From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187 Date: Mon, 08 Jul 2024 17:53:50 +0200 Message-ID: <8bf41981-63d9-4fe1-88d7-b5bded145284@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0958367805491454351==" List-Id: --===============0958367805491454351== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 08/07/2024 17:38, Michael Tremer wrote: > How many users are we talking about? I don't know. The CRL has a lifetime of one month from what Erik has mentione= d on the forum. I found that it had expired on my production system but I ten= d to only use it when I am visiting family/friends so hadn't noticed. In the forum I think there have been 5 or 6 people who have flagged up a prob= lem or that red the post and then fed back that they had made the change to t= he ovpn-crl-updater script and that it had worked. Since that original number there have been no more mentions. >=20 > I would like to close the update now anyways and release it into testing th= is week. That being said, we are probably looking at a release in the last we= ek of July or later=E2=80=A6 I think we should do that anyway. >=20 > We could also patch the previous update and release a new updater. That would deal with anyone doing an update. That might be good to do. If I understand correctly any change made won't end up in the released iso/im= age but any new install that immediately created an OpenVPN connection would = then have a month before it needed to be updated and CU187 would then be out. Regards, Adolf. >=20 > Best, > -Michael >=20 >> On 4 Jul 2024, at 15:29, Adolf Belka wrote: >> >> Hi Michael, >> >> I have been asked in a private forum message (not sure why they made it pr= ivate), about whether CU187 should be made an emergency update just for the o= vpn-crl-updater due to the numbers of people who might lose their OpenVPN con= nections if the crl cannot be updated. >> >> I pointed out that CU187 was close to being released for Testing and that = changing everything would probably create more issues and chaos and delay CU1= 87 which has quite a few updates related to CVE fixes. >> >> Anyway, I thought I would forward the request to see what you think the be= st approach would be. >> >> Regards, >> Adolf. >> >> On 04/07/2024 15:10, Adolf Belka wrote: >>> Hi Michael, >>> >>> The ovpn-crl-updater script was updated to take account of the modified l= ocation for the ovpn.cnf file but the script was missed of the list of files = to be shipped with CU186. >>> >>> The file needs to be included into the CU187 list to be shipped. >>> >>> Regards, >>> Adolf. >>> >> >> --=20 >> Sent from my laptop >> >=20 --===============0958367805491454351==--