Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

nebula-cert-1.10.0-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: nebula-cert Distribution: openSUSE Tumbleweed
Version: 1.10.0 Vendor: openSUSE
Release: 1.1 Build date: Sat Dec 6 12:29:27 2025
Group: Unspecified Build host: reproducible
Size: 6536272 Source RPM: nebula-1.10.0-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/slackhq/nebula
Summary: Seperate nebula-cert package
 
This package only includes the nebula-cert binary.

Provides

Requires

License

MIT

Changelog

* Sat Dec 06 2025 Richard Rahl <rrahl0@opensuse.org>
  - Update to version 1.10.0:
    * Support for ipv6 and multiple ipv4/6 addresses in the overlay
    * Add the ability to mark packets on linux to better target nebula packets in
      iptables/nftables
    * Add ECMP support for unsafe_routes
    * PKCS11 support for P256 keys when built with pkcs11 tag
    * default_local_cidr_any now defaults to false
    * Improve logging when a relay is in use on an inbound packet
    * Avoid fatal errors if rountines is > 1 on systems that <= 1
    * Log a warning if a firewall rule contains an any that negates a more
      restrictive filter
    * Accept encrypted CA passphrase from an environment variable
    * Allow handshaking with any trusted remote
    * Log only the count of blocklisted certificate fingerprints instead of the
      entire list
    * Don't fatal when the ssh server is unable to be configured successfully
    * Improve lost packet statistics
    * Honor remote_allow_list in hole punch response
  - remove patch fix-CVE-2025-22869.patch, fixed upstream
* Sat Oct 11 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to version 1.9.7:
    * Disable sending recv_error messages when a packet is received outside the
      allowable counter window
    * Improve error messages and remove some unnecessary fatal conditions in the
      generic udp listener
* Wed Jul 23 2025 Richard Rahl <rrahl0@opensuse.org>
  - update to version 1.9.6:
    * Support dropping inactive tunnels. This is disabled by default
    * Ensure the same relay tunnel is always used when multiple relay
      tunnels are present
    * Fix relay migration panic
* Wed Mar 12 2025 Richard Rahl <rrahl0@opensuse.org>
  - add patch fix-CVE-2025-22869.patch, fixes bsc#1239387
* Fri Dec 06 2024 Richard Rahl <rrahl0@opensuse.org>
  - update to 1.9.5:
    * Backport reestablish relays from cert-v2 to release-1.9
    * do not panic when loading a V2 CA certificate
* Tue Sep 10 2024 Richard Rahl <rrahl0@opensuse.org>
  - update to 1.9.4:
    * Support UDP dialing with gVisor
    * Make some Nebula state programmatically available via control object
    * Switch internal representation of IPs to netip, to prepare for IPv6 support
    * Various dependency updates
    * Fix a bug on big endian hosts, like mips
    * Fix a rare panic if a local index collision happens
    * Fix integer wraparound in the calculation of handshake timeouts on 32-bit
  - build the binaries non statically
  - remove enable-pie.patch as it's not needed anymore, since we build the binaries
    manually, not using the Makefile anymore
* Fri Jun 07 2024 Richard Rahl <rrahl0@disroot.org>
  - update to version 1.9.3:
    * Initialize messageCounter to 2 instead of verifying later
* Mon Jun 03 2024 Richard Rahl <rrahl0@disroot.org>
  - update to version 1.9.2:
    * Ensure messageCounter is set before handshake is complete
* Wed May 29 2024 Richard Rahl <rrahl0@disroot.org>
  - update to version 1.9.1:
    * Fixed a potential deadlock in GetOrHandshake
* Thu May 16 2024 Richard Rahl <rrahl0@disroot.org>
  - update to version 1.9.0:
    * This release adds a new setting default_local_cidr_any that defaults to
      true to match previous behavior, but will default to false in the next
      release (1.10)
    * Added example service script for OpenRC
    * The SSH daemon now supports inlined host keys
    * The SSH daemon now supports certificates with sshd.trusted_cas
    * Config setting tun.unsafe_routes is now reloadable
    * Support for the deprecated local_range option has been removed
    * Remove the TCP round trip tracking metrics, as they never had correct data
    * Fixed a potential deadlock introduced in 1.8.1
    * Fixed support for Linux when IPv6 has been disabled at the OS level
    * DNS will return NXDOMAIN now when there are no results
    * Allow :: in lighthouse.dns.host
    * Capitalization of NotAfter fixed in DNS TXT response
    * Don't log invalid certificates. It is untrusted data and can cause a large
      volume of logs
* Tue Apr 09 2024 Richard Rahl <rrahl0@proton.me>
  - initial packaging

Files

/usr/bin/nebula-cert
/usr/share/licenses/nebula-cert
/usr/share/licenses/nebula-cert/LICENSE

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jan 3 23:02:08 2026