zishuo/Archive
1
0
Fork 0
mirror of https://github.com/bolucat/Archive.git synced 2025-10-05 08:08:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5ad5eb65a0f96e23306d0b321b718f6d900db53c
Archive/shadowsocks-rust/debian/changelog
github-action[bot] 05a86235e7 Update On Fri Apr 25 14:33:06 CEST 2025
2025-04-25 14:33:07 +02:00

1328 lines
53 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

shadowsocks-rust (1.23.2) unstable; urgency=medium
## Bug Fixes
- #1940 `local-tun`: Fixes `panic` when resizing cached buffers
shadowsocks-rust (1.23.1) unstable; urgency=medium
## Features
- #1922 `local-tun`: Enable congestion control algorithm for TCP connections
- #1923 `local-tun`: Disable TCP package receive checksum for improving performance
- `local-tun`: Buffer for receiving/sending packets from/to `tun` device are cached globally
## Bug Fixes
- #1929 `outbound_bind_addr` for UDP sockets failed to `bind()` if it is an IPv4 address
- Double check IPSK key length (AEAD-2022) when reading from configuration file
shadowsocks-rust (1.23.0) unstable; urgency=medium
## Features, Breaking Changes
- MSRV bumps to v1.85, Rust language edition upgraded to `2024`
- `rand` crate upgraded to v0.9, which may be incompatible with other older crates
- `local-fake-dns` switched storage engine from `sled` to `rocksdb`, users should delete the old database file and let `sslocal` recreate it ageain
- `local-fake-dns` is moved from `full` to `full-extra` feature because its still unstable
## Bug fixes
- #1832 Fixes FreeBSD build error
- #1833 Fixes `sswinservice.exe` file paths in Powershell build script
- `mips-*` targets cross build reenabled
## Miscellaneous
- #1834 Shadowsocks entrance APIs has strongly typed errors
shadowsocks-rust (1.22.0) unstable; urgency=medium
## Features, Breaking Changes
- `ServerConfig::new` returns a `Result`, fails if `password` doesn't match `method`'s requirements
- `ConnectOpts::bind_local_addr` supports binding to a specific port
- Uses `async` in trait, bump MSRV to v1.75
- #1790 `outbound_udp_allow_fragmentation` new option for allowing UDP outbound sockets to enable IP fragmentation
- `tun2` has been merged back to `meh/rust-tun`
- #1810 `UdpSocket::bind`
- `shadowsocks-rust` binary crate "default" feature set to `full`
## Bug Fixes
- Method `none` (`plain`) skips key derivation process.
- #1762 Do not crash in `ServerConfig::from_url()` on unknown method
- #1759 Flush `local-tun` tcp writer half before close
- #1765 Disallow HTTP/SOCKS4a in `socks` protocol handler when authentication is required
- `ConnectOpts`'s per-server options should not be shared globally
- #1814 `local-dns` upstream udp packet buffer size 256
## Miscellaneous
- Make cryptographic dependencies optional in default build of `shadowsocks` crate.
shadowsocks-rust (1.21.2) unstable; urgency=medium
## Bug Fixes
- #1730 `local-http`: HTTP Client removes Authority from Request URI only for HTTP/1.x
shadowsocks-rust (1.21.1) unstable; urgency=medium
## Bug Fixes
- #1730 `local-http`: The URI field in HTTP Request sent from `sslocal` should only contain path and query.
## Miscellaneous
- #1702 Debian package build removes dependency of `pwgen`
shadowsocks-rust (1.21.0) unstable; urgency=medium
## Features
- #1641 `shadowsocks`: `ProxySocket` supports generic I/O socket type
- #1567 `shadowsocks-service`: Support OpenBSD Packet-Filter (pf)
shadowsocks-rust (1.20.4) unstable; urgency=medium
## Features
- #1616 `local`: Allow configuring SOCKS5 `UDP_ASSOCIATE` address
- #1607 Published in MacPorts: https://ports.macports.org/port/shadowsocks-rust/
- #1613 `ProxyServerStream::from_stream` made public
## Bug Fixes
- #1612 `server`: Properly exit server instance if any of the sub-tasks exited
shadowsocks-rust (1.20.3) unstable; urgency=medium
## Features
- `local`: Ping Balancer scores replaced standard deviation with median absolute deviation, which should help focusing less on outlying observations in latency samples.
## Bug Fixes
- #1589 `local-tun`: Removes linking to [`SetInterfaceDnsSettings`](https://learn.microsoft.com/en-us/windows/win32/api/netioapi/nf-netioapi-setinterfacednssettings) on Windows
shadowsocks-rust (1.20.2) unstable; urgency=medium
## Features
- #1560 PingBalancer check Firefox portal allowing `200` HTTP status
shadowsocks-rust (1.20.1) unstable; urgency=medium
## Bug Fixes
- `local-online-config`: SIP008 auto reload configuration task will add online servers without replacing the existed ones. This bug will eventually cause `sslocal` consumes too many memories and get OOM killed.
Users are encourage to update to this version if using 1.19.4 to 1.20.0.
## Features
- `shadowsocks-service`: Updated [`rustls`](https://crates.io/crates/rustls) to v0.23 with [`ring`](https://crates.io/crates/ring) backend.
- `local-redir`, `server`: Better approach to check current platform IP stack capabilities like Go (IPv4, IPv6, IPv4-mapped-IPv6 supports).
- Explicitly enable dual-stack if listen addresses (`server`, `local_address`) are IPv4-mapped-IPv6, by setting `IPV6_V6ONLY=0`.
shadowsocks-rust (1.20.0) unstable; urgency=medium
## Breaking Changes
- #887 shadowsocks stream cipher (`TABLE`) doesn't need to make a derived key instead of using user's predefined key directly. This change will make shadowsocks-rust not going to be compatible with its older version. Users who are using `TABLE` cipher should upgrade all your local and server instances to the latest version of shadowsocks-rust. On the other hand, `TABLE` cipher is marked deprecated because it is vulnerable, users **must** migrate to other more secured methods immediately.
shadowsocks-rust (1.19.4) unstable; urgency=medium
## Features
- `local-online-config`: Making HTTP requests with `local-http`'s HttpClient implementation, mainly for supporting `outbound_*` socket configurations.
## Miscellaneous
- Fixed build failures on some platforms.
shadowsocks-rust (1.19.3) unstable; urgency=medium
## Breaking Changes
- Feature `dns-over-h3` moved from feature `full` to `full-extra`. DNS over H3 is still an experimental feature.
- `local-fake-dns`: Disabled compression (zstd), which seems to be deprecated by [`sled`](https://crates.io/crates/sled).
## Features
- `local-online-config`: Set 30s timeout for update HTTP requests.
shadowsocks-rust (1.19.2) unstable; urgency=medium
## Bug Fixes
- `local-tun`: `tun2` handles IP packet information automatically.
shadowsocks-rust (1.19.1) unstable; urgency=medium
## Features
- Rollback `rustls` to v0.22, v0.23 first introduced `aws-lc` as the default crypto implementation, but it cannot be built on some targets if there are still older versions of `rustls` in the dependency tree.
- `local-tun`: Switch from `tun` to `tun2`, which is a fork of `tun`. `tun` seems to be abandoned.
## Bug Fixes
- #1539 `local-fake-dns`: Query Response Message has to include the original Query and flags.
shadowsocks-rust (1.19.0) unstable; urgency=medium
## Features
- #302 `sslocal` support SIP008 Online Configuration. Pull `servers` from remote servers automatically. (Experimental)
- Add `basic`, `full`, `full-extra` features makes building command line arguments shorter
## Bug Fixes
- #1525 Check `"users"` in server configuration if `method` doesn't support AEAD-2022 EIH.
- #1528 Fixed FreeBSD build.
## Miscellaneous
- Snap: Add alias names like `sslocal`, `ssserver`, ...
- `local-tun` feature could be enabled even if target platform is not supported.
## BREAKING
- Minimal Supported Rust Version (MSRV) is v1.74
shadowsocks-rust (1.18.4) unstable; urgency=medium
## Features
- #1495 Binaries support `--plugin-mode` command line argument
- `local-tun` is enabled by default for Windows targets in CI builds
## Bug Fixes
- #1516 `local-dns` UDP client support AEAD-2022 protocol properly
shadowsocks-rust (1.18.3) unstable; urgency=medium
## Features
- #1466 Support `outbound_fwmark` in server side to split outbound tunnel
- #1467 Default build for `*-windows-*` targets includes `sswinservice`
- `local-fakedns`: Add a basic implementation of Fake-DNS, which will allocate IPs from pool for DNS queries. This experimental feature could be useful when using `local-tun`, `local-redir` or other features that could only receive IP destinations, the domain name that is resolved by the Fake-DNS will be translated from IP back to domain name when connecting to the remote.
- #1500 Add `launchd_udp_socket_name`, `launchd_tcp_socket_name` to basic config format
## Bug Fixes
- Fixed build on OpenBSD
- #1491 Fixed per-server outbound options not taking effect
- #1509 `local-tun` TCP socket creation made non-blocking
shadowsocks-rust (1.18.2) unstable; urgency=medium
## Features
- `local-tun`: Support `tun_interface_destination` configuration key
## Bug Fixes
- `local`: macOS launch activate sockets set non-blocking
shadowsocks-rust (1.18.1) unstable; urgency=medium
## Features
- Default logging framework changed to [`tracing-subscriber`](https://crates.io/crates/tracing-subscriber), which:
- Support libraries that log with both [`tracing`](https://crates.io/crates/tracing), and [`log`](https://crates.io/crates/log).
- NOTE: `--log-config` parameter will apply only to [`log4rs`](https://crates.io/crates/log4rs), which doesn't support the `tracing` framework.
## Bug Fixes
- #1425 Enable `EDNS(0)` by default for hickory-dns resolver.
## NOTE
- [`clap`](https://crates.io/crates/clap) upgraded MSRV (Minimal Supported Rust Version) to v1.74 since v4.5.0. This project will have to stay in v4.4 until the next major release.
-- ty <zonyitoo@gmail.com> Sun, 18 Feb 2024 22:05:00 +0800
shadowsocks-rust (1.18.0) unstable; urgency=medium
Mostly identical to v1.17.2, except that:
- Minimal Supported Rust Version (MSRV) upgraded from v1.64 to v1.71
- #1259 Fixed Snapcraft build. `base` changed to `core22`, auto-build architecture changed to [`arm64`, `amd64`, `armhf`]
- #1426 MIPS targets removed from release build, because MIPS targets are now downgraded to TIER 3
-- ty <zonyitoo@gmail.com> Thu, 08 Feb 2024 00:00:00 +0800
shadowsocks-rust (1.17.2) unstable; urgency=medium
## Features
- `local`: `socks` local server will support SOCKS5, SOCKS4a, HTTP proxy protocols when `local-http`, `local-socks4` features are enabled
- `local`: Support setting `udp_mtu` in configuration file to actively reject `packet.size > MTU`
## Bug Fixes
- #1378 dns-over-tls/https with rustls add dependencies to certs
- #1381 Set the incoming socket buffer sizes properly on the listen socket
- #1414 TUN synchronize SYN packet and Socket creation
shadowsocks-rust (1.17.1) unstable; urgency=medium
## Features
- #1330 `local`: Support macOS launch activate socket (https://developer.apple.com/documentation/xpc/1505523-launch_activate_socket)
- #1357 `local`: Upgrade hyper (https://crates.io/crates/hyper) to v1.0
## Bug Fixes
- #1328 `run_as_user` aborts if any error occurs
## Miscellaneous
- Minor improvements for `local-tun` on Windows
- Upgrade `shadowsocks-crypto` that supports `sm4-gcm`, `sm4-ccm` non-standard AEAD ciphers
shadowsocks-rust (1.17.0) unstable; urgency=medium
## Features
- Trust-DNS is rebranded to Hickory-DNS https://github.com/hickory-dns/hickory-dns/releases/tag/v0.24.0
- Experimental: Support DNS-over-H3 (Try with configuration `"dns": "google_h3"` and compile with feature `"dns-over-h3"`)
- #1319 Allow configuring `local-dns` client cache size
- Experimental: `local-tun` supports Windows with [Wintun](https://www.wintun.net/)
shadowsocks-rust (1.16.2) unstable; urgency=medium
## Features
- `ssurl`: #1287 Support SIP008 links
- `ssserver`: #1293 Disable UDP dual-stack outbound socket when IPv6 is not supported
- `sswinservice`: #1292 Support Windows Service
shadowsocks-rust (1.16.1) unstable; urgency=medium
## Bug Fixes
- #1285 [Regression fix] local DNS uses mode `tcp_and_udp` by default
shadowsocks-rust (1.16.0) unstable; urgency=medium
## Features
- `local-redir`: #1159 Linux Redirect (TCP) supports dual-stack listener
- #1156 Support Multipath-TCP
- DNS resolver (with `trust-dns` enabled) support outbound socket configurations, like `outbound-fwmark`, `outbound-bind-addr`, ...
- #1127 Support SIP003u, UDP plugins
- #1185 Support creating servers with builder pattern to allow users to retrieve the actual listening address of the server listeners
- #1204 Support reading default configuration files `local.json`, `server.json` and `manager.json`
- #1229 Support configuring DNS cache size with `--dns-cache-size` in command line options and `dns_cache_size` in configuration file
- #1266 Support Network Adapters' `FriendlyName` on Windows in `outbound_bind_interface`
## Bug Fixes
- #1239 Fixed misaligned read in shadowsocks' socks5 protocol implementation. It may cause panics compiled by rustc newer than 1.68.
- #1234 PingBalancer shouldn't check TCP mode by default
- #1221 Compatible with Linux Kernels that doesn't support `IP6T_SO_ORIGINAL_DST`
- #1254 Fixed Tree-Rule detector for REGEX rules that ends with `$`
## Miscellaneous
- Docker: #1149 Changed binary path to `/usr/bin` from `/usr/local/bin` preventing being overwritten by K8S mount
- Snap: Add `network-control` plug for `tun` protocol
-- ty <zonyitoo@gmail.com> Sat, 27 Aug 2023 00:20:00
shadowsocks-rust (1.15.4) unstable; urgency=medium
## Bug Fixed
- #1239 Fixed misaligned read in shadowsocks' socks5 protocol implementation. It may cause panics compiled by rustc newer than 1.68.
shadowsocks-rust (1.15.3) unstable; urgency=medium
## Features
- local-tun: Support `tun_interface_destination` for configuring Tun device's destination address
- Support `outbound_fwmark`, `outbound_user_cookie`, `outbound_bind_interface` and `outbound_bind_addr` in configuration file
## Bug Fixed
- local-tun: #1138 Fixed TCP state management
- local-redir: #988 UDP compatible with Linux < 2.6.37 (without `IPV6_TRANSPARENT`)
- manager: #1101 Set missing `ipv6_first` for servers
## Miscellaneous
- Snap: #1088 Disable Snap daemon by default
shadowsocks-rust (1.15.2) unstable; urgency=medium
## Bug Fixes
- #1060 ACL supports checking IPv4-mapped-IPv6 addresses with IPv4 rules
## Miscellaneous
- Code style and potential bug fixes with clippy check
shadowsocks-rust (1.15.0) unstable; urgency=medium
## Features
- #811 AEAD-2022 protocol ([SIP022](https://github.com/shadowsocks/shadowsocks-org/issues/196))
- WARN: This is still a draft protocol, use it at your own risk.
- SIP002 Extended Format: Allowing unencoded user-info in URL, https://github.com/shadowsocks/shadowsocks-org/issues/27#issuecomment-1124853747
- #810 Manager standalone mode support bypassing ACL files
- #818 Allow `sslocal` run without any `servers`, which will bypass all connections and packets
- #838 `"password"` is optional for `none` / `plain` method
- redir-local: Enable dual-stack support on Linux (TProxy) and FreeBSD
- Disable `md5-asm` and `sha1-asm`: https://github.com/shadowsocks/shadowsocks-crypto/issues/16
- `"acl"` and `"outbound_fwmark"` are available in configuration file
## Miscellaneous
- shadowsocks/shadowsocks-org#204 Remove `security-iv-printable-prefix` experimental feature
- Upgrade [clap](https://crates.io/crates/clap) to v4.0.
- UDP association channel size shrinked to 1024, which could save a lot of memory for each associations
## Enhancements
- #855 Properly handle IPv4-mapped-IPv6 addresses in UDP assocations
- `ssserver` always convert IPv4-mapped-IPv6 addresses to IPv4 in UDP respond target addresses
- `sslocal`
- `tun`, `socks5` always convert IPv4-mapped-IPv6 addresses to IPv4
- `redir` always use IPv6 sockets for sending back packets
shadowsocks-rust (1.14.3) unstable; urgency=medium
## Features
- Automatically bump `RLIMIT_NOFILE` on Unix (except Android)
- https://github.com/golang/go/issues/46279
- http://0pointer.net/blog/file-descriptor-limits.html
shadowsocks-rust (1.14.2) unstable; urgency=medium
## Features
- #788 `sslocal` SOCKS5 protocol supports RFC1929 Username/Password Authentication
- SECURITY: This is insecured because (a) shadowsocks' SOCKS5 UDP Association doesn't require a dynamic port for each authorized clients (b) Username and passwords are sent in plain text.
- RustCrypto/ring-compat#79 HKDF-SHA1 uses [ring](https://crates.io/crates/ring)'s assembly implementation
shadowsocks-rust (1.14.1) unstable; urgency=medium
## Miscellaneous
- `shadowsocks`, `shadowsocks-service` crates upgraded to Rust Edition 2021.
shadowsocks-rust (1.14.0) unstable; urgency=medium
## Features
- Optimization: UDP associations managment removes unnecessary locks
## Breaking Changes
- `shadowsocks_service::local::net::udp::UdpAssociationManager::new` returns clean-up interval and keep-alive receiver. It is not recommended to use this directly in your Project, because the API may change occationally.
shadowsocks-rust (1.13.5) unstable; urgency=medium
## Features
- #773 Set environment variable `SS_SYSTEM_DNS_RESOLVER_FORCE_BUILTIN` to use system's builtin DNS resolver
shadowsocks-rust (1.13.4) unstable; urgency=medium
## Features
- Allow setting `"system"` in DNS configuration key `"dns"` to use system provided DNS API
## BUG Fixes
- `ssservice` - fixed command line options when running it as symlink of `ssserver` and `ssmanager`
shadowsocks-rust (1.13.3) unstable; urgency=medium
## BUG Fixes
- #767 REGRESSION: `ssmanager` missing `--server-host` command line option since v1.13.0
- shadowsocks/shadowsocks-crypto#12 REGRESSION: `rc4-md5` method cipher IV length should be 16
shadowsocks-rust (1.13.2) unstable; urgency=medium
## Features
- (EXPERIMENTAL) Support setting `SO_USER_COOKIE` on FreeBSD
- Set cookie with `--outbound-user-cookie` command line option, working just like `--outbound-fwmark` on Linux
- (EXPERIMENTAL) Local `tun` interface refactored the `VirtDevice::poll` strategy
- Improve performance
- Still slow comparing to system's network stack
## BUG Fixes
- #765 Updated broken Wiki URL for Plugins in command line help message
- #764 Regression of client blocking ACL strategy on `ssserver`
- Introduced since v1.9.0
shadowsocks-rust (1.13.1) unstable; urgency=medium
## Bug Fixes
- `Instant` subtraction may be overflowed in `PingBalancer`
- When `sslocal` has set multiple remote servers and the host system just reboots, it will crash.
shadowsocks-rust (1.13.0) unstable; urgency=medium
## Features
- #706 `balancer.check_best_interval` could let ping balancer to ping only the chosen best server in this interval
- Recommended: Set a shorter interval in `balancer.check_best_interval` than `balancer.check_interval` to check much frequently the best server.
- `balancer.check_interval` controls the interval of checking all the available servers
- When server start, the "check best" strategy starts after it receives enough data for estimating all servers' scores
- #744 Refactored `local-tun`, using `smoltcp` as a user-space network stack
## Miscelleneous
- Upgrade [`clap`](https://crates.io/crates/clap) (the command-line argument handling library) to v3.0
- #739 Support K8S deployment
- [shadowsocks-crypto](https://github.com/shadowsocks/shadowsocks-crypto) switch underlying encryption library to [RustCrypto](https://github.com/RustCrypto)
- Able to build with stable Rust
- Build for target `aarch64` with nightly, features `"armv8 neon"` should be enabled for hardware acceleration.
shadowsocks-rust (1.12.5) unstable; urgency=medium
## Bug Fixes
- #725 High CPU consumption on Linux Kernel < 4.11 when TCP Fast Open is enabled.
-- ty <zonyitoo@gmail.com> Fri, 17 Dec 2021 00:13:26 +0800
shadowsocks-rust (1.12.4) unstable; urgency=medium
## Features
- Configuration
- `ipv6_only` configuration option setting `IPV6_V6ONLY` to all listener sockets that are listening to dual-stack address (`::`)
- #700 Default configuration search path also includes `$PWD`
- Log and Runtime related options could be configured via configuration file
- #698 New binary `ssservice` unified features in (`sslocal`, `ssserver` and `ssmanager`)
## Bug Fixes
- #694 UDP binds to dual-stack address (`::`) will detect `0.0.0.0` already in use automatically
- Transparent Proxy (redir) local client will always set `IPV6_V6ONLY` for listeners that are listening on `::`
## Miscelleneous
- Deprecating `SS_LOG_VERBOSE_LEVEL` and `SS_LOG_WITHOUT_TIME` (introduced in [v1.12.3](https://github.com/shadowsocks/shadowsocks-rust/releases/tag/v1.12.3)) in flavor of configuring in the configuration file
-- ty <zonyitoo@gmail.com> Sun, 28 Nov 2021 15:01:54 +0800
shadowsocks-rust (1.12.3) unstable; urgency=medium
## Features
- #688 Support default configuration file path for `sslocal`, `ssserver` and `ssmanager`
- Linux: `$XDG_CONFIG_PATH/shadowsocks-rust/config.json` or `$HOME/.config/shadowsocks-rust/config.json`
- Windows: `{FOLDERID_RoamingAppData}\shadowsocks\shadowsocks-rust\config\config.json`
- macOS: `$HOME/Library/Application Support/org.shadowsocks.shadowsocks-rust/config.json`
- #691 Manipulating default logging options (command line options `-vvv` and `--log-without-time`) with environment variable `SS_LOG_VERBOSE_LEVEL` and `SS_LOG_WITHOUT_TIME`
- #419 Read servers' password from environment variables
- Server created from command line argument without `--password` will try to read it from TTY
- Servers' `"password"` field or `--password` option support `${VAR_NAME}` format to read password from environment variable `VAR_NAME`
-- ty <zonyitoo@gmail.com> Fri, 26 Nov 2021 00:12:13 +0800
shadowsocks-rust (1.12.2) unstable; urgency=medium
## BUG Fixes
- #683 local-dns command line `--remote-dns-addr` will have default port `53`
## Miscellaneous
- Removed direct dependency to [`mio`](https://crates.io/crates/mio), sending file descriptors through UDS now with [`sendfd`](https://crates.io/crates/sendfd).
-- ty <zonyitoo@gmail.com> Tue, 16 Nov 00:11:44 2021 +0800
shadowsocks-rust (1.12.1) unstable; urgency=medium
## Features
- #669 ACL regular expression rules will try to convert to `||` (sub-domains) and `|` (exact match) rules.
## Bug Fixes
- #674 MIPS targets in pre-built releases binaries will be compressed by `upx`
- #670 Servers created by command line options in `ssserver` will have mode `tcp_only`
-- ty <zonyitoo@gmail.com> Tue, 9 Nov 2021 23:27:48 +0800
shadowsocks-rust (1.12.0) unstable; urgency=medium
## Features
- TCP connects with Happy Eyeballs (RFC6555, RFC8305) strategy
- Local
- #586 Basic support of `tun` interface in `sslocal` (Experimental) Tested on macOS and Linux
- #620 Local server will choose remote servers based on their `"mode"`
- Local Balancer
- Configurable `max_server_rtt` and `check_interval`
- Reload configuration `"servers"` in runtime when receiving `SIGUSR1` signal
- Manager
- #421 `ssmanager` support `--plugin` and `--plugin-opts` as default plugin configurations
- #648 `ssmanager` support starting `ssserver` in standalone (independent process) mode.
- #627 ACL support `|` and `||` hash-set and domain-tree mode
- Support `--outbound-bind-interface` on Windows.
## Bug Fixed
- #579 UDP server reply target address should be received source address
- TFO socket on Windows should bind to `SOCKADDR_IN6` for IPv6 targets
- #640 `--daemonize` will set `chdir` to current working directory
- [BREAKING] In the previous version `--daemonize` will call `chdir` to `/` by default, so it may change the behavior if users using relative paths in `"plugin"` or `"plugin_opts"`
## Miscellaneous
- #596 Support Snapcraft https://snapcraft.io/shadowsocks-rust
- TFO on Linux queue length set to 1024 to match backlogs
- Completely remove Replay Attack Protection with Ping-Pong bloom filter in default build configuration
-- ty <zonyitoo@gmail.com> Tue, 2 Nov 2021 12:52:17 +0800
shadowsocks-rust (1.11.2) unstable; urgency=medium
## Features
- #570 Multi-architecture Docker image for release
- Replaced `futures::future::abortable` with `tokio`'s builtin `tokio::task::JoinHandle::abort`
- Define binaries' exit code with standard in `sysexits.h`
- HTTP local listener supports `TCP_NODELAY`, `SO_KEEPALIVE` and dual-stack
## Bug Fixed
- #577 `ssmanager` and `ssserver` command line argument `-u` should overwrite `mode` to be `Mode::UdpOnly`
- #566 Exit with error code instead of `panic!` when loading ACL fails
- #555 Properly handling `EINPROGRESS` for TFO connect when falling backs
- #557 Properly killing UDP associations, which may cause `Future` (memory) leaks
## Security
- #556 Remove silent dropping when replay was detected
-- ty <zonyitoo@gmail.com> Sat, 24 July 2021 11:50:00 +0800
shadowsocks-rust (1.11.1) unstable; urgency=medium
## Features
- #546 Enable TCP Keep Alive for inbound and outbound sockets
- Add a new `keep_alive` key in configuration for configuring keep alive timeout
- Default timeout is 15 seconds (like Go's `net` library's default)
- #543 Add `disabled` key for local servers in configuration
## Bug Fixed
- #490 Try to purge half-open TCP connections when one direction is closed
- When one direction is closed, server will set a 5 seconds read timeout on the other half
- #542 Allow setting `method` for default encryption method when starting `ssmanager` with configuration
- #541 Fixed ACL rules for `ssmanager`
-- ty <zonyitoo@gmail.com> Sun, 6 June 2021 23:16:00 +0800
shadowsocks-rust (1.11.0) unstable; urgency=medium
## Features
- Support TFO (TCP Fast Open) on Linux, Windows, macOS (iOS), FreeBSD (https://github.com/shadowsocks/shadowsocks-rust/issues/184)
- Support customizing servers' weight for balancer (https://github.com/shadowsocks/shadowsocks-rust/issues/510)
-- ty <zonyitoo@gmail.com> Fri, 14 May 2021 12:31:54 +0800
shadowsocks-rust (1.10.9) unstable; urgency=medium
## Bug Fixes
- HTTP Proxy preserves headers' title case. https://github.com/shadowsocks/shadowsocks-rust/discussions/491 , https://github.com/hyperium/hyper/issues/2313
-- ty <zonyitoo@gmail.com> Fri, 23 Apr 2021 23:58:08 +0800
shadowsocks-rust (1.10.8) unstable; urgency=medium
## Bug Fixes
- Removes non-standard AEAD ciphers that have variable nonce length, including
- `aes-128-ocb-taglen128`, `aes-192-ocb-taglen128`, `aes-256-ocb-taglen128`
- `aes-siv-cmac-256`, `aes-siv-cmac-384`, `aes-siv-cmac-512`
-- ty <zonyitoo@gmail.com> Sun, 18 Apr 2021 21:00:21 +0800
shadowsocks-rust (1.10.7) unstable; urgency=medium
## Features
- Support non-standard AEAD ciphers `sm4-gcm` and `sm4-ccm`
-- ty <zonyitoo@gmail.com> Sat, 17 Apr 2021 22:46:39 +0800
shadowsocks-rust (1.10.6) unstable; urgency=medium
## Features
- [shadowsocks/shadowsocks-crypto#8](https://github.com/shadowsocks/shadowsocks-crypto/issues/8) Support non-standard AEAD ciphers with `crypto2`, could be enabled by feature `aead-cipher-extra`
- `aes-128-ccm`, `aes-256-ccm`
- `aes-128-gcm-siv`, `aes-256-gcm-siv`
- `aes-128-ocb-taglen128`, `aes-192-ocb-taglen128`, `aes-256-ocb-taglen128`
- `aes-siv-cmac-256`, `aes-siv-cmac-384`, `aes-siv-cmac-512`
- `xchacha20-ietf-poly1305`
## Bug Fixes
- [shadowsocks/shadowsocks-android#2705](https://github.com/shadowsocks/shadowsocks-android/issues/2705) MD5 algorithm bug causes KDF (Key Derived Function) produces wrong key when `LEN(password) % 64 in [50, 64)`
-- ty <zonyitoo@gmail.com> Sat, 17 Apr 2021 21:45:46 +0800
shadowsocks-rust (1.10.5) unstable; urgency=medium
## BUG Fixed
- `ProxyClientStream` should keep the concatenated first packet buffer alive before asynchronous `write()` finishes
-- ty <zonyitoo@gmail.com> Sat, 10 Apr 2021 09:07:52 +0800
shadowsocks-rust (1.10.4) unstable; urgency=medium
# Fixed BUG
- `ProxyClientStream::poll_write` may lose the `Address` in the packet to be sent if socket returns `EAGAIN`
# Features
- Support `protocol` in basic configuration format
-- ty <zonyitoo@gmail.com> Fri, 9 Apr 2021 17:25:04 +0800
shadowsocks-rust (1.10.3) unstable; urgency=medium
## BUG Fixed
- #472 Fixed `SO_INCOMING_CPU` when building on some Linux targets. rust-lang/socket2#213
-- ty <zonyitoo@gmail.com> Wed, 7 Apr 2021 09:55:40 +0800
shadowsocks-rust (1.10.2) unstable; urgency=medium
## BUG Fixed
- `mode` in basic configuration format doesn't work for local instance
-- ty <zonyitoo@gmail.com> Sun, 28 Mar 2021 11:13:01 +0800
shadowsocks-rust (1.10.1) unstable; urgency=medium
## BUG Fixed
- #469 Compilation error on Android
## Miscellaneous
- `sslocal` checks new local instance's parameters dependency
- `--protocol`, `--forward-addr`, ... will require `--local-addr` to be specified
-- ty <zonyitoo@gmail.com> Sat, 27 Mar 2021 00:13:00 +0800
shadowsocks-rust (1.10.0) unstable; urgency=medium
## Features
- #452 `sslocal` supports starting multiple instances in the same process
- Add `locals` in extended configuration format for specifying multiple local server instances
- (Android Only) Support `unix://` schema in `dns` configuration
- Support `tcp://` and `udp://` in `dns`configuration for setting DNS protocol. Uses both TCP and UDP if not specified.
- Support `quad9_https` predefined DNS servers
- Updated `shadowsocks-crypto` to `v0.2`, which `Cipher` implementation uses `enum` static dispatch instead of `Box`ed Trait Object for dynamic dispatch
## BUG Fixes
- PingBalancer 2nd check will be sent 10s after 1st initialization check.
## Breaking Changes
- `sslocal`'s command line options are now for creating a new local instance:
- `--local-addr`, `--forward-addr`, `-U`, `-u`, `--protocol`, ... will only applied to the local instance specified by `--local-addr`
- `ssserver`'s command line options are now for creating a new server instance:
- `-U` and `-u` will only applied to the local instance specified by `--server-addr`
-- ty <zonyitoo@gmail.com> Thu, 25 Mar 2021 18:10:00 +0800
shadowsocks-rust (1.9.2) unstable; urgency=medium
## Features
* #442 Check repeated salt after first successful decryption
## BUG Fixes
* Redir: setting SO_REUSEPORT, SO_MARK for UDP send-back sockets
-- ty <zonyitoo@gmail.com> Fri, 6 Mar 2021 01:15:00 +0800
shadowsocks-rust (1.9.1) unstable; urgency=medium
## BUG Fixes
* #431 UdpSocket::from_std requires sockets to be non-blocked.
## Features
* Removed avx from the default CPU features
-- ty <zonyitoo@gmail.com> Fri, 26 Feb 2021 19:01:06 +0800
shadowsocks-rust (1.9.0) unstable; urgency=medium
Complete refactored the whole implementation and splits into 3 different crates:
* shadowsocks - Core feature of shadowsocks
* shadowsocks-service - Service library for implementing Local Server, Remote Server, Manager Server
* shadowsocks-rust - Binary crate for release
Replaced libsodium and libcrypto with [crypto2](https://github.com/shadowsocks/crypto2).
## Features
* Support setting SO_MARK, SO_BINDTODEVICE on Linux
* Support setting SO_SNDBUF and SO_RCVBUF for TCP sockets
* Support [SIP008](https://github.com/shadowsocks/shadowsocks-org/issues/89 "Online config") extend server fields server, server_port, remarks
* Local DNS Relay
* Support sending TCP and UDP queries simutaneously
* Support connection reusability
* Remove mostly TCP timeout setting for tunnels, connections will only be killed if clients or servers close
* Auto-reload DNS resolver configuration from /etc/resolv.conf on *NIX platforms.
* [#379](https://github.com/shadowsocks/shadowsocks-rust/issues/379 "希望通过传递参数方式指定多线程模式下tokio启动的线程数") Allow customizing number of worker-threads for multi-threaded scheduler.
* [#401](https://github.com/shadowsocks/shadowsocks-rust/issues/401 "Lazy server disable implementation") Support field disabled in extended server configuration
* Ping Balancer
* Treat timeouts as failures, so requests that receive no response count as failures.
* Increase check timeout from 2s to 5s to avoid penalties on slow servers.
* Increase check interval from 6s to 10s.
* `--outbound-bind-interface` is now supported in both Linux and macOS
* [#352](https://github.com/shadowsocks/shadowsocks-rust/issues/352 "Add command line arguments to control incoming/outgoing send/receive socket OS buffer size") Support customizing inbound and outbound sockets' SO_SNDBUF and SO_RCVBUF by command line options
## Library Update
* [tokio v1.0](https://tokio.rs/blog/2020-12-tokio-1-0)
* [shadowsocks-crypto](https://github.com/shadowsocks/shadowsocks-crypto), [crypto2](https://github.com/shadowsocks/crypto2)
## Optimization
* UDP Relays sending respond packets directly to UdpSocket instead of channel, which will significantly improve respond latency
* [#408](https://github.com/shadowsocks/shadowsocks-rust/issues/408 "using crate spin without feature "std" causes performance problem") Enable std features for the spin crate to enable yielding threads when spinning on waiting.
## BUG Fixes
* For BSD systems, set IPV6_BINDANY and SO_BINDANY on SOL_SOCKET properly
* `trust-dns-resolver` requires explicit enables feature `dns-over-https-rustls` for DoH [#367](https://github.com/shadowsocks/shadowsocks-rust/issues/367 "Compile error on latest `master` branch while enabling `dns-over-tls` & `dns-over-https`")
* ACL domain rules should be case insensitive. Domain names are case insensitive.
* [shadowsocks/shadowsocks-android#2667](https://github.com/shadowsocks/shadowsocks-android/issues/2667 "Service is down intermittently") set timeout for protect() call to Android's VpnService
## Miscellaneous
* Disable HTTPS outbound connection for local HTTP proxy by default. For most use cases, HTTPS should be proxied with CONNECT method.
* Unified UDP relay association implementation for less duplicated code.
* Deprecated `single-threaded` build feature, replaced by `multi-threaded`.
* Disable stream ciphers by default. Could be enabled with feature `stream-cipher`.
* Enable IPv6 dual stack mode by default when listening on `::`.
-- ty <zonyitoo@gmail.com> Mon, 22 Feb 2021 09:28:28 +0800
shadowsocks-rust (1.8.23) unstable; urgency=medium
## BUG Fixed
* Fixed REDIR client setsockopt options, IPv6 should use IPV6_TRANSPARENT on level SOL_IPV6 or IPPROTO_IPV6
-- ty <zonyitoo@gmail.com> Tue, 3 Nov 2020 01:17:47 +0800
shadowsocks-rust (1.8.22) unstable; urgency=medium
## Features
* Load balancer uses Firefox's network detection address: http://detectportal.firefox.com/success.txt
* The original http://dl.google.com/generate_204 is not always available all over the world
## BUG Fixed
* ARMv6 release target (arm-unknown-linux-gnueabihf) shouldn't enable output AES instructions
* Moves many connection ERROR logs to DEBUG level
-- ty <zonyitoo@gmail.com> Mon, 2 Nov 2020 01:37:24 +0800
shadowsocks-rust (1.8.21) unstable; urgency=medium
## Features
* Support [SIP008](https://github.com/shadowsocks/shadowsocks-org/issues/89 "Online config") multi-server configuration keys: `server`, `server_port` and `remarks`:
{
"servers": [
{
"server": "your.shadowsocks.server",
"server_port": 8388,
"method": "aes-256-gcm",
"password": "password",
"remarks": "My Shadowsocks Server"
}
]
}
* [#308](https://github.com/shadowsocks/shadowsocks-rust/issues/308 "没有后台运行的吗?") Supports daemonize with command line option (`-d`, `--daemonize`) on *nix platforms
* Switched logging facility to [log4rs](https://crates.io/crates/log4rs) for more extensible configurations
## BUG Fixed
* [#284](https://github.com/shadowsocks/shadowsocks-rust/issues/284 "ssurl is broken") Fixed conflicts in ssurl command line options
* [#309](https://github.com/shadowsocks/shadowsocks-rust/issues/309 "端口占用造成插件退出") Fixed mode in add command of ssmanager
* [#303](https://github.com/shadowsocks/shadowsocks-rust/issues/303 "sslocal tries to connect to servers even when network is not yet online") Lower proxy connection error messages to DEBUG level
* Call sleep() if server accept() failed
-- ty <zonyitoo@gmail.com> Mon, 19 Oct 2020 09:38:47 +0800
shadowsocks-rust (1.8.20) unstable; urgency=medium
## Features
* Updated various dependencies to their latest release
* Lazy creating bypassed and proxied UDP associations in ACL mode
* Each UDP associations that running in ACL mode would create 2 file descriptors (or HANDLEs) (one for bypassed, the other for proxied) when constructing in older version
* UDP associations in ssserver will try to return domain name addresses when receives packets from remotes that were requested with domain name address targets.
## BUG Fixed
* UDP associations in sslocal handled bypassed requests incorrectly, which would try to parse response packets in shadowsocks' server protocol
-- ty <zonyitoo@gmail.com> Wed, 14 Oct 2020 00:46:08 +0800
shadowsocks-rust (1.8.19) unstable; urgency=medium
## Features
* Plugin configurations in files have a new optional field plugin_args for passing command line arguments when plugin starts
{
"plugin": "your_plugin",
"plugin_args": [
"-p",
"arg1"
]
}
* increase_nonce function for AEAD ciphers is optimized if sodium feature is disabled.
* Add arm-unknown-linux-musleabi target in releases
* Optimized EncryptWriter by reusing decrypting buffers
-- ty <zonyitoo@gmail.com> Sun, 11 Oct 2020 16:34:58 +0800
shadowsocks-rust (1.8.18) unstable; urgency=medium
## BUG Fixed
* [#294](https://github.com/shadowsocks/shadowsocks-rust/pull/294 "") UDP relay server's associations shouldn't bind to local address, which will eventually cause EADDRINUSE
-- ty <zonyitoo@gmail.com> Tue, 15 Sep 2020 10:11:43 +0800
shadowsocks-rust (1.8.17) unstable; urgency=medium
## BUG Fixed
* [#292](https://github.com/shadowsocks/shadowsocks-rust/pull/292) Hold the TCP connection if it failed to decrypt the first packet for preventing active probing.
* [#293](https://github.com/shadowsocks/shadowsocks-rust/pull/293) Keep server running if it fails to create UDP associations.
-- ty <zonyitoo@gmail.com> Tue, 8 Sep 2020 23:31:20 +0800
shadowsocks-rust (1.8.16) unstable; urgency=medium
## Features
* [#290](https://github.com/shadowsocks/shadowsocks-rust/pull/290) UDP's ServerClient support split() into ReadHalf and WriteHalf
## BUG Fixed
* [#289](https://github.com/shadowsocks/shadowsocks-rust/pull/289) Fixed UDP's ServerClient data decryption
-- ty <zonyitoo@gmail.com> Thu, 20 Aug 2020 17:11:01 +0800
shadowsocks-rust (1.8.15) unstable; urgency=medium
Code base are exactly the same as v1.8.14.
## Bug Fixed
* `x86_64-unknown-linux-gnu` release should be built by cross with GLIBC_2.15
* `x86_64-apple-darwin` release built with invalid format sslocal (still don't know why)
-- ty <zonyitoo@gmail.com> Mon, 10 Aug 2020 01:12:54 +0800
shadowsocks-rust (1.8.14) unstable; urgency=medium
## Features
* Support customizing memory allocator by features: tcmalloc, mimalloc, jemalloc
## BUG Fixed
* [#273](https://github.com/shadowsocks/shadowsocks-rust/issues/273) Use AtomicUsize for maximum compatibility in flow statistics
* [#285](https://github.com/shadowsocks/shadowsocks-rust/issues/285) Fixed binaries command line options issue causing by conflicts_with
-- ty <zonyitoo@gmail.com> Sun, 9 Aug 2020 01:06:49 +0800
shadowsocks-rust (1.8.13) unstable; urgency=medium
## Features
* Direct send data for none ciphers, prevent unnecessary data copies
* Feature jemalloc for enabling jemalloc allocator (use system's default allocator by default)
* [#272](https://github.com/shadowsocks/shadowsocks-rust/issues/272) Support customizing manager created server's bind address
## BUG Fixed
* Client flow reports tx and rx are swapped
* AEAD TCP protocol must check the reserved higher 2 bits
-- ty <zonyitoo@gmail.com> Sun, 19 Jul 2020 12:17:48 +0800
shadowsocks-rust (1.8.12) unstable; urgency=medium
## Features
* [#260](https://github.com/shadowsocks/shadowsocks-rust/issues/260) sslocal supports https protocol (HTTP Proxy over TLS)
* [#263](https://github.com/shadowsocks/shadowsocks-rust/issues/263) UDP Associations connect() to proxies' IP to avoid re-resolving domain names for every packets
* [#233](https://github.com/shadowsocks/shadowsocks-rust/issues/233) sslocal supports socks4 protocol (SOCKS4/4a)
* Options for LRU cache in UDP relay:
* udp_timeout: UDP Association will be kept up to this duration (in seconds)
* udp_max_associations: Maximum number of UDP Associations will be kept simultaneously
## BUG Fixed
* Removed unnecessary UDP socket wake ups
* Expired Associations will be cleaned by a separated task
## BREAKING Changes
* Manager's configurations are now wrapped into ManagerConfig
* timeout field in Config is removed inflavored timeout in ServerConfig
* DNS resolving timeout is using the default configuration (5 seconds for most cases)
* Bypassing TCP streams won't timeout
-- ty <zonyitoo@gmail.com> Mon, 1 Jun 2020 23:48:55 +0800
shadowsocks-rust (1.8.11) unstable; urgency=medium
## Features
* [#232](https://github.com/shadowsocks/shadowsocks-rust/issues/232) Send data along with handshake (LOCAL -> REMOTE)
* HTTP server supports https target with both native-tls and rustls
* For rustls, https connections will try to negotiate h2 with ALPN
* shadowsocks/shadowsocks-org#161 Support none as dummy cipher's name
* Adding local-tunnel feature for controlling tunnel protocol
* [#252](https://github.com/shadowsocks/shadowsocks-rust/issues/252) Support udp_max_associations configuration option
* Various updates for local-dns-relay for Android integration
## Fixed BUGs
* [#234](https://github.com/shadowsocks/shadowsocks-rust/issues/234) Ensure plugin subprocesses are killed when server is exited
* On *NIX platform, SIGTERM is sent to plugins for graceful exit
* [#237](https://github.com/shadowsocks/shadowsocks-rust/issues/237) Increase regex memory limit for ACL host rules
* [#240](https://github.com/shadowsocks/shadowsocks-rust/issues/240) Wait for 10 seconds for plugins to start
* ssserver should start plugins with PluginMode::Server
## BREAKING Changes
* Removed Runtime's Handle for all run entry functions
-- ty <zonyitoo@gmail.com> Sat, 16 May 2020 00:20:45 +0800
shadowsocks-rust (1.8.10) unstable; urgency=medium
## Features
* Support ACL configuration
* Examples could be found in [shadowsocks/shadowsocks-libev](https://github.com/shadowsocks/shadowsocks-libev/tree/master/acl)
* sslocal supports transparent proxy protocol (experimental)
* TCP
* Linux: iptables with REDIRECT or TPROXY rules
* macOS: pf
* FreeBSD: pf or ipfw, not tested
* OpenBSD: pf, not tested
* UDP
* Linux: iptables with TPROXY rules
* FreeBSD/OpenBSD: pf, not tested
* Usage: Run sslocal with --protocol redir
* Better command line option verifications
## Fixed BUGs
* sslocal with HTTP protocol clears [Hop-by-Hop headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
* CryptoStream is now thread safe
* [#222](https://github.com/shadowsocks/shadowsocks-rust/issues/222) rc4 cipher is now working
## Miscellaneous
* Integrate into the Android's client implementation, [shadowsocks/shadowsocks-android#2452](https://github.com/shadowsocks/shadowsocks-android/issues/2452)
* Not finished yet, you shouldn't use them in production environment
* Abort on `panic!` for release builds
* [#223](https://github.com/shadowsocks/shadowsocks-rust/issues/223) `--log-without-time` command line option is added back
* [#205](https://github.com/shadowsocks/shadowsocks-rust/issues/205) `-6` command line option to resolve host names to IPv6 addresses first
## BREAKING Changes
* Merged sstunnel and ssredir into sslocal
* DNS-over-HTTPS and DNS-over-TLS are disabled by default, could be enabled by features dns-over-https and dns-over-tls
* [#217](https://github.com/shadowsocks/shadowsocks-rust/issues/217) Logging output uses local datetime instead of UTC
* Logging output is now in customized format
-- ty <zonyitoo@gmail.com> Fri, 10 Apr 2020 19:39:14 +0800
shadowsocks-rust (1.8.9) unstable; urgency=medium
## Features
* ssmanager - Supports Manage Multiple Users APIs
* Create / Remove servers in the same tokio runtime dynamically
* Fallback to tokio's builtin DNS resolver (currently it is libstd's builtin) if trust-dns's resolver initialize failed
## Fixed BUGs
* Ping tasks will panic if remote servers fail to connect for the first time
-- ty <zonyitoo@gmail.com> Thu, 13 Feb 2020 01:13:07 +0800
shadowsocks-rust (1.8.8) unstable; urgency=medium
## Features
* ssredir - (Experimental) Transparent Proxy. Currently only supports the following platforms:
* Linux - TCP: REDIRECT and TPROXY, UDP: TPROXY
* FreeBSD - TCP, UDP: ipfw
## BUG Fixed
* Enable TCP_NODELAY for better handshaking performance, for
* sslocal's socks5 protocol handshaking
* Local and Remote server shadowsocks' IV/nonce exchanging
* Ensure plugins starts before listening for sslocal
* Eliminated those connection failures while sslocal server just started
* [#191](https://github.com/shadowsocks/shadowsocks-rust/issues/191) Skip IV/nonce duplication check for plain cipher
## Miscellaneous
* Nightly builds on CircleCI: https://circleci.com/gh/shadowsocks/shadowsocks-rust
* Obtain release binaries in #Artifacts, for example:
* https://circleci.com/gh/shadowsocks/shadowsocks-rust/151#artifacts/containers/0
-- ty <zonyitoo@gmail.com> Thu, 6 Feb 2020 20:14:57 +0800
shadowsocks-rust (1.8.7) unstable; urgency=medium
## Features
* Set RLIMIT_NOFILE on *nix systems by
* -r, --nofile command line argument
* nofile key in configuration file
## BUG Fixed
* ssserver shouldn't use local_port in configuration to bind() before connect() or sendto()
* Command line argument --bind-addr or -b should only accept IP or Domain
-- ty <zonyitoo@gmail.com> Mon, 13 Jan 2020 10:45:54 +0800
shadowsocks-rust (1.8.6) unstable; urgency=medium
Basically the same as v1.8.5, but prints the actual error while handshaking with clients. Useful if server received a repeated IV and salt (probably replay attacks).
-- ty <zonyitoo@gmail.com> Sun, 12 Jan 2020 09:44:18 +0800
shadowsocks-rust (1.8.5) unstable; urgency=medium
## Features
* Add feature trust-dns to allow disable depending on [trust-dns-resolver](https://crates.io/crates/trust-dns-resolver)
* Disabling trust-dns would significantly shrink the size of binaries
* [#26](https://github.com/shadowsocks/shadowsocks-rust/issues/26) UDP servers will also bind() to local_address and local_port
* Check repeated IV / Salt for defending against replay attacks
* [Defend against replay attack](https://github.com/shadowsocks/shadowsocks-org/issues/44)
-- ty <zonyitoo@gmail.com> Sun, 12 Jan 2020 00:09:18 +0800
shadowsocks-rust (1.8.4) unstable; urgency=medium
## Features
* ssserver supports bind before connect to remote addresses. Can be configured by
* local_address and local_port in config.json
* -b or --bind-address in command line parameter
* Suggestion: Port should be set to 0 otherwise you will get EADDRINUSE
## Breaking Changes
* ssserver won't ignore local_address and local_port in config.json
-- ty <zonyitoo@gmail.com> Thu, 9 Jan 2020 23:35:59 +0800
shadowsocks-rust (1.8.3) unstable; urgency=medium
## Enhancements
* Refactored PingBalancer for supporting customized Server Configuration structure
* For Example: HTTP sslocal can stores HttpClients into the ServerScore structure instead of putting them into a HashMap.
* Removed trust-dns feature gate, set as default.
-- ty <zonyitoo@gmail.com> Wed, 8 Jan 2020 13:42:45 +0800
shadowsocks-rust (1.8.2) unstable; urgency=medium
## Enhancements
* Refactored PingBalancer for supporting customized Server Configuration structure
* For Example: HTTP sslocal can stores HttpClients into the ServerScore structure instead of putting them into a HashMap.
* Removed trust-dns feature gate, set as default.
-- ty <zonyitoo@gmail.com> Tue, 7 Jan 2020 09:16:50 +0800
shadowsocks-rust (1.8.1) unstable; urgency=medium
## BUG Fixed
* Send crypto IV (Stream Ciphers) / Nonce (AEAD Ciphers) with the first payload in one packet.
* Reduced 1 RTT while handshaking with servers
* HTTP Proxy client Handles IPv6 URI host properly
* RFC 2732
-- ty <zonyitoo@gmail.com> Sun, 5 Jan 2020 16:40:19 +0800
shadowsocks-rust (1.8.0) unstable; urgency=medium
## Features
* A new binary `sstunnel`. Establish TCP and UDP tunnels to remote. Discussion: #177
```
# Establish an UDP tunnel to 8.8.8.8:53 (just like what ssdns did in the past)
sstunnel -c config.json -f '8.8.8.8:53' -u
```
* Uses `async/await` syntax (requires `rustc` version >= `v1.40.0`)
* Dependencies
* `tokio` - `v0.2`
* `trust-dns-resolver` - `v0.18`
* `libsodium-sys` (switched from `libsodium-ffi` for better build process)
* Ping balancer
* Calculate scores not only with servers' latency, but also availability
* Supports UDP relay
* Retry 3 times if it connects failed to remote proxy server automatically
## Bug Resolved
* Refactored UDP relay. Now it works just like NAT. Discussion: #168
* Temporary workaround for UdpSocket `WSAECONNRESET`. Discussion: #179
* Ref: https://stackoverflow.com/questions/30749423/is-winsock-error-10054-wsaeconnreset-normal-with-udp-to-from-localhost
## Breaking Changes
* Removed `ssdns`. `sstunnel` can fulfill its job.
## Releases
* `shadowsocks-v1.8.0-stable.x86_64-unknown-linux-musl.tar.xz`
* SHA256 `5ec41d5a306715e455b1012de0ddaa33273970689b6df48ffbb0da5fb6083531`
* `shadowsocks-v1.8.0-stable.x86_64-pc-windows-gnu.zip`
* SHA256 `f7e23a145ca42a0ce73349263650256c9cc3e05caf637c2396699d72801d6966`
-- ty <zonyitoo@gmail.com> Sat, 28 Dec 2019 00:00:00 +0800
shadowsocks-rust (1.7.0) unstable; urgency=medium
## Refactors
* #141 Build with Rust 2018.
* #100 Migrated to Tokio Runtime.
* #139 Refactor for using as a library. Move signal monitor outside of shadowsocks library.
## Dependencies
* Replaced `ToSocketAddrs` with `trust-dns`
* #111 Upgrade rand to v0.5 and use `ThreadRng`
* #132 Feature gate RC4 cipher
* `--feature miscreant` is now can be built with stable.
## Configurations
* Support timeout key in the outer object in configuration ( `{ "timeout": 30 }` )
* UDP relay sets timeout with separated key `udp_timeout`
* #123 `set_nodelay` and `set_keepalive`, `no_delay` is configurable in configuration
* [Breaking] Replace `enable_udp` with `mode`, possible values are: `tcp_and_udp`, `tcp_only`, `udp_only`.
## Bugfix
* [BUG-FIXED] #105 Fixed "Too many open files" in UDP relay.
* [BUG-FIXED] Fixed bug while starting UDP relay. While starting server with plugins, it should not change the listening addresses for UDP relay, which are only for TCP relay.
* [BUG-FIXED] #106 Server should not panic if accepted socket closed right after `accept()`.
* Implemented a new `ssdns` server, which can serve as a DNS server and proxy DNS queries via ShadowSocks' UDP relay.
* [FIXED-BUG] #118 #122 Fixed DNS resolving issue. It may failed to resolve remote server's address if you haven't configured any IP addresses in forbidden_ip section.
## New features
* Uses `impl Trait` for functions
* #113 Supported `xchacha20-ietf-poly1305` encrypt method
* Removed all global states in client and servers, which will allow starting multiple ShadowSocks instances in one process.
* Uses `json5` to parse config file.
* #85 Support `ss-manager` report protocol. (Can co-operate with `ss-manager`)
-- ty <zonyitoo@gmail.com> Wed, 20 Jan 2019 01:14:55 +0800
shadowsocks-rust (1.6.11) unstable; urgency=medium
* Updated dependencies
-- ty <zonyitoo@gmail.com> Sat, 20 Jan 2018 20:45:59 +0800
shadowsocks-rust (1.6.10) unstable; urgency=medium
* Check AEAD packet length before actually reading it.
-- ty <zonyitoo@gmail.com> Sat, 2 Dec 2017 11:56:00 +0800
shadowsocks-rust (1.6.9) unstable; urgency=medium
* Fixed increase_nonce without libsodium
-- ty <zonyitoo@gmail.com> Sun, 26 Nov 2017 10:28:13 UTC
shadowsocks-rust (1.6.8) unstable; urgency=medium
* Upstream bump version.
-- Simon Shi <simonsmh@gmail.com> Wed, 08 Nov 2017 14:27:18 +0800
shadowsocks-rust (1.6.6+deb1) unstable; urgency=medium
* Add debian files.
* Add systemd files and default config.
-- Simon Shi <simonsmh@gmail.com> Tue, 10 Oct 2017 10:01:14 +0800
shadowsocks-rust (1.6.6) stable; urgency=medium
* Removed aes-128-ctr cipher
-- ty <zonyitoo@gmail.com> Wed, 4 Oct 2017 04:11:55 +0800
shadowsocks-rust (1.6.5) unstable; urgency=medium
* Initial Release.
-- Shigure Moe <feng591892871@gmail.com> Sat, 30 Sep 2017 16:21:42 +0800
Reference in New Issue View Git Blame Copy Permalink