diff --git a/patchinfo.20251127122850445245.93181000773252/_patchinfo b/patchinfo.20251127122850445245.93181000773252/_patchinfo new file mode 100644 index 0000000..c88d34b --- /dev/null +++ b/patchinfo.20251127122850445245.93181000773252/_patchinfo @@ -0,0 +1,65 @@ + + VUL-0: CVE-2025-29785: shadowsocks-v2ray-plugin: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference + cve#2025-47911 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-47911 + VUL-0: CVE-2025-29785: v2ray-core: github.com/quic-go/quic-go/internal/ackhandler: loss recovery logic for path probe packets can be used by a malicious QUIC client to trigger a null pointer dereference + cve#2025-297850 not resolved: 404 Client Error: Not Found for url: https://bugzilla.suse.com/api2/issues/?references__name=CVE-2025-297850 + VUL-0: CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents + VUL-0: CVE-2023-49295: v2ray-core: github.com/quic-go/quic-go: memory exhaustion attack against QUIC's path validation mechanism + hillwood + important + security + Security update for shadowsocks-v2ray-plugin, v2ray-core + This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues: + +Changes in shadowsocks-v2ray-plugin: + +- Update version to 5.25.0 + * Update v2ray-core to v5.25.0 +- Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850) + +Changes in v2ray-core: + +- Fix CVE-2025-47911 and boo#1251404 + * Add fix-CVE-2025-47911.patch + * Update golang.org/x/net to 0.45.0 in vendor + +- Update version to 5.38.0 + * TLSMirror Connection Enrollment System + * Add TLSMirror Sequence Watermarking + * LSMirror developer preview protocol is now a part of mainline V2Ray + * proxy dns with NOTIMP error + * Add TLSMirror looks like TLS censorship resistant transport protocol + as a developer preview transport + * proxy dns with NOTIMP error + * fix false success from SOCKS server when Dispatch() fails + * HTTP inbound: Directly forward plain HTTP 1xx response header + * add a option to override domain used to query https record + * Fix bugs + * Update vendor + +- Update version to 5.33.0 + * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) + * Update other vendor source + +- Update version to 5.31.0 + * Add Dns Proxy Response TTL Control + * Fix call newError Base with a nil value error + * Update vendor (boo#1235164) + +- Update version to 5.29.3 + * Enable restricted mode load for http protocol client + * Correctly implement QUIC sniffer when handling multiple initial packets + * Fix unreleased cache buffer in QUIC sniffing + * A temporary testing fix for the buffer corruption issue + * QUIC Sniffer Restructure + +- Update version to 5.22.0 + * Add packetEncoding for Hysteria + * Add ECH Client Support + * Add support for parsing some shadowsocks links + * Add Mekya Transport + * Fix bugs + + shadowsocks-v2ray-plugin + v2ray-core + diff --git a/shadowsocks-v2ray-plugin b/shadowsocks-v2ray-plugin index afc77cc..bd1c15a 160000 --- a/shadowsocks-v2ray-plugin +++ b/shadowsocks-v2ray-plugin @@ -1 +1 @@ -Subproject commit afc77cc246e0c4d3cd624555f25ddd17831cee6e37d3e5c913dfafe06ce58a9c +Subproject commit bd1c15af8186cb482d7ce0c3837ee121f6fa435f6fd0301d3dc600ceb91ad801 diff --git a/v2ray-core b/v2ray-core index 41d60a5..8335900 160000 --- a/v2ray-core +++ b/v2ray-core @@ -1 +1 @@ -Subproject commit 41d60a58bb90f691345f5aeed0c014401efd95b6cc2f0006f6a94f7ddf338ee1 +Subproject commit 8335900c7dd15e6d3a8e54179fcf75ea4ba05b22eb78227105f3c07ef67e5b3f