[tbb-commits] [tor-browser-build/master] Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek.
gk at torproject.org
gk at torproject.org
Wed Aug 28 07:11:23 UTC 2019
commit f022ea694df867a6bd06c44cb50c78d674bea9ed
Author: Kathy Brade <brade at pearlcrescent.com>
Date: Fri Aug 23 09:50:26 2019 -0400
Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek.
---
projects/goutls/config | 2 ++
projects/goutls/sessionid.patch | 25 +++++++++++++
projects/meek/build | 42 ----------------------
projects/meek/config | 17 ---------
projects/obfs4/build | 6 ++--
projects/obfs4/config | 2 +-
.../Docs/Licenses/PluggableTransports/LICENSE | 9 -----
.../Bundle-Data/PTConfigs/bridge_prefs.js | 2 +-
.../PTConfigs/linux/torrc-defaults-appendix | 5 +--
.../mac/TorBrowser.app.meek-http-helper/README | 13 -------
.../PTConfigs/mac/torrc-defaults-appendix | 5 +--
.../Bundle-Data/PTConfigs/meek-http-helper-user.js | 38 --------------------
.../PTConfigs/windows/torrc-defaults-appendix | 5 +--
projects/tor-browser/build | 23 ------------
projects/tor-browser/config | 3 --
15 files changed, 35 insertions(+), 162 deletions(-)
diff --git a/projects/goutls/config b/projects/goutls/config
index 0a1e416..d738305 100644
--- a/projects/goutls/config
+++ b/projects/goutls/config
@@ -27,3 +27,5 @@ input_files:
project: gocompress
- name: gobsaes
project: gobsaes
+ - filename: sessionid.patch
+ enable: '[% c("var/nightly") || c("var/alpha") %]'
diff --git a/projects/goutls/sessionid.patch b/projects/goutls/sessionid.patch
new file mode 100644
index 0000000..fd3636d
--- /dev/null
+++ b/projects/goutls/sessionid.patch
@@ -0,0 +1,25 @@
+From 4da67951864128358459681399dd208c49d5d001 Mon Sep 17 00:00:00 2001
+From: Rod Hynes <rod-hynes at users.noreply.github.com>
+Date: Mon, 12 Aug 2019 17:06:06 -0400
+Subject: [PATCH] Fix all-zeroes SessionID (#31)
+
+---
+ u_conn.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u_conn.go b/u_conn.go
+index 9079460..2706373 100644
+--- a/u_conn.go
++++ b/u_conn.go
+@@ -121,7 +121,7 @@ func (uconn *UConn) SetSessionState(session *ClientSessionState) error {
+ }
+ }
+ var sessionID [32]byte
+- _, err := io.ReadFull(uconn.config.rand(), uconn.HandshakeState.Hello.SessionId)
++ _, err := io.ReadFull(uconn.config.rand(), sessionID[:])
+ if err != nil {
+ return err
+ }
+--
+2.22.0
+
diff --git a/projects/meek/build b/projects/meek/build
deleted file mode 100644
index 57185b3..0000000
--- a/projects/meek/build
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-[% c("var/set_default_env") -%]
-[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
-distdir=/var/tmp/dist/[% project %]
-[% c("var/set_PTDIR_DOCSDIR") -%]
-mkdir -p $PTDIR $DOCSDIR
-
-tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %]
-
-mkdir -p /var/tmp/build
-tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
-cd /var/tmp/build/[% project %]-[% c('version') %]
-
-cd meek-client
-go build -ldflags '-s'
-cp -a meek-client[% IF c("var/windows") %].exe[% END %] $PTDIR
-
-cd ../meek-client-torbrowser
-go build -ldflags '-s'
-cp -a meek-client-torbrowser[% IF c("var/windows") %].exe[% END %] $PTDIR
-
-
-[% IF c("var/windows") %]
- cd ../terminateprocess-buffer
- go build -ldflags '-s'
- cp -a terminateprocess-buffer.exe $PTDIR
-[% END %]
-
-cd ..
-cp -a README doc/*.1[% IF c("var/windows") %].txt[% END %] $DOCSDIR
-
-cd firefox
-[% c('zip', {
- zip_src => [ '.' ],
- zip_args => '$distdir/meek-http-helper at bamsoftware.com.xpi',
- }) %]
-
-cd $distdir
-[% c('tar', {
- tar_src => [ '.' ],
- tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
- }) %]
diff --git a/projects/meek/config b/projects/meek/config
deleted file mode 100644
index 7d0fd2d..0000000
--- a/projects/meek/config
+++ /dev/null
@@ -1,17 +0,0 @@
-# vim: filetype=yaml sw=2
-version: 0.31
-git_url: https://git.torproject.org/pluggable-transports/meek.git
-git_hash: '[% c("version") %]'
-tag_gpg_id: 1
-gpg_keyring: meek.gpg
-filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-var:
- container:
- use_container: 1
-
-input_files:
- - project: container-image
- - name: go
- project: go
- - name: goptlib
- project: goptlib
diff --git a/projects/obfs4/build b/projects/obfs4/build
index dedd1ef..3f650c4 100644
--- a/projects/obfs4/build
+++ b/projects/obfs4/build
@@ -11,7 +11,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %]
-[% IF c("var/nightly") -%]
+[% IF c("var/nightly") || c("var/alpha") -%]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goutls') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxtext') %]
[% END -%]
@@ -20,14 +20,14 @@ mkdir -p /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
cd /var/tmp/build/[% project %]-[% c('version') %]
-[% IF c("var/nightly") -%]
+[% IF c("var/nightly") || c("var/alpha") -%]
# Remove go.mod and go.sum files until we can build using Go module
# versioning (see bug 28325).
rm -f go.mod go.sum
[% END -%]
# Commit 70d0e90c861be34ce3c5425ef1366a0b2ceb3026 changed the canonical obfs4
# upstream repo to gitlab.com/yawning/obfs4.git.
-[% IF c("var/nightly") %]
+[% IF c("var/nightly") || c("var/alpha") %]
mkdir -p "$GOPATH/src/gitlab.com/yawning"
ln -sf "$PWD" "$GOPATH/src/gitlab.com/yawning/obfs4.git"
[% ELSE %]
diff --git a/projects/obfs4/config b/projects/obfs4/config
index 32d3435..48afc2f 100644
--- a/projects/obfs4/config
+++ b/projects/obfs4/config
@@ -1,5 +1,5 @@
# vim: filetype=yaml sw=2
-version: 0.0.7
+version: 0.0.11
git_url: https://git.torproject.org/pluggable-transports/obfs4.git
git_hash: 'obfs4proxy-[% c("version") %]'
tag_gpg_id: 1
diff --git a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
index 8bf0661..25d930e 100644
--- a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
+++ b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
@@ -154,15 +154,6 @@ warranty. See LICENSE.CC0.
===============================================================================
-meek
-
-To the extent possible under law, the authors have dedicated all
-copyright and related and neighboring rights to this software to the
-public domain worldwide. This software is distributed without any
-warranty. See LICENSE.CC0.
-
-===============================================================================
-
obfs4
Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
index 4eb4644..566de2e 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -14,6 +14,6 @@ pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 85.31.186.26:443 91
pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 216.252.162.21:46089 0DB8799466902192B6C7576D58D4F7F714EC87C1 cert=XPUwcQPxEXExHfJYX58gZXN7mYpos7VNAHbkgERNFg+FCVNzuYo1Wp+uMscl3aR9hO2DRQ iat-mode=0");
pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 144.217.20.138:80 FB70B257C162BF1038CA669D568D76F5B7F0BABB cert=vYIV5MgrghGQvZPIi1tJwnzorMgqgmlKaB77Y3Z9Q/v94wZBOAXkW+fdx4aSxLVnKO+xNw iat-mode=0");
-pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
+pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72");
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index 75d5c5e..ac89698 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -1,8 +1,5 @@
## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
-
-## meek configuration
-ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README
deleted file mode 100644
index f158eec..0000000
--- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README
+++ /dev/null
@@ -1,13 +0,0 @@
-This directory contains a special headless configuration of the Tor
-Browser app, intended for use by meek-client-torbrowser and the
-meek-http-helper extension. It should not be run directly.
-
-All files in the Contents directory, other than Info.plist, are simply
-symlinked to their counterparts in ../../../../../Contents. Info.plist
-contains an additional configuration directive that prevents the
-headless browser from opening a useless second dock icon:
- <key>LSBackgroundOnly</key><true/>
-
-For background on this matter, see the ticket:
- meek-http-helper opens up a second dock icon
- https://trac.torproject.org/projects/tor/ticket/11429
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
index cf7cc2a..154bda4 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
@@ -1,8 +1,5 @@
## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
-
-## meek configuration
-ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
## snowflake configuration
ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js b/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js
deleted file mode 100644
index c62b066..0000000
--- a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ /dev/null
@@ -1,38 +0,0 @@
-// http://kb.mozillazine.org/User.js_file
-
-// The meek-http-helper extension uses dump to write its listening port number
-// to stdout.
-user_pref("browser.dom.window.dump.enabled", true);
-
-// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
-// there is a missing TLS extension.
-// https://trac.torproject.org/projects/tor/ticket/13442#comment:1
-user_pref("security.ssl.disable_session_identifiers", false);
-
-// Disable safe mode. In case of a crash, we don't want to prompt for a
-// safe-mode browser that has extensions disabled.
-// https://support.mozilla.org/en-US/questions/951221#answer-410562
-user_pref("toolkit.startup.max_resumed_crashes", -1);
-
-// Don't raise software update windows in this browser instance.
-// https://trac.torproject.org/projects/tor/ticket/14203
-user_pref("app.update.enabled", false);
-
-// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
-// in case the user manages to open this profile with a normal browser UI (i.e.,
-// not headless with the meek-http-helper extension running). Port 9 is
-// "discard", so it should work as a blackhole whether the port is open or
-// closed. network.proxy.type=1 means "Manual proxy configuration".
-// http://kb.mozillazine.org/Network.proxy.type
-user_pref("network.proxy.type", 1);
-user_pref("network.proxy.socks", "127.0.0.1");
-user_pref("network.proxy.socks_port", 9);
-// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
-// overridden by meek-http-helper at startup.
-user_pref("network.proxy.socks_remote_dns", true);
-
-user_pref("extensions.enabledAddons", "meek-http-helper at bamsoftware.com:1.0");
-
-// Ensure that distribution extensions (e.g., Tor Launcher) are not copied
-// into the meek-http-helper profile.
-user_pref("extensions.installDistroAddons", false);
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
index 7192231..18b8460 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
@@ -1,5 +1,2 @@
## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
-
-## meek configuration
-ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe -- TorBrowser\Tor\PluggableTransports\meek-client.exe
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
diff --git a/projects/tor-browser/build b/projects/tor-browser/build
index f728612..aeb77de 100644
--- a/projects/tor-browser/build
+++ b/projects/tor-browser/build
@@ -26,7 +26,6 @@ touch "$GENERATEDPREFSPATH"
EXTSPATH=Contents/Resources/distribution/extensions
TORBINPATH=Contents/MacOS/Tor
TORCONFIGPATH=Contents/Resources/TorBrowser/Tor
- MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper
tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/libdmg') %]
export PATH=/var/tmp/dist/libdmg-hfsplus:$PATH
@@ -36,14 +35,11 @@ touch "$GENERATEDPREFSPATH"
DOCSPATH=TorBrowser/Docs
EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions
TORCONFIGPATH=TorBrowser/Data/Tor
- MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper
- MOATPROFILEPATH=TorBrowser/Data/Browser/profile.moat-http-helper
mkdir -p "$TBDIR/TorBrowser/Data/Browser/Caches"
[% END %]
mkdir -p "$TBDIR/$EXTSPATH"
-mkdir -p "$TBDIR/$MEEKPROFILEPATH/extensions"
# Extract the MAR tools.
unzip -d $rootdir $rootdir/[% c('input_files_by_name/firefox') %]/mar-tools-*.zip
@@ -53,8 +49,6 @@ mv [% c('input_files_by_name/https-everywhere') %] "$TBDIR/$EXTSPATH/https-every
mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
tar -C "$TBDIR" -xf [% c('input_files_by_name/obfs4') %]
-tar -C "$TBDIR" -xf [% c('input_files_by_name/meek') %]
-mv "$TBDIR/meek-http-helper at bamsoftware.com.xpi" "$TBDIR/$MEEKPROFILEPATH/extensions/"
[% IF c("var/snowflake") %]
tar -C "$TBDIR" -xf [% c('input_files_by_name/snowflake') -%]
[% END -%]
@@ -127,23 +121,6 @@ cat Bundle-Data/PTConfigs/[% bundledata_osname %]/torrc-defaults-appendix >> "$T
grep -v 'default_bridge\.snowflake' Bundle-Data/PTConfigs/bridge_prefs.js \
>> "$GENERATEDPREFSPATH"
[% END -%]
-cat Bundle-Data/PTConfigs/meek-http-helper-user.js >> "$TBDIR/$MEEKPROFILEPATH/user.js"
-
-[% IF c("var/osx") %]
- pushd "$TBDIR"
- # Create the meek-template-sha256sum.txt file by generating a list
- # of hashes (one for each file within the meek-http-helper profile) and
- # and then generating one final hash from the contents of the list.
- sha256sum `find $MEEKPROFILEPATH -type f | sort` | sha256sum | sed -e 's/ *-$//' > $MEEKPROFILEPATH/meek-template-sha256sum.txt
- popd
-[% END %]
-
-# For platforms for which we need to ship a Moat helper profile in addition
-# to a meek one, create it by duplicating the meek one that we just finished
-# creating.
-if [ ! -z "$MOATPROFILEPATH" ]; then
- cp -pR $TBDIR/$MEEKPROFILEPATH $TBDIR/$MOATPROFILEPATH
-fi
[% IF ! c("var/multi_lingual") %]
echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> "$GENERATEDPREFSPATH"
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index cf8fcb3..e207626 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -65,9 +65,6 @@ input_files:
- project: fonts
name: fonts
enable: '[% ! c("var/android") %]'
- - project: meek
- name: meek
- enable: '[% ! c("var/android") %]'
- project: obfs4
name: obfs4
enable: '[% ! c("var/android") %]'
More information about the tbb-commits
mailing list