FreeBSD Bugzilla – Attachment 254522 Details for
Bug 282227
net/v2ray: update 4.36.2 → 5.22.0, fix CVE-2021-4070
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[PATCH] net/v2ray: update 4.36.2 → 5.21.0, fix CVE-2021-4070
0001-net-v2ray-update-4.36.2-5.21.0-fix-CVE-2021-4070.patch (text/plain), 11.52 KB, created by
Älven
on 2024-10-26 08:54:15 UTC
(
hide
)
Description:
[PATCH] net/v2ray: update 4.36.2 → 5.21.0, fix CVE-2021-4070
Filename:
MIME Type:
Creator:
Älven
Created:
2024-10-26 08:54:15 UTC
Size:
11.52 KB
patch
obsolete
>From 289ffab6f54779430cc07888d7e057c11b20a0d9 Mon Sep 17 00:00:00 2001 >From: Ãlven <alster@vinterdalen.se> >Date: Sun, 20 Oct 2024 15:47:51 +0400 >Subject: [PATCH] net/v2ray: update 4.36.2 â 5.21.0, fix CVE-2021-4070 >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >https://nvd.nist.gov/vuln/detail/CVE-2021-4070 >--- > net/v2ray/Makefile | 54 ++++++----------------------- > net/v2ray/distinfo | 66 +++--------------------------------- > net/v2ray/pkg-plist | 3 -- > security/vuxml/vuln/2024.xml | 27 +++++++++++++++ > 4 files changed, 42 insertions(+), 108 deletions(-) > >diff --git a/net/v2ray/Makefile b/net/v2ray/Makefile >index ad52bec09d7f..d9b7559e0390 100644 >--- a/net/v2ray/Makefile >+++ b/net/v2ray/Makefile >@@ -1,71 +1,37 @@ > PORTNAME= v2ray > DISTVERSIONPREFIX= v >-DISTVERSION= 4.36.2 >-PORTREVISION= 23 >+DISTVERSION= 5.21.0 > CATEGORIES= net > > MAINTAINER= shen.elf@gmail.com > COMMENT= Platform for building proxies to bypass network restrictions >-WWW= https://www.v2ray.com >+WWW= https://www.v2fly.org/ > > LICENSE= MIT > LICENSE_FILE= ${WRKSRC}/LICENSE > >-USES= go:modules >+USES= go:1.23,modules > USE_GITHUB= yes >-USE_RC_SUBR= v2ray >- > GH_ACCOUNT= v2fly > GH_PROJECT= v2ray-core >-GH_TUPLE= \ >- cheekybits:genny:v1.0.0:cheekybits_genny/vendor/github.com/cheekybits/genny \ >- davecgh:go-spew:v1.1.1:davecgh_go_spew/vendor/github.com/davecgh/go-spew \ >- dgryski:go-metro:85c65e2d0165:dgryski_go_metro/vendor/github.com/dgryski/go-metro \ >- ebfe:bcrypt_pbkdf:3c8d2dcb253a:ebfe_bcrypt_pbkdf/vendor/github.com/ebfe/bcrypt_pbkdf \ >- go-yaml:yaml:a5ece683394c:go_yaml_yaml/vendor/gopkg.in/yaml.v3 \ >- golang:crypto:5ea612d1eb83:golang_crypto/vendor/golang.org/x/crypto \ >- golang:mock:v1.5.0:golang_mock/vendor/github.com/golang/mock \ >- golang:net:e18ecbb05110:golang_net/vendor/golang.org/x/net \ >- golang:protobuf:v1.4.3:golang_protobuf/vendor/github.com/golang/protobuf \ >- golang:sync:036812b2e83c:golang_sync/vendor/golang.org/x/sync \ >- golang:sys:v0.6.0:golang_sys/vendor/golang.org/x/sys \ >- golang:text:v0.3.3:golang_text/vendor/golang.org/x/text \ >- golang:xerrors:5ec99f83aff1:golang_xerrors/vendor/golang.org/x/xerrors \ >- google:go-cmp:v0.5.5:google_go_cmp/vendor/github.com/google/go-cmp \ >- google:go-genproto:cb27e3aa2013:google_go_genproto/vendor/google.golang.org/genproto \ >- google:starlark-go:6a590ae7f4eb:google_starlark_go/vendor/go.starlark.net \ >- gorilla:websocket:v1.4.2:gorilla_websocket/vendor/github.com/gorilla/websocket \ >- grpc:grpc-go:v1.36.0:grpc_grpc_go/vendor/google.golang.org/grpc \ >- h12w:socks:v1.0.2:h12w_socks/vendor/h12.io/socks \ >- lucas-clemente:quic-go:v0.19.3:lucas_clemente_quic_go/vendor/github.com/lucas-clemente/quic-go \ >- marten-seemann:qtls-go1-15:v0.1.1:marten_seemann_qtls_go1_15/vendor/github.com/marten-seemann/qtls-go1-15 \ >- marten-seemann:qtls:v0.10.0:marten_seemann_qtls/vendor/github.com/marten-seemann/qtls \ >- miekg:dns:v1.1.40:miekg_dns/vendor/github.com/miekg/dns \ >- pires:go-proxyproto:v0.5.0:pires_go_proxyproto/vendor/github.com/pires/go-proxyproto \ >- pmezard:go-difflib:v1.0.0:pmezard_go_difflib/vendor/github.com/pmezard/go-difflib \ >- protocolbuffers:protobuf-go:v1.25.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf \ >- seiflotfy:cuckoofilter:bc6005554a0c:seiflotfy_cuckoofilter/vendor/github.com/seiflotfy/cuckoofilter \ >- stretchr:testify:v1.7.0:stretchr_testify/vendor/github.com/stretchr/testify \ >- v2fly:VSign:e2adc24bf848:v2fly_vsign/vendor/github.com/v2fly/VSign >+USE_RC_SUBR= v2ray > >-GO_BUILDFLAGS= -ldflags='${STRIP} -w' >-GO_TARGET= ./main:v2ray \ >- ./infra/control/main:v2ctl >+GO_MODULE= github.com/v2fly/v2ray-core >+GO_TARGET= ./main:v2ray > GO_TESTFLAGS= -p 1 -tags json -timeout 30m > >+SUB_LIST= USER="${USERS}" \ >+ GROUP="${GROUPS}" >+ > USERS= v2ray > GROUPS= v2ray > >-SUB_LIST= USER="${USERS}" \ >- GROUP="${GROUPS}" >+GO_MOD_DIST= github # https://github.com/v2fly/v2ray-core/issues/3187 > > post-install: > ${MKDIR} ${STAGEDIR}${ETCDIR} >- ${MKDIR} ${STAGEDIR}${DATADIR} > ${INSTALL_DATA} ${WRKSRC}/release/config/config.json ${STAGEDIR}${ETCDIR}/config.json.sample > ${INSTALL_DATA} ${WRKSRC}/release/config/vpoint_socks_vmess.json ${STAGEDIR}${ETCDIR}/vpoint_socks_vmess.json > ${INSTALL_DATA} ${WRKSRC}/release/config/vpoint_vmess_freedom.json ${STAGEDIR}${ETCDIR}/vpoint_vmess_freedom.json >- ${INSTALL_DATA} ${WRKSRC}/release/config/geoip.dat ${STAGEDIR}${DATADIR}/geoip.dat >- ${INSTALL_DATA} ${WRKSRC}/release/config/geosite.dat ${STAGEDIR}${DATADIR}/geosite.dat > > .include <bsd.port.mk> >diff --git a/net/v2ray/distinfo b/net/v2ray/distinfo >index 8f835379552c..c70c734def08 100644 >--- a/net/v2ray/distinfo >+++ b/net/v2ray/distinfo >@@ -1,61 +1,5 @@ >-TIMESTAMP = 1679411079 >-SHA256 (v2fly-v2ray-core-v4.36.2_GH0.tar.gz) = e7f7ceefd4cd9d2e57d18cecf55228a5a126c6ed5ee53767660601c35e70535c >-SIZE (v2fly-v2ray-core-v4.36.2_GH0.tar.gz) = 2230993 >-SHA256 (cheekybits-genny-v1.0.0_GH0.tar.gz) = 6982bf513333fb3ee3e6e0633500a3800fb6a3d6beb9e6c6084a96c85a49dd73 >-SIZE (cheekybits-genny-v1.0.0_GH0.tar.gz) = 15585 >-SHA256 (davecgh-go-spew-v1.1.1_GH0.tar.gz) = 7d82b9bb7291adbe7498fe946920ab3e7fc9e6cbfc3b2294693fad00bf0dd17e >-SIZE (davecgh-go-spew-v1.1.1_GH0.tar.gz) = 42152 >-SHA256 (dgryski-go-metro-85c65e2d0165_GH0.tar.gz) = 069a3ea10b4a1f709911616de03d039b6af0d791769e409b8037850c2c07f4e7 >-SIZE (dgryski-go-metro-85c65e2d0165_GH0.tar.gz) = 4470 >-SHA256 (ebfe-bcrypt_pbkdf-3c8d2dcb253a_GH0.tar.gz) = d1ec68ddb19f4b096748622e87e3526de3b000977d779ac40ab4f6bf953d11db >-SIZE (ebfe-bcrypt_pbkdf-3c8d2dcb253a_GH0.tar.gz) = 15161 >-SHA256 (go-yaml-yaml-a5ece683394c_GH0.tar.gz) = e4b738b2e3cd15fd5f76704d35d3b62d77d808894ff83bfe68f5f28b03ded019 >-SIZE (go-yaml-yaml-a5ece683394c_GH0.tar.gz) = 88436 >-SHA256 (golang-crypto-5ea612d1eb83_GH0.tar.gz) = ab4d88d6121195632d006705a950adebaf4fa99dd15ea0c508297a17c5d3277e >-SIZE (golang-crypto-5ea612d1eb83_GH0.tar.gz) = 1726242 >-SHA256 (golang-mock-v1.5.0_GH0.tar.gz) = 7a8212b8332072626d1ce440883929a28ab18450926bc5164d926c6e5cae61ff >-SIZE (golang-mock-v1.5.0_GH0.tar.gz) = 66429 >-SHA256 (golang-net-e18ecbb05110_GH0.tar.gz) = c30374f6fd34c6b77d53224aa3ba7458e3773d7e6e4fa16d88fb05c7d05e0e89 >-SIZE (golang-net-e18ecbb05110_GH0.tar.gz) = 1253124 >-SHA256 (golang-protobuf-v1.4.3_GH0.tar.gz) = 5736f943f8647362f5559689df6154f3c85d261fb088867c8a68494e2a767610 >-SIZE (golang-protobuf-v1.4.3_GH0.tar.gz) = 171969 >-SHA256 (golang-sync-036812b2e83c_GH0.tar.gz) = 75ac8fc16bdceb2496c4a9cc98584b70c29032d91a9e57a624acb073e3232fda >-SIZE (golang-sync-036812b2e83c_GH0.tar.gz) = 18752 >-SHA256 (golang-sys-v0.6.0_GH0.tar.gz) = b4f6d17c7a128f76169964b437cb66b3f2dbf9a33361928ec19dfecf7b03fc54 >-SIZE (golang-sys-v0.6.0_GH0.tar.gz) = 1434234 >-SHA256 (golang-text-v0.3.3_GH0.tar.gz) = 1604233637e3593749fbbb13b5069b08e6feba6d2b55a02fd3148793d5871185 >-SIZE (golang-text-v0.3.3_GH0.tar.gz) = 7747332 >-SHA256 (golang-xerrors-5ec99f83aff1_GH0.tar.gz) = 71975d658357e170fd6a41f92539cde8b39c9cd8bfe5931b6311bc5f5c0da0d7 >-SIZE (golang-xerrors-5ec99f83aff1_GH0.tar.gz) = 13664 >-SHA256 (google-go-cmp-v0.5.5_GH0.tar.gz) = 8f1a0041f484812ae219e7548a13d5269c947cfcdea6031d40cdc85cd0663b3e >-SIZE (google-go-cmp-v0.5.5_GH0.tar.gz) = 102358 >-SHA256 (google-go-genproto-cb27e3aa2013_GH0.tar.gz) = 1f0c3be40b17772975c71b54ca512ee681f7db384ebc43c8adb24f1ab44d2d0e >-SIZE (google-go-genproto-cb27e3aa2013_GH0.tar.gz) = 9293098 >-SHA256 (google-starlark-go-6a590ae7f4eb_GH0.tar.gz) = c07b254d4b44edd1409c68dfbc7b6a3d304563cf51b19ffff5fe60d6f78b2e24 >-SIZE (google-starlark-go-6a590ae7f4eb_GH0.tar.gz) = 263261 >-SHA256 (gorilla-websocket-v1.4.2_GH0.tar.gz) = 91937a36bc9e0da3c895c73d4cb74b2cdb1aff54ab21b0d0724000e7b5b85b84 >-SIZE (gorilla-websocket-v1.4.2_GH0.tar.gz) = 54101 >-SHA256 (grpc-grpc-go-v1.36.0_GH0.tar.gz) = d460c8f379ff240f6169924ec399080351e4a03a0492fbb5a761f4e2d14d4fda >-SIZE (grpc-grpc-go-v1.36.0_GH0.tar.gz) = 1166422 >-SHA256 (h12w-socks-v1.0.2_GH0.tar.gz) = b2b8f09363dee8091e17b807aa0160882d531d1d6b681fe0745dafa64b3cfc67 >-SIZE (h12w-socks-v1.0.2_GH0.tar.gz) = 14625 >-SHA256 (lucas-clemente-quic-go-v0.19.3_GH0.tar.gz) = a1ccd4284dd238d5174192152aec9c180abaaa2a4ce389341c7576e15f3d74d1 >-SIZE (lucas-clemente-quic-go-v0.19.3_GH0.tar.gz) = 495536 >-SHA256 (marten-seemann-qtls-go1-15-v0.1.1_GH0.tar.gz) = 6af56a620c947db5199015776e47fec0d7a7dbfeeb2e3c432da7c3349ea6c6f9 >-SIZE (marten-seemann-qtls-go1-15-v0.1.1_GH0.tar.gz) = 413658 >-SHA256 (marten-seemann-qtls-v0.10.0_GH0.tar.gz) = b852f137be07c4e26c12b3225a13012fe879226210efa40b084e85a9ce726a84 >-SIZE (marten-seemann-qtls-v0.10.0_GH0.tar.gz) = 403869 >-SHA256 (miekg-dns-v1.1.40_GH0.tar.gz) = 82e330b2f5c8a711d9a167200cf4c5513f30e421351c27e8c023b98c1902e63d >-SIZE (miekg-dns-v1.1.40_GH0.tar.gz) = 199492 >-SHA256 (pires-go-proxyproto-v0.5.0_GH0.tar.gz) = d23df3a6b9eeed9c35b85ba558cdcd57a6867de37f481b2a6df727bebd9aa909 >-SIZE (pires-go-proxyproto-v0.5.0_GH0.tar.gz) = 34787 >-SHA256 (pmezard-go-difflib-v1.0.0_GH0.tar.gz) = 28f3dc1b5c0efd61203ab07233f774740d3bf08da4d8153fb5310db6cea0ebda >-SIZE (pmezard-go-difflib-v1.0.0_GH0.tar.gz) = 11398 >-SHA256 (protocolbuffers-protobuf-go-v1.25.0_GH0.tar.gz) = c1c04d6e36c0d0fb6f3374197f9025d7e6df13f38a974098be020617c00fbaf2 >-SIZE (protocolbuffers-protobuf-go-v1.25.0_GH0.tar.gz) = 1258804 >-SHA256 (seiflotfy-cuckoofilter-bc6005554a0c_GH0.tar.gz) = de044c02aee635b3b2eb2ce36568995b031ffa0c848a866556fcc5d3fa69aa83 >-SIZE (seiflotfy-cuckoofilter-bc6005554a0c_GH0.tar.gz) = 6761 >-SHA256 (stretchr-testify-v1.7.0_GH0.tar.gz) = 560c0984072cb436b17bbce5699b205d5aa2beb58ef7a94530d7724b5739a8d6 >-SIZE (stretchr-testify-v1.7.0_GH0.tar.gz) = 91073 >-SHA256 (v2fly-VSign-e2adc24bf848_GH0.tar.gz) = c417ab3e50d680e45c85f49c6c9a438d608561cfad1d6602460335da834d1f04 >-SIZE (v2fly-VSign-e2adc24bf848_GH0.tar.gz) = 9337 >+TIMESTAMP = 1729931968 >+SHA256 (go/net_v2ray/v2fly-v2ray-core-v5.21.0_GH0/go.mod) = b541799143914d8919f743c0ac4ea7481165cddca238c715dae56282389db4aa >+SIZE (go/net_v2ray/v2fly-v2ray-core-v5.21.0_GH0/go.mod) = 4222 >+SHA256 (go/net_v2ray/v2fly-v2ray-core-v5.21.0_GH0/v2fly-v2ray-core-v5.21.0_GH0.tar.gz) = 880a929caff7b72ef9d3b9a3262cec0dff6566c2481989822a6b27fdaaeed975 >+SIZE (go/net_v2ray/v2fly-v2ray-core-v5.21.0_GH0/v2fly-v2ray-core-v5.21.0_GH0.tar.gz) = 1072761 >diff --git a/net/v2ray/pkg-plist b/net/v2ray/pkg-plist >index 16df4c686c3a..d3de51723470 100644 >--- a/net/v2ray/pkg-plist >+++ b/net/v2ray/pkg-plist >@@ -1,7 +1,4 @@ > bin/v2ray >-bin/v2ctl > @sample %%ETCDIR%%/config.json.sample > %%ETCDIR%%/vpoint_socks_vmess.json > %%ETCDIR%%/vpoint_vmess_freedom.json >-%%DATADIR%%/geoip.dat >-%%DATADIR%%/geosite.dat >diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml >index fef96db2d3e5..8aadc9c2bb8e 100644 >--- a/security/vuxml/vuln/2024.xml >+++ b/security/vuxml/vuln/2024.xml >@@ -1,3 +1,30 @@ >+ <vuln vid="038fb3f5-9377-11ef-87ad-a8a15998b5cb"> >+ <topic>v2ray -- Off-by-one Error in v2fly/v2ray-core</topic> >+ <affects> >+ <package> >+ <name>v2ray</name> >+ <range><lt>4.44.0</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security@huntr.dev reports:</p> >+ <blockquote cite="https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c"> >+ <p>Off-by-one Error in GitHub repository v2fly/v2ray-core prior to >+ 4.44.0.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2021-4070</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2021-4070</url> >+ </references> >+ <dates> >+ <discovery>2022-02-23</discovery> >+ <entry>2024-10-26</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="fcb0e00f-d7d3-49b6-a4a1-852528230912"> > <topic>electron31 -- multiple vulnerabilities</topic> > <affects> >-- >2.47.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 282227
:
254397
|
254398
|
254522
|
254529
|
255193