Accepting request 1252352 from network:vpn
- add patch fix-CVE-2025-22869.patch, fixes bsc#1239387 (forwarded request 1252351 from rrahl0) OBS-URL: https://build.opensuse.org/request/show/1252352 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nebula?expand=0&rev=8
This commit is contained in:
Git OBS Bridge
57
fix-CVE-2025-22869.patch
Normal file
57
fix-CVE-2025-22869.patch
Normal file
@@ -0,0 +1,57 @@
|
||||
diff -rub nebula-1.9.5/go.mod nebula-1.9.5-patched/go.mod
|
||||
--- nebula-1.9.5/go.mod 2024-12-06 15:50:24.000000000 +0100
|
||||
+++ nebula-1.9.5-patched/go.mod 2025-03-12 09:51:49.086946008 +0100
|
||||
@@ -1,8 +1,8 @@
|
||||
module github.com/slackhq/nebula
|
||||
|
||||
-go 1.22.0
|
||||
+go 1.23.0
|
||||
|
||||
-toolchain go1.22.2
|
||||
+toolchain go1.24.1
|
||||
|
||||
require (
|
||||
dario.cat/mergo v1.0.0
|
||||
@@ -23,12 +23,12 @@
|
||||
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/vishvananda/netlink v1.2.1-beta.2
|
||||
- golang.org/x/crypto v0.26.0
|
||||
+ golang.org/x/crypto v0.36.0
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090
|
||||
golang.org/x/net v0.28.0
|
||||
golang.org/x/sync v0.8.0
|
||||
- golang.org/x/sys v0.24.0
|
||||
- golang.org/x/term v0.23.0
|
||||
+ golang.org/x/sys v0.31.0
|
||||
+ golang.org/x/term v0.30.0
|
||||
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
|
||||
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
|
||||
golang.zx2c4.com/wireguard/windows v0.5.3
|
||||
diff -rub nebula-1.9.5/go.sum nebula-1.9.5-patched/go.sum
|
||||
--- nebula-1.9.5/go.sum 2024-12-06 15:50:24.000000000 +0100
|
||||
+++ nebula-1.9.5-patched/go.sum 2025-03-12 09:53:25.588929512 +0100
|
||||
@@ -153,6 +153,8 @@
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
|
||||
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
|
||||
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
|
||||
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY=
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
@@ -201,9 +203,13 @@
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
|
||||
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
|
||||
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
|
||||
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
|
||||
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
|
||||
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
Only in nebula-1.9.5-patched: vendor
|
||||
@@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 12 08:57:08 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
|
||||
|
||||
- add patch fix-CVE-2025-22869.patch, fixes bsc#1239387
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 6 17:28:15 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package nebula
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -25,10 +25,11 @@ URL: https://github.com/slackhq/nebula
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source1: vendor.tar.zst
|
||||
Source2: %{name}.service
|
||||
Patch0: fix-CVE-2025-22869.patch
|
||||
BuildRequires: git-core
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: zstd
|
||||
BuildRequires: golang(API) = 1.22
|
||||
BuildRequires: golang(API) >= 1.23.6
|
||||
|
||||
%description
|
||||
Nebula is a scalable overlay networking tool with a focus on performance,
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0a7e2c586b53eba9e5249fc079789fbf550ea8b47acb996001e21ab585b29b03
|
||||
size 2536026
|
||||
oid sha256:ddeb93b481716b9ea3d69564218d46de672077bf0c52a596cec67382f215a869
|
||||
size 3393594
|
||||
|
||||
Reference in New Issue
Block a user