chore: update deps

eycorsican · May 1, 2024 · 1577787 · 1577787
1 parent 1dfe30b
commit 1577787
Show file tree

Hide file tree

Showing 12 changed files with 136 additions and 98 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: local local-dev test proto-gen
+.PHONY: cli cli-dev test proto-gen
 
 CFG_COMMIT_HASH := $(shell git rev-parse HEAD | cut -c 1-7)
 export CFG_COMMIT_HASH := $(CFG_COMMIT_HASH)

diff --git a/leaf/Cargo.toml b/leaf/Cargo.toml
@@ -99,7 +99,7 @@ outbound-static= []
 outbound-tryall = []
 outbound-chain = []
 outbound-amux= ["tokio-util"]
-outbound-quic = ["quinn", "rustls", "webpki-roots", "rustls-pemfile"]
+outbound-quic = ["quinn", "rustls", "webpki-roots-old", "rustls-pemfile-old"]
 outbound-select = ["directories"]
 outbound-vmess = ["lz_fnv", "cfb-mode", "hmac", "aes", "sha3", "digest", "uuid", "md-5", "tokio-util", "byteorder"]
 
@@ -111,7 +111,7 @@ inbound-http = ["http"]
 inbound-tun = ["tun", "netstack-lwip", "pnet_datalink"]
 inbound-ws = ["tungstenite", "tokio-tungstenite", "url", "http"]
 inbound-amux = ["tokio-util"]
-inbound-quic = ["quinn", "rustls", "webpki-roots"]
+inbound-quic = ["quinn", "rustls", "rustls-pemfile-old"]
 inbound-tls = []
 inbound-chain = []
 inbound-cat = ["tokio/io-std"]
@@ -125,31 +125,31 @@ ctrlc = ["tokio/signal"]
 [dependencies]
 # Common
 tokio = { version = "1", features = ["sync", "io-util", "net", "time", "rt", "rt-multi-thread"] }
-protobuf = "=3.3.0"
+protobuf = "=3.4.0"
 thiserror = "1.0"
 futures = "0.3"
 async-trait = "0.1"
-bytes = "1"
+bytes = "1.6"
 lazy_static = "1.4"
 anyhow = "1.0"
 rand = "0.8"
 socket2 = "0.5"
-async-recursion = "1.0"
+async-recursion = "1.1"
 
 # DNS
 trust-dns-proto = { version = "0.23", default-features = false }
-lru = "0.11"
+lru = "0.12"
 
 # Logging
 tracing = "0.1"
 tracing-appender = "0.2"
 tracing-subscriber = "0.3"
 chrono = "0.4"
-colored = "2.0"
+colored = "2.1"
 
 # Router
-maxminddb = { version = "0.23", features = ["mmap"] }
-memmap2 = "0.8"
+maxminddb = { version = "0.24", features = ["mmap"] }
+memmap2 = "0.9"
 cidr = "0.2"
 
 # outbound-select
@@ -165,42 +165,44 @@ serde_derive = { version = "1.0", optional = true }
 serde = { version = "1.0", optional = true }
 
 # config-conf
-regex = { version = "1", optional = true }
+regex = { version = "1.10", optional = true }
 
 # Openssl
 openssl = { version = "0.10", features = ["vendored"], optional = true }
 
 # Ring
-ring = { version = "0.16", optional = true }
+ring = { version = "0.17", optional = true }
 
 # TLS/rustls/QUIC
-tokio-rustls = { version = "0.24", features = ["dangerous_configuration"], optional = true }
-webpki-roots = { version = "0.25", optional = true }
-rustls-pemfile = { version = "1.0", optional = true }
+tokio-rustls = { version = "0.26", optional = true }
+webpki-roots = { version = "0.26", optional = true }
+webpki-roots-old = { package = "webpki-roots", version = "0.25", optional = true }
+rustls-pemfile = { version = "2.1", optional = true }
+rustls-pemfile-old = { package = "rustls-pemfile", version = "1.0", optional = true }
 
 # TLS/openssl
 openssl-probe = { version = "0.1", optional = true }
 tokio-openssl = { version = "0.6", optional = true }
 
 # WebSocket
-tungstenite = { version = "0.20", default-features = false, optional = true }
-tokio-tungstenite = { version = "0.20", optional = true }
+tungstenite = { version = "0.21", default-features = false, optional = true }
+tokio-tungstenite = { version = "0.21", optional = true }
 
 # WebSocket
-url = { version = "2.4", optional = true }
-http = { version = "0.2", optional = true }
+url = { version = "2.5", optional = true }
+http = { version = "1.1", optional = true }
 
 # SOCKS outbound
-async-socks5 = { version = "0.5", optional = true }
+async-socks5 = { version = "0.6", optional = true }
 
 # Shadowsocks
 hkdf = { version = "0.12", optional = true }
 md-5 = { version = "0.10", optional = true }
 sha-1 = { version = "0.10", optional = true }
-percent-encoding = { version = "2", optional = true }
+percent-encoding = { version = "2.3", optional = true }
 
 # Obfs
-base64 = { version = "0.21", optional = true }
+base64 = { version = "0.22", optional = true }
 memchr = { version = "2", optional = true }
 
 # Trojan
@@ -239,7 +241,7 @@ jni = "0.21"
 # TUN
 [target.'cfg(any(target_os = "ios", target_os = "android", target_os = "macos", target_os = "linux"))'.dependencies]
 tun = { git = "https://github.com/eycorsican/rust-tun.git", branch = "fork", features = ["async"], optional = true }
-netstack-lwip = { git = "https://github.com/eycorsican/netstack-lwip.git", rev = "809a733", optional = true }
+netstack-lwip = { git = "https://github.com/eycorsican/netstack-lwip.git", rev = "9c7f2e3", optional = true }
 
 [target.'cfg(any(target_os = "macos", target_os = "linux"))'.dependencies]
 pnet_datalink = { version = "0.34", package = "pnet_datalink", optional = true }
@@ -250,11 +252,11 @@ libc = "0.2"
 memchr = { version = "2" }
 
 [dev-dependencies]
-rcgen = "0.11"
+rcgen = "0.13"
 sha2 = "0.10"
 tokio = { version = "1", features = ["fs", "sync", "io-util", "net", "time", "rt", "rt-multi-thread"] }
 
 [build-dependencies]
 cc = "1.0"
-bindgen = "0.68"
-protobuf-codegen = "=3.3.0"
+bindgen = "0.69"
+protobuf-codegen = "=3.4.0"
diff --git a/leaf/build.rs b/leaf/build.rs
@@ -32,7 +32,7 @@ fn generate_mobile_bindings() {
         } else {
             "".to_string()
         })
-        .parse_callbacks(Box::new(bindgen::CargoCallbacks))
+        .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
         .generate()
         .expect("Unable to generate bindings");
 

diff --git a/leaf/src/app/outbound/selector_cache.rs b/leaf/src/app/outbound/selector_cache.rs
@@ -1,5 +1,5 @@
-// This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 24.4
+// This file is generated by rust-protobuf 3.4.0. Do not edit
+// .proto file is parsed by protoc 26.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702
@@ -24,7 +24,7 @@
 
 /// Generated files are compatible only with the same version
 /// of protobuf runtime.
-const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_3_0;
+const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_4_0;
 
 // @@protoc_insertion_point(message:SelectorCache)
 #[derive(PartialEq,Clone,Default,Debug)]

diff --git a/leaf/src/config/geosite.rs b/leaf/src/config/geosite.rs
@@ -1,5 +1,5 @@
-// This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 24.4
+// This file is generated by rust-protobuf 3.4.0. Do not edit
+// .proto file is parsed by protoc 26.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702
@@ -24,7 +24,7 @@
 
 /// Generated files are compatible only with the same version
 /// of protobuf runtime.
-const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_3_0;
+const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_4_0;
 
 // @@protoc_insertion_point(message:Domain)
 #[derive(PartialEq,Clone,Default,Debug)]

diff --git a/leaf/src/config/internal/config.rs b/leaf/src/config/internal/config.rs
@@ -1,5 +1,5 @@
-// This file is generated by rust-protobuf 3.3.0. Do not edit
-// .proto file is parsed by protoc 24.4
+// This file is generated by rust-protobuf 3.4.0. Do not edit
+// .proto file is parsed by protoc 26.1
 // @generated
 
 // https://github.com/rust-lang/rust-clippy/issues/702
@@ -24,7 +24,7 @@
 
 /// Generated files are compatible only with the same version
 /// of protobuf runtime.
-const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_3_0;
+const _PROTOBUF_VERSION_CHECK: () = ::protobuf::VERSION_3_4_0;
 
 // @@protoc_insertion_point(message:Dns)
 #[derive(PartialEq,Clone,Default,Debug)]

diff --git a/leaf/src/proxy/quic/inbound/datagram.rs b/leaf/src/proxy/quic/inbound/datagram.rs
@@ -8,6 +8,7 @@ use async_trait::async_trait;
 use futures::stream::Stream;
 use futures::task::{Context, Poll};
 use quinn::{RecvStream, SendStream};
+use rustls_pemfile_old::{certs, ec_private_keys, pkcs8_private_keys, rsa_private_keys};
 use tokio::sync::mpsc::{channel, Receiver, Sender};
 use tracing::{debug, trace, warn};
 
@@ -61,7 +62,7 @@ impl Handler {
             Some(Some(ext)) if ext == "der" => {
                 vec![rustls::Certificate(cert)]
             }
-            _ => rustls_pemfile::certs(&mut &*cert)?
+            _ => certs(&mut &*cert)?
                 .into_iter()
                 .map(rustls::Certificate)
                 .collect(),
@@ -73,15 +74,15 @@ impl Handler {
         {
             Some(Some(ext)) if ext == "der" => rustls::PrivateKey(key),
             _ => {
-                let pkcs8 = rustls_pemfile::pkcs8_private_keys(&mut &*key)?;
+                let pkcs8 = pkcs8_private_keys(&mut &*key)?;
                 match pkcs8.into_iter().next() {
                     Some(x) => rustls::PrivateKey(x),
                     None => {
-                        let rsa = rustls_pemfile::rsa_private_keys(&mut &*key)?;
+                        let rsa = rsa_private_keys(&mut &*key)?;
                         match rsa.into_iter().next() {
                             Some(x) => rustls::PrivateKey(x),
                             None => {
-                                let rsa = rustls_pemfile::ec_private_keys(&mut &*key)?;
+                                let rsa = ec_private_keys(&mut &*key)?;
                                 match rsa.into_iter().next() {
                                     Some(x) => rustls::PrivateKey(x),
                                     None => {

diff --git a/leaf/src/proxy/quic/outbound/stream.rs b/leaf/src/proxy/quic/outbound/stream.rs
@@ -8,6 +8,7 @@ use anyhow::{anyhow, Result};
 use async_trait::async_trait;
 use futures::TryFutureExt;
 use rustls::OwnedTrustAnchor;
+use rustls_pemfile_old::certs;
 use tokio::sync::RwLock;
 use tracing::{debug, trace};
 
@@ -42,12 +43,11 @@ impl Manager {
                             roots.add(&rustls::Certificate(cert)).unwrap(); // FIXME
                         }
                         _ => {
-                            let certs: Vec<rustls::Certificate> =
-                                rustls_pemfile::certs(&mut &*cert)
-                                    .unwrap()
-                                    .into_iter()
-                                    .map(rustls::Certificate)
-                                    .collect();
+                            let certs: Vec<rustls::Certificate> = certs(&mut &*cert)
+                                .unwrap()
+                                .into_iter()
+                                .map(rustls::Certificate)
+                                .collect();
                             for cert in certs {
                                 roots.add(&cert).unwrap();
                             }
@@ -59,7 +59,7 @@ impl Manager {
                 }
             }
         } else {
-            roots.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
+            roots.add_trust_anchors(webpki_roots_old::TLS_SERVER_ROOTS.iter().map(|ta| {
                 OwnedTrustAnchor::from_subject_spki_name_constraints(
                     ta.subject,
                     ta.spki,

diff --git a/leaf/src/proxy/tls/inbound/stream.rs b/leaf/src/proxy/tls/inbound/stream.rs
@@ -6,8 +6,11 @@ use anyhow::Result;
 
 #[cfg(feature = "rustls-tls")]
 use {
-    rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys, ec_private_keys},
-    tokio_rustls::rustls::{Certificate, PrivateKey, ServerConfig},
+    rustls_pemfile::{certs, ec_private_keys, pkcs8_private_keys, rsa_private_keys},
+    tokio_rustls::rustls::{
+        pki_types::{CertificateDer, PrivateKeyDer},
+        ServerConfig,
+    },
     tokio_rustls::TlsAcceptor,
 };
 
@@ -19,23 +22,27 @@ pub struct Handler {
 }
 
 #[cfg(feature = "rustls-tls")]
-fn load_certs(path: &Path) -> io::Result<Vec<Certificate>> {
-    certs(&mut BufReader::new(File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
-        .map(|mut certs| certs.drain(..).map(Certificate).collect())
+fn load_certs(path: &Path) -> io::Result<Vec<CertificateDer<'static>>> {
+    certs(&mut BufReader::new(File::open(path)?)).collect()
 }
 
 #[cfg(feature = "rustls-tls")]
-fn load_keys(path: &Path) -> io::Result<Vec<PrivateKey>> {
-    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(&mut BufReader::new(File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
-        .map(|mut keys| keys.drain(..).map(PrivateKey).collect())?;
-    let mut keys2: Vec<PrivateKey> = rsa_private_keys(&mut BufReader::new(File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
-        .map(|mut keys| keys.drain(..).map(PrivateKey).collect())?;
-    let mut keys3: Vec<PrivateKey> = ec_private_keys(&mut BufReader::new(File::open(path)?))
-        .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
-        .map(|mut keys| keys.drain(..).map(PrivateKey).collect())?;
+fn load_keys(path: &Path) -> io::Result<Vec<PrivateKeyDer<'static>>> {
+    let mut keys = pkcs8_private_keys(&mut BufReader::new(File::open(path)?))
+        .into_iter()
+        .filter_map(|x| x.ok())
+        .map(Into::into)
+        .collect::<Vec<_>>();
+    let mut keys2 = rsa_private_keys(&mut BufReader::new(File::open(path)?))
+        .into_iter()
+        .filter_map(|x| x.ok())
+        .map(Into::into)
+        .collect::<Vec<_>>();
+    let mut keys3 = ec_private_keys(&mut BufReader::new(File::open(path)?))
+        .into_iter()
+        .filter_map(|x| x.ok())
+        .map(Into::into)
+        .collect::<Vec<_>>();
     keys.append(&mut keys3);
     keys.append(&mut keys2);
     Ok(keys)
@@ -48,7 +55,6 @@ impl Handler {
             let certs = load_certs(Path::new(&certificate))?;
             let mut keys = load_keys(Path::new(&certificate_key))?;
             let config = ServerConfig::builder()
-                .with_safe_defaults()
                 .with_no_client_auth()
                 .with_single_cert(certs, keys.remove(0))
                 .map_err(|err| io::Error::new(io::ErrorKind::InvalidInput, err))?;