December 2016 - tbb-commits - lists.torproject.org

[tor-browser-bundle/master] Bug 20121: Create Seatbelt profiles for Tor Browser
by gk＠torproject.org 09 Dec '16

09 Dec '16

commit b774796a7d1232b2e0d3a0257823456ccf5f56db Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Fri Dec 9 10:44:57 2016 -0500 Bug 20121: Create Seatbelt profiles for Tor Browser Include Seatbelt profiles and associated scripts in our OS X packages. Users can find the files in a new folder named "Sandboxed Tor Browser", which also includes a README.txt file that explains how to use them. --- Bundle-Data/mac-applications.dmg/.DS_Store | Bin 12292 -> 12292 bytes .../.background/background.png | Bin 50020 -> 49906 bytes Bundle-Data/mac-sandbox/.DS_Store | Bin 0 -> 6148 bytes Bundle-Data/mac-sandbox/README.txt | 29 +++++ Bundle-Data/mac-sandbox/start-browser-with-sandbox | 24 ++++ Bundle-Data/mac-sandbox/start-tor-with-sandbox | 42 +++++++ Bundle-Data/mac-sandbox/tb.sb | 126 +++++++++++++++++++++ Bundle-Data/mac-sandbox/tor.sb | 64 +++++++++++ gitian/descriptors/mac/gitian-bundle.yml | 7 +- gitian/mkbundle-mac.sh | 5 +- 10 files changed, 295 insertions(+), 2 deletions(-) diff --git a/Bundle-Data/mac-applications.dmg/.DS_Store b/Bundle-Data/mac-applications.dmg/.DS_Store index aeb3104..6eeec47 100644 Binary files a/Bundle-Data/mac-applications.dmg/.DS_Store and b/Bundle-Data/mac-applications.dmg/.DS_Store differ diff --git a/Bundle-Data/mac-applications.dmg/.background/background.png b/Bundle-Data/mac-applications.dmg/.background/background.png index 94e4584..a4358cf 100644 Binary files a/Bundle-Data/mac-applications.dmg/.background/background.png and b/Bundle-Data/mac-applications.dmg/.background/background.png differ diff --git a/Bundle-Data/mac-sandbox/.DS_Store b/Bundle-Data/mac-sandbox/.DS_Store new file mode 100644 index 0000000..6c49e24 Binary files /dev/null and b/Bundle-Data/mac-sandbox/.DS_Store differ diff --git a/Bundle-Data/mac-sandbox/README.txt b/Bundle-Data/mac-sandbox/README.txt new file mode 100644 index 0000000..47d6e5c --- /dev/null +++ b/Bundle-Data/mac-sandbox/README.txt @@ -0,0 +1,29 @@ +Experimental Sandboxed Tor Browser for OS X + +Requirements: + Mac OS 10.9 or newer. + A willingness to run shell commands from Terminal. + +Follow these steps to use the sandbox profiles: + +1. Copy this folder ("Sandboxed Tor Browser") to a local drive, but do not + put it in /Applications. +2. Copy the TorBrowser app into your "Sandboxed Tor Browser" folder. +3. Open Terminal. +4. Run start-tor-with-sandbox and wait for Tor bootstrapping to finish. +5. Run start-browser-with-sandbox. + +Known Issues: + +You will need to manually kill start-tor-with-sandbox or the tor.real +process after you exit the browser. + +The browser has full access to the Tor control port. Ideally, access +would be limited to the things that are necessary for New Identity and +for the circuit display features. + +Printing does not work. + +The built-in updater will not work. + +Files can only be downloaded or saved to ~/Downloads. diff --git a/Bundle-Data/mac-sandbox/start-browser-with-sandbox b/Bundle-Data/mac-sandbox/start-browser-with-sandbox new file mode 100755 index 0000000..31d4218 --- /dev/null +++ b/Bundle-Data/mac-sandbox/start-browser-with-sandbox @@ -0,0 +1,24 @@ +#!/bin/bash + +# TODO: assumes not in /Applications +# TODO: assumes app is in TorBrowser.app + +BASEDIR="`dirname \"$0\"`" +BASEDIR="`(cd \"$BASEDIR\" && pwd)`" +TORBROWSER_APP_DIR="$BASEDIR/TorBrowser.app" +TORBROWSER_DATA_DIR="$BASEDIR/TorBrowser-Data" +TOR_DATA_DIR="$TORBROWSER_DATA_DIR/Tor" +SOCKETDIR="/tmp/Tor" + +export TOR_SKIP_LAUNCH=1 +export TOR_CONTROL_IPC_PATH="$SOCKETDIR/control.socket" +export TOR_SOCKS_IPC_PATH="$SOCKETDIR/socks.socket" +export TOR_CONTROL_COOKIE_AUTH_FILE="$TOR_DATA_DIR/control_auth_cookie" +SB_PROFILE="`pwd`/tb.sb" +cd "$TORBROWSER_APP_DIR" +sandbox-exec -f "$SB_PROFILE" \ + -D "HOME_DIR=$HOME" \ + -D "CURRENT_DIR=$BASEDIR" \ + -D "TORBROWSER_APP_DIR=$TORBROWSER_APP_DIR" \ + -D "TORBROWSER_DATA_DIR=$TORBROWSER_DATA_DIR" \ + "./Contents/MacOS/firefox" diff --git a/Bundle-Data/mac-sandbox/start-tor-with-sandbox b/Bundle-Data/mac-sandbox/start-tor-with-sandbox new file mode 100755 index 0000000..ec7f15e --- /dev/null +++ b/Bundle-Data/mac-sandbox/start-tor-with-sandbox @@ -0,0 +1,42 @@ +#!/bin/bash + +# TODO: assumes not in /Applications +# TODO: assumes /tmp/Tor is not used by anyone else. +# TODO: assumes app is in TorBrowser.app + +set -e + +BASEDIR="`dirname \"$0\"`" +BASEDIR="`(cd \"$BASEDIR\" && pwd)`" +TOR_DATA_DIR="$BASEDIR/TorBrowser-Data/Tor" +TOR_STATIC_DATA_DIR="$BASEDIR/TorBrowser.app/Contents/Resources/TorBrowser/Tor" +TOR_BIN_DIR="$BASEDIR/TorBrowser.app/Contents/MacOS/Tor" +TORRC="$TOR_DATA_DIR/torrc" +SOCKETDIR="/tmp/Tor" + +# Compiled Python modules require a compatible Python, which means 32-bit 2.6. +export VERSIONER_PYTHON_VERSION=2.6 +export DYLD_LIBRARY_PATH=.:$DYLD_LIBRARY_PATH + +mkdir -p "$TOR_DATA_DIR" +if [ ! -e "$TORRC" ]; then + touch "$TORRC" +fi + +if [ ! -e "$SOCKETDIR" ]; then + mkdir -p "$SOCKETDIR" + chmod 700 "$SOCKETDIR" +fi + +TOR="$TOR_BIN_DIR/tor.real" +sandbox-exec -f tor.sb -D "TOR_DATA_DIR=$TOR_DATA_DIR" \ + -D "TOR_STATIC_DATA_DIR=$TOR_STATIC_DATA_DIR" \ + -D "TOR_BIN_DIR=$TOR_BIN_DIR" "$TOR" \ + --defaults-torrc "$TOR_STATIC_DATA_DIR/torrc-defaults" \ + -f "$TORRC" \ + CookieAuthentication 1 \ + DataDirectory "$TOR_DATA_DIR" \ + GeoIPFile "$TOR_STATIC_DATA_DIR/geoip" \ + GeoIPv6File "$TOR_STATIC_DATA_DIR/geoip6" \ + ControlPort "unix:$SOCKETDIR/control.socket" \ + SocksPort "unix:$SOCKETDIR/socks.socket" diff --git a/Bundle-Data/mac-sandbox/tb.sb b/Bundle-Data/mac-sandbox/tb.sb new file mode 100644 index 0000000..eda7a1f --- /dev/null +++ b/Bundle-Data/mac-sandbox/tb.sb @@ -0,0 +1,126 @@ +(version 1) + +;; Parameters: +;; HOME_DIR the user's home directory +;; CURRENT_DIR the current working directory +;; TORBROWSER_APP_DIR the TorBrowser.app directory +;; TORBROWSER_DATA_DIR the TorBrowser-Data directory + +;; TODO: can see all dirs but can download/save only in Downloads (no error reported though!) +;; TODO: printing does not work (Save to PDF does). + +(deny default) + +(define (home-path aSubPath) + (path (string-append (param "HOME_DIR") aSubPath))) + +(define (home-subpath aSubPath) + (subpath (string-append (param "HOME_DIR") aSubPath))) + +(define (torbrowser-data-dir-path aSubPath) + (path (string-append (param "TORBROWSER_DATA_DIR") aSubPath))) + +(define (torbrowser-data-dir-subpath aSubPath) + (subpath (string-append (param "TORBROWSER_DATA_DIR") aSubPath))) + +(define (torbrowser-app-dir-path aSubPath) + (subpath (string-append (param "TORBROWSER_APP_DIR") aSubPath))) + +(allow file-read* + (path "/Library/Preferences/com.apple.HIToolbox.plist") + (path "/Library/Preferences/.GlobalPreferences.plist") + (path "/dev/random") + (path "/dev/urandom") + (path "/dev/dtracehelper") + (path "/private/etc/localtime") + (path "/private/etc/passwd") + (path "/private/tmp") + (path "/private/var/tmp") + (path (param "HOME_DIR")) + (subpath "/Library/Audio") + (subpath "/Library/Fonts") + (subpath "/System") + (subpath "/private/var/folders") + (subpath "/usr/share") + (home-subpath "/Downloads") + (home-subpath "/Library/Input Methods") + (home-subpath "/Library/Keyboard Layouts") + (home-subpath "/Library/Preferences") + (torbrowser-app-dir-path "") + (torbrowser-data-dir-path "") + (torbrowser-data-dir-subpath "/Browser") + (torbrowser-data-dir-path "/Tor/control_auth_cookie") +) + +(allow file-read-metadata + (home-path "/Desktop") + (home-path "/Library") + (home-path "/Library/Saved Application State") + (path (param "CURRENT_DIR")) + (path "/") + (path "/Applications") + (path "/Users") + (path "/etc") + (path "/home") + (path "/net") + (path "/private/var/db/.AppleSetupDone") + (path "/tmp") + (path "/var") + (subpath "/usr/lib") + (torbrowser-data-dir-path "/Tor/control.socket") + (torbrowser-data-dir-path "/Tor/socks.socket") + (path-regex "/private/tmp/Tor[-0-9]*/control.socket") + (path-regex "/private/tmp/Tor[-0-9]*/socks.socket") +) + +(allow file-write-data file-ioctl + (path "/dev/dtracehelper") +) + +(allow file-write* + (home-subpath "/Downloads") + (home-path "/Library/Preferences/.GlobalPreferences.plist") + (torbrowser-data-dir-subpath "/Browser") + (subpath "/private/var/folders") + (path-regex (string-append "^" (param "HOME_DIR") "/Library/Preferences/org.mozilla.tor")) + (path "/Library/Preferences/.GlobalPreferences.plist") +) + +; Disallow writes to the profiles ini file. +(deny file-write* + (torbrowser-data-dir-subpath "/Browser/profiles.ini") +) + +(allow iokit-open) + +(allow ipc-posix-shm + (ipc-posix-name "apple.shm.notification_center") + (ipc-posix-name-regex "^/tmp/com.apple.csseed") + (ipc-posix-name-regex "^CFPBS:") + (ipc-posix-name-regex "^apple\.cfprefs\.") + (ipc-posix-name-regex "^apple\.shm\.cfprefs\.") + (ipc-posix-name-regex "^AudioIO") +) + +(allow mach-lookup) + +(allow mach-register + (local-name "com.apple.CFPasteboardClient") + (local-name "com.apple.axserver") + (local-name "com.apple.coredrag") + (local-name "com.apple.tsm.portname") +) + +(allow network-outbound + (path "/private/var/run/cupsd") + (torbrowser-data-dir-path "/Tor/control.socket") + (torbrowser-data-dir-path "/Tor/socks.socket") + (path-regex "/private/tmp/Tor[-0-9]*/control.socket") + (path-regex "/private/tmp/Tor[-0-9]*/socks.socket") +) + +(allow process-exec* + (torbrowser-app-dir-path "/Contents/MacOS/firefox") +) + +(allow sysctl-read) diff --git a/Bundle-Data/mac-sandbox/tor.sb b/Bundle-Data/mac-sandbox/tor.sb new file mode 100644 index 0000000..40abc9c --- /dev/null +++ b/Bundle-Data/mac-sandbox/tor.sb @@ -0,0 +1,64 @@ +(version 1) + +;; Parameters: +;; TOR_DATA_DIR directory that contains writeable config, e.g, torrc +;; TOR_STATIC_DATA_DIR directory for read-only config, e.g., torrc-defaults +;; TOR_BIN_DIR directory that contains tor binaries, e.g., tor.real + +(deny default) + +(allow file-read* file-write-data file-ioctl + (path "/dev/dtracehelper") +) + +(allow file-read* + (subpath (param "TOR_BIN_DIR")) + (subpath "/usr/local") + (subpath (param "TOR_DATA_DIR")) + (subpath (param "TOR_STATIC_DATA_DIR")) + (subpath (param "TOR_BIN_DIR")) + (path-regex "/private/tmp/Tor[-0-9]*") +) + +(allow file-read-data + (path "/dev/random") + (path "/dev/srandom") + (path "/dev/urandom") + (subpath "/usr/share") +) + +(allow file-read-metadata + (path "/etc") + (path "/private/etc/localtime") + (path "/tmp") + (subpath "/usr/lib") +) + +(allow file-write* + (subpath (param "TOR_DATA_DIR")) +) + +(allow ipc-posix-shm-read-data + (ipc-posix-name "apple.shm.notification_center") +) + +(allow mach-lookup + (global-name "com.apple.system.notification_center") +) + +(allow network-inbound file-write* + (path (string-append (param "TOR_DATA_DIR") "/control.socket")) + (path (string-append (param "TOR_DATA_DIR") "/socks.socket")) + (path-regex "/private/tmp/Tor[-0-9]*/control.socket") + (path-regex "/private/tmp/Tor[-0-9]*/socks.socket") +) + +(allow network-outbound + (remote tcp "*:*") +) + +(allow process-exec + (path (string-append (param "TOR_BIN_DIR") "/tor.real")) +) + +(allow sysctl-read) diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 4f12174..571c6e0 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -47,6 +47,7 @@ files: - "mac-skeleton.zip" - "dmg-applications.tar.xz" - "dmg-desktop.tar.xz" +- "mac-sandbox.tar.xz" - "mac-langpacks.zip" - "noscript(a)noscript.net.xpi" - "dzip.sh" @@ -216,7 +217,11 @@ script: | cd ../../dmg # FIXME: Desktop or Application as dest? tar -Jxvf ~/build/dmg-applications.tar.xz - cd .. + SANDBOX_FOLDER="Sandboxed Tor Browser" + mkdir "$SANDBOX_FOLDER" + cd "$SANDBOX_FOLDER" + tar -Jxvf ~/build/mac-sandbox.tar.xz + cd ../.. # pushd $TORBROWSER_NAME.app/Contents/Resources/browser/ # For the proper search engines in our language packs diff --git a/gitian/mkbundle-mac.sh b/gitian/mkbundle-mac.sh index eaec986..16140b1 100755 --- a/gitian/mkbundle-mac.sh +++ b/gitian/mkbundle-mac.sh @@ -97,8 +97,11 @@ cd mac-desktop.dmg rm -f $GITIAN_DIR/inputs/dmg-desktop.tar.xz $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-desktop.tar.xz . cd ../mac-applications.dmg -rm -f $GITIAN_DIR/inputs/dmg-applications.tar-gz +rm -f $GITIAN_DIR/inputs/dmg-applications.tar.xz $WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/dmg-applications.tar.xz . +cd ../mac-sandbox +rm -f $GITIAN_DIR/inputs/mac-sandbox.tar.xz +$WRAPPER_DIR/build-helpers/dtar.sh $GITIAN_DIR/inputs/mac-sandbox.tar.xz cd $WRAPPER_DIR

1 0

[tor-browser-bundle/hardened-builds] Revert "Bug 20147: (re-)dzip.sh: various improvements"
by gk＠torproject.org 09 Dec '16

09 Dec '16

commit 644290c97c710bc44c62275bed8aa8e41f3ecb7c Author: Georg Koppen <gk(a)torproject.org> Date: Fri Dec 9 18:49:13 2016 +0000 Revert "Bug 20147: (re-)dzip.sh: various improvements" This reverts commit 3efcbb345fb2cb701226d3c9c659457e7b6ef7bc. Backing out as done on master. --- gitian/build-helpers/dzip.sh | 17 +++++++++-------- gitian/build-helpers/re-dzip.sh | 23 +++++++++++++---------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 64fcdca..5772c8b 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,13 +1,14 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=${1:?} +ZIPFILE=$1 shift -if [ -n "$REFERENCE_DATETIME" ]; then - find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + -fi -find "$@" -executable -exec chmod 700 {} + -find "$@" ! -executable -exec chmod 600 {} + -find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +[ -n "$REFERENCE_DATETIME" ] && \ + find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; + +find $@ -executable -exec chmod 700 {} \; +find $@ ! -executable -exec chmod 600 {} \; + +find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 8e8abbf..27828e9 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,14 +1,17 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE_BASENAME=$(basename -- "${1:?}") -TEMPDIR=tmp-re-dzip-$$ -RE_DZIP=$(readlink -f -- "$(which -- "$0")") -PATH=$PATH:$(dirname "$RE_DZIP") +ZIPFILE=`basename $1` -mkdir "$TEMPDIR" -unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" || [ $? -lt 3 ] -(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) -mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" -rm -rf "$TEMPDIR" +mkdir tmp_dzip +cd tmp_dzip +unzip ../$1 +[ -n "$REFERENCE_DATETIME" ] && \ + find . -exec touch --date="$REFERENCE_DATETIME" {} \; +find . -executable -exec chmod 700 {} \; +find . ! -executable -exec chmod 600 {} \; +find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE +mv $ZIPFILE ../$1 +cd .. +rm -rf tmp_dzip

1 0

[tor-browser-bundle/master] Revert "Bug 20147: (re-)dzip.sh: various improvements"
by gk＠torproject.org 09 Dec '16

09 Dec '16

commit d9a6d915e72b5caa782285547a5b9c15afba2989 Author: Georg Koppen <gk(a)torproject.org> Date: Fri Dec 9 18:48:07 2016 +0000 Revert "Bug 20147: (re-)dzip.sh: various improvements" This reverts commit ea31d520646c07f1565460565f5ead9ad7741b84. Backing out for Firefox bustage in the Windows step. --- gitian/build-helpers/dzip.sh | 17 +++++++++-------- gitian/build-helpers/re-dzip.sh | 23 +++++++++++++---------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 64fcdca..5772c8b 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,13 +1,14 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=${1:?} +ZIPFILE=$1 shift -if [ -n "$REFERENCE_DATETIME" ]; then - find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + -fi -find "$@" -executable -exec chmod 700 {} + -find "$@" ! -executable -exec chmod 600 {} + -find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +[ -n "$REFERENCE_DATETIME" ] && \ + find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; + +find $@ -executable -exec chmod 700 {} \; +find $@ ! -executable -exec chmod 600 {} \; + +find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 8e8abbf..27828e9 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,14 +1,17 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE_BASENAME=$(basename -- "${1:?}") -TEMPDIR=tmp-re-dzip-$$ -RE_DZIP=$(readlink -f -- "$(which -- "$0")") -PATH=$PATH:$(dirname "$RE_DZIP") +ZIPFILE=`basename $1` -mkdir "$TEMPDIR" -unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" || [ $? -lt 3 ] -(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) -mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" -rm -rf "$TEMPDIR" +mkdir tmp_dzip +cd tmp_dzip +unzip ../$1 +[ -n "$REFERENCE_DATETIME" ] && \ + find . -exec touch --date="$REFERENCE_DATETIME" {} \; +find . -executable -exec chmod 700 {} \; +find . ! -executable -exec chmod 600 {} \; +find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE +mv $ZIPFILE ../$1 +cd .. +rm -rf tmp_dzip

1 0

[tor-browser-bundle/hardened-builds] Bug 20147: (re-)dzip.sh: various improvements
by gk＠torproject.org 09 Dec '16

09 Dec '16

commit 3efcbb345fb2cb701226d3c9c659457e7b6ef7bc Author: Rusty Bird <rustybird(a)openmailbox.org> Date: Thu Dec 8 17:18:12 2016 +0000 Bug 20147: (re-)dzip.sh: various improvements - Don't ignore errors (except unzip exit status 1 or 2) - Quote $@ and $1 - Work with absolute filenames and filenames starting with a dash - Pass many files per chmod invocation (much faster) - Pass $UNZIPOPTS, like $ZIPOPTS - Reuse dzip.sh in re-dzip.sh The (re)generated zip files are identical. --- gitian/build-helpers/dzip.sh | 17 ++++++++--------- gitian/build-helpers/re-dzip.sh | 23 ++++++++++------------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 5772c8b..64fcdca 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,14 +1,13 @@ -#!/bin/sh +#!/bin/sh -e # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=$1 +ZIPFILE=${1:?} shift -[ -n "$REFERENCE_DATETIME" ] && \ - find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; - -find $@ -executable -exec chmod 700 {} \; -find $@ ! -executable -exec chmod 600 {} \; - -find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +if [ -n "$REFERENCE_DATETIME" ]; then + find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + +fi +find "$@" -executable -exec chmod 700 {} + +find "$@" ! -executable -exec chmod 600 {} + +find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 27828e9..8e8abbf 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,17 +1,14 @@ -#!/bin/sh +#!/bin/sh -e # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE=`basename $1` +ZIPFILE_BASENAME=$(basename -- "${1:?}") +TEMPDIR=tmp-re-dzip-$$ +RE_DZIP=$(readlink -f -- "$(which -- "$0")") +PATH=$PATH:$(dirname "$RE_DZIP") -mkdir tmp_dzip -cd tmp_dzip -unzip ../$1 -[ -n "$REFERENCE_DATETIME" ] && \ - find . -exec touch --date="$REFERENCE_DATETIME" {} \; -find . -executable -exec chmod 700 {} \; -find . ! -executable -exec chmod 600 {} \; -find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE -mv $ZIPFILE ../$1 -cd .. -rm -rf tmp_dzip +mkdir "$TEMPDIR" +unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" || [ $? -lt 3 ] +(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) +mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" +rm -rf "$TEMPDIR"

1 0

[tor-browser-bundle/master] Bug 20147: (re-)dzip.sh: various improvements
by gk＠torproject.org 09 Dec '16

09 Dec '16

commit ea31d520646c07f1565460565f5ead9ad7741b84 Author: Rusty Bird <rustybird(a)openmailbox.org> Date: Thu Dec 8 17:18:12 2016 +0000 Bug 20147: (re-)dzip.sh: various improvements - Don't ignore errors (except unzip exit status 1 or 2) - Quote $@ and $1 - Work with absolute filenames and filenames starting with a dash - Pass many files per chmod invocation (much faster) - Pass $UNZIPOPTS, like $ZIPOPTS - Reuse dzip.sh in re-dzip.sh The (re)generated zip files are identical. --- gitian/build-helpers/dzip.sh | 17 ++++++++--------- gitian/build-helpers/re-dzip.sh | 23 ++++++++++------------- 2 files changed, 18 insertions(+), 22 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 5772c8b..64fcdca 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,14 +1,13 @@ -#!/bin/sh +#!/bin/sh -e # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=$1 +ZIPFILE=${1:?} shift -[ -n "$REFERENCE_DATETIME" ] && \ - find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; - -find $@ -executable -exec chmod 700 {} \; -find $@ ! -executable -exec chmod 600 {} \; - -find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +if [ -n "$REFERENCE_DATETIME" ]; then + find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + +fi +find "$@" -executable -exec chmod 700 {} + +find "$@" ! -executable -exec chmod 600 {} + +find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 27828e9..8e8abbf 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,17 +1,14 @@ -#!/bin/sh +#!/bin/sh -e # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE=`basename $1` +ZIPFILE_BASENAME=$(basename -- "${1:?}") +TEMPDIR=tmp-re-dzip-$$ +RE_DZIP=$(readlink -f -- "$(which -- "$0")") +PATH=$PATH:$(dirname "$RE_DZIP") -mkdir tmp_dzip -cd tmp_dzip -unzip ../$1 -[ -n "$REFERENCE_DATETIME" ] && \ - find . -exec touch --date="$REFERENCE_DATETIME" {} \; -find . -executable -exec chmod 700 {} \; -find . ! -executable -exec chmod 600 {} \; -find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE -mv $ZIPFILE ../$1 -cd .. -rm -rf tmp_dzip +mkdir "$TEMPDIR" +unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" || [ $? -lt 3 ] +(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) +mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" +rm -rf "$TEMPDIR"

1 0

[tor-browser-bundle/hardened-builds] Revert "Bug 20147: (re-)dzip.sh: various improvements"
by gk＠torproject.org 08 Dec '16

08 Dec '16

commit a6c4a3d715b863a2e4ff2b6d2129d090a7a6e32a Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 8 12:48:18 2016 +0000 Revert "Bug 20147: (re-)dzip.sh: various improvements" This reverts commit a38d827c12ce75d13e18f19fc8f5bac8aca28c55. Surprisingly this breaks our builds. See the reopened #20417 for more details. --- gitian/build-helpers/dzip.sh | 17 +++++++++-------- gitian/build-helpers/re-dzip.sh | 23 +++++++++++++---------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 64fcdca..5772c8b 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,13 +1,14 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=${1:?} +ZIPFILE=$1 shift -if [ -n "$REFERENCE_DATETIME" ]; then - find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + -fi -find "$@" -executable -exec chmod 700 {} + -find "$@" ! -executable -exec chmod 600 {} + -find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +[ -n "$REFERENCE_DATETIME" ] && \ + find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; + +find $@ -executable -exec chmod 700 {} \; +find $@ ! -executable -exec chmod 600 {} \; + +find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 58942c4..27828e9 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,14 +1,17 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE_BASENAME=$(basename -- "${1:?}") -TEMPDIR=tmp-re-dzip-$$ -RE_DZIP=$(readlink -f -- "$(which -- "$0")") -PATH=$PATH:$(dirname "$RE_DZIP") +ZIPFILE=`basename $1` -mkdir "$TEMPDIR" -unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" -(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) -mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" -rm -rf "$TEMPDIR" +mkdir tmp_dzip +cd tmp_dzip +unzip ../$1 +[ -n "$REFERENCE_DATETIME" ] && \ + find . -exec touch --date="$REFERENCE_DATETIME" {} \; +find . -executable -exec chmod 700 {} \; +find . ! -executable -exec chmod 600 {} \; +find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE +mv $ZIPFILE ../$1 +cd .. +rm -rf tmp_dzip

1 0

[tor-browser-bundle/master] Revert "Bug 20147: (re-)dzip.sh: various improvements"
by gk＠torproject.org 08 Dec '16

08 Dec '16

commit 55ba062a0ecda854d55f47f1e660746ad099581d Author: Georg Koppen <gk(a)torproject.org> Date: Thu Dec 8 12:48:18 2016 +0000 Revert "Bug 20147: (re-)dzip.sh: various improvements" This reverts commit a38d827c12ce75d13e18f19fc8f5bac8aca28c55. Surprisingly this breaks our builds. See the reopened #20417 for more details. --- gitian/build-helpers/dzip.sh | 17 +++++++++-------- gitian/build-helpers/re-dzip.sh | 23 +++++++++++++---------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh index 64fcdca..5772c8b 100755 --- a/gitian/build-helpers/dzip.sh +++ b/gitian/build-helpers/dzip.sh @@ -1,13 +1,14 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip wrapper export LC_ALL=C -ZIPFILE=${1:?} +ZIPFILE=$1 shift -if [ -n "$REFERENCE_DATETIME" ]; then - find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} + -fi -find "$@" -executable -exec chmod 700 {} + -find "$@" ! -executable -exec chmod 600 {} + -find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" +[ -n "$REFERENCE_DATETIME" ] && \ + find $@ -exec touch --date="$REFERENCE_DATETIME" {} \; + +find $@ -executable -exec chmod 700 {} \; +find $@ ! -executable -exec chmod 600 {} \; + +find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE" diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh index 58942c4..27828e9 100755 --- a/gitian/build-helpers/re-dzip.sh +++ b/gitian/build-helpers/re-dzip.sh @@ -1,14 +1,17 @@ -#!/bin/sh -e +#!/bin/sh # Crappy deterministic zip repackager export LC_ALL=C -ZIPFILE_BASENAME=$(basename -- "${1:?}") -TEMPDIR=tmp-re-dzip-$$ -RE_DZIP=$(readlink -f -- "$(which -- "$0")") -PATH=$PATH:$(dirname "$RE_DZIP") +ZIPFILE=`basename $1` -mkdir "$TEMPDIR" -unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" -(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .) -mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1" -rm -rf "$TEMPDIR" +mkdir tmp_dzip +cd tmp_dzip +unzip ../$1 +[ -n "$REFERENCE_DATETIME" ] && \ + find . -exec touch --date="$REFERENCE_DATETIME" {} \; +find . -executable -exec chmod 700 {} \; +find . ! -executable -exec chmod 600 {} \; +find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE +mv $ZIPFILE ../$1 +cd .. +rm -rf tmp_dzip

1 0

[tor-browser-bundle/hardened-builds] Rotate ports third time for default obfs4 bridges
by gk＠torproject.org 08 Dec '16

08 Dec '16

commit 344769184feec10a70ba1bb06391c16c3bfd4ea6 Author: Lynn Tsai <lynntsai(a)gmail.com> Date: Tue Nov 29 22:46:59 2016 -0800 Rotate ports third time for default obfs4 bridges LeifEricson (blocked): Port 50001 --> 50002 Greenbelt (unblocked): Port 7013 --> 12166 Mosaddegh (blocked): Port 9332 --> 15937 MaBishomarim (blocked): Port 7920 --> 16488 JonbesheSabz (blocked): Port 4148 --> 4304 Azadi (unblocked): Port 6041 --> 16815 --- Bundle-Data/PTConfigs/bridge_prefs.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 664e607..6831555 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -15,24 +15,24 @@ pref("extensions.torlauncher.default_bridge.fte.4", "fte 128.105.214.163:8080 A1 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); -pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:9332 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 198.245.60.50:443 752CF7825B3B9EA6A98C83AC41F7099D67007EA5 cert=xpmQtKUqQ/6v5X7ijgYE/f03+l2/EuQ1dexjyUhh16wQlu/cpXUGalmhDIlhuiQPNEKmKw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.4", "obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1"); -pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50001 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50002 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.6", "obfs4 109.105.109.147:13764 BBB28DF0F201E706BE564EFE690FE9577DD8386D cert=KfMQN/tNMFdda61hMgpiMI7pbwU1T+wxjTulYnfw+4sgvG0zSH7N7fwT10BI8MUdAD7iJA iat-mode=2"); -pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:7920 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:16488 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.8", "obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 154.35.22.13:443 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 154.35.22.10:80 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.12", "obfs4 154.35.22.11:443 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.13", "obfs4 154.35.22.11:80 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:7013 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:12166 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.15", "obfs4 154.35.22.9:80 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.16", "obfs4 154.35.22.9:443 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4148 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:6041 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4304 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:16815 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.19", "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1"); pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0");

1 0

[tor-browser-bundle/maint-6.0] Rotate ports third time for default obfs4 bridges
by gk＠torproject.org 08 Dec '16

08 Dec '16

commit 617d635074ddbd51cdf0ca287cc1faf6b3475965 Author: Lynn Tsai <lynntsai(a)gmail.com> Date: Tue Nov 29 22:46:59 2016 -0800 Rotate ports third time for default obfs4 bridges LeifEricson (blocked): Port 50001 --> 50002 Greenbelt (unblocked): Port 7013 --> 12166 Mosaddegh (blocked): Port 9332 --> 15937 MaBishomarim (blocked): Port 7920 --> 16488 JonbesheSabz (blocked): Port 4148 --> 4304 Azadi (unblocked): Port 6041 --> 16815 --- Bundle-Data/PTConfigs/bridge_prefs.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 664e607..6831555 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -15,24 +15,24 @@ pref("extensions.torlauncher.default_bridge.fte.4", "fte 128.105.214.163:8080 A1 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); -pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:9332 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 198.245.60.50:443 752CF7825B3B9EA6A98C83AC41F7099D67007EA5 cert=xpmQtKUqQ/6v5X7ijgYE/f03+l2/EuQ1dexjyUhh16wQlu/cpXUGalmhDIlhuiQPNEKmKw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.4", "obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1"); -pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50001 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50002 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.6", "obfs4 109.105.109.147:13764 BBB28DF0F201E706BE564EFE690FE9577DD8386D cert=KfMQN/tNMFdda61hMgpiMI7pbwU1T+wxjTulYnfw+4sgvG0zSH7N7fwT10BI8MUdAD7iJA iat-mode=2"); -pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:7920 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:16488 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.8", "obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 154.35.22.13:443 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 154.35.22.10:80 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.12", "obfs4 154.35.22.11:443 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.13", "obfs4 154.35.22.11:80 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:7013 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:12166 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.15", "obfs4 154.35.22.9:80 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.16", "obfs4 154.35.22.9:443 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4148 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:6041 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4304 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:16815 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.19", "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1"); pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0");

1 0

[tor-browser-bundle/master] Rotate ports third time for default obfs4 bridges
by gk＠torproject.org 08 Dec '16

08 Dec '16

commit 2d3fb691b40323a0960e1c2758c00713f212e5fb Author: Lynn Tsai <lynntsai(a)gmail.com> Date: Tue Nov 29 22:46:59 2016 -0800 Rotate ports third time for default obfs4 bridges LeifEricson (blocked): Port 50001 --> 50002 Greenbelt (unblocked): Port 7013 --> 12166 Mosaddegh (blocked): Port 9332 --> 15937 MaBishomarim (blocked): Port 7920 --> 16488 JonbesheSabz (blocked): Port 4148 --> 4304 Azadi (unblocked): Port 6041 --> 16815 --- Bundle-Data/PTConfigs/bridge_prefs.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 664e607..6831555 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -15,24 +15,24 @@ pref("extensions.torlauncher.default_bridge.fte.4", "fte 128.105.214.163:8080 A1 pref("extensions.torlauncher.default_bridge.scramblesuit.1", "scramblesuit 83.212.101.3:443 A09D536DD1752D542E1FBB3C9CE4449D51298239 password=XTCXLG2JAMJKZW2POLBAOWOQETQSMASH"); -pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:9332 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.1", "obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.2", "obfs4 198.245.60.50:443 752CF7825B3B9EA6A98C83AC41F7099D67007EA5 cert=xpmQtKUqQ/6v5X7ijgYE/f03+l2/EuQ1dexjyUhh16wQlu/cpXUGalmhDIlhuiQPNEKmKw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.3", "obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.4", "obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1"); -pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50001 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.5", "obfs4 83.212.101.3:50002 A09D536DD1752D542E1FBB3C9CE4449D51298239 cert=lPRQ/MXdD1t5SRZ9MquYQNT9m5DV757jtdXdlePmRCudUU9CFUOX1Tm7/meFSyPOsud7Cw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.6", "obfs4 109.105.109.147:13764 BBB28DF0F201E706BE564EFE690FE9577DD8386D cert=KfMQN/tNMFdda61hMgpiMI7pbwU1T+wxjTulYnfw+4sgvG0zSH7N7fwT10BI8MUdAD7iJA iat-mode=2"); -pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:7920 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.7", "obfs4 154.35.22.11:16488 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.8", "obfs4 154.35.22.12:80 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 154.35.22.13:443 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 154.35.22.10:80 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 154.35.22.10:443 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.12", "obfs4 154.35.22.11:443 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.13", "obfs4 154.35.22.11:80 A832D176ECD5C7C6B58825AE22FC4C90FA249637 cert=YPbQqXPiqTUBfjGFLpm9JYEFTBvnzEJDKJxXG5Sxzrr/v2qrhGU4Jls9lHjLAhqpXaEfZw iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:7013 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.14", "obfs4 154.35.22.9:12166 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.15", "obfs4 154.35.22.9:80 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.16", "obfs4 154.35.22.9:443 C73ADBAC8ADFDBF0FC0F3F4E8091C0107D093716 cert=gEGKc5WN/bSjFa6UkG9hOcft1tuK+cV8hbZ0H6cqXiMPLqSbCh2Q3PHe5OOr6oMVORhoJA iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4148 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); -pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:6041 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.17", "obfs4 154.35.22.12:4304 00DC6C4FA49A65BD1472993CF6730D54F11E0DBB cert=N86E9hKXXXVz6G7w2z8wFfhIDztDAzZ/3poxVePHEYjbKDWzjkRDccFMAnhK75fc65pYSg iat-mode=0"); +pref("extensions.torlauncher.default_bridge.obfs4.18", "obfs4 154.35.22.13:16815 FE7840FE1E21FE0A0639ED176EDA00A3ECA1E34D cert=fKnzxr+m+jWXXQGCaXe4f2gGoPXMzbL+bTBbXMYXuK0tMotd+nXyS33y2mONZWU29l81CA iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.19", "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1"); pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0");

1 0