Commit 0a7bef24 authored by Georg Koppen's avatar Georg Koppen
Browse files

Merge remote-tracking branch 'pc/bug29430-02'

parents 89e6eed8 f022ea69
......@@ -27,3 +27,5 @@ input_files:
project: gocompress
- name: gobsaes
project: gobsaes
- filename: sessionid.patch
enable: '[% c("var/nightly") || c("var/alpha") %]'
From 4da67951864128358459681399dd208c49d5d001 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Mon, 12 Aug 2019 17:06:06 -0400
Subject: [PATCH] Fix all-zeroes SessionID (#31)
---
u_conn.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/u_conn.go b/u_conn.go
index 9079460..2706373 100644
--- a/u_conn.go
+++ b/u_conn.go
@@ -121,7 +121,7 @@ func (uconn *UConn) SetSessionState(session *ClientSessionState) error {
}
}
var sessionID [32]byte
- _, err := io.ReadFull(uconn.config.rand(), uconn.HandshakeState.Hello.SessionId)
+ _, err := io.ReadFull(uconn.config.rand(), sessionID[:])
if err != nil {
return err
}
--
2.22.0
#!/bin/bash
[% c("var/set_default_env") -%]
[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
distdir=/var/tmp/dist/[% project %]
[% c("var/set_PTDIR_DOCSDIR") -%]
mkdir -p $PTDIR $DOCSDIR
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goptlib') %]
mkdir -p /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
cd /var/tmp/build/[% project %]-[% c('version') %]
cd meek-client
go build -ldflags '-s'
cp -a meek-client[% IF c("var/windows") %].exe[% END %] $PTDIR
cd ../meek-client-torbrowser
go build -ldflags '-s'
cp -a meek-client-torbrowser[% IF c("var/windows") %].exe[% END %] $PTDIR
[% IF c("var/windows") %]
cd ../terminateprocess-buffer
go build -ldflags '-s'
cp -a terminateprocess-buffer.exe $PTDIR
[% END %]
cd ..
cp -a README doc/*.1[% IF c("var/windows") %].txt[% END %] $DOCSDIR
cd firefox
[% c('zip', {
zip_src => [ '.' ],
zip_args => '$distdir/meek-http-helper@bamsoftware.com.xpi',
}) %]
cd $distdir
[% c('tar', {
tar_src => [ '.' ],
tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
}) %]
# vim: filetype=yaml sw=2
version: 0.31
git_url: https://git.torproject.org/pluggable-transports/meek.git
git_hash: '[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: meek.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
var:
container:
use_container: 1
input_files:
- project: container-image
- name: go
project: go
- name: goptlib
project: goptlib
......@@ -11,7 +11,7 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/siphash') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/uniuri') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxcrypto') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxnet') %]
[% IF c("var/nightly") -%]
[% IF c("var/nightly") || c("var/alpha") -%]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goutls') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/goxtext') %]
[% END -%]
......@@ -20,14 +20,14 @@ mkdir -p /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
cd /var/tmp/build/[% project %]-[% c('version') %]
[% IF c("var/nightly") -%]
[% IF c("var/nightly") || c("var/alpha") -%]
# Remove go.mod and go.sum files until we can build using Go module
# versioning (see bug 28325).
rm -f go.mod go.sum
[% END -%]
# Commit 70d0e90c861be34ce3c5425ef1366a0b2ceb3026 changed the canonical obfs4
# upstream repo to gitlab.com/yawning/obfs4.git.
[% IF c("var/nightly") %]
[% IF c("var/nightly") || c("var/alpha") %]
mkdir -p "$GOPATH/src/gitlab.com/yawning"
ln -sf "$PWD" "$GOPATH/src/gitlab.com/yawning/obfs4.git"
[% ELSE %]
......
# vim: filetype=yaml sw=2
version: 0.0.7
version: 0.0.11
git_url: https://git.torproject.org/pluggable-transports/obfs4.git
git_hash: 'obfs4proxy-[% c("version") %]'
tag_gpg_id: 1
......
......@@ -154,15 +154,6 @@ warranty. See LICENSE.CC0.
===============================================================================
meek
To the extent possible under law, the authors have dedicated all
copyright and related and neighboring rights to this software to the
public domain worldwide. This software is distributed without any
warranty. See LICENSE.CC0.
===============================================================================
obfs4
Copyright (c) 2014, Yawning Angel <yawning at torproject dot org>
......
......@@ -13,6 +13,6 @@ pref("extensions.torlauncher.default_bridge.obfs4.8", "obfs4 85.31.186.26:443 91
pref("extensions.torlauncher.default_bridge.obfs4.9", "obfs4 216.252.162.21:46089 0DB8799466902192B6C7576D58D4F7F714EC87C1 cert=XPUwcQPxEXExHfJYX58gZXN7mYpos7VNAHbkgERNFg+FCVNzuYo1Wp+uMscl3aR9hO2DRQ iat-mode=0");
pref("extensions.torlauncher.default_bridge.obfs4.10", "obfs4 144.217.20.138:80 FB70B257C162BF1038CA669D568D76F5B7F0BABB cert=vYIV5MgrghGQvZPIi1tJwnzorMgqgmlKaB77Y3Z9Q/v94wZBOAXkW+fdx4aSxLVnKO+xNw iat-mode=0");
pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek_lite 0.0.2.0:2 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com");
pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 2B280B23E1107BB62ABFC40DDCC8824814F80A72");
## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
## meek configuration
ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/PluggableTransports/obfs4proxy
## snowflake configuration
ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
This directory contains a special headless configuration of the Tor
Browser app, intended for use by meek-client-torbrowser and the
meek-http-helper extension. It should not be run directly.
All files in the Contents directory, other than Info.plist, are simply
symlinked to their counterparts in ../../../../../Contents. Info.plist
contains an additional configuration directive that prevents the
headless browser from opening a useless second dock icon:
<key>LSBackgroundOnly</key><true/>
For background on this matter, see the ticket:
meek-http-helper opens up a second dock icon
https://trac.torproject.org/projects/tor/ticket/11429
## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
## meek configuration
ClientTransportPlugin meek exec PluggableTransports/meek-client-torbrowser -- PluggableTransports/meek-client
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
## snowflake configuration
ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302
// http://kb.mozillazine.org/User.js_file
// The meek-http-helper extension uses dump to write its listening port number
// to stdout.
user_pref("browser.dom.window.dump.enabled", true);
// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
// there is a missing TLS extension.
// https://trac.torproject.org/projects/tor/ticket/13442#comment:1
user_pref("security.ssl.disable_session_identifiers", false);
// Disable safe mode. In case of a crash, we don't want to prompt for a
// safe-mode browser that has extensions disabled.
// https://support.mozilla.org/en-US/questions/951221#answer-410562
user_pref("toolkit.startup.max_resumed_crashes", -1);
// Don't raise software update windows in this browser instance.
// https://trac.torproject.org/projects/tor/ticket/14203
user_pref("app.update.enabled", false);
// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
// in case the user manages to open this profile with a normal browser UI (i.e.,
// not headless with the meek-http-helper extension running). Port 9 is
// "discard", so it should work as a blackhole whether the port is open or
// closed. network.proxy.type=1 means "Manual proxy configuration".
// http://kb.mozillazine.org/Network.proxy.type
user_pref("network.proxy.type", 1);
user_pref("network.proxy.socks", "127.0.0.1");
user_pref("network.proxy.socks_port", 9);
// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
// overridden by meek-http-helper at startup.
user_pref("network.proxy.socks_remote_dns", true);
user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0");
// Ensure that distribution extensions (e.g., Tor Launcher) are not copied
// into the meek-http-helper profile.
user_pref("extensions.installDistroAddons", false);
## obfs4proxy configuration
ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
## meek configuration
ClientTransportPlugin meek exec TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe -- TorBrowser\Tor\PluggableTransports\meek-client.exe
ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
......@@ -26,7 +26,6 @@ touch "$GENERATEDPREFSPATH"
EXTSPATH=Contents/Resources/distribution/extensions
TORBINPATH=Contents/MacOS/Tor
TORCONFIGPATH=Contents/Resources/TorBrowser/Tor
MEEKPROFILEPATH=Contents/Resources/TorBrowser/Tor/PluggableTransports/template-profile.meek-http-helper
tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/libdmg') %]
export PATH=/var/tmp/dist/libdmg-hfsplus:$PATH
......@@ -36,14 +35,11 @@ touch "$GENERATEDPREFSPATH"
DOCSPATH=TorBrowser/Docs
EXTSPATH=TorBrowser/Data/Browser/profile.default/extensions
TORCONFIGPATH=TorBrowser/Data/Tor
MEEKPROFILEPATH=TorBrowser/Data/Browser/profile.meek-http-helper
MOATPROFILEPATH=TorBrowser/Data/Browser/profile.moat-http-helper
mkdir -p "$TBDIR/TorBrowser/Data/Browser/Caches"
[% END %]
mkdir -p "$TBDIR/$EXTSPATH"
mkdir -p "$TBDIR/$MEEKPROFILEPATH/extensions"
# Extract the MAR tools.
unzip -d $rootdir $rootdir/[% c('input_files_by_name/firefox') %]/mar-tools-*.zip
......@@ -53,8 +49,6 @@ mv [% c('input_files_by_name/https-everywhere') %] "$TBDIR/$EXTSPATH/https-every
mv [% c('input_files_by_name/noscript') %] "$TBDIR/$EXTSPATH/{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi"
tar -C "$TBDIR" -xf [% c('input_files_by_name/obfs4') %]
tar -C "$TBDIR" -xf [% c('input_files_by_name/meek') %]
mv "$TBDIR/meek-http-helper@bamsoftware.com.xpi" "$TBDIR/$MEEKPROFILEPATH/extensions/"
[% IF c("var/snowflake") %]
tar -C "$TBDIR" -xf [% c('input_files_by_name/snowflake') -%]
[% END -%]
......@@ -127,23 +121,6 @@ cat Bundle-Data/PTConfigs/[% bundledata_osname %]/torrc-defaults-appendix >> "$T
grep -v 'default_bridge\.snowflake' Bundle-Data/PTConfigs/bridge_prefs.js \
>> "$GENERATEDPREFSPATH"
[% END -%]
cat Bundle-Data/PTConfigs/meek-http-helper-user.js >> "$TBDIR/$MEEKPROFILEPATH/user.js"
[% IF c("var/osx") %]
pushd "$TBDIR"
# Create the meek-template-sha256sum.txt file by generating a list
# of hashes (one for each file within the meek-http-helper profile) and
# and then generating one final hash from the contents of the list.
sha256sum `find $MEEKPROFILEPATH -type f | sort` | sha256sum | sed -e 's/ *-$//' > $MEEKPROFILEPATH/meek-template-sha256sum.txt
popd
[% END %]
# For platforms for which we need to ship a Moat helper profile in addition
# to a meek one, create it by duplicating the meek one that we just finished
# creating.
if [ ! -z "$MOATPROFILEPATH" ]; then
cp -pR $TBDIR/$MEEKPROFILEPATH $TBDIR/$MOATPROFILEPATH
fi
[% IF ! c("var/multi_lingual") %]
echo 'pref("extensions.torlauncher.prompt_for_locale", false);' >> "$GENERATEDPREFSPATH"
......
......@@ -65,9 +65,6 @@ input_files:
- project: fonts
name: fonts
enable: '[% ! c("var/android") %]'
- project: meek
name: meek
enable: '[% ! c("var/android") %]'
- project: obfs4
name: obfs4
enable: '[% ! c("var/android") %]'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment