------------------------------------------------------------------- Fri Nov 22 13:00:48 UTC 2024 - Hillwood Yang - Update version to 1.21.2 * supports generic I/O socket type * Support OpenBSD Packet-Filter (pf) * Fix bugs ------------------------------------------------------------------- Wed Nov 13 06:18:54 UTC 2024 - Bernhard Wiedemann - Add reproducible.patch to override build date (boo#1047218) ------------------------------------------------------------------- Thu Sep 12 13:19:28 UTC 2024 - Hillwood Yang - Update version to 1.20.4 * Updated rustls to v0.23 with ring backend * local-redir, server: Better approach to check current platform IP stack capabilities like Go (IPv4, IPv6, IPv4-mapped-IPv6 supports) * Explicitly enable dual-stack if listen addresses (server, local_address) are IPv4-mapped-IPv6, by setting IPV6_V6ONLY=0 * PingBalancer check Firefox portal allowing 200 HTTP status * Ping Balancer scores replaced standard deviation with median absolute deviation, which should help focusing less on outlying observations in latency samples * local: Allow configuring SOCKS5 UDP_ASSOCIATE address * ProxyServerStream::from_stream made public * Fix bugs ------------------------------------------------------------------- Sun Jun 16 09:07:43 UTC 2024 - Hillwood Yang - Update version to 1.20.0 * Making HTTP requests with local-http's HttpClient implementation, mainly for supporting outbound_* socket configurations. * Support SIP008 Online Configuration. Pull servers from remote servers automatically. (Experimental) * Add basic, full, full-extra features makes building command line arguments shorter * Binaries support --plugin-mode command line argument * local-tun is enabled by default for Windows targets in CI builds * Fix bugs - Drop fix-boo-1223239.patch, merged by upstream ------------------------------------------------------------------- Mon Apr 22 14:26:29 UTC 2024 - Hillwood Yang - Update version to 1.18.3 * Support outbound_fwmark in server side to split outbound tunnel * Default build for *-windows-* targets includes sswinservice * local-fakedns: Add a basic implementation of Fake-DNS, which will allocate IPs from pool for DNS queries. This experimental feature could be useful when using local-tun, local-redir or other features that could only receive IP destinations, the domain name that is resolved by the Fake-DNS will be translated from IP back to domain name when connecting to the remote * Add launchd_udp_socket_name, launchd_tcp_socket_name to basic config format * local-tun: Support tun_interface_destination configuration key * Default logging framework changed to tracing-subscriber * local: socks local server will support SOCKS5, SOCKS4a, HTTP proxy protocols when local-http, local-socks4 features are enabled * local: Support setting udp_mtu in configuration file to actively reject packet.size > MTU * Fix bugs - Add fix-boo-1223239.patch, fix CVE-2024-32650 boo#1223239 ------------------------------------------------------------------- Wed Dec 13 13:55:57 UTC 2023 - Hillwood Yang - Set permissions as 640 for /etc/shadowsocks (boo#1216372) ------------------------------------------------------------------- Sun Dec 3 09:25:05 UTC 2023 - Hillwood Yang - Update version to 1.17.1 * Trust-DNS is rebranded to Hickory-DNS * Support DNS-over-H3 (Try with configuration "dns": "google_h3" and compile with feature "dns-over-h3") * Allow configuring local-dns client cache size * local-tun supports Windows with Wintun * Upgrade hyper * Fix bugs ------------------------------------------------------------------- Tue Oct 24 14:38:46 UTC 2023 - Hillwood Yang - Fix boo#1216372 and boo#1216373, run systemd service as a dedicated user and group ------------------------------------------------------------------- Mon Sep 25 14:02:49 UTC 2023 - Hillwood Yang - Update version to 1.16.2 * Fix bugs - Update vendor, fix boo#1215658 CVE-2023-42811 ------------------------------------------------------------------- Wed Jun 21 17:34:03 UTC 2023 - Andreas Schwab - Update constraints for riscv64 ------------------------------------------------------------------- Tue Jun 20 06:46:10 UTC 2023 - opensuse-packaging - Add Recommends for shadowsocks-v2ray-plugin - Update systemd services ------------------------------------------------------------------- Mon Jun 19 06:19:16 UTC 2023 - opensuse-packaging - Update version to 1.15.3 * local-tun: Support tun_interface_destination for configuring Tun device's destination address * Support outbound_fwmark, outbound_user_cookie, outbound_bind_interface and outbound_bind_addr in configuration file * AEAD-2022 protoco * SIP002 Extended Format: Allowing unencoded user-info in URL * Manager standalone mode support bypassing ACL files * Allow sslocal run without any servers, which will bypass all connections and packets * "password" is optional for none / plain method * redir-local: Enable dual-stack support on Linux (TProxy) and FreeBSD * Disable md5-asm and sha1-asm: shadowsocks/shadowsocks-crypto * "acl" and "outbound_fwmark" are available in configuration file * Properly handle IPv4-mapped-IPv6 addresses in UDP assocations * Automatically bump RLIMIT_NOFILE on Unix (except Android) * SOCKS5 protocol supports RFC1929 Username/Password Authentication * HKDF-SHA1 uses ring's assembly implementation * Set environment variable SS_SYSTEM_DNS_RESOLVER_FORCE_BUILTIN to use system's builtin DNS resolver * Allow setting "system" in DNS configuration key "dns" to use system provided DNS API * Support setting SO_USER_COOKIE on FreeBSD * Local tun interface refactored the VirtDevice::poll strategy * balancer.check_best_interval could let ping balancer to ping only the choosen best server in this interval * Set a shorter interval in balancer.check_best_interval than balancer.check_interval to check much frequently the best server * efactored local-tun, using smoltcp as a user-space network stack * Support K8S deployment * shadowsocks-crypto switch underlying encryption library to RustCrypto * New binary ssservice with unified features in (sslocal, ssserver and ssmanager) * Removed direct dependency to mio, sending file descriptors through UDS now with sendfd * ACL regular expression rules will try to convert to || (sub-domains) and | (exact match) rules * TCP connects with Happy Eyeballs (RFC6555, RFC8305) strategy * Basic support of tun interface in sslocal (Experimental) Tested on macOS and Linux * Local server will choose remote servers based on their "mode" * ssmanager support --plugin and --plugin-opts as default plugin configurations * ssmanager support starting ssserver in standalone (independent process) mode * ACL support | and || hash-set and domain-tree mode * Support --outbound-bind-interface on Windows * TFO on Linux queue length set to 1024 to match backlogs * Completely remove Replay Attack Protection with Ping-Pong bloom filter in default build configuration * Support Snapcraft * Multi-architecture Docker image for release * Replaced futures::future::abortable with tokio's builtin tokio::task::JoinHandle::abort * Define binaries' exit code with standard in sysexits.h * HTTP local listener supports TCP_NODELAY, SO_KEEPALIVE and dual-stack * Remove slient dropping when replay was detected * Enable TCP Keep Alive for inbound and outbound sockets * Add disabled key for local servers in configuration * Support TFO (TCP Fast Open) on Linux, Windows, macOS (iOS), FreeBSD * Support customizing servers' weight for balancer * HTTP Proxy preserves headers' title case * Support non-standard AEAD ciphers sm4-gcm and sm4-ccm * Support non-standard AEAD ciphers with crypto2, could be enabled by feature aead-cipher-extra * Support protocol in basic configuration format * supports starting multiple instances in the same process * Check repeated salt after first successful decryption * Support setting SO_MARK, SO_BINDTODEVICE on Linux * Support setting SO_SNDBUF and SO_RCVBUF for TCP sockets * Support SIP008 extend server fields server, server_port, remarks * Support sending TCP and UDP queries simutaneously * Support connection reusability * Remove mostly TCP timeout setting for tunnels, connections will only be killed if clients or servers close * Auto-reload DNS resolver configuration from /etc/resolv.conf on *NIX platforms * Allow customizing number of worker-threads for multi-threaded scheduler * Support field disabled in extended server configuration * Support customizing inbound and outbound sockets' SO_SNDBUF and SO_RCVBUF by command line options * Fix bugs ------------------------------------------------------------------- Sat Nov 13 12:01:57 UTC 2021 - opensuse-packaging - Initial package for version 1.8.23