Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shadowsocks-libev for openSUSE:Factory checked in at 2026-04-05 18:24:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadowsocks-libev (Old) and /work/SRC/openSUSE:Factory/.shadowsocks-libev.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadowsocks-libev" Sun Apr 5 18:24:43 2026 rev:25 rq:1344657 version:3.3.5 Changes: -------- --- /work/SRC/openSUSE:Factory/shadowsocks-libev/shadowsocks-libev.changes 2025-07-10 22:13:09.454233325 +0200 +++ /work/SRC/openSUSE:Factory/.shadowsocks-libev.new.21863/shadowsocks-libev.changes 2026-04-05 18:25:34.205397764 +0200 @@ -1,0 +2,7 @@ +Sun Apr 5 12:46:17 UTC 2026 - Hillwood Yang <[email protected]> + +- Migrate to mbedtls 3(boo#1261529) + * Add 001-migrate-to-mbedtls-3.patch + * Add 002-migrate-to-mbedtls-3.patch + +------------------------------------------------------------------- New: ---- 001-migrate-to-mbedtls-3.patch 002-migrate-to-mbedtls-3.patch ----------(New B)---------- New:- Migrate to mbedtls 3(boo#1261529) * Add 001-migrate-to-mbedtls-3.patch * Add 002-migrate-to-mbedtls-3.patch New: * Add 001-migrate-to-mbedtls-3.patch * Add 002-migrate-to-mbedtls-3.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadowsocks-libev.spec ++++++ --- /var/tmp/diff_new_pack.EBjeZx/_old 2026-04-05 18:25:34.885425666 +0200 +++ /var/tmp/diff_new_pack.EBjeZx/_new 2026-04-05 18:25:34.889425830 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadowsocks-libev # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2025 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -40,11 +40,13 @@ Source12: %{name}[email protected] Source13: %{name}.tmpfiles Patch0: shadowsocks-libev-3.3.5-pcre2.patch +Patch1: 001-migrate-to-mbedtls-3.patch +Patch2: 002-migrate-to-mbedtls-3.patch BuildRequires: asciidoc BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool -BuildRequires: mbedtls-devel < 3 +BuildRequires: mbedtls-devel BuildRequires: pkgconfig BuildRequires: systemd-rpm-macros BuildRequires: xmlto ++++++ 001-migrate-to-mbedtls-3.patch ++++++ >From 9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6 Mon Sep 17 00:00:00 2001 From: Lu jicong <[email protected]> Date: Fri, 10 Jan 2025 22:05:31 +0800 Subject: [PATCH] Fix in 'mbedtls 3.6.0 ver' compilation failure issue Fix mbedtls 3.6 compatibility Co-authored-by: Zxl hhyccc <[email protected]> Signed-off-by: Lu jicong <[email protected]> --- m4/mbedtls.m4 | 20 ++++++++++++++++++++ src/aead.c | 23 +++++++++++------------ src/crypto.c | 2 +- src/crypto.h | 1 - src/stream.c | 51 ++++++--------------------------------------------- 5 files changed, 38 insertions(+), 59 deletions(-) diff --git a/m4/mbedtls.m4 b/m4/mbedtls.m4 index 2c478b960..a795790ca 100644 --- a/m4/mbedtls.m4 +++ b/m4/mbedtls.m4 @@ -31,7 +31,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include <mbedtls/version.h> +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include <mbedtls/mbedtls_config.h> +#else #include <mbedtls/config.h> +#endif ]], [[ #ifndef MBEDTLS_CIPHER_MODE_CFB @@ -48,7 +53,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include <mbedtls/version.h> +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include <mbedtls/mbedtls_config.h> +#else #include <mbedtls/config.h> +#endif ]], [[ #ifndef MBEDTLS_ARC4_C @@ -64,7 +74,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include <mbedtls/version.h> +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include <mbedtls/mbedtls_config.h> +#else #include <mbedtls/config.h> +#endif ]], [[ #ifndef MBEDTLS_BLOWFISH_C @@ -80,7 +95,12 @@ AC_DEFUN([ss_MBEDTLS], AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[ +#include <mbedtls/version.h> +#if MBEDTLS_VERSION_NUMBER >= 0x03000000 +#include <mbedtls/mbedtls_config.h> +#else #include <mbedtls/config.h> +#endif ]], [[ #ifndef MBEDTLS_CAMELLIA_C diff --git a/src/aead.c b/src/aead.c index 358ec9381..73349da64 100644 --- a/src/aead.c +++ b/src/aead.c @@ -177,9 +177,13 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: - +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen, c, clen, c + mlen, tlen); +#else + err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, c, mlen + tlen, clen, tlen); +#endif *clen += tlen; break; case CHACHA20POLY1305IETF: @@ -226,8 +230,13 @@ aead_cipher_decrypt(cipher_ctx_t *cipher_ctx, // Otherwise, just use the mbedTLS one with crappy AES-NI. case AES192GCM: case AES128GCM: +#if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_decrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen - tlen, p, plen, m + mlen - tlen, tlen); +#else + err = mbedtls_cipher_auth_decrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, + m, mlen, p, mlen - tlen, plen, tlen); +#endif break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_decrypt(p, &long_plen, NULL, m, mlen, @@ -721,17 +730,7 @@ aead_key_init(int method, const char *pass, const char *key) cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); memset(cipher, 0, sizeof(cipher_t)); - if (method >= CHACHA20POLY1305IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_aead_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_aead_ciphers_nonce_size[method]; - } else { - cipher->info = (cipher_kt_t *)aead_get_cipher_type(method); - } - - if (cipher->info == NULL && cipher->key_len == 0) { + if (method < CHACHA20POLY1305IETF && aead_get_cipher_type(method) == NULL) { LOGE("Cipher %s not found in crypto library", supported_aead_ciphers[method]); FATAL("Cannot initialize cipher"); } diff --git a/src/crypto.c b/src/crypto.c index b44d8674c..76c426b53 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -103,7 +103,7 @@ crypto_md5(const unsigned char *d, size_t n, unsigned char *md) if (md == NULL) { md = m; } -#if MBEDTLS_VERSION_NUMBER >= 0x02070000 +#if MBEDTLS_VERSION_NUMBER < 0x03000000 && MBEDTLS_VERSION_NUMBER >= 0x02070000 if (mbedtls_md5_ret(d, n, md) != 0) FATAL("Failed to calculate MD5"); #else diff --git a/src/crypto.h b/src/crypto.h index 1791551ff..70707932b 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -97,7 +97,6 @@ typedef struct buffer { typedef struct { int method; int skey; - cipher_kt_t *info; size_t nonce_len; size_t key_len; size_t tag_len; diff --git a/src/stream.c b/src/stream.c index 35d9050b3..b2e2cea82 100644 --- a/src/stream.c +++ b/src/stream.c @@ -168,33 +168,6 @@ crypto_stream_xor_ic(uint8_t *c, const uint8_t *m, uint64_t mlen, return 0; } -int -cipher_nonce_size(const cipher_t *cipher) -{ - if (cipher == NULL) { - return 0; - } - return cipher->info->iv_size; -} - -int -cipher_key_size(const cipher_t *cipher) -{ - /* - * Semi-API changes (technically public, morally prnonceate) - * Renamed a few headers to include _internal in the name. Those headers are - * not supposed to be included by users. - * Changed md_info_t into an opaque structure (use md_get_xxx() accessors). - * Changed pk_info_t into an opaque structure. - * Changed cipher_base_t into an opaque structure. - */ - if (cipher == NULL) { - return 0; - } - /* From Version 1.2.7 released 2013-04-13 Default Blowfish keysize is now 128-bits */ - return cipher->info->key_bitlen / 8; -} - const cipher_kt_t * stream_get_cipher_type(int method) { @@ -642,34 +615,22 @@ stream_key_init(int method, const char *pass, const char *key) cipher_t *cipher = (cipher_t *)ss_malloc(sizeof(cipher_t)); memset(cipher, 0, sizeof(cipher_t)); - if (method == SALSA20 || method == CHACHA20 || method == CHACHA20IETF) { - cipher_kt_t *cipher_info = (cipher_kt_t *)ss_malloc(sizeof(cipher_kt_t)); - cipher->info = cipher_info; - cipher->info->base = NULL; - cipher->info->key_bitlen = supported_stream_ciphers_key_size[method] * 8; - cipher->info->iv_size = supported_stream_ciphers_nonce_size[method]; - } else { - cipher->info = (cipher_kt_t *)stream_get_cipher_type(method); - } - - if (cipher->info == NULL && cipher->key_len == 0) { + if (method < SALSA20 && stream_get_cipher_type(method) == NULL) { LOGE("Cipher %s not found in crypto library", supported_stream_ciphers[method]); FATAL("Cannot initialize cipher"); } if (key != NULL) - cipher->key_len = crypto_parse_key(key, cipher->key, cipher_key_size(cipher)); + cipher->key_len = crypto_parse_key(key, cipher->key, + supported_stream_ciphers_key_size[method]); else - cipher->key_len = crypto_derive_key(pass, cipher->key, cipher_key_size(cipher)); + cipher->key_len = crypto_derive_key(pass, cipher->key, + supported_stream_ciphers_key_size[method]); if (cipher->key_len == 0) { FATAL("Cannot generate key and NONCE"); } - if (method == RC4_MD5) { - cipher->nonce_len = 16; - } else { - cipher->nonce_len = cipher_nonce_size(cipher); - } + cipher->nonce_len = supported_stream_ciphers_nonce_size[method]; cipher->method = method; return cipher; ++++++ 002-migrate-to-mbedtls-3.patch ++++++ >From 60ad4ca4b5d1969e31db6efe6db4d82f88dbdbe7 Mon Sep 17 00:00:00 2001 From: Ayu <[email protected]> Date: Sun, 18 Jan 2026 16:59:48 +0800 Subject: [PATCH] Fix failed assertion with Mbed TLS 3 --- src/aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aead.c b/src/aead.c index 73349da64..24144425c 100644 --- a/src/aead.c +++ b/src/aead.c @@ -180,11 +180,11 @@ aead_cipher_encrypt(cipher_ctx_t *cipher_ctx, #if MBEDTLS_VERSION_NUMBER < 0x03000000 err = mbedtls_cipher_auth_encrypt(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen, c, clen, c + mlen, tlen); + *clen += tlen; #else err = mbedtls_cipher_auth_encrypt_ext(cipher_ctx->evp, n, nlen, ad, adlen, m, mlen, c, mlen + tlen, clen, tlen); #endif - *clen += tlen; break; case CHACHA20POLY1305IETF: err = crypto_aead_chacha20poly1305_ietf_encrypt(c, &long_clen, m, mlen,
