From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187 Date: Wed, 10 Jul 2024 09:53:25 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3965619101501113170==" List-Id: --===============3965619101501113170== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael, On 09/07/2024 23:32, Michael Tremer wrote: > Hello, >=20 > I have just pushed a rebuild of the last update. So people who upgrade from= now on should get the correct script. >=20 > Would you like to communicate this with the people (potentially) affected? I have communicated it in the forum post thread on the expiry of the CRL=20 and also to the person who privately messaged me. Regards, Adolf. >=20 > Best, > -Michael >=20 >> On 8 Jul 2024, at 16:53, Adolf Belka wrote: >> >> Hi Michael, >> >> On 08/07/2024 17:38, Michael Tremer wrote: >>> How many users are we talking about? >> >> I don't know. The CRL has a lifetime of one month from what Erik has menti= oned on the forum. I found that it had expired on my production system but I = tend to only use it when I am visiting family/friends so hadn't noticed. >> >> In the forum I think there have been 5 or 6 people who have flagged up a p= roblem or that red the post and then fed back that they had made the change t= o the ovpn-crl-updater script and that it had worked. >> >> Since that original number there have been no more mentions. >>> I would like to close the update now anyways and release it into testing = this week. That being said, we are probably looking at a release in the last = week of July or later=E2=80=A6 >> I think we should do that anyway. >>> We could also patch the previous update and release a new updater. >> That would deal with anyone doing an update. That might be good to do. >> >> If I understand correctly any change made won't end up in the released iso= /image but any new install that immediately created an OpenVPN connection wou= ld then have a month before it needed to be updated and CU187 would then be o= ut. >> >> Regards, >> Adolf. >>> Best, >>> -Michael >>>> On 4 Jul 2024, at 15:29, Adolf Belka wrote: >>>> >>>> Hi Michael, >>>> >>>> I have been asked in a private forum message (not sure why they made it = private), about whether CU187 should be made an emergency update just for the= ovpn-crl-updater due to the numbers of people who might lose their OpenVPN c= onnections if the crl cannot be updated. >>>> >>>> I pointed out that CU187 was close to being released for Testing and tha= t changing everything would probably create more issues and chaos and delay C= U187 which has quite a few updates related to CVE fixes. >>>> >>>> Anyway, I thought I would forward the request to see what you think the = best approach would be. >>>> >>>> Regards, >>>> Adolf. >>>> >>>> On 04/07/2024 15:10, Adolf Belka wrote: >>>>> Hi Michael, >>>>> >>>>> The ovpn-crl-updater script was updated to take account of the modified= location for the ovpn.cnf file but the script was missed of the list of file= s to be shipped with CU186. >>>>> >>>>> The file needs to be included into the CU187 list to be shipped. >>>>> >>>>> Regards, >>>>> Adolf. >>>>> >>>> >>>> --=20 >>>> Sent from my laptop >>>> >=20 --=20 Sent from my laptop --===============3965619101501113170==--