From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187 Date: Tue, 09 Jul 2024 22:32:13 +0100 Message-ID: In-Reply-To: <8bf41981-63d9-4fe1-88d7-b5bded145284@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1467766390494748940==" List-Id: --===============1467766390494748940== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I have just pushed a rebuild of the last update. So people who upgrade from n= ow on should get the correct script. Would you like to communicate this with the people (potentially) affected? Best, -Michael > On 8 Jul 2024, at 16:53, Adolf Belka wrote: >=20 > Hi Michael, >=20 > On 08/07/2024 17:38, Michael Tremer wrote: >> How many users are we talking about? >=20 > I don't know. The CRL has a lifetime of one month from what Erik has mentio= ned on the forum. I found that it had expired on my production system but I t= end to only use it when I am visiting family/friends so hadn't noticed. >=20 > In the forum I think there have been 5 or 6 people who have flagged up a pr= oblem or that red the post and then fed back that they had made the change to= the ovpn-crl-updater script and that it had worked. >=20 > Since that original number there have been no more mentions. >> I would like to close the update now anyways and release it into testing t= his week. That being said, we are probably looking at a release in the last w= eek of July or later=E2=80=A6 > I think we should do that anyway. >> We could also patch the previous update and release a new updater. > That would deal with anyone doing an update. That might be good to do. >=20 > If I understand correctly any change made won't end up in the released iso/= image but any new install that immediately created an OpenVPN connection woul= d then have a month before it needed to be updated and CU187 would then be ou= t. >=20 > Regards, > Adolf. >> Best, >> -Michael >>> On 4 Jul 2024, at 15:29, Adolf Belka wrote: >>>=20 >>> Hi Michael, >>>=20 >>> I have been asked in a private forum message (not sure why they made it p= rivate), about whether CU187 should be made an emergency update just for the = ovpn-crl-updater due to the numbers of people who might lose their OpenVPN co= nnections if the crl cannot be updated. >>>=20 >>> I pointed out that CU187 was close to being released for Testing and that= changing everything would probably create more issues and chaos and delay CU= 187 which has quite a few updates related to CVE fixes. >>>=20 >>> Anyway, I thought I would forward the request to see what you think the b= est approach would be. >>>=20 >>> Regards, >>> Adolf. >>>=20 >>> On 04/07/2024 15:10, Adolf Belka wrote: >>>> Hi Michael, >>>>=20 >>>> The ovpn-crl-updater script was updated to take account of the modified = location for the ovpn.cnf file but the script was missed of the list of files= to be shipped with CU186. >>>>=20 >>>> The file needs to be included into the CU187 list to be shipped. >>>>=20 >>>> Regards, >>>> Adolf. >>>>=20 >>>=20 >>> --=20 >>> Sent from my laptop >>>=20 --===============1467766390494748940==--