commit f022ea694df867a6bd06c44cb50c78d674bea9ed Author: Kathy Brade brade@pearlcrescent.com Date: Fri Aug 23 09:50:26 2019 -0400
Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek. --- projects/goutls/config | 2 ++ projects/goutls/sessionid.patch | 25 +++++++++++++ projects/meek/build | 42 ---------------------- projects/meek/config | 17 --------- projects/obfs4/build | 6 ++-- projects/obfs4/config | 2 +- .../Docs/Licenses/PluggableTransports/LICENSE | 9 ----- .../Bundle-Data/PTConfigs/bridge_prefs.js | 2 +- .../PTConfigs/linux/torrc-defaults-appendix | 5 +-- .../mac/TorBrowser.app.meek-http-helper/README | 13 ------- .../PTConfigs/mac/torrc-defaults-appendix | 5 +-- .../Bundle-Data/PTConfigs/meek-http-helper-user.js | 38 -------------------- .../PTConfigs/windows/torrc-defaults-appendix | 5 +-- projects/tor-browser/build | 23 ------------ projects/tor-browser/config | 3 -- 15 files changed, 35 insertions(+), 162 deletions(-)
diff --git a/projects/goutls/config b/projects/goutls/config index 0a1e416..d738305 100644 --- a/projects/goutls/config +++ b/projects/goutls/config @@ -27,3 +27,5 @@ input_files: project: gocompress - name: gobsaes project: gobsaes + - filename: sessionid.patch + enable: '[% c("var/nightly") || c("var/alpha") %]' diff --git a/projects/goutls/sessionid.patch b/projects/goutls/sessionid.patch new file mode 100644 index 0000000..fd3636d --- /dev/null +++ b/projects/goutls/sessionid.patch @@ -0,0 +1,25 @@ +From 4da67951864128358459681399dd208c49d5d001 Mon Sep 17 00:00:00 2001 +From: Rod Hynes rod-hynes@users.noreply.github.com +Date: Mon, 12 Aug 2019 17:06:06 -0400 +Subject: [PATCH] Fix all-zeroes SessionID (#31) + +--- + u_conn.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/u_conn.go b/u_conn.go +index 9079460..2706373 100644 +--- a/u_conn.go ++++ b/u_conn.go +@@ -121,7 +121,7 @@ func (uconn *UConn) SetSessionState(session *ClientSessionState) error { + } + } + var sessionID [32]byte +- _, err := io.ReadFull(uconn.config.rand(), uconn.HandshakeState.Hello.SessionId) ++ _, err := io.ReadFull(uconn.config.rand(), sessionID[:]) + if err != nil { + return err + } +-- +2.22.0 + diff --git a/projects/meek/build b/projects/meek/build deleted file mode 100644 index 57185b3..0000000 --- a/projects/meek/build +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -[% c("var/set_default_env") -%] -[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %] -distdir=/var/tmp/dist/[% project %] -[% c("var/set_PTDIR_DOCSDIR") -%] -mkdir -p $PTDIR $DOCSDIR - -tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %] - -mkdir -p /var/tmp/build -tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz -cd /var/tmp/build/[% project %]-[% c('version') %] - -cd meek-client -go build -ldflags '-s' -cp -a meek-client[% IF c("var/windows") %].exe[% END %] $PTDIR - -cd ../meek-client-torbrowser -go build -ldflags '-s' -cp -a meek-client-torbrowser[% IF c("var/windows") %].exe[% END %] $PTDIR - - -[% IF c("var/windows") %] - cd ../terminateprocess-buffer - go build -ldflags '-s' - cp -a terminateprocess-buffer.exe $PTDIR -[% END %] - -cd .. -cp -a README doc/*.1[% IF c("var/windows") %].txt[% END %] $DOCSDIR - -cd firefox -[% c('zip', { - zip_src => [ '.' ], - zip_args => '$distdir/meek-http-helper@bamsoftware.com.xpi', - }) %] - -cd $distdir -[% c('tar', { - tar_src => [ '.' ], - tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), - }) %] diff --git a/projects/meek/config b/projects/meek/config deleted file mode 100644 index 7d0fd2d..0000000 --- a/projects/meek/config +++ /dev/null @@ -1,17 +0,0 @@ -# vim: filetype=yaml sw=2 -version: 0.31 -git_url: https://git.torproject.org/pluggable-transports/meek.git -git_hash: '[% c("version") %]' -tag_gpg_id: 1 -gpg_keyring: meek.gpg -filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -var: - container: - use_container: 1 - -input_files: - - project: container-image - - name: go - project: go - - name: goptlib - project: goptlib diff --git a/projects/obfs4/build b/projects/obfs4/build index dedd1ef..3f650c4 100644 --- a/projects/obfs4/build +++ b/projects/obfs4/build @@ -11,7 +11,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %] -[% IF c("var/nightly") -%] +[% IF c("var/nightly") || c("var/alpha") -%] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goutls') %] tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxtext') %] [% END -%] @@ -20,14 +20,14 @@ mkdir -p /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz cd /var/tmp/build/[% project %]-[% c('version') %]
-[% IF c("var/nightly") -%] +[% IF c("var/nightly") || c("var/alpha") -%] # Remove go.mod and go.sum files until we can build using Go module # versioning (see bug 28325). rm -f go.mod go.sum [% END -%] # Commit 70d0e90c861be34ce3c5425ef1366a0b2ceb3026 changed the canonical obfs4 # upstream repo to gitlab.com/yawning/obfs4.git. -[% IF c("var/nightly") %] +[% IF c("var/nightly") || c("var/alpha") %] mkdir -p "$GOPATH/src/gitlab.com/yawning" ln -sf "$PWD" "$GOPATH/src/gitlab.com/yawning/obfs4.git" [% ELSE %] diff --git a/projects/obfs4/config b/projects/obfs4/config index 32d3435..48afc2f 100644 --- a/projects/obfs4/config +++ b/projects/obfs4/config @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 0.0.7 +version: 0.0.11 git_url: https://git.torproject.org/pluggable-transports/obfs4.git git_hash: 'obfs4proxy-[% c("version") %]' tag_gpg_id: 1 diff --git a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE index 8bf0661..25d930e 100644 --- a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE +++ b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE @@ -154,15 +154,6 @@ warranty. See LICENSE.CC0.
===============================================================================
-meek - -To the extent possible under law, the authors have dedicated all -copyright and related and neighboring rights to this software to the -public domain worldwide. This software is distributed without any -warranty. See LICENSE.CC0. - -=============================================================================== - obfs4
Copyright (c) 2014, Yawning Angel <yawning at torproject dot org> diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js index 4eb4644..566de2e 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js @@ -14,6 +14,6 @@ pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 85.31.186.26:443 91 pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 216.252.162.21:46089 0DB8799466902192B6C7576D58D4F7F714EC87C1 cert=XPUwcQPxEXExHfJYX58gZXN7mYpos7VNAHbkgERNFg+FCVNzuYo1Wp+uMscl3aR9hO2DRQ iat-mode=0"); pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 144.217.20.138:80 FB70B257C162BF1038CA669D568D76F5B7F0BABB cert=vYIV5MgrghGQvZPIi1tJwnzorMgqgmlKaB77Y3Z9Q/v94wZBOAXkW+fdx4aSxLVnKO+xNw iat-mode=0");
-pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"); +pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72"); diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index 75d5c5e..ac89698 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -1,8 +1,5 @@ ## obfs4proxy configuration -ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy - -## meek configuration -ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client +ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
## snowflake configuration ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302 diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README deleted file mode 100644 index f158eec..0000000 --- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README +++ /dev/null @@ -1,13 +0,0 @@ -This directory contains a special headless configuration of the Tor -Browser app, intended for use by meek-client-torbrowser and the -meek-http-helper extension. It should not be run directly. - -All files in the Contents directory, other than Info.plist, are simply -symlinked to their counterparts in ../../../../../Contents. Info.plist -contains an additional configuration directive that prevents the -headless browser from opening a useless second dock icon: - <key>LSBackgroundOnly</key><true/> - -For background on this matter, see the ticket: - meek-http-helper opens up a second dock icon - https://trac.torproject.org/projects/tor/ticket/11429 diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix index cf7cc2a..154bda4 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix +++ b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix @@ -1,8 +1,5 @@ ## obfs4proxy configuration -ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy - -## meek configuration -ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client +ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
## snowflake configuration ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302 diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js b/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js deleted file mode 100644 index c62b066..0000000 --- a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js +++ /dev/null @@ -1,38 +0,0 @@ -// http://kb.mozillazine.org/User.js_file - -// The meek-http-helper extension uses dump to write its listening port number -// to stdout. -user_pref("browser.dom.window.dump.enabled", true); - -// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise -// there is a missing TLS extension. -// https://trac.torproject.org/projects/tor/ticket/13442#comment:1 -user_pref("security.ssl.disable_session_identifiers", false); - -// Disable safe mode. In case of a crash, we don't want to prompt for a -// safe-mode browser that has extensions disabled. -// https://support.mozilla.org/en-US/questions/951221#answer-410562 -user_pref("toolkit.startup.max_resumed_crashes", -1); - -// Don't raise software update windows in this browser instance. -// https://trac.torproject.org/projects/tor/ticket/14203 -user_pref("app.update.enabled", false); - -// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction -// in case the user manages to open this profile with a normal browser UI (i.e., -// not headless with the meek-http-helper extension running). Port 9 is -// "discard", so it should work as a blackhole whether the port is open or -// closed. network.proxy.type=1 means "Manual proxy configuration". -// http://kb.mozillazine.org/Network.proxy.type -user_pref("network.proxy.type", 1); -user_pref("network.proxy.socks", "127.0.0.1"); -user_pref("network.proxy.socks_port", 9); -// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is -// overridden by meek-http-helper at startup. -user_pref("network.proxy.socks_remote_dns", true); - -user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0"); - -// Ensure that distribution extensions (e.g., Tor Launcher) are not copied -// into the meek-http-helper profile. -user_pref("extensions.installDistroAddons", false); diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix index 7192231..18b8460 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix +++ b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix @@ -1,5 +1,2 @@ ## obfs4proxy configuration -ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe - -## meek configuration -ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe -- TorBrowser\Tor\PluggableTransports\meek-client.exe +ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe diff --git a/projects/tor-browser/build b/projects/tor-browser/build index f728612..aeb77de 100644 --- a/projects/tor-browser/build +++ b/projects/tor-browser/build @@ -26,7 +26,6 @@ touch "$GENERATEDPREFSPATH" EXTSPATH=Contents/Resources/distribution/extensions TORBINPATH=Contents/MacOS/Tor TORCONFIGPATH=Contents/Resources/TorBrowser/Tor - MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper
tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/libdmg') %] export PATH=/var/tmp/dist/libdmg-hfsplus:$PATH @@ -36,14 +35,11 @@ touch "$GENERATEDPREFSPATH" DOCSPATH=TorBrowser/Docs EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions TORCONFIGPATH=TorBrowser/Data/Tor - MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper - MOATPROFILEPATH=TorBrowser/Data/Browser/profile.moat-http-helper
mkdir -p "$TBDIR/TorBrowser/Data/Browser/Caches" [% END %]
mkdir -p "$TBDIR/$EXTSPATH" -mkdir -p "$TBDIR/$MEEKPROFILEPATH/extensions"
# Extract the MAR tools. unzip -d $rootdir $rootdir/[% c('input_files_by_name/firefox') %]/mar-tools-*.zip @@ -53,8 +49,6 @@ mv [% c('input_files_by_name/https-everywhere') %] "$TBDIR/$EXTSPATH/https-every mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
tar -C "$TBDIR" -xf [% c('input_files_by_name/obfs4') %] -tar -C "$TBDIR" -xf [% c('input_files_by_name/meek') %] -mv "$TBDIR/meek-http-helper@bamsoftware.com.xpi" "$TBDIR/$MEEKPROFILEPATH/extensions/" [% IF c("var/snowflake") %] tar -C "$TBDIR" -xf [% c('input_files_by_name/snowflake') -%] [% END -%] @@ -127,23 +121,6 @@ cat Bundle-Data/PTConfigs/[% bundledata_osname %]/torrc-defaults-appendix >> "$T grep -v 'default_bridge.snowflake' Bundle-Data/PTConfigs/bridge_prefs.js \ >> "$GENERATEDPREFSPATH" [% END -%] -cat Bundle-Data/PTConfigs/meek-http-helper-user.js >> "$TBDIR/$MEEKPROFILEPATH/user.js" - -[% IF c("var/osx") %] - pushd "$TBDIR" - # Create the meek-template-sha256sum.txt file by generating a list - # of hashes (one for each file within the meek-http-helper profile) and - # and then generating one final hash from the contents of the list. - sha256sum `find $MEEKPROFILEPATH -type f | sort` | sha256sum | sed -e 's/ *-$//' > $MEEKPROFILEPATH/meek-template-sha256sum.txt - popd -[% END %] - -# For platforms for which we need to ship a Moat helper profile in addition -# to a meek one, create it by duplicating the meek one that we just finished -# creating. -if [ ! -z "$MOATPROFILEPATH" ]; then - cp -pR $TBDIR/$MEEKPROFILEPATH $TBDIR/$MOATPROFILEPATH -fi
[% IF ! c("var/multi_lingual") %] echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> "$GENERATEDPREFSPATH" diff --git a/projects/tor-browser/config b/projects/tor-browser/config index cf8fcb3..e207626 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -65,9 +65,6 @@ input_files: - project: fonts name: fonts enable: '[% ! c("var/android") %]' - - project: meek - name: meek - enable: '[% ! c("var/android") %]' - project: obfs4 name: obfs4 enable: '[% ! c("var/android") %]'