Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package wireguard-tools for openSUSE:Factory
checked in at 2026-06-18 18:44:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/wireguard-tools (Old)
and /work/SRC/openSUSE:Factory/.wireguard-tools.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireguard-tools"
Thu Jun 18 18:44:44 2026 rev:22 rq:1360255 version:1.0.20260223
Changes:
--------
--- /work/SRC/openSUSE:Factory/wireguard-tools/wireguard-tools.changes
2026-03-10 19:00:54.839336062 +0100
+++
/work/SRC/openSUSE:Factory/.wireguard-tools.new.1981/wireguard-tools.changes
2026-06-18 18:45:41.425727830 +0200
@@ -1,0 +2,7 @@
+Thu Jun 18 08:29:05 UTC 2026 - Robert Frohl <[email protected]>
+
+- Remove selinux specific code from dns hatchet, as it allows for a
+ cleaner handling in the selinux policy (bsc#1243148)
+ adding Revert-dns-hatchet-apply-resolv.conf-s-selinux-conte.patch
+
+-------------------------------------------------------------------
New:
----
Revert-dns-hatchet-apply-resolv.conf-s-selinux-conte.patch
----------(New B)----------
New: cleaner handling in the selinux policy (bsc#1243148)
adding Revert-dns-hatchet-apply-resolv.conf-s-selinux-conte.patch
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ wireguard-tools.spec ++++++
--- /var/tmp/diff_new_pack.17nCUo/_old 2026-06-18 18:45:42.657779235 +0200
+++ /var/tmp/diff_new_pack.17nCUo/_new 2026-06-18 18:45:42.661779402 +0200
@@ -28,6 +28,7 @@
Source1:
https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-%{version}.tar.asc
Source99:
https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc#/WireGuard.keyring
Patch1: Support-systemd-resolved-split-dns-setup.patch
+Patch2: Revert-dns-hatchet-apply-resolv.conf-s-selinux-conte.patch
BuildRequires: bash-completion
BuildRequires: pkgconfig
%{?systemd_ordering}
++++++ Revert-dns-hatchet-apply-resolv.conf-s-selinux-conte.patch ++++++
>From e6068d00e8dc5bd878f49aa7257fb709d8a2ef3b Mon Sep 17 00:00:00 2001
From: Robert Frohl <[email protected]>
Date: Thu, 23 Apr 2026 10:33:21 +0200
Subject: [PATCH] Revert "dns-hatchet: apply resolv.conf's selinux context to
new resolv.conf"
This reverts commit 2ce4680bd34f371aacd3c09673c3c907274321cd.
selinux does not allow every domain to set file contexts and will raise
relabelto/relabelfrom AVCs and block these changes if a domain tries to update
the selinux context.
It is better to ignore selinux and leave the proper labeling to the
selinux policy, which can add proper file transitions for the right
context.
This also allows for a cleaner change in the selinux policy, because
otherwise it will need infrastructure to hide the relabel AVCs as well.
For reference please see the selinux policy PR:
https://github.com/fedora-selinux/selinux-policy/pull/3030
Signed-off-by: Robert Frohl <[email protected]>
---
contrib/dns-hatchet/hatchet.bash | 2 --
1 file changed, 2 deletions(-)
diff --git a/contrib/dns-hatchet/hatchet.bash b/contrib/dns-hatchet/hatchet.bash
index bc4d090..6f167cc 100644
--- a/contrib/dns-hatchet/hatchet.bash
+++ b/contrib/dns-hatchet/hatchet.bash
@@ -20,11 +20,9 @@ set_dns() {
[[ ${#DNS_SEARCH[@]} -eq 0 ]] || printf 'search %s\n'
"${DNS_SEARCH[*]}"
} | unshare -m --propagation shared bash -c "$(cat <<-_EOF
set -e
- context="\$(stat -c %C /etc/resolv.conf 2>/dev/null)"
|| unset context
mount --make-private /dev/shm
mount -t tmpfs none /dev/shm
cat > /dev/shm/resolv.conf
- [[ -z \$context || \$context == "?" ]] || chcon
"\$context" /dev/shm/resolv.conf 2>/dev/null || true
mount -o remount,ro /dev/shm
mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
_EOF
--
2.54.0
