Merge pull request #1680 from zxlhhyccc/ss

shadowsocks-libev: Update to the commit as of 2025-1-20

shadowsocks-libev/Makefile

@@ -17,10 +17,11 @@ PKG_VERSION:=3.3.5
 PKG_RELEASE:=13
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git
-PKG_SOURCE_VERSION:=d83ace0f0d9c05656c13d66aa4a449bf70143254
-PKG_MIRROR_HASH:=6ff973af37c20cf0430f106d360b94b8b91df6dd8d7be3908ee84b5a86c3319f
+PKG_SOURCE_DATE:=2025-1-20
+PKG_SOURCE_VERSION:=9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6
+PKG_MIRROR_HASH:=575b21803b28db8ab59ecbdb2cf21c4282881507b3a4267cc24f55bad12819cb
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz
 
 PKG_MAINTAINER:=Yousong Zhou <[email protected]>
 

shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch

@@ -11,11 +11,9 @@ Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on
  src/tunnel.c | 16 ++++++++--------
  4 files changed, 32 insertions(+), 32 deletions(-)
 
-diff --git a/src/local.c b/src/local.c
-index fa1ca7b..51f62c4 100644
 --- a/src/local.c
 +++ b/src/local.c
-@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const char *port)
+@@ -205,6 +205,14 @@ create_and_bind(const char *addr, const
              }
          }
  
@@ -45,11 +43,9 @@ index fa1ca7b..51f62c4 100644
      server_t *server = new_server(serverfd);
      server->listener = listener;
  
-diff --git a/src/redir.c b/src/redir.c
-index d36fe3f..86b7238 100644
 --- a/src/redir.c
 +++ b/src/redir.c
-@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const char *port)
+@@ -201,6 +201,14 @@ create_and_bind(const char *addr, const
              LOGI("tcp tproxy mode enabled");
          }
  
@@ -79,11 +75,9 @@ index d36fe3f..86b7238 100644
      int index                    = rand() % listener->remote_num;
      struct sockaddr *remote_addr = listener->remote_addr[index];
  
-diff --git a/src/server.c b/src/server.c
-index 73b6599..ef347a5 100644
 --- a/src/server.c
 +++ b/src/server.c
-@@ -620,6 +620,14 @@ create_and_bind(const char *host, const char *port, int mptcp)
+@@ -620,6 +620,14 @@ create_and_bind(const char *host, const
              }
          }
  
@@ -113,11 +107,9 @@ index 73b6599..ef347a5 100644
      setnonblocking(serverfd);
  
      server_t *server = new_server(serverfd, listener);
-diff --git a/src/tunnel.c b/src/tunnel.c
-index 99ed412..9f0dd57 100644
 --- a/src/tunnel.c
 +++ b/src/tunnel.c
-@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const char *port)
+@@ -166,6 +166,14 @@ create_and_bind(const char *addr, const
              }
          }
  
@@ -147,6 +139,3 @@ index 99ed412..9f0dd57 100644
      int index                    = rand() % listener->remote_num;
      struct sockaddr *remote_addr = listener->remote_addr[index];
  
--- 
-2.39.5
-

shadowsocks-libev/patches/102-Fix-in-mbedtls-3.6.0-ver-compilation-failure-issue.patch

@@ -1,232 +0,0 @@
-From 2b33e8e6778db08624dbf8ec6fe1e8f7b1a4bee8 Mon Sep 17 00:00:00 2001
-From: Lu jicong <[email protected]>
-Date: Fri, 10 Jan 2025 22:05:31 +0800
-Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue
-
-Fix mbedtls 3.6 compatibility
-
-Co-authored-by: Zxl hhyccc <[email protected]>
-Signed-off-by: Lu jicong <[email protected]>
----
- m4/mbedtls.m4 | 20 ++++++++++++++++++++
- src/aead.c    | 23 +++++++++++------------
- src/crypto.c  |  2 +-
- src/crypto.h  |  1 -
- src/stream.c  | 51 ++++++---------------------------------------------
- 5 files changed, 38 insertions(+), 59 deletions(-)
-
-diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4
-index 2c478b9..a795790 100644
---- a/m4/mbedtls.m4
-+++ b/m4/mbedtls.m4
-@@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_CIPHER_MODE_CFB
-@@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_ARC4_C
-@@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_BLOWFISH_C
-@@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS],
-   AC_COMPILE_IFELSE(
-     [AC_LANG_PROGRAM(
-       [[
-+#include <mbedtls/version.h>
-+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-+#include <mbedtls/mbedtls_config.h>
-+#else
- #include <mbedtls/config.h>
-+#endif
-       ]],
-       [[
- #ifndef MBEDTLS_CAMELLIA_C
-diff --git a/src/aead.c b/src/aead.c
-index 358ec93..73349da 100644
---- a/src/aead.c
-+++ b/src/aead.c
-@@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx,
-     // Otherwise, just use the mbedTLS one with crappy AES-NI.
-     case AES192GCM:
-     case AES128GCM:
--
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                           m, mlen, c, clen, c + mlen, tlen);
-+#else
-+        err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
-+                                              m, mlen, c, mlen + tlen, clen, tlen);
-+#endif
-         *clen += tlen;
-         break;
-     case CHACHA20POLY1305IETF:
-@@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx,
-     // Otherwise, just use the mbedTLS one with crappy AES-NI.
-     case AES192GCM:
-     case AES128GCM:
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000
-         err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen,
-                                           m, mlen - tlen, p, plen, m + mlen - tlen, tlen);
-+#else
-+        err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen,
-+                                              m, mlen, p, mlen - tlen, plen, tlen);
-+#endif
-         break;
-     case CHACHA20POLY1305IETF:
-         err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen,
-@@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key)
-     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
-     memset(cipher, 0, sizeof(cipher_t));
- 
--    if (method >= CHACHA20POLY1305IETF) {
--        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
--        cipher->info             = cipher_info;
--        cipher->info->base       = NULL;
--        cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8;
--        cipher->info->iv_size    = supported_aead_ciphers_nonce_size[method];
--    } else {
--        cipher->info = (cipher_kt_t *)aead_get_cipher_type(method);
--    }
--
--    if (cipher->info == NULL && cipher->key_len == 0) {
-+    if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) {
-         LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]);
-         FATAL("Cannot initialize cipher");
-     }
-diff --git a/src/crypto.c b/src/crypto.c
-index b44d867..76c426b 100644
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md)
-     if (md == NULL) {
-         md = m;
-     }
--#if MBEDTLS_VERSION_NUMBER >= 0x02070000
-+#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000
-     if (mbedtls_md5_ret(d, n, md) != 0)
-         FATAL("Failed to calculate MD5");
- #else
-diff --git a/src/crypto.h b/src/crypto.h
-index 1791551..7070793 100644
---- a/src/crypto.h
-+++ b/src/crypto.h
-@@ -97,7 +97,6 @@ typedef struct buffer {
- typedef struct {
-     int method;
-     int skey;
--    cipher_kt_t *info;
-     size_t nonce_len;
-     size_t key_len;
-     size_t tag_len;
-diff --git a/src/stream.c b/src/stream.c
-index 35d9050..b2e2cea 100644
---- a/src/stream.c
-+++ b/src/stream.c
-@@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen,
-     return 0;
- }
- 
--int
--cipher_nonce_size(const cipher_t *cipher)
--{
--    if (cipher == NULL) {
--        return 0;
--    }
--    return cipher->info->iv_size;
--}
--
--int
--cipher_key_size(const cipher_t *cipher)
--{
--    /*
--     * Semi-API changes (technically public, morally prnonceate)
--     * Renamed a few headers to include _internal in the name. Those headers are
--     * not supposed to be included by users.
--     * Changed md_info_t into an opaque structure (use md_get_xxx() accessors).
--     * Changed pk_info_t into an opaque structure.
--     * Changed cipher_base_t into an opaque structure.
--     */
--    if (cipher == NULL) {
--        return 0;
--    }
--    /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */
--    return cipher->info->key_bitlen / 8;
--}
--
- const cipher_kt_t *
- stream_get_cipher_type(int method)
- {
-@@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key)
-     cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t));
-     memset(cipher, 0, sizeof(cipher_t));
- 
--    if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) {
--        cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t));
--        cipher->info             = cipher_info;
--        cipher->info->base       = NULL;
--        cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8;
--        cipher->info->iv_size    = supported_stream_ciphers_nonce_size[method];
--    } else {
--        cipher->info = (cipher_kt_t *)stream_get_cipher_type(method);
--    }
--
--    if (cipher->info == NULL && cipher->key_len == 0) {
-+    if (method < SALSA20 && stream_get_cipher_type(method) == NULL) {
-         LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]);
-         FATAL("Cannot initialize cipher");
-     }
- 
-     if (key != NULL)
--        cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher));
-+        cipher->key_len = crypto_parse_key(key, cipher->key,
-+                                           supported_stream_ciphers_key_size[method]);
-     else
--        cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher));
-+        cipher->key_len = crypto_derive_key(pass, cipher->key,
-+                                            supported_stream_ciphers_key_size[method]);
- 
-     if (cipher->key_len == 0) {
-         FATAL("Cannot generate key and NONCE");
-     }
--    if (method == RC4_MD5) {
--        cipher->nonce_len = 16;
--    } else {
--        cipher->nonce_len = cipher_nonce_size(cipher);
--    }
-+    cipher->nonce_len = supported_stream_ciphers_nonce_size[method];
-     cipher->method = method;
- 
-     return cipher;
--- 
-2.39.5
-

shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch

@@ -0,0 +1,103 @@
+From f4ee43fa27e00a573d90a8cac68f12655570bbf7 Mon Sep 17 00:00:00 2001
+From: lwb1978 <[email protected]>
+Date: Tue, 4 Feb 2025 15:51:17 +0800
+Subject: [PATCH] Deprecate load16_be() function in favor to ntohs() function
+
+---
+ src/aead.c     | 2 +-
+ src/local.c    | 6 +++---
+ src/server.c   | 2 +-
+ src/udprelay.c | 2 +-
+ src/utils.c    | 8 --------
+ src/utils.h    | 1 -
+ 6 files changed, 6 insertions(+), 15 deletions(-)
+
+--- a/src/aead.c
++++ b/src/aead.c
+@@ -605,7 +605,7 @@ aead_chunk_decrypt(cipher_ctx_t *ctx, ui
+         return CRYPTO_ERROR;
+     assert(*plen == CHUNK_SIZE_LEN);
+ 
+-    mlen = load16_be(len_buf);
++    mlen = ntohs(*(uint16_t*)len_buf);
+     mlen = mlen & CHUNK_SIZE_MASK;
+ 
+     if (mlen == 0)
+--- a/src/local.c
++++ b/src/local.c
+@@ -390,7 +390,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
+         abuf->len += in_addr_len + 2;
+ 
+         if (acl || verbose) {
+-            uint16_t p = load16_be(buf->data + request_len + in_addr_len);
++            uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in_addr_len));
+             if (!inet_ntop(AF_INET, (const void *)(buf->data + request_len),
+                            ip, INET_ADDRSTRLEN)) {
+                 LOGI("inet_ntop(AF_INET): %s", strerror(errno));
+@@ -408,7 +408,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
+         abuf->len += name_len + 2;
+ 
+         if (acl || verbose) {
+-            uint16_t p = load16_be(buf->data + request_len + 1 + name_len);
++            uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + 1 + name_len));
+             memcpy(host, buf->data + request_len + 1, name_len);
+             host[name_len] = '\0';
+             sprintf(port, "%d", p);
+@@ -422,7 +422,7 @@ server_handshake(EV_P_ ev_io *w, buffer_
+         abuf->len += in6_addr_len + 2;
+ 
+         if (acl || verbose) {
+-            uint16_t p = load16_be(buf->data + request_len + in6_addr_len);
++            uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in6_addr_len));
+             if (!inet_ntop(AF_INET6, (const void *)(buf->data + request_len),
+                            ip, INET6_ADDRSTRLEN)) {
+                 LOGI("inet_ntop(AF_INET6): %s", strerror(errno));
+--- a/src/server.c
++++ b/src/server.c
+@@ -1137,7 +1137,7 @@ server_recv_cb(EV_P_ ev_io *w, int reven
+             return;
+         }
+ 
+-        port = ntohs(load16_be(server->buf->data + offset));
++        port = *(uint16_t*)(server->buf->data + offset);
+ 
+         offset += 2;
+ 
+--- a/src/udprelay.c
++++ b/src/udprelay.c
+@@ -316,7 +316,7 @@ parse_udprelay_header(const char *buf, c
+     }
+ 
+     if (port != NULL) {
+-        sprintf(port, "%d", load16_be(buf + offset));
++        sprintf(port, "%d", ntohs(*(uint16_t*)(buf + offset)));
+     }
+     offset += 2;
+ 
+--- a/src/utils.c
++++ b/src/utils.c
+@@ -571,14 +571,6 @@ get_default_conf(void)
+ #endif
+ }
+ 
+-uint16_t
+-load16_be(const void *s)
+-{
+-    const uint8_t *in = (const uint8_t *)s;
+-    return ((uint16_t)in[0] << 8)
+-           | ((uint16_t)in[1]);
+-}
+-
+ int
+ get_mptcp(int enable)
+ {
+--- a/src/utils.h
++++ b/src/utils.h
+@@ -249,7 +249,6 @@ void *ss_realloc(void *ptr, size_t new_s
+ 
+ int ss_is_ipv6addr(const char *addr);
+ char *get_default_conf(void);
+-uint16_t load16_be(const void *s);
+ int get_mptcp(int enable);
+ 
+ #endif // _UTILS_H