pool/nebula
SHA256
19
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

merge into: pool:leap-16.1
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1
...
pull from: pool:factory
Branches Tags
pool:factory pool:leap-16.0 pool:leap-16.1

9 Commits
leap-16.1 ... factory

Author SHA256 Message Date
Ana Guerrero
20e81c0dc7 Accepting request 1328570 from network:vpn 
- Update to version 1.10.2:
  * Fix panic when using use_system_route_table (forwarded request 1328569 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1328570
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nebula?expand=0&rev=12
 2026-01-22 14:13:38 +00:00
Richard Rahl
3994680cec - Update to version 1.10.2: 
* Fix panic when using use_system_route_table

OBS-URL: https://build.opensuse.org/package/show/network:vpn/nebula?expand=0&rev=24
 2026-01-21 20:50:44 +00:00
Richard Rahl
9664d35744 - Update to version 1.10.1: 
* Fix a bug where an unsafe route derived from the system route table could
    be lost on a config reload
  * Fix the PEM banner for ECDSA P256 public keys
  * Fix a bug in handshake processing when a peer sends an unexpected public key
  * Add a config option to control accepting recv_error packets which defaults
    to always

OBS-URL: https://build.opensuse.org/package/show/network:vpn/nebula?expand=0&rev=23
 2026-01-20 23:53:23 +00:00
Ana Guerrero
2075d7462f Accepting request 1321349 from network:vpn 
- Update to version 1.10.0:
  * Support for ipv6 and multiple ipv4/6 addresses in the overlay
  * Add the ability to mark packets on linux to better target nebula packets in
    iptables/nftables
  * Add ECMP support for unsafe_routes
  * PKCS11 support for P256 keys when built with pkcs11 tag
  * default_local_cidr_any now defaults to false
  * Improve logging when a relay is in use on an inbound packet
  * Avoid fatal errors if rountines is > 1 on systems that <= 1
  * Log a warning if a firewall rule contains an any that negates a more
    restrictive filter
  * Accept encrypted CA passphrase from an environment variable
  * Allow handshaking with any trusted remote
  * Log only the count of blocklisted certificate fingerprints instead of the
    entire list
  * Don't fatal when the ssh server is unable to be configured successfully
  * Improve lost packet statistics
  * Honor remote_allow_list in hole punch response
- remove patch fix-CVE-2025-22869.patch, fixed upstream (forwarded request 1321348 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1321349
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nebula?expand=0&rev=11
 2025-12-08 10:54:23 +00:00
Richard Rahl
6457a1e6e8 - Update to version 1.10.0: 
* Support for ipv6 and multiple ipv4/6 addresses in the overlay
  * Add the ability to mark packets on linux to better target nebula packets in
    iptables/nftables
  * Add ECMP support for unsafe_routes
  * PKCS11 support for P256 keys when built with pkcs11 tag
  * default_local_cidr_any now defaults to false
  * Improve logging when a relay is in use on an inbound packet
  * Avoid fatal errors if rountines is > 1 on systems that <= 1
  * Log a warning if a firewall rule contains an any that negates a more
    restrictive filter
  * Accept encrypted CA passphrase from an environment variable
  * Allow handshaking with any trusted remote
  * Log only the count of blocklisted certificate fingerprints instead of the
    entire list
  * Don't fatal when the ssh server is unable to be configured successfully
  * Improve lost packet statistics
  * Honor remote_allow_list in hole punch response
- remove patch fix-CVE-2025-22869.patch, fixed upstream

OBS-URL: https://build.opensuse.org/package/show/network:vpn/nebula?expand=0&rev=21
 2025-12-06 11:43:55 +00:00
Dominique Leuenberger
948ff0409b Accepting request 1310730 from network:vpn 
- update to version 1.9.7:
  * Disable sending recv_error messages when a packet is received outside the
    allowable counter window
  * Improve error messages and remove some unnecessary fatal conditions in the
    generic udp listener (forwarded request 1310729 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1310730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nebula?expand=0&rev=10
 2025-10-11 20:51:06 +00:00
Richard Rahl
bff5277ee4 - update to version 1.9.7: 
* Disable sending recv_error messages when a packet is received outside the
    allowable counter window
  * Improve error messages and remove some unnecessary fatal conditions in the
    generic udp listener

OBS-URL: https://build.opensuse.org/package/show/network:vpn/nebula?expand=0&rev=19
 2025-10-11 14:59:40 +00:00
Dominique Leuenberger
1f84272e2b Accepting request 1295367 from network:vpn 
- update to version 1.9.6:
  * Support dropping inactive tunnels. This is disabled by default
  * Ensure the same relay tunnel is always used when multiple relay
    tunnels are present
  * Fix relay migration panic (forwarded request 1295366 from rrahl0)

OBS-URL: https://build.opensuse.org/request/show/1295367
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nebula?expand=0&rev=9
 2025-07-24 16:44:47 +00:00
Richard Rahl
f57a2205b5 - update to version 1.9.6: 
* Support dropping inactive tunnels. This is disabled by default
  * Ensure the same relay tunnel is always used when multiple relay
    tunnels are present
  * Fix relay migration panic

OBS-URL: https://build.opensuse.org/package/show/network:vpn/nebula?expand=0&rev=17
 2025-07-23 15:15:49 +00:00
7 changed files with 68 additions and 68 deletions
Expand all files Collapse all files

2
_service
View File

@@ -3,7 +3,7 @@
<service name="tar_scm" mode="manual">
<param name="url">https://github.com/slackhq/nebula.git</param>
<param name="scm">git</param>
<param name="revision">refs/tags/v1.9.5</param>
<param name="revision">refs/tags/v1.10.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="package-meta">yes</param>

57
fix-CVE-2025-22869.patch
View File

@@ -1,57 +0,0 @@
diff -rub nebula-1.9.5/go.mod nebula-1.9.5-patched/go.mod
--- nebula-1.9.5/go.mod 2024-12-06 15:50:24.000000000 +0100
+++ nebula-1.9.5-patched/go.mod 2025-03-12 09:51:49.086946008 +0100
@@ -1,8 +1,8 @@
module github.com/slackhq/nebula
-go 1.22.0
+go 1.23.0
-toolchain go1.22.2
+toolchain go1.24.1
require (
dario.cat/mergo v1.0.0
@@ -23,12 +23,12 @@
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
github.com/stretchr/testify v1.9.0
github.com/vishvananda/netlink v1.2.1-beta.2
- golang.org/x/crypto v0.26.0
+ golang.org/x/crypto v0.36.0
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090
golang.org/x/net v0.28.0
golang.org/x/sync v0.8.0
- golang.org/x/sys v0.24.0
- golang.org/x/term v0.23.0
+ golang.org/x/sys v0.31.0
+ golang.org/x/term v0.30.0
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
golang.zx2c4.com/wireguard/windows v0.5.3
diff -rub nebula-1.9.5/go.sum nebula-1.9.5-patched/go.sum
--- nebula-1.9.5/go.sum 2024-12-06 15:50:24.000000000 +0100
+++ nebula-1.9.5-patched/go.sum 2025-03-12 09:53:25.588929512 +0100
@@ -153,6 +153,8 @@
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY=
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
@@ -201,9 +203,13 @@
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
Only in nebula-1.9.5-patched: vendor

3
nebula-1.10.2.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9e5e057d7644549b5798b35a3482663a13fad2a5b79160118b793b2d9f1ec205
size 5220132

3
nebula-1.9.5.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3c7ef224c0e2068627979b37fc6573e35e08b9d8e1c647ca8951647ce8c088f1
size 2498526

58
nebula.changes
View File

@@ -1,3 +1,61 @@
-------------------------------------------------------------------
Wed Jan 21 20:34:05 UTC 2026 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 1.10.2:
* Fix panic when using use_system_route_table
-------------------------------------------------------------------
Tue Jan 20 23:44:43 UTC 2026 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 1.10.1:
* Fix a bug where an unsafe route derived from the system route table could
be lost on a config reload
* Fix the PEM banner for ECDSA P256 public keys
* Fix a bug in handshake processing when a peer sends an unexpected public key
* Add a config option to control accepting recv_error packets which defaults
to always
-------------------------------------------------------------------
Sat Dec 6 11:29:27 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to version 1.10.0:
* Support for ipv6 and multiple ipv4/6 addresses in the overlay
* Add the ability to mark packets on linux to better target nebula packets in
iptables/nftables
* Add ECMP support for unsafe_routes
* PKCS11 support for P256 keys when built with pkcs11 tag
* default_local_cidr_any now defaults to false
* Improve logging when a relay is in use on an inbound packet
* Avoid fatal errors if rountines is > 1 on systems that <= 1
* Log a warning if a firewall rule contains an any that negates a more
restrictive filter
* Accept encrypted CA passphrase from an environment variable
* Allow handshaking with any trusted remote
* Log only the count of blocklisted certificate fingerprints instead of the
entire list
* Don't fatal when the ssh server is unable to be configured successfully
* Improve lost packet statistics
* Honor remote_allow_list in hole punch response
- remove patch fix-CVE-2025-22869.patch, fixed upstream
-------------------------------------------------------------------
Sat Oct 11 14:48:33 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.9.7:
* Disable sending recv_error messages when a packet is received outside the
allowable counter window
* Improve error messages and remove some unnecessary fatal conditions in the
generic udp listener
-------------------------------------------------------------------
Wed Jul 23 13:31:01 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.9.6:
* Support dropping inactive tunnels. This is disabled by default
* Ensure the same relay tunnel is always used when multiple relay
tunnels are present
* Fix relay migration panic
-------------------------------------------------------------------
Wed Mar 12 08:57:08 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>

9
nebula.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package nebula
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: nebula
Version: 1.9.5
Version: 1.10.2
Release: 0
Summary: A scalable overlay networking tool
License: MIT
@@ -25,11 +25,10 @@ URL: https://github.com/slackhq/nebula
Source0: %{name}-%{version}.tar.gz
Source1: vendor.tar.zst
Source2: %{name}.service
Patch0: fix-CVE-2025-22869.patch
BuildRequires: git-core
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API) >= 1.23.6
BuildRequires: golang(API) >= 1.24.0
%description
Nebula is a scalable overlay networking tool with a focus on performance,
@@ -44,7 +43,7 @@ Summary: Seperate %{name}-cert package
This package only includes the %{name}-cert binary.
%prep
%autosetup -a1
%autosetup -a1 -p1
%build
go build -buildmode=pie -mod=vendor -ldflags "-X main.Build=%{version}-dirty" -o %{name} ./cmd/%{name}

4
vendor.tar.zst
View File

@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ddeb93b481716b9ea3d69564218d46de672077bf0c52a596cec67382f215a869
size 3393594
oid sha256:25141fc9e14c72411df888a9901f9bc9677d6a5bbb7b06e6d566175f602adbfc
size 2807712