Ticket #12674: bug12674.patch

File bug12674.patch, 4.5 KB (added by dcf, 5 years ago)
  • gitian/versions

    From dee09d2161f9533d61afc047ab38a44d02740117 Mon Sep 17 00:00:00 2001
    From: David Fifield <david@bamsoftware.com>
    Date: Sat, 2 Aug 2014 00:57:37 -0700
    Subject: [PATCH 1/2] Use meek 0.10.
    
    0.10 has the patch to set network.proxy.socks_remote_dns=false within
    the Firefox extension, so it doesn't have to be set in user.js.
    ---
     gitian/versions       | 2 +-
     gitian/versions.alpha | 2 +-
     gitian/versions.beta  | 2 +-
     3 files changed, 3 insertions(+), 3 deletions(-)
    
    diff --git a/gitian/versions b/gitian/versions
    index ae465d2..20c7e73 100755
    a b FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 
    2323LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014
    2424TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2
    2525GOPTLIB_TAG=0.2
    26 MEEK_TAG=0.9
     26MEEK_TAG=0.10
    2727
    2828GITIAN_TAG=tor-browser-builder-3.x-6
    2929
  • gitian/versions.alpha

    diff --git a/gitian/versions.alpha b/gitian/versions.alpha
    index d28bbdc..8f558d7 100755
    a b FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 
    2323LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014
    2424TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2
    2525GOPTLIB_TAG=0.2
    26 MEEK_TAG=0.9
     26MEEK_TAG=0.10
    2727
    2828GITIAN_TAG=tor-browser-builder-3.x-6
    2929
  • gitian/versions.beta

    diff --git a/gitian/versions.beta b/gitian/versions.beta
    index 16692b2..dbb50d8 100755
    a b FTEPROXY_TAG=d1186cc366895701a1cae5fc39afbe2534dad600 # tag 0.2.17 
    2323LIBDMG_TAG=dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014
    2424TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0.2
    2525GOPTLIB_TAG=0.2
    26 MEEK_TAG=0.9
     26MEEK_TAG=0.10
    2727
    2828GITIAN_TAG=tor-browser-builder-3.x-6
    2929
  • Bundle-Data/PTConfigs/meek-http-helper-user.js

    -- 
    2.0.1
    
    From 15f49dcee31552f6eb2089745e4d1956417b02a7 Mon Sep 17 00:00:00 2001
    From: David Fifield <david@bamsoftware.com>
    Date: Sun, 27 Jul 2014 09:53:07 -0700
    Subject: [PATCH 2/2] Set a blackhole proxy in the meek-http-helper profile.
    
    https://trac.torproject.org/projects/tor/ticket/12674
    
    The extension manually overrides the proxy setting for every request, so
    this doesn't affect the functioning of the extension. It's intended as a
    failsafe to prevent network interaction in case something goes wrong and
    the user manages to disable the extension and open the profile with a
    normal browser window. In order to cause that to happen, I had to do:
    
    ./Browser/firefox -safe-mode -profile Data/Browser/profile.meek-http-helper/
    
    Prior to this commit, running the above command would have given you an
    ordinary unproxied Firefox. Now you will get "The proxy server is
    refusing connections."
    ---
     Bundle-Data/PTConfigs/meek-http-helper-user.js | 20 +++++++++++++-------
     1 file changed, 13 insertions(+), 7 deletions(-)
    
    diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js
    index a95a6ec..cddc237 100644
    a b  
    44// to stdout.
    55user_pref("browser.dom.window.dump.enabled", true);
    66
    7 // 0 is "No proxy".
    8 user_pref("network.proxy.type", 0);
    9 
    10 // Allow unproxied DNS.
    11 // https://trac.torproject.org/projects/tor/ticket/11183#comment:6
    12 user_pref("network.proxy.socks_remote_dns", false);
    13 
    147// Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
    158// there is a missing TLS extension.
    169// https://trac.torproject.org/projects/tor/ticket/11183#comment:9
    user_pref("security.enable_tls_session_tickets", true); 
    2114// https://support.mozilla.org/en-US/questions/951221#answer-410562
    2215user_pref("toolkit.startup.max_resumed_crashes", -1);
    2316
     17// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
     18// in case the user manages to open this profile with a normal browser UI (i.e.,
     19// not headless with the meek-http-helper extension running). Port 9 is
     20// "discard", so it should work as a blackhole whether the port is open or
     21// closed. network.proxy.type=1 means "Manual proxy configuration".
     22// http://kb.mozillazine.org/Network.proxy.type
     23user_pref("network.proxy.type", 1);
     24user_pref("network.proxy.socks", "127.0.0.1");
     25user_pref("network.proxy.socks_port", 9);
     26// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
     27// overridden by meek-http-helper at startup.
     28user_pref("network.proxy.socks_remote_dns", true);
     29
    2430user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0");