Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package wireguard-tools for openSUSE:Factory
checked in at 2026-03-10 17:58:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wireguard-tools (Old)
and /work/SRC/openSUSE:Factory/.wireguard-tools.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireguard-tools"
Tue Mar 10 17:58:26 2026 rev:21 rq:1337993 version:1.0.20260223
Changes:
--------
--- /work/SRC/openSUSE:Factory/wireguard-tools/wireguard-tools.changes
2025-07-15 16:47:12.099927062 +0200
+++
/work/SRC/openSUSE:Factory/.wireguard-tools.new.8177/wireguard-tools.changes
2026-03-10 19:00:54.839336062 +0100
@@ -1,0 +2,15 @@
+Sat Mar 7 07:46:09 UTC 2026 - Martin Hauke <[email protected]>
+
+- Update to version 1.0.20260223
+ * syncconf: account for persistent keepalive removed from config
+ file.
+ * config: preserve const correctness.
+ * [email protected]: add deps on wg-quick.target.
+ * wg-quick: linux: do not unnecessarily set sysctl.
+ * wg-quick: use addconf instead of setconf.
+ * wg-quick: linux: deal with resolvconf migration more gracefully.
+ * wg-quick: pass on # comments to {Pre,Post}{Up,Down}.
+ * syncconf: account for psks removed from config file.
+ * wg-quick: linux: use smallest mtu, not largest.
+
+-------------------------------------------------------------------
Old:
----
wireguard-tools-1.0.20250521.tar.asc
wireguard-tools-1.0.20250521.tar.xz
New:
----
wireguard-tools-1.0.20260223.tar.asc
wireguard-tools-1.0.20260223.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wireguard-tools.spec ++++++
--- /var/tmp/diff_new_pack.eX16hL/_old 2026-03-10 19:00:56.911421137 +0100
+++ /var/tmp/diff_new_pack.eX16hL/_new 2026-03-10 19:00:56.935422122 +0100
@@ -1,8 +1,8 @@
#
# spec file for package wireguard-tools
#
-# Copyright (c) 2025 SUSE LLC
-# Copyright (c) 2020-2025, Martin Hauke <[email protected]>
+# Copyright (c) 2026 SUSE LLC and contributors
+# Copyright (c) 2020-2026, Martin Hauke <[email protected]>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
Name: wireguard-tools
-Version: 1.0.20250521
+Version: 1.0.20260223
Release: 0
Summary: WireGuard userspace tools
License: GPL-2.0-only
++++++ wireguard-tools-1.0.20250521.tar.xz ->
wireguard-tools-1.0.20260223.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20250521/src/config.c
new/wireguard-tools-1.0.20260223/src/config.c
--- old/wireguard-tools-1.0.20250521/src/config.c 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/config.c 2026-02-23
23:24:27.000000000 +0100
@@ -506,8 +506,9 @@
bool config_read_line(struct config_ctx *ctx, const char *input)
{
size_t len, cleaned_len = 0;
- char *line, *comment;
+ const char *comment;
bool ret = true;
+ char *line;
/* This is what strchrnul is for, but that isn't portable. */
comment = strchr(input, COMMENT_CHAR);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20250521/src/setconf.c
new/wireguard-tools-1.0.20260223/src/setconf.c
--- old/wireguard-tools-1.0.20250521/src/setconf.c 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/setconf.c 2026-02-23
23:24:27.000000000 +0100
@@ -13,15 +13,15 @@
#include "ipc.h"
#include "subcommands.h"
-struct pubkey_origin {
- uint8_t *pubkey;
+struct peer_origin {
+ struct wgpeer *peer;
bool from_file;
};
-static int pubkey_cmp(const void *first, const void *second)
+static int peer_cmp(const void *first, const void *second)
{
- const struct pubkey_origin *a = first, *b = second;
- int ret = memcmp(a->pubkey, b->pubkey, WG_KEY_LEN);
+ const struct peer_origin *a = first, *b = second;
+ int ret = memcmp(a->peer->public_key, b->peer->public_key, WG_KEY_LEN);
if (ret)
return ret;
return a->from_file - b->from_file;
@@ -31,7 +31,7 @@
{
struct wgdevice *runtime;
struct wgpeer *peer;
- struct pubkey_origin *pubkeys;
+ struct peer_origin *peers;
size_t peer_count = 0, i = 0;
if (!file->first_peer)
@@ -55,46 +55,61 @@
for_each_wgpeer(runtime, peer)
++peer_count;
- pubkeys = calloc(peer_count, sizeof(*pubkeys));
- if (!pubkeys) {
+ peers = calloc(peer_count, sizeof(*peers));
+ if (!peers) {
free_wgdevice(runtime);
- perror("Public key allocation");
+ perror("Peer list allocation");
return false;
}
for_each_wgpeer(file, peer) {
- pubkeys[i].pubkey = peer->public_key;
- pubkeys[i].from_file = true;
+ peers[i].peer = peer;
+ peers[i].from_file = true;
++i;
}
for_each_wgpeer(runtime, peer) {
- pubkeys[i].pubkey = peer->public_key;
- pubkeys[i].from_file = false;
+ peers[i].peer = peer;
+ peers[i].from_file = false;
++i;
}
- qsort(pubkeys, peer_count, sizeof(*pubkeys), pubkey_cmp);
+ qsort(peers, peer_count, sizeof(*peers), peer_cmp);
for (i = 0; i < peer_count; ++i) {
- if (pubkeys[i].from_file)
+ if (peers[i].from_file)
continue;
- if (i == peer_count - 1 || !pubkeys[i + 1].from_file ||
memcmp(pubkeys[i].pubkey, pubkeys[i + 1].pubkey, WG_KEY_LEN)) {
+ if (i == peer_count - 1 || !peers[i + 1].from_file ||
memcmp(peers[i].peer->public_key, peers[i + 1].peer->public_key, WG_KEY_LEN)) {
peer = calloc(1, sizeof(struct wgpeer));
if (!peer) {
free_wgdevice(runtime);
- free(pubkeys);
+ free(peers);
perror("Peer allocation");
return false;
}
peer->flags = WGPEER_REMOVE_ME;
- memcpy(peer->public_key, pubkeys[i].pubkey, WG_KEY_LEN);
+ memcpy(peer->public_key, peers[i].peer->public_key,
WG_KEY_LEN);
peer->next_peer = file->first_peer;
file->first_peer = peer;
if (!file->last_peer)
file->last_peer = peer;
+ } else {
+ if (i < peer_count - 1 && peers[i + 1].from_file &&
+ (peers[i].peer->flags & WGPEER_HAS_PRESHARED_KEY) &&
+ !(peers[i + 1].peer->flags &
WGPEER_HAS_PRESHARED_KEY) &&
+ !memcmp(peers[i].peer->public_key, peers[i +
1].peer->public_key, WG_KEY_LEN)) {
+ memset(peers[i + 1].peer->preshared_key, 0,
WG_KEY_LEN);
+ peers[i + 1].peer->flags |=
WGPEER_HAS_PRESHARED_KEY;
+ }
+ if (i < peer_count - 1 && peers[i + 1].from_file &&
+ peers[i].peer->persistent_keepalive_interval &&
+ !(peers[i + 1].peer->flags &
WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL) &&
+ !memcmp(peers[i].peer->public_key, peers[i +
1].peer->public_key, WG_KEY_LEN)) {
+ peers[i +
1].peer->persistent_keepalive_interval = 0;
+ peers[i + 1].peer->flags |=
WGPEER_HAS_PERSISTENT_KEEPALIVE_INTERVAL;
+ }
}
}
free_wgdevice(runtime);
- free(pubkeys);
+ free(peers);
return true;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20250521/src/systemd/[email protected]
new/wireguard-tools-1.0.20260223/src/systemd/[email protected]
--- old/wireguard-tools-1.0.20250521/src/systemd/[email protected]
2025-05-21 01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/systemd/[email protected]
2026-02-23 23:24:27.000000000 +0100
@@ -1,5 +1,6 @@
[Unit]
Description=WireGuard via wg-quick(8) for %I
+Before=wg-quick.target
After=network-online.target nss-lookup.target
Wants=network-online.target nss-lookup.target
PartOf=wg-quick.target
@@ -19,4 +20,4 @@
Environment=WG_ENDPOINT_RESOLUTION_RETRIES=infinity
[Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target wg-quick.target
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20250521/src/version.h
new/wireguard-tools-1.0.20260223/src/version.h
--- old/wireguard-tools-1.0.20250521/src/version.h 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/version.h 2026-02-23
23:24:27.000000000 +0100
@@ -1,3 +1,3 @@
#ifndef WIREGUARD_TOOLS_VERSION
-#define WIREGUARD_TOOLS_VERSION "1.0.20250521"
+#define WIREGUARD_TOOLS_VERSION "1.0.20260223"
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20250521/src/wg-quick/android.c
new/wireguard-tools-1.0.20260223/src/wg-quick/android.c
--- old/wireguard-tools-1.0.20250521/src/wg-quick/android.c 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/wg-quick/android.c 2026-02-23
23:24:27.000000000 +0100
@@ -1047,7 +1047,7 @@
static void set_config(const char *iface, const char *config)
{
FILE *config_writer;
- _cleanup_free_ char *cmd = concat("wg setconf ", iface, "
/proc/self/fd/0", NULL);
+ _cleanup_free_ char *cmd = concat("wg addconf ", iface, "
/proc/self/fd/0", NULL);
int ret;
printf("[#] %s\n", cmd);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20250521/src/wg-quick/darwin.bash
new/wireguard-tools-1.0.20260223/src/wg-quick/darwin.bash
--- old/wireguard-tools-1.0.20250521/src/wg-quick/darwin.bash 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/wg-quick/darwin.bash 2026-02-23
23:24:27.000000000 +0100
@@ -62,6 +62,7 @@
stripped="${line%%\#*}"
key="${stripped%%=*}"; key="${key##*([[:space:]])}";
key="${key%%*([[:space:]])}"
value="${stripped#*=}"; value="${value##*([[:space:]])}";
value="${value%%*([[:space:]])}"
+ unstripped_value="${line#*=}";
unstripped_value="${unstripped_value##*([[:space:]])}";
unstripped_value="${unstripped_value%%*([[:space:]])}"
[[ $key == "["* ]] && interface_section=0
[[ $key == "[Interface]" ]] && interface_section=1
if [[ $interface_section -eq 1 ]]; then
@@ -72,10 +73,10 @@
[[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v
) || DNS_SEARCH+=( $v )
done; continue ;;
Table) TABLE="$value"; continue ;;
- PreUp) PRE_UP+=( "$value" ); continue ;;
- PreDown) PRE_DOWN+=( "$value" ); continue ;;
- PostUp) POST_UP+=( "$value" ); continue ;;
- PostDown) POST_DOWN+=( "$value" ); continue ;;
+ PreUp) PRE_UP+=( "$unstripped_value" ); continue ;;
+ PreDown) PRE_DOWN+=( "$unstripped_value" ); continue ;;
+ PostUp) POST_UP+=( "$unstripped_value" ); continue ;;
+ PostDown) POST_DOWN+=( "$unstripped_value" ); continue
;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
fi
@@ -369,7 +370,7 @@
}
set_config() {
- cmd wg setconf "$REAL_INTERFACE" <(echo "$WG_CONFIG")
+ cmd wg addconf "$REAL_INTERFACE" <(echo "$WG_CONFIG")
}
save_config() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20250521/src/wg-quick/freebsd.bash
new/wireguard-tools-1.0.20260223/src/wg-quick/freebsd.bash
--- old/wireguard-tools-1.0.20250521/src/wg-quick/freebsd.bash 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/wg-quick/freebsd.bash 2026-02-23
23:24:27.000000000 +0100
@@ -80,6 +80,7 @@
stripped="${line%%\#*}"
key="${stripped%%=*}"; key="${key##*([[:space:]])}";
key="${key%%*([[:space:]])}"
value="${stripped#*=}"; value="${value##*([[:space:]])}";
value="${value%%*([[:space:]])}"
+ unstripped_value="${line#*=}";
unstripped_value="${unstripped_value##*([[:space:]])}";
unstripped_value="${unstripped_value%%*([[:space:]])}"
[[ $key == "["* ]] && interface_section=0
[[ $key == "[Interface]" ]] && interface_section=1
if [[ $interface_section -eq 1 ]]; then
@@ -90,10 +91,10 @@
[[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v
) || DNS_SEARCH+=( $v )
done; continue ;;
Table) TABLE="$value"; continue ;;
- PreUp) PRE_UP+=( "$value" ); continue ;;
- PreDown) PRE_DOWN+=( "$value" ); continue ;;
- PostUp) POST_UP+=( "$value" ); continue ;;
- PostDown) POST_DOWN+=( "$value" ); continue ;;
+ PreUp) PRE_UP+=( "$unstripped_value" ); continue ;;
+ PreDown) PRE_DOWN+=( "$unstripped_value" ); continue ;;
+ PostUp) POST_UP+=( "$unstripped_value" ); continue ;;
+ PostDown) POST_DOWN+=( "$unstripped_value" ); continue
;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
fi
@@ -337,7 +338,7 @@
}
set_config() {
- echo "$WG_CONFIG" | cmd wg setconf "$INTERFACE" /dev/stdin
+ echo "$WG_CONFIG" | cmd wg addconf "$INTERFACE" /dev/stdin
}
save_config() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/wireguard-tools-1.0.20250521/src/wg-quick/linux.bash
new/wireguard-tools-1.0.20260223/src/wg-quick/linux.bash
--- old/wireguard-tools-1.0.20250521/src/wg-quick/linux.bash 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/wg-quick/linux.bash 2026-02-23
23:24:27.000000000 +0100
@@ -51,6 +51,7 @@
stripped="${line%%\#*}"
key="${stripped%%=*}"; key="${key##*([[:space:]])}";
key="${key%%*([[:space:]])}"
value="${stripped#*=}"; value="${value##*([[:space:]])}";
value="${value%%*([[:space:]])}"
+ unstripped_value="${line#*=}";
unstripped_value="${unstripped_value##*([[:space:]])}";
unstripped_value="${unstripped_value%%*([[:space:]])}"
[[ $key == "["* ]] && interface_section=0
[[ $key == "[Interface]" ]] && interface_section=1
if [[ $interface_section -eq 1 ]]; then
@@ -61,10 +62,10 @@
[[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v
) || DNS_SEARCH+=( $v )
done; continue ;;
Table) TABLE="$value"; continue ;;
- PreUp) PRE_UP+=( "$value" ); continue ;;
- PreDown) PRE_DOWN+=( "$value" ); continue ;;
- PostUp) POST_UP+=( "$value" ); continue ;;
- PostDown) POST_DOWN+=( "$value" ); continue ;;
+ PreUp) PRE_UP+=( "$unstripped_value" ); continue ;;
+ PreDown) PRE_DOWN+=( "$unstripped_value" ); continue ;;
+ PostUp) POST_UP+=( "$unstripped_value" ); continue ;;
+ PostDown) POST_DOWN+=( "$unstripped_value" ); continue
;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
fi
@@ -123,7 +124,7 @@
}
set_mtu_up() {
- local mtu=0 endpoint output
+ local mtu=2147483647 endpoint output
if [[ -n $MTU ]]; then
cmd ip link set mtu "$MTU" up dev "$INTERFACE"
return
@@ -131,18 +132,18 @@
while read -r _ endpoint; do
[[ $endpoint =~ ^\[?([a-z0-9:.]+)\]?:[0-9]+$ ]] || continue
output="$(ip route get "${BASH_REMATCH[1]}" || true)"
- [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) &&
$(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) &&
${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
+ [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) &&
$(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) &&
${BASH_REMATCH[1]} -lt $mtu ]] && mtu="${BASH_REMATCH[1]}"
done < <(wg show "$INTERFACE" endpoints)
- if [[ $mtu -eq 0 ]]; then
+ if [[ $mtu -eq 2147483647 ]]; then
read -r output < <(ip route show default || true) || true
- [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) &&
$(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) &&
${BASH_REMATCH[1]} -gt $mtu ]] && mtu="${BASH_REMATCH[1]}"
+ [[ ( $output =~ mtu\ ([0-9]+) || ( $output =~ dev\ ([^ ]+) &&
$(ip link show dev "${BASH_REMATCH[1]}") =~ mtu\ ([0-9]+) ) ) &&
${BASH_REMATCH[1]} -lt $mtu ]] && mtu="${BASH_REMATCH[1]}"
fi
- [[ $mtu -gt 0 ]] || mtu=1500
+ [[ $mtu -gt 0 && $mtu -lt 2147483647 ]] || mtu=1500
cmd ip link set mtu $(( mtu - 80 )) up dev "$INTERFACE"
}
resolvconf_iface_prefix() {
- [[ -f /etc/resolvconf/interface-order ]] || return 0
+ [[ -f /etc/resolvconf/interface-order && ! -L $(type -P resolvconf) ]]
|| return 0
local iface
while read -r iface; do
[[ $iface =~ ^([A-Za-z0-9-]+)\*$ ]] || continue
@@ -237,7 +238,7 @@
printf -v restore '%sCOMMIT\n*mangle\n-I POSTROUTING -m mark --mark %d
-p udp -j CONNMARK --save-mark %s\n-I PREROUTING -p udp -j CONNMARK
--restore-mark %s\nCOMMIT\n' "$restore" $table "$marker" "$marker"
printf -v nftcmd '%sadd rule %s %s postmangle meta l4proto udp mark %d
ct mark set mark \n' "$nftcmd" "$pf" "$nftable" $table
printf -v nftcmd '%sadd rule %s %s premangle meta l4proto udp meta mark
set ct mark \n' "$nftcmd" "$pf" "$nftable"
- [[ $proto == -4 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
+ [[ $proto == -4 ]] && [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark)
-ne 1 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
if type -p nft >/dev/null; then
cmd nft -f <(echo -n "$nftcmd")
else
@@ -248,7 +249,7 @@
}
set_config() {
- cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG")
+ cmd wg addconf "$INTERFACE" <(echo "$WG_CONFIG")
}
save_config() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/wireguard-tools-1.0.20250521/src/wg-quick/openbsd.bash
new/wireguard-tools-1.0.20260223/src/wg-quick/openbsd.bash
--- old/wireguard-tools-1.0.20250521/src/wg-quick/openbsd.bash 2025-05-21
01:05:38.000000000 +0200
+++ new/wireguard-tools-1.0.20260223/src/wg-quick/openbsd.bash 2026-02-23
23:24:27.000000000 +0100
@@ -52,6 +52,7 @@
stripped="${line%%\#*}"
key="${stripped%%=*}"; key="${key##*([[:space:]])}";
key="${key%%*([[:space:]])}"
value="${stripped#*=}"; value="${value##*([[:space:]])}";
value="${value%%*([[:space:]])}"
+ unstripped_value="${line#*=}";
unstripped_value="${unstripped_value##*([[:space:]])}";
unstripped_value="${unstripped_value%%*([[:space:]])}"
[[ $key == "["* ]] && interface_section=0
[[ $key == "[Interface]" ]] && interface_section=1
if [[ $interface_section -eq 1 ]]; then
@@ -62,10 +63,10 @@
[[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v
) || DNS_SEARCH+=( $v )
done; continue ;;
Table) TABLE="$value"; continue ;;
- PreUp) PRE_UP+=( "$value" ); continue ;;
- PreDown) PRE_DOWN+=( "$value" ); continue ;;
- PostUp) POST_UP+=( "$value" ); continue ;;
- PostDown) POST_DOWN+=( "$value" ); continue ;;
+ PreUp) PRE_UP+=( "$unstripped_value" ); continue ;;
+ PreDown) PRE_DOWN+=( "$unstripped_value" ); continue ;;
+ PostUp) POST_UP+=( "$unstripped_value" ); continue ;;
+ PostDown) POST_DOWN+=( "$unstripped_value" ); continue
;;
SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;;
esac
fi
@@ -337,7 +338,7 @@
}
set_config() {
- cmd wg setconf "$REAL_INTERFACE" <(echo "$WG_CONFIG")
+ cmd wg addconf "$REAL_INTERFACE" <(echo "$WG_CONFIG")
}
save_config() {
