, this package is not available for Turris MOX, and we can not decide that we are not going to release a new version of Turris OS because of one community package, which is not provided by default and it is not provided in any package lists available in Foris/reForis. Because packages might appear and disappear because of the recent changes in the only stable branch, OpenWrt has. I decided that we will push the update even this package is missing because we need to fix several issues, which had priority to be solved like migration process, etc.

It is possible to use localrepo for the time being until a new version of https-dns-proxy shows up. The issue was reported to https-dns-proxy developer by creating an issue in the OpenWrt packages feed.

We should address this issue in the next Turris OS version, which could (not promises, though) show up next week.

1 Like

Sorry, inconsistent testing:

After a reboot I still need to manually restart:

/etc/init.d/firewall restart
/etc/init.d/ddns restart

and I still need a script in /etc/hotplug.d/net to synthesize the missing calls of the scripts in /etc/hotplug.d/iface…

Mmmh, maybe it is time for a fresh install on that unit with a gradual restarting of the desired services…

I initially thought this too, but it looks like I have about a month of data missing.

I didn’t see any graphs to start with, but I rebooted and it appeared to show the graphs again, with a gap starting around July 15th-ish until now.

It must have stopped collecting on a prior update. I may have done update 5.2.3 late or somehow done 5.2.4 early. I remember some of the recent updates haven’t requested a reboot, so I didn’t. But I also didn’t check my graphs either.

For me this happebs sometimes, when one of my hdds fails to initialize on boot (omnia+nas). What happens the rrdtool storage location is unavailable, so no statistics data is stores/shown.

Cold boot usually resolves this.

Yes I understand. I this case (5.2.5 reboot 19.8.2021 )

News announcements
        ==================
        * Based on the latest OpenWrt 19.07.8
          * Updated kernel to version 4.14.241

        Update notifications
        ====================
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package omnia-generic-support
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package kernel
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package kmod-libphy
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package kmod-swconfig
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package kmod-switch-mvsw61xx
         • Installed version 4.14.243-1-67f70e2f39f8e8859c56d42cced0b0b3 of package kmod-ikconfig
    x
    x
    x
    x

… checked allways the status of the Storage and it was always fine.

So does this finally fix the FragAttack vulnerability, discovered back in May?

yes, this was one of the targeted improvements in openwrt 19.07.8

The vulnerability FragAttacks contains 12 CVEs and other improvements for mac80211, ath10k, cfg80211.
Some CVEs are related to Samsung or some vulnerability in 3rd party Windows’ driver.

It was highlighted that it is fixed in the recently released OpenWrt 19.07.8 release, which is just partially true, as I am afraid. If you take a look, FragAttacks fixed were introduced in two releases:

  • Turris OS 5.2.2 (released on 17th June 2021)
    Referred as mac80211 update
  • Turris OS 5.2.4 (released on 28th July 2021)
    Referred as a security update for ath10k-ct.

So, if you are using ath10k-ct, then you’re most likely safe. If you are using ath10k, then I am afraid that I don’t have good news for you as this vulnerability is still present in all GNU/Linux distributions as it was not fixed in LTS kernels <= 4.19.

I accidentally came across a configuration mismatch. He thinks that the new setting (which I think was in earlier version not available) of reForis “Guest Network” is disabled for me, although I have always enabled guest wifi 2,4 for a long time and it is active and functional. Guest DHCP is working (start IP 10.111.222.100, DHCP max leases = 5) although guest network is not enabled .



This topic was automatically closed after 20 days. New replies are no longer allowed.