From edbfebeacd9d5211581c96e7ec6be91d62a313e0 Mon Sep 17 00:00:00 2001 From: wwqgtxx Date: Fri, 16 Jan 2026 08:18:40 +0800 Subject: [PATCH] fix: CVE-2025-68121 for crypto/tls --- .github/workflows/build.yml | 2 ++ .github/workflows/test.yml | 7 ++++--- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9b213785..5673d581 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -155,12 +155,14 @@ jobs: uses: actions/setup-go@v6 with: go-version: '1.25' + check-latest: true # Always check for the latest patch release - name: Set up Go if: ${{ matrix.jobs.goversion != '' && matrix.jobs.abi != '1' }} uses: actions/setup-go@v6 with: go-version: ${{ matrix.jobs.goversion }} + check-latest: true # Always check for the latest patch release - name: Set up Go1.24 loongarch abi1 if: ${{ matrix.jobs.goarch == 'loong64' && matrix.jobs.abi == '1' }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index af3ae18f..143b7028 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: - 'ubuntu-24.04-arm' # arm64 linux - 'macos-15-intel' # amd64 macos go-version: - - '1.26.0-rc.1' + - '1.26.0-rc.2' - '1.25' - '1.24' - '1.23' @@ -48,15 +48,16 @@ jobs: uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} + check-latest: true # Always check for the latest patch release - name: Revert Golang commit for Windows7/8 - if: ${{ runner.os == 'Windows' && matrix.go-version != '1.20' && matrix.go-version != '1.26.0-rc.1' }} + if: ${{ runner.os == 'Windows' && matrix.go-version != '1.20' && matrix.go-version != '1.26.0-rc.2' }} run: | cd $(go env GOROOT) patch --verbose -p 1 < $GITHUB_WORKSPACE/.github/patch/go${{matrix.go-version}}.patch - name: Revert Golang commit for Windows7/8 - if: ${{ runner.os == 'Windows' && matrix.go-version == '1.26.0-rc.1' }} + if: ${{ runner.os == 'Windows' && matrix.go-version == '1.26.0-rc.2' }} run: | cd $(go env GOROOT) patch --verbose -p 1 < $GITHUB_WORKSPACE/.github/patch/go1.26.patch diff --git a/go.mod b/go.mod index a116c119..9e696ced 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( github.com/metacubex/sing-wireguard v0.0.0-20250503063753-2dc62acc626f github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141 github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443 - github.com/metacubex/tls v0.1.0 + github.com/metacubex/tls v0.1.1 github.com/metacubex/utls v1.8.4 github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f github.com/miekg/dns v1.1.63 // lastest version compatible with golang1.20 diff --git a/go.sum b/go.sum index 99f29c70..6409cad3 100644 --- a/go.sum +++ b/go.sum @@ -142,8 +142,8 @@ github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141 h1:DK2l6m2Fc85H2Bhi github.com/metacubex/smux v0.0.0-20260105030934-d0c8756d3141/go.mod h1:/yI4OiGOSn0SURhZdJF3CbtPg3nwK700bG8TZLMBvAg= github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443 h1:H6TnfM12tOoTizYE/qBHH3nEuibIelmHI+BVSxVJr8o= github.com/metacubex/tfo-go v0.0.0-20251130171125-413e892ac443/go.mod h1:l9oLnLoEXyGZ5RVLsh7QCC5XsouTUyKk4F2nLm2DHLw= -github.com/metacubex/tls v0.1.0 h1:1kjR/1q2uU1cZIwiHYEnWzS4L+0Cu1/X3yfIQ76BzNY= -github.com/metacubex/tls v0.1.0/go.mod h1:0XeVdL0cBw+8i5Hqy3lVeP9IyD/LFTq02ExvHM6rzEM= +github.com/metacubex/tls v0.1.1 h1:BEcZrsPTTfNf4sKZ02EbZodv4UIj7fgHWa1Eqo12Bc0= +github.com/metacubex/tls v0.1.1/go.mod h1:0XeVdL0cBw+8i5Hqy3lVeP9IyD/LFTq02ExvHM6rzEM= github.com/metacubex/utls v1.8.4 h1:HmL9nUApDdWSkgUyodfwF6hSjtiwCGGdyhaSpEejKpg= github.com/metacubex/utls v1.8.4/go.mod h1:kncGGVhFaoGn5M3pFe3SXhZCzsbCJayNOH4UEqTKTko= github.com/metacubex/wireguard-go v0.0.0-20250820062549-a6cecdd7f57f h1:FGBPRb1zUabhPhDrlKEjQ9lgIwQ6cHL4x8M9lrERhbk=