[tor-commits] [tor-browser-build/master] Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek.

gk at torproject.org gk at torproject.org
Wed Aug 28 07:11:23 UTC 2019


commit f022ea694df867a6bd06c44cb50c78d674bea9ed
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Fri Aug 23 09:50:26 2019 -0400

    Bug 29430: Use obfs4proxy's meek_lite with utls instead of meek.
---
 projects/goutls/config                             |  2 ++
 projects/goutls/sessionid.patch                    | 25 +++++++++++++
 projects/meek/build                                | 42 ----------------------
 projects/meek/config                               | 17 ---------
 projects/obfs4/build                               |  6 ++--
 projects/obfs4/config                              |  2 +-
 .../Docs/Licenses/PluggableTransports/LICENSE      |  9 -----
 .../Bundle-Data/PTConfigs/bridge_prefs.js          |  2 +-
 .../PTConfigs/linux/torrc-defaults-appendix        |  5 +--
 .../mac/TorBrowser.app.meek-http-helper/README     | 13 -------
 .../PTConfigs/mac/torrc-defaults-appendix          |  5 +--
 .../Bundle-Data/PTConfigs/meek-http-helper-user.js | 38 --------------------
 .../PTConfigs/windows/torrc-defaults-appendix      |  5 +--
 projects/tor-browser/build                         | 23 ------------
 projects/tor-browser/config                        |  3 --
 15 files changed, 35 insertions(+), 162 deletions(-)

diff --git a/projects/goutls/config b/projects/goutls/config
index 0a1e416..d738305 100644
--- a/projects/goutls/config
+++ b/projects/goutls/config
@@ -27,3 +27,5 @@ input_files:
     project: gocompress
   - name: gobsaes
     project: gobsaes
+  - filename: sessionid.patch
+    enable: '[% c("var/nightly") || c("var/alpha") %]'
diff --git a/projects/goutls/sessionid.patch b/projects/goutls/sessionid.patch
new file mode 100644
index 0000000..fd3636d
--- /dev/null
+++ b/projects/goutls/sessionid.patch
@@ -0,0 +1,25 @@
+From 4da67951864128358459681399dd208c49d5d001 Mon Sep 17 00:00:00 2001
+From: Rod Hynes <rod-hynes at users.noreply.github.com>
+Date: Mon, 12 Aug 2019 17:06:06 -0400
+Subject: [PATCH] Fix all-zeroes SessionID (#31)
+
+---
+ u_conn.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/u_conn.go b/u_conn.go
+index 9079460..2706373 100644
+--- a/u_conn.go
++++ b/u_conn.go
+@@ -121,7 +121,7 @@ func (uconn *UConn) SetSessionState(session *ClientSessionState) error {
+ 				}
+ 			}
+ 			var sessionID [32]byte
+-			_, err := io.ReadFull(uconn.config.rand(), uconn.HandshakeState.Hello.SessionId)
++			_, err := io.ReadFull(uconn.config.rand(), sessionID[:])
+ 			if err != nil {
+ 				return err
+ 			}
+-- 
+2.22.0
+
diff --git a/projects/meek/build b/projects/meek/build
deleted file mode 100644
index 57185b3..0000000
--- a/projects/meek/build
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-[% c("var/set_default_env") -%]
-[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
-distdir=/var/tmp/dist/[% project %]
-[% c("var/set_PTDIR_DOCSDIR") -%]
-mkdir -p $PTDIR $DOCSDIR
-
-tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %]
-
-mkdir -p /var/tmp/build
-tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
-cd /var/tmp/build/[% project %]-[% c('version') %]
-
-cd meek-client
-go build -ldflags '-s'
-cp -a meek-client[% IF c("var/windows") %].exe[% END %] $PTDIR
-
-cd ../meek-client-torbrowser
-go build -ldflags '-s'
-cp -a meek-client-torbrowser[% IF c("var/windows") %].exe[% END %] $PTDIR
-
-
-[% IF c("var/windows") %]
-  cd ../terminateprocess-buffer
-  go build -ldflags '-s'
-  cp -a terminateprocess-buffer.exe $PTDIR
-[% END %]
-
-cd ..
-cp -a README doc/*.1[% IF c("var/windows") %].txt[% END %] $DOCSDIR
-
-cd firefox
-[% c('zip', {
-     zip_src => [ '.' ],
-     zip_args => '$distdir/meek-http-helper at bamsoftware.com.xpi',
-   }) %]
-
-cd $distdir
-[% c('tar', {
-        tar_src => [ '.' ],
-        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
-    }) %]
diff --git a/projects/meek/config b/projects/meek/config
deleted file mode 100644
index 7d0fd2d..0000000
--- a/projects/meek/config
+++ /dev/null
@@ -1,17 +0,0 @@
-# vim: filetype=yaml sw=2
-version: 0.31
-git_url: https://git.torproject.org/pluggable-transports/meek.git
-git_hash: '[% c("version") %]'
-tag_gpg_id: 1
-gpg_keyring: meek.gpg
-filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-var:
-  container:
-    use_container: 1
-
-input_files:
-  - project: container-image
-  - name: go
-    project: go
-  - name: goptlib
-    project: goptlib
diff --git a/projects/obfs4/build b/projects/obfs4/build
index dedd1ef..3f650c4 100644
--- a/projects/obfs4/build
+++ b/projects/obfs4/build
@@ -11,7 +11,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %]
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %]
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %]
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %]
-[% IF c("var/nightly") -%]
+[% IF c("var/nightly") || c("var/alpha") -%]
   tar -C /var/tmp/dist -xf [% c('input_files_by_name/goutls') %]
   tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxtext') %]
 [% END -%]
@@ -20,14 +20,14 @@ mkdir -p /var/tmp/build
 tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
 cd /var/tmp/build/[% project %]-[% c('version') %]
 
-[% IF c("var/nightly") -%]
+[% IF c("var/nightly") || c("var/alpha") -%]
   # Remove go.mod and go.sum files until we can build using Go module
   # versioning (see bug 28325).
   rm -f go.mod go.sum
 [% END -%]
 # Commit 70d0e90c861be34ce3c5425ef1366a0b2ceb3026 changed the canonical obfs4
 # upstream repo to gitlab.com/yawning/obfs4.git.
-[% IF c("var/nightly") %]
+[% IF c("var/nightly") || c("var/alpha") %]
   mkdir -p "$GOPATH/src/gitlab.com/yawning"
   ln -sf "$PWD" "$GOPATH/src/gitlab.com/yawning/obfs4.git"
 [% ELSE %]
diff --git a/projects/obfs4/config b/projects/obfs4/config
index 32d3435..48afc2f 100644
--- a/projects/obfs4/config
+++ b/projects/obfs4/config
@@ -1,5 +1,5 @@
 # vim: filetype=yaml sw=2
-version: 0.0.7
+version: 0.0.11
 git_url: https://git.torproject.org/pluggable-transports/obfs4.git
 git_hash: 'obfs4proxy-[% c("version") %]'
 tag_gpg_id: 1
diff --git a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
index 8bf0661..25d930e 100644
--- a/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
+++ b/projects/tor-browser/Bundle-Data/Docs/Licenses/PluggableTransports/LICENSE
@@ -154,15 +154,6 @@ warranty. See LICENSE.CC0.
 
 ===============================================================================
 
-meek
-
-To the extent possible under law, the authors have dedicated all
-copyright and related and neighboring rights to this software to the
-public domain worldwide. This software is distributed without any
-warranty. See LICENSE.CC0.
-
-===============================================================================
-
 obfs4
 
 Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
index 4eb4644..566de2e 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -14,6 +14,6 @@ pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 85.31.186.26:443 91
 pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 216.252.162.21:46089 0DB8799466902192B6C7576D58D4F7F714EC87C1 cert=XPUwcQPxEXExHfJYX58gZXN7mYpos7VNAHbkgERNFg+FCVNzuYo1Wp+uMscl3aR9hO2DRQ iat-mode=0");
 pref("extensions.torlauncher.default_bridge.obfs4.11", "obfs4 144.217.20.138:80 FB70B257C162BF1038CA669D568D76F5B7F0BABB cert=vYIV5MgrghGQvZPIi1tJwnzorMgqgmlKaB77Y3Z9Q/v94wZBOAXkW+fdx4aSxLVnKO+xNw iat-mode=0");
 
-pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
+pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
 
 pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72");
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index 75d5c5e..ac89698 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -1,8 +1,5 @@
 ## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
-
-## meek configuration
-ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
 
 ## snowflake configuration
 ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README b/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README
deleted file mode 100644
index f158eec..0000000
--- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/TorBrowser.app.meek-http-helper/README
+++ /dev/null
@@ -1,13 +0,0 @@
-This directory contains a special headless configuration of the Tor
-Browser app, intended for use by meek-client-torbrowser and the
-meek-http-helper extension. It should not be run directly.
-
-All files in the Contents directory, other than Info.plist, are simply
-symlinked to their counterparts in ../../../../../Contents. Info.plist
-contains an additional configuration directive that prevents the
-headless browser from opening a useless second dock icon:
-	<key>LSBackgroundOnly</key><true/>
-
-For background on this matter, see the ticket:
-	meek-http-helper opens up a second dock icon
-	https://trac.torproject.org/projects/tor/ticket/11429
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
index cf7cc2a..154bda4 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/mac/torrc-defaults-appendix
@@ -1,8 +1,5 @@
 ## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
-
-## meek configuration
-ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
 
 ## snowflake configuration
 ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js b/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js
deleted file mode 100644
index c62b066..0000000
--- a/projects/tor-browser/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ /dev/null
@@ -1,38 +0,0 @@
-// http://kb.mozillazine.org/User.js_file
-
-// The meek-http-helper extension uses dump to write its listening port number
-// to stdout.
-user_pref("browser.dom.window.dump.enabled", true);
-
-// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
-// there is a missing TLS extension.
-// https://trac.torproject.org/projects/tor/ticket/13442#comment:1
-user_pref("security.ssl.disable_session_identifiers", false);
-
-// Disable safe mode. In case of a crash, we don't want to prompt for a
-// safe-mode browser that has extensions disabled.
-// https://support.mozilla.org/en-US/questions/951221#answer-410562
-user_pref("toolkit.startup.max_resumed_crashes", -1);
-
-// Don't raise software update windows in this browser instance.
-// https://trac.torproject.org/projects/tor/ticket/14203
-user_pref("app.update.enabled", false);
-
-// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
-// in case the user manages to open this profile with a normal browser UI (i.e.,
-// not headless with the meek-http-helper extension running). Port 9 is
-// "discard", so it should work as a blackhole whether the port is open or
-// closed. network.proxy.type=1 means "Manual proxy configuration".
-// http://kb.mozillazine.org/Network.proxy.type
-user_pref("network.proxy.type", 1);
-user_pref("network.proxy.socks", "127.0.0.1");
-user_pref("network.proxy.socks_port", 9);
-// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
-// overridden by meek-http-helper at startup.
-user_pref("network.proxy.socks_remote_dns", true);
-
-user_pref("extensions.enabledAddons", "meek-http-helper at bamsoftware.com:1.0");
-
-// Ensure that distribution extensions (e.g., Tor Launcher) are not copied
-// into the meek-http-helper profile.
-user_pref("extensions.installDistroAddons", false);
diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
index 7192231..18b8460 100644
--- a/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
+++ b/projects/tor-browser/Bundle-Data/PTConfigs/windows/torrc-defaults-appendix
@@ -1,5 +1,2 @@
 ## obfs4proxy configuration
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
-
-## meek configuration
-ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe -- TorBrowser\Tor\PluggableTransports\meek-client.exe
+ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
diff --git a/projects/tor-browser/build b/projects/tor-browser/build
index f728612..aeb77de 100644
--- a/projects/tor-browser/build
+++ b/projects/tor-browser/build
@@ -26,7 +26,6 @@ touch "$GENERATEDPREFSPATH"
   EXTSPATH=Contents/Resources/distribution/extensions
   TORBINPATH=Contents/MacOS/Tor
   TORCONFIGPATH=Contents/Resources/TorBrowser/Tor
-  MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper
 
   tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/libdmg') %]
   export PATH=/var/tmp/dist/libdmg-hfsplus:$PATH
@@ -36,14 +35,11 @@ touch "$GENERATEDPREFSPATH"
   DOCSPATH=TorBrowser/Docs
   EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions
   TORCONFIGPATH=TorBrowser/Data/Tor
-  MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper
-  MOATPROFILEPATH=TorBrowser/Data/Browser/profile.moat-http-helper
 
   mkdir -p "$TBDIR/TorBrowser/Data/Browser/Caches"
 [% END %]
 
 mkdir -p "$TBDIR/$EXTSPATH"
-mkdir -p "$TBDIR/$MEEKPROFILEPATH/extensions"
 
 # Extract the MAR tools.
 unzip -d $rootdir $rootdir/[% c('input_files_by_name/firefox') %]/mar-tools-*.zip
@@ -53,8 +49,6 @@ mv [% c('input_files_by_name/https-everywhere') %] "$TBDIR/$EXTSPATH/https-every
 mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
 
 tar -C "$TBDIR" -xf [% c('input_files_by_name/obfs4') %]
-tar -C "$TBDIR" -xf [% c('input_files_by_name/meek') %]
-mv "$TBDIR/meek-http-helper at bamsoftware.com.xpi" "$TBDIR/$MEEKPROFILEPATH/extensions/"
 [% IF c("var/snowflake") %]
   tar -C "$TBDIR" -xf [% c('input_files_by_name/snowflake') -%]
 [% END -%]
@@ -127,23 +121,6 @@ cat Bundle-Data/PTConfigs/[% bundledata_osname %]/torrc-defaults-appendix >> "$T
   grep -v 'default_bridge\.snowflake' Bundle-Data/PTConfigs/bridge_prefs.js \
     >> "$GENERATEDPREFSPATH"
 [% END -%]
-cat Bundle-Data/PTConfigs/meek-http-helper-user.js >> "$TBDIR/$MEEKPROFILEPATH/user.js"
-
-[% IF c("var/osx") %]
-  pushd "$TBDIR"
-  # Create the meek-template-sha256sum.txt file by generating a list
-  # of hashes (one for each file within the meek-http-helper profile) and
-  # and then generating one final hash from the contents of the list.
-  sha256sum `find $MEEKPROFILEPATH -type f | sort` | sha256sum | sed -e 's/ *-$//' > $MEEKPROFILEPATH/meek-template-sha256sum.txt
-  popd
-[% END %]
-
-# For platforms for which we need to ship a Moat helper profile in addition
-# to a meek one, create it by duplicating the meek one that we just finished
-# creating.
-if [ ! -z "$MOATPROFILEPATH" ]; then
-  cp -pR $TBDIR/$MEEKPROFILEPATH $TBDIR/$MOATPROFILEPATH
-fi
 
 [% IF ! c("var/multi_lingual") %]
   echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> "$GENERATEDPREFSPATH"
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index cf8fcb3..e207626 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -65,9 +65,6 @@ input_files:
   - project: fonts
     name: fonts
     enable: '[% ! c("var/android") %]'
-  - project: meek
-    name: meek
-    enable: '[% ! c("var/android") %]'
   - project: obfs4
     name: obfs4
     enable: '[% ! c("var/android") %]'





More information about the tor-commits mailing list