fix: CVE-2025-68121 for crypto/tls

2026-02-26 16:57:08 +00:00 · 2026-01-16 08:18:40 +08:00
parent 06f5fbac06
commit edbfebeacd
4 changed files with 9 additions and 6 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -155,12 +155,14 @@ jobs:
      uses: actions/setup-go@v6
      with:
        go-version: '1.25'
+        check-latest: true # Always check for the latest patch release

    - name: Set up Go
      if: ${{ matrix.jobs.goversion != '' && matrix.jobs.abi != '1' }}
      uses: actions/setup-go@v6
      with:
        go-version: ${{ matrix.jobs.goversion }}
+        check-latest: true # Always check for the latest patch release

    - name: Set up Go1.24 loongarch abi1
      if: ${{ matrix.jobs.goarch == 'loong64' && matrix.jobs.abi == '1' }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,7 +24,7 @@ jobs:
          - 'ubuntu-24.04-arm' # arm64 linux
          - 'macos-15-intel' # amd64 macos
        go-version:
-          - '1.26.0-rc.1'
+          - '1.26.0-rc.2'
          - '1.25'
          - '1.24'
          - '1.23'
@@ -48,15 +48,16 @@ jobs:
        uses: actions/setup-go@v6
        with:
          go-version: ${{ matrix.go-version }}
+          check-latest: true # Always check for the latest patch release

      - name: Revert Golang commit for Windows7/8
-        if: ${{ runner.os == 'Windows' && matrix.go-version != '1.20' && matrix.go-version != '1.26.0-rc.1' }}
+        if: ${{ runner.os == 'Windows' && matrix.go-version != '1.20' && matrix.go-version != '1.26.0-rc.2' }}
        run: |
          cd $(go env GOROOT)
          patch --verbose -p 1 < $GITHUB_WORKSPACE/.github/patch/go${{matrix.go-version}}.patch

      - name: Revert Golang commit for Windows7/8
-        if: ${{ runner.os == 'Windows' && matrix.go-version == '1.26.0-rc.1' }}
+        if: ${{ runner.os == 'Windows' && matrix.go-version == '1.26.0-rc.2' }}
        run: |
          cd $(go env GOROOT)
          patch --verbose -p 1 < $GITHUB_WORKSPACE/.github/patch/go1.26.patch
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/metacubex/sing-wireguard v0.0.0-20250503063753-2dc62acc626f
 	github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141
 	github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443
-	github.com/metacubex/tls v0.1.0
+	github.com/metacubex/tls v0.1.1
 	github.com/metacubex/utls v1.8.4
 	github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f
 	github.com/miekg/dns v1.1.63 // lastest version compatible with golang1.20
--- a/go.sum
+++ b/go.sum
@@ -142,8 +142,8 @@ github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141 h1:DK2l6m2Fc85H2Bhi
 github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141/go.mod h1:/yI4OiGOSn0SURhZdJF3CbtPg3nwK700bG8TZLMBvAg=
 github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443 h1:H6TnfM12tOoTizYE/qBHH3nEuibIelmHI+BVSxVJr8o=
 github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw=
-github.com/metacubex/tls v0.1.0 h1:1kjR/1q2uU1cZIwiHYEnWzS4L+0Cu1/X3yfIQ76BzNY=
-github.com/metacubex/tls v0.1.0/go.mod h1:0XeVdL0cBw+8i5Hqy3lVeP9IyD/LFTq02ExvHM6rzEM=
+github.com/metacubex/tls v0.1.1 h1:BEcZrsPTTfNf4sKZ02EbZodv4UIj7fgHWa1Eqo12Bc0=
+github.com/metacubex/tls v0.1.1/go.mod h1:0XeVdL0cBw+8i5Hqy3lVeP9IyD/LFTq02ExvHM6rzEM=
 github.com/metacubex/utls v1.8.4 h1:HmL9nUApDdWSkgUyodfwF6hSjtiwCGGdyhaSpEejKpg=
 github.com/metacubex/utls v1.8.4/go.mod h1:kncGGVhFaoGn5M3pFe3SXhZCzsbCJayNOH4UEqTKTko=
 github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f h1:FGBPRb1zUabhPhDrlKEjQ9lgIwQ6cHL4x8M9lrERhbk=