diff --git a/shadowsocks-libev/Makefile b/shadowsocks-libev/Makefile index 2becc8231797..1fac15aa539f 100644 --- a/shadowsocks-libev/Makefile +++ b/shadowsocks-libev/Makefile @@ -17,10 +17,11 @@ PKG_VERSION:=3.3.5 PKG_RELEASE:=13 PKG_SOURCE_PROTO:=git -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git -PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254 -PKG_MIRROR_HASH:=6ff973af37c20cf0430f106d360b94b8b91df6dd8d7be3908ee84b5a86c3319f +PKG_SOURCE_DATE:=2025-1-20 +PKG_SOURCE_VERSION:=9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6 +PKG_MIRROR_HASH:=575b21803b28db8ab59ecbdb2cf21c4282881507b3a4267cc24f55bad12819cb +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz PKG_MAINTAINER:=Yousong Zhou diff --git a/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch b/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch index 6dc1c5692c75..1c164a95c159 100644 --- a/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch +++ b/shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch @@ -11,11 +11,9 @@ Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on src/tunnel.c | 16 ++++++++-------- 4 files changed, 32 insertions(+), 32 deletions(-) -diff --git a/src/local.c b/src/local.c -index fa1ca7b..51f62c4 100644 --- a/src/local.c +++ b/src/local.c -@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const char *port) +@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const } } @@ -45,11 +43,9 @@ index fa1ca7b..51f62c4 100644 server_t *server = new_server(serverfd); server->listener = listener; -diff --git a/src/redir.c b/src/redir.c -index d36fe3f..86b7238 100644 --- a/src/redir.c +++ b/src/redir.c -@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const char *port) +@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const LOGI("tcp tproxy mode enabled"); } @@ -79,11 +75,9 @@ index d36fe3f..86b7238 100644 int index = rand() % listener->remote_num; struct sockaddr *remote_addr = listener->remote_addr[index]; -diff --git a/src/server.c b/src/server.c -index 73b6599..ef347a5 100644 --- a/src/server.c +++ b/src/server.c -@@ -620,6 +620,14 @@ create_and_bind(const char *host, const char *port, int mptcp) +@@ -620,6 +620,14 @@ create_and_bind(const char *host, const } } @@ -113,11 +107,9 @@ index 73b6599..ef347a5 100644 setnonblocking(serverfd); server_t *server = new_server(serverfd, listener); -diff --git a/src/tunnel.c b/src/tunnel.c -index 99ed412..9f0dd57 100644 --- a/src/tunnel.c +++ b/src/tunnel.c -@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const char *port) +@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const } } @@ -147,6 +139,3 @@ index 99ed412..9f0dd57 100644 int index = rand() % listener->remote_num; struct sockaddr *remote_addr = listener->remote_addr[index]; --- -2.39.5 - diff --git a/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch b/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch deleted file mode 100644 index 9616ee9e484a..000000000000 --- a/shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch +++ /dev/null @@ -1,232 +0,0 @@ -From 2b33e8e6778db08624dbf8ec6fe1e8f7b1a4bee8 Mon Sep 17 00:00:00 2001 -From: Lu jicong -Date: Fri, 10 Jan 2025 22:05:31 +0800 -Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue - -Fix mbedtls 3.6 compatibility - -Co-authored-by: Zxl hhyccc -Signed-off-by: Lu jicong ---- - m4/mbedtls.m4 | 20 ++++++++++++++++++++ - src/aead.c | 23 +++++++++++------------ - src/crypto.c | 2 +- - src/crypto.h | 1 - - src/stream.c | 51 ++++++--------------------------------------------- - 5 files changed, 38 insertions(+), 59 deletions(-) - -diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4 -index 2c478b9..a795790 100644 ---- a/m4/mbedtls.m4 -+++ b/m4/mbedtls.m4 -@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_CIPHER_MODE_CFB -@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_ARC4_C -@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_BLOWFISH_C -@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ -+#include -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+#include -+#else - #include -+#endif - ]], - [[ - #ifndef MBEDTLS_CAMELLIA_C -diff --git a/src/aead.c b/src/aead.c -index 358ec93..73349da 100644 ---- a/src/aead.c -+++ b/src/aead.c -@@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, - // Otherwise, just use the mbedTLS one with crappy AES-NI. - case AES192GCM: - case AES128GCM: -- -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen, c, clen, c + mlen, tlen); -+#else -+ err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, -+ m, mlen, c, mlen + tlen, clen, tlen); -+#endif - *clen += tlen; - break; - case CHACHA20POLY1305IETF: -@@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, - // Otherwise, just use the mbedTLS one with crappy AES-NI. - case AES192GCM: - case AES128GCM: -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 - err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, - m, mlen - tlen, p, plen, m + mlen - tlen, tlen); -+#else -+ err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, -+ m, mlen, p, mlen - tlen, plen, tlen); -+#endif - break; - case CHACHA20POLY1305IETF: - err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, -@@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key) - cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); - memset(cipher, 0, sizeof(cipher_t)); - -- if (method >= CHACHA20POLY1305IETF) { -- cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); -- cipher->info = cipher_info; -- cipher->info->base = NULL; -- cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; -- cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; -- } else { -- cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); -- } -- -- if (cipher->info == NULL && cipher->key_len == 0) { -+ if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) { - LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]); - FATAL("Cannot initialize cipher"); - } -diff --git a/src/crypto.c b/src/crypto.c -index b44d867..76c426b 100644 ---- a/src/crypto.c -+++ b/src/crypto.c -@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) - if (md == NULL) { - md = m; - } --#if MBEDTLS_VERSION_NUMBER >= 0x02070000 -+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 - if (mbedtls_md5_ret(d, n, md) != 0) - FATAL("Failed to calculate MD5"); - #else -diff --git a/src/crypto.h b/src/crypto.h -index 1791551..7070793 100644 ---- a/src/crypto.h -+++ b/src/crypto.h -@@ -97,7 +97,6 @@ typedef struct buffer { - typedef struct { - int method; - int skey; -- cipher_kt_t *info; - size_t nonce_len; - size_t key_len; - size_t tag_len; -diff --git a/src/stream.c b/src/stream.c -index 35d9050..b2e2cea 100644 ---- a/src/stream.c -+++ b/src/stream.c -@@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, - return 0; - } - --int --cipher_nonce_size(const cipher_t *cipher) --{ -- if (cipher == NULL) { -- return 0; -- } -- return cipher->info->iv_size; --} -- --int --cipher_key_size(const cipher_t *cipher) --{ -- /* -- * Semi-API changes (technically public, morally prnonceate) -- * Renamed a few headers to include _internal in the name. Those headers are -- * not supposed to be included by users. -- * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). -- * Changed pk_info_t into an opaque structure. -- * Changed cipher_base_t into an opaque structure. -- */ -- if (cipher == NULL) { -- return 0; -- } -- /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ -- return cipher->info->key_bitlen / 8; --} -- - const cipher_kt_t * - stream_get_cipher_type(int method) - { -@@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key) - cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); - memset(cipher, 0, sizeof(cipher_t)); - -- if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { -- cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); -- cipher->info = cipher_info; -- cipher->info->base = NULL; -- cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; -- cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; -- } else { -- cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); -- } -- -- if (cipher->info == NULL && cipher->key_len == 0) { -+ if (method < SALSA20 && stream_get_cipher_type(method) == NULL) { - LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]); - FATAL("Cannot initialize cipher"); - } - - if (key != NULL) -- cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher)); -+ cipher->key_len = crypto_parse_key(key, cipher->key, -+ supported_stream_ciphers_key_size[method]); - else -- cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher)); -+ cipher->key_len = crypto_derive_key(pass, cipher->key, -+ supported_stream_ciphers_key_size[method]); - - if (cipher->key_len == 0) { - FATAL("Cannot generate key and NONCE"); - } -- if (method == RC4_MD5) { -- cipher->nonce_len = 16; -- } else { -- cipher->nonce_len = cipher_nonce_size(cipher); -- } -+ cipher->nonce_len = supported_stream_ciphers_nonce_size[method]; - cipher->method = method; - - return cipher; --- -2.39.5 - diff --git a/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch b/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch new file mode 100644 index 000000000000..b911133d2013 --- /dev/null +++ b/shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch @@ -0,0 +1,103 @@ +From f4ee43fa27e00a573d90a8cac68f12655570bbf7 Mon Sep 17 00:00:00 2001 +From: lwb1978 <86697442+lwb1978@users.noreply.github.com> +Date: Tue, 4 Feb 2025 15:51:17 +0800 +Subject: [PATCH] Deprecate load16_be() function in favor to ntohs() function + +--- + src/aead.c | 2 +- + src/local.c | 6 +++--- + src/server.c | 2 +- + src/udprelay.c | 2 +- + src/utils.c | 8 -------- + src/utils.h | 1 - + 6 files changed, 6 insertions(+), 15 deletions(-) + +--- a/src/aead.c ++++ b/src/aead.c +@@ -605,7 +605,7 @@ aead_chunk_decrypt(cipher_ctx_t *ctx, ui + return CRYPTO_ERROR; + assert(*plen == CHUNK_SIZE_LEN); + +- mlen = load16_be(len_buf); ++ mlen = ntohs(*(uint16_t*)len_buf); + mlen = mlen & CHUNK_SIZE_MASK; + + if (mlen == 0) +--- a/src/local.c ++++ b/src/local.c +@@ -390,7 +390,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ + abuf->len += in_addr_len + 2; + + if (acl || verbose) { +- uint16_t p = load16_be(buf->data + request_len + in_addr_len); ++ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in_addr_len)); + if (!inet_ntop(AF_INET, (const void *)(buf->data + request_len), + ip, INET_ADDRSTRLEN)) { + LOGI("inet_ntop(AF_INET): %s", strerror(errno)); +@@ -408,7 +408,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ + abuf->len += name_len + 2; + + if (acl || verbose) { +- uint16_t p = load16_be(buf->data + request_len + 1 + name_len); ++ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + 1 + name_len)); + memcpy(host, buf->data + request_len + 1, name_len); + host[name_len] = '\0'; + sprintf(port, "%d", p); +@@ -422,7 +422,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ + abuf->len += in6_addr_len + 2; + + if (acl || verbose) { +- uint16_t p = load16_be(buf->data + request_len + in6_addr_len); ++ uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in6_addr_len)); + if (!inet_ntop(AF_INET6, (const void *)(buf->data + request_len), + ip, INET6_ADDRSTRLEN)) { + LOGI("inet_ntop(AF_INET6): %s", strerror(errno)); +--- a/src/server.c ++++ b/src/server.c +@@ -1137,7 +1137,7 @@ server_recv_cb(EV_P_ ev_io *w, int reven + return; + } + +- port = ntohs(load16_be(server->buf->data + offset)); ++ port = *(uint16_t*)(server->buf->data + offset); + + offset += 2; + +--- a/src/udprelay.c ++++ b/src/udprelay.c +@@ -316,7 +316,7 @@ parse_udprelay_header(const char *buf, c + } + + if (port != NULL) { +- sprintf(port, "%d", load16_be(buf + offset)); ++ sprintf(port, "%d", ntohs(*(uint16_t*)(buf + offset))); + } + offset += 2; + +--- a/src/utils.c ++++ b/src/utils.c +@@ -571,14 +571,6 @@ get_default_conf(void) + #endif + } + +-uint16_t +-load16_be(const void *s) +-{ +- const uint8_t *in = (const uint8_t *)s; +- return ((uint16_t)in[0] << 8) +- | ((uint16_t)in[1]); +-} +- + int + get_mptcp(int enable) + { +--- a/src/utils.h ++++ b/src/utils.h +@@ -249,7 +249,6 @@ void *ss_realloc(void *ptr, size_t new_s + + int ss_is_ipv6addr(const char *addr); + char *get_default_conf(void); +-uint16_t load16_be(const void *s); + int get_mptcp(int enable); + + #endif // _UTILS_H