diff --git a/dlc.dat b/dlc.dat index 85ce820..98a0996 100644 --- a/dlc.dat +++ b/dlc.dat @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:af7a202728ceab4e049eb38cba31136ef3d7eca7bf56e62fba10eaa7117820c7 -size 1783159 +oid sha256:6c69c83e0d9ee39cb0674515ce1668a411b9824a1c6314291d77bc83cd0c6d56 +size 2245011 diff --git a/fix-CVE-2025-47911.patch b/fix-CVE-2025-47911.patch new file mode 100644 index 0000000..793c109 --- /dev/null +++ b/fix-CVE-2025-47911.patch @@ -0,0 +1,24 @@ +diff -Nur v2ray-core-5.40.0/go.mod v2ray-core-5.40.0-new/go.mod +--- v2ray-core-5.40.0/go.mod 2025-10-04 02:48:03.000000000 +0800 ++++ v2ray-core-5.40.0-new/go.mod 2025-10-08 21:22:52.425457464 +0800 +@@ -38,7 +38,7 @@ + go.starlark.net v0.0.0-20230612165344-9532f5667272 + go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35 + golang.org/x/crypto v0.42.0 +- golang.org/x/net v0.44.0 ++ golang.org/x/net v0.45.0 + golang.org/x/sync v0.17.0 + golang.org/x/sys v0.36.0 + google.golang.org/grpc v1.75.1 +diff -Nur v2ray-core-5.40.0/go.sum v2ray-core-5.40.0-new/go.sum +--- v2ray-core-5.40.0/go.sum 2025-10-04 02:48:03.000000000 +0800 ++++ v2ray-core-5.40.0-new/go.sum 2025-10-08 21:22:52.429457454 +0800 +@@ -655,6 +655,8 @@ + golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= + golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= + golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= ++golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM= ++golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= + golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= + golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= + golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/geoip.dat b/geoip.dat index 12d13b4..216f284 100644 --- a/geoip.dat +++ b/geoip.dat @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:da84c95fcc09bdb60334cf4ff0d26e6ff1c3d7906a9c5c91d69556a425558677 -size 9574793 +oid sha256:735786c00694313090c5d525516463836167422b132ce293873443613b496e92 +size 21013265 diff --git a/v2ray-core-5.18.0.tar.gz b/v2ray-core-5.18.0.tar.gz deleted file mode 100644 index b7b25f2..0000000 --- a/v2ray-core-5.18.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:15acf65228867d47dcab27f87af048a2f0e6ed5d347a2e68730d30ae2a3871eb -size 1064425 diff --git a/v2ray-core-5.40.0.tar.gz b/v2ray-core-5.40.0.tar.gz new file mode 100644 index 0000000..e802627 --- /dev/null +++ b/v2ray-core-5.40.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14e333c7454781f0b44fe9cba1616e25accfb04cf0d9d31db7acdd33e2e8d0ac +size 1109413 diff --git a/v2ray-core.changes b/v2ray-core.changes index 2aaccfa..7191700 100644 --- a/v2ray-core.changes +++ b/v2ray-core.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Wed Oct 8 13:30:29 UTC 2025 - Hillwood Yang + +- Fix CVE-2025-47911 and boo#1251404 + * Add fix-CVE-2025-47911.patch + * Update golang.org/x/net to 0.45.0 in vendor + +------------------------------------------------------------------- +Tue Sep 9 15:14:22 UTC 2025 - Hillwood Yang + +- Update version to 5.38.0 + * TLSMirror Connection Enrollment System + * Add TLSMirror Sequence Watermarking + * LSMirror developer preview protocol is now a part of mainline V2Ray + * proxy dns with NOTIMP error + * Add TLSMirror looks like TLS censorship resistant transport protocol + as a developer preview transport + * proxy dns with NOTIMP error + * fix false success from SOCKS server when Dispatch() fails + * HTTP inbound: Directly forward plain HTTP 1xx response header + * add a option to override domain used to query https record + * Fix bugs + * Update vendor + +------------------------------------------------------------------- +Mon Jun 2 12:53:55 UTC 2025 - Hillwood Yang + +- Update version to 5.33.0 + * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) + * Update other vendor source + +------------------------------------------------------------------- +Sun May 4 08:35:24 UTC 2025 - Hillwood Yang + +- Update version to 5.31.0 + * Add Dns Proxy Response TTL Control + * Fix call newError Base with a nil value error + * Update vendor (boo#1235164) + +------------------------------------------------------------------- +Sun Apr 6 04:47:00 UTC 2025 - Marguerite Su + +- Update version to 5.29.3 + * Enable restricted mode load for http protocol client + * Correctly implement QUIC sniffer when handling multiple initial packets + * Fix unreleased cache buffer in QUIC sniffing + * A temporary testing fix for the buffer corruption issue + * QUIC Sniffer Restructure + +------------------------------------------------------------------- +Fri Nov 22 12:44:43 UTC 2024 - Hillwood Yang + +- Update version to 5.22.0 + * Add packetEncoding for Hysteria + * Add ECH Client Support + * Add support for parsing some shadowsocks links + * Add Mekya Transport + * Fix bugs + ------------------------------------------------------------------- Fri Sep 13 12:02:49 UTC 2024 - Hillwood Yang diff --git a/v2ray-core.spec b/v2ray-core.spec index e5e382b..536795e 100644 --- a/v2ray-core.spec +++ b/v2ray-core.spec @@ -1,7 +1,7 @@ # # spec file for package v2ray-core # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,7 +25,7 @@ %define import_path github.com/v2fly/v2ray-core/v5 Name: v2ray-core -Version: 5.18.0 +Version: 5.40.0 Release: 0 Summary: Network tools for building a computer network License: MIT @@ -39,6 +39,7 @@ Source4: https://github.com/v2fly/geoip/raw/release/geoip.dat Source5: https://github.com/v2fly/domain-list-community/raw/release/dlc.dat Source6: https://github.com/v2fly/v2ray-core/releases/download/v%{version}/v2ray-extra.zip Source99: %{name}-rpmlintrc +Patch0: fix-CVE-2025-47911.patch BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros @@ -68,6 +69,7 @@ This package provide source code for %{repo} %prep %setup -q -a1 -a6 -n %{repo}-%{version} +%patch -P 0 -p1 %build export GO111MODULE=off diff --git a/v2ray-extra.zip b/v2ray-extra.zip index 1929e20..8d4c2de 100644 --- a/v2ray-extra.zip +++ b/v2ray-extra.zip @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:d1327fb2956300f805a4d35357822bca91ef621f134e499fcde3d5eb1b449cf4 +oid sha256:abb1a1805f93ab352a85e38f565cee8956febf97d2edfc08a1309654ec881c02 size 296846 diff --git a/vendor.tar.gz b/vendor.tar.gz index c494c58..8430876 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2cbcccccc94656ea5f9e0f3e113d14ef813e80b403f41ac4f2763dfb3915d1b8 -size 8966960 +oid sha256:2b47495a1c058b741f03627e827093d7036967973e4ad5d799221242f324e58a +size 8273389