Turris OS 5.3.7 is in the testing branch

Dear Turris community,

We are glad that we released a new version in the testing branch.
Notable changes in Turris OS 5.3.7 are related to Sentinel improvements as we updated it to the latest versions. Multiple security vulnerabilities and various bugs are also fixed, several packages updated.

Release changelog follows:

• Updated kernel to version 4.14.274
• Sentinel improvements
• Updated syslog-ng
• Fixed switch-branch and listing versions
• Security fixes
  • bind: CVE-2022-0396, CVE-2021-25220
  • OpenSSL: CVE-2022-0778
  • zlib
  • python3

Should you want to try the new release yourself and help us with testing, please refer to the instructions in Turris Documentation. We appreciate any feedback.

In case you encounter regressions or other issues feel free to report them to our support department.

As always, if testing goes well, a stable release will follow.

Update went fine on my TO

Did tor not get recompiled?

notice Tor[21115]: We compiled with OpenSSL 101010cf: OpenSSL 1.1.1l 24 Aug 2021 and we are running with OpenSSL 101010ef: 1.1.1n. These two versions should be binary compatible.

All packages are recompiled for each release. Tor was recompiled, but since there was no new Tor version in 5.3.7 release (Tor is a community package maintained by OpenWrt community) there was no need to update existing installations.

The important outcome of Turris OS 5.3.7 update is that Tor (while staying at version 0.4.5.10) is using the updated OpenSSL 1.1.1n (as confirmed by the notice).

Ok, I thought every package should be recompiled every time its dependencies change. But if there are ABI compatibility guarantees, it’s probably not needed. Are they?

There are. Tor Project was a bit skeptical about that, so they kept the notice.

It’s improbable you run into problems, but if you really want the recompiled package, you can opkg update && opkg install --force-reinstall tor or uninstall and reinstall using reForis.