Fix cve issue #1
4
dlc.dat
4
dlc.dat
@@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:af7a202728ceab4e049eb38cba31136ef3d7eca7bf56e62fba10eaa7117820c7
|
||||
size 1783159
|
||||
oid sha256:6c69c83e0d9ee39cb0674515ce1668a411b9824a1c6314291d77bc83cd0c6d56
|
||||
size 2245011
|
||||
|
||||
24
fix-CVE-2025-47911.patch
Normal file
24
fix-CVE-2025-47911.patch
Normal file
@@ -0,0 +1,24 @@
|
||||
diff -Nur v2ray-core-5.40.0/go.mod v2ray-core-5.40.0-new/go.mod
|
||||
--- v2ray-core-5.40.0/go.mod 2025-10-04 02:48:03.000000000 +0800
|
||||
+++ v2ray-core-5.40.0-new/go.mod 2025-10-08 21:22:52.425457464 +0800
|
||||
@@ -38,7 +38,7 @@
|
||||
go.starlark.net v0.0.0-20230612165344-9532f5667272
|
||||
go4.org/netipx v0.0.0-20230303233057-f1b76eb4bb35
|
||||
golang.org/x/crypto v0.42.0
|
||||
- golang.org/x/net v0.44.0
|
||||
+ golang.org/x/net v0.45.0
|
||||
golang.org/x/sync v0.17.0
|
||||
golang.org/x/sys v0.36.0
|
||||
google.golang.org/grpc v1.75.1
|
||||
diff -Nur v2ray-core-5.40.0/go.sum v2ray-core-5.40.0-new/go.sum
|
||||
--- v2ray-core-5.40.0/go.sum 2025-10-04 02:48:03.000000000 +0800
|
||||
+++ v2ray-core-5.40.0-new/go.sum 2025-10-08 21:22:52.429457454 +0800
|
||||
@@ -655,6 +655,8 @@
|
||||
golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
|
||||
golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
|
||||
golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
+golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM=
|
||||
+golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:da84c95fcc09bdb60334cf4ff0d26e6ff1c3d7906a9c5c91d69556a425558677
|
||||
size 9574793
|
||||
oid sha256:735786c00694313090c5d525516463836167422b132ce293873443613b496e92
|
||||
size 21013265
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:15acf65228867d47dcab27f87af048a2f0e6ed5d347a2e68730d30ae2a3871eb
|
||||
size 1064425
|
||||
3
v2ray-core-5.40.0.tar.gz
Normal file
3
v2ray-core-5.40.0.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:14e333c7454781f0b44fe9cba1616e25accfb04cf0d9d31db7acdd33e2e8d0ac
|
||||
size 1109413
|
||||
@@ -1,3 +1,62 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 8 13:30:29 UTC 2025 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
- Fix CVE-2025-47911 and boo#1251404
|
||||
* Add fix-CVE-2025-47911.patch
|
||||
* Update golang.org/x/net to 0.45.0 in vendor
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 9 15:14:22 UTC 2025 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
- Update version to 5.38.0
|
||||
* TLSMirror Connection Enrollment System
|
||||
* Add TLSMirror Sequence Watermarking
|
||||
* LSMirror developer preview protocol is now a part of mainline V2Ray
|
||||
* proxy dns with NOTIMP error
|
||||
* Add TLSMirror looks like TLS censorship resistant transport protocol
|
||||
as a developer preview transport
|
||||
* proxy dns with NOTIMP error
|
||||
* fix false success from SOCKS server when Dispatch() fails
|
||||
* HTTP inbound: Directly forward plain HTTP 1xx response header
|
||||
* add a option to override domain used to query https record
|
||||
* Fix bugs
|
||||
* Update vendor
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 2 12:53:55 UTC 2025 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
- Update version to 5.33.0
|
||||
* bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850)
|
||||
* Update other vendor source
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun May 4 08:35:24 UTC 2025 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
- Update version to 5.31.0
|
||||
* Add Dns Proxy Response TTL Control
|
||||
* Fix call newError Base with a nil value error
|
||||
* Update vendor (boo#1235164)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Apr 6 04:47:00 UTC 2025 - Marguerite Su <i@marguerite.su>
|
||||
|
||||
- Update version to 5.29.3
|
||||
* Enable restricted mode load for http protocol client
|
||||
* Correctly implement QUIC sniffer when handling multiple initial packets
|
||||
* Fix unreleased cache buffer in QUIC sniffing
|
||||
* A temporary testing fix for the buffer corruption issue
|
||||
* QUIC Sniffer Restructure
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 22 12:44:43 UTC 2024 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
- Update version to 5.22.0
|
||||
* Add packetEncoding for Hysteria
|
||||
* Add ECH Client Support
|
||||
* Add support for parsing some shadowsocks links
|
||||
* Add Mekya Transport
|
||||
* Fix bugs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 13 12:02:49 UTC 2024 - Hillwood Yang <hillwood@opensuse.org>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package v2ray-core
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -25,7 +25,7 @@
|
||||
%define import_path github.com/v2fly/v2ray-core/v5
|
||||
|
||||
Name: v2ray-core
|
||||
Version: 5.18.0
|
||||
Version: 5.40.0
|
||||
Release: 0
|
||||
Summary: Network tools for building a computer network
|
||||
License: MIT
|
||||
@@ -39,6 +39,7 @@ Source4: https://github.com/v2fly/geoip/raw/release/geoip.dat
|
||||
Source5: https://github.com/v2fly/domain-list-community/raw/release/dlc.dat
|
||||
Source6: https://github.com/v2fly/v2ray-core/releases/download/v%{version}/v2ray-extra.zip
|
||||
Source99: %{name}-rpmlintrc
|
||||
Patch0: fix-CVE-2025-47911.patch
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: golang-packaging
|
||||
BuildRequires: systemd-rpm-macros
|
||||
@@ -68,6 +69,7 @@ This package provide source code for %{repo}
|
||||
|
||||
%prep
|
||||
%setup -q -a1 -a6 -n %{repo}-%{version}
|
||||
%patch -P 0 -p1
|
||||
|
||||
%build
|
||||
export GO111MODULE=off
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d1327fb2956300f805a4d35357822bca91ef621f134e499fcde3d5eb1b449cf4
|
||||
oid sha256:abb1a1805f93ab352a85e38f565cee8956febf97d2edfc08a1309654ec881c02
|
||||
size 296846
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2cbcccccc94656ea5f9e0f3e113d14ef813e80b403f41ac4f2763dfb3915d1b8
|
||||
size 8966960
|
||||
oid sha256:2b47495a1c058b741f03627e827093d7036967973e4ad5d799221242f324e58a
|
||||
size 8273389
|
||||
|
||||
Reference in New Issue
Block a user