v2.7.7

YerongAI · Nov 20, 2023 · 09a0991 · 09a0991
1 parent 8b28ebc
commit 09a0991
Show file tree

Hide file tree

Showing 47 changed files with 20,940 additions and 275 deletions.
diff --git a/README.md b/README.md
@@ -150,8 +150,8 @@ You will find the application logs in `~/Library/Application Support/Windscribe/
 
 ### Logs
 
-- Client app and location pings: `/Users/<user_name>/Library/Application Support/Windscribe/Windsrcibe2`
-- Installer: `/Users/<user_name>/Library/Application Support/Windscribe/Windsrcibe/log_installer.txt`
+- Client app and location pings: `/Users/<user_name>/Library/Application Support/Windscribe/Windscribe2`
+- Installer: `/Users/<user_name>/Library/Application Support/Windscribe/Windscribe/log_installer.txt`
 - Helper: `/Library/Logs/com.windscribe.helper.macos/helper_log.txt`
 
 ## Linux

diff --git a/backend/linux/helper/server.cpp b/backend/linux/helper/server.cpp
@@ -383,6 +383,9 @@ bool Server::readAndHandleCommand(socket_ptr sock, boost::asio::streambuf *buf,
         conf << "client = yes\n";
         conf << "accept = 127.0.0.1:" << cmd.localPort << "\n";
         conf << "connect = " << cmd.hostname << ":" << cmd.port << "\n";
+        if (cmd.extraPadding) {
+            conf << "options = TLSEXT_PADDING\noptions = TLSEXT_PADDING_SUPER\n";
+        }
 
         int fd = open("/etc/windscribe/stunnel.conf", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU);
         if (fd < 0) {

diff --git a/backend/mac/helper/server.cpp b/backend/mac/helper/server.cpp
@@ -470,6 +470,9 @@ bool Server::readAndHandleCommand(socket_ptr sock, boost::asio::streambuf *buf,
         conf << "client = yes\n";
         conf << "accept = 127.0.0.1:" << cmd.localPort << "\n";
         conf << "connect = " << cmd.hostname << ":" << cmd.port << "\n";
+        if (cmd.extraPadding) {
+            conf << "options = TLSEXT_PADDING\noptions = TLSEXT_PADDING_SUPER\n";
+        }
 
         int fd = open("/etc/windscribe/stunnel.conf", O_CREAT | O_WRONLY | O_TRUNC, S_IRWXU);
         if (fd < 0) {

diff --git a/backend/posix_common/helper_commands.h b/backend/posix_common/helper_commands.h
@@ -269,6 +269,7 @@ struct CMD_CONFIGURE_STUNNEL {
     std::string hostname;
     int port;
     int localPort;
+    bool extraPadding;
 };
 
 struct CMD_START_WSTUNNEL {

diff --git a/client/common/changelog.txt b/client/common/changelog.txt
@@ -1,3 +1,15 @@
+2.7.7 (29/06/2023)
+All:
+   * Added anti-censorship feature: OpenVPN TCP split-reset, UDP stuffing, Stunnel extra padding. #671
+   * Added anti-censorship feature: use extra TLS padding for fallback API requests. #678
+   * Added Czech language translation. #677
+   * Fixed Logout/Quit screen UI bugs. #457
+   * Fixed Manage ROBERT rules link click does nothing. #480
+   * Fixed Russian translation. #679
+Linux:
+   * Removed 'kill app' functionality from the uninstall script. #335
+
+
 2.7.6 (08/06/2023)
 All:
    * Fixed UI overlap and alignment issues. #457 & #583

diff --git a/client/common/utils/extraconfig.cpp b/client/common/utils/extraconfig.cpp
@@ -26,6 +26,9 @@ const QString WS_WG_VERBOSE_LOGGING = WS_PREFIX + "wireguard-verbose-logging";
 const QString WS_SCREEN_TRANSITION_HOTKEYS = WS_PREFIX + "screen-transition-hotkeys";
 const QString WS_USE_ICMP_PINGS = WS_PREFIX + "use-icmp-pings";
 
+const QString WS_STEALTH_EXTRA_TLS_PADDING = WS_PREFIX + "stealth-extra-tls-padding";
+const QString WS_API_EXTRA_TLS_PADDING = WS_PREFIX + "api-extra-tls-padding";
+
 void ExtraConfig::writeConfig(const QString &cfg)
 {
     QMutexLocker locker(&mutex_);
@@ -227,6 +230,16 @@ bool ExtraConfig::getUseICMPPings()
     return getFlagFromExtraConfigLines(WS_USE_ICMP_PINGS);
 }
 
+bool ExtraConfig::getStealthExtraTLSPadding()
+{
+    return getFlagFromExtraConfigLines(WS_STEALTH_EXTRA_TLS_PADDING);
+}
+
+bool ExtraConfig::getAPIExtraTLSPadding()
+{
+    return getFlagFromExtraConfigLines(WS_API_EXTRA_TLS_PADDING);
+}
+
 int ExtraConfig::getIntFromLineWithString(const QString &line, const QString &str, bool &success)
 {
     int endOfId = line.indexOf(str, Qt::CaseInsensitive) + str.length();

diff --git a/client/common/utils/extraconfig.h b/client/common/utils/extraconfig.h
@@ -48,6 +48,8 @@ class ExtraConfig
     bool getWireGuardVerboseLogging();
     bool getUsingScreenTransitionHotkeys();
     bool getUseICMPPings();
+    bool getStealthExtraTLSPadding();
+    bool getAPIExtraTLSPadding();
 
 private:
     ExtraConfig();

diff --git a/client/common/version/windscribe_version.h b/client/common/version/windscribe_version.h
@@ -2,7 +2,7 @@
 
 #define WINDSCRIBE_MAJOR_VERSION 2
 #define WINDSCRIBE_MINOR_VERSION 7
-#define WINDSCRIBE_BUILD_VERSION 6
+#define WINDSCRIBE_BUILD_VERSION 7
 
 // only one of these should be enabled; neither -> stable
 //#define WINDSCRIBE_IS_BETA

diff --git a/client/engine/engine/connectionmanager/stunnelmanager.cpp b/client/engine/engine/connectionmanager/stunnelmanager.cpp
@@ -8,6 +8,7 @@
 #endif
 #include "utils/executable_signature/executable_signature.h"
 #include "utils/logger.h"
+#include "utils/extraconfig.h"
 
 StunnelManager::StunnelManager(QObject *parent, IHelper *helper)
   : QObject(parent), helper_(helper), bProcessStarted_(false), portForStunnel_(0)
@@ -72,9 +73,10 @@ bool StunnelManager::setConfig(const QString &hostname, uint port)
     }
 #else
     portForStunnel_ = AvailablePort::getAvailablePort(DEFAULT_PORT);
+    bool extraPadding = ExtraConfig::instance().getStealthExtraTLSPadding();
 
     Helper_posix *helper_posix = dynamic_cast<Helper_posix *>(helper_);
-    return !helper_posix->configureStunnel(hostname, port, portForStunnel_);
+    return !helper_posix->configureStunnel(hostname, port, portForStunnel_ ,extraPadding);
 #endif
 }
 
@@ -127,6 +129,10 @@ bool StunnelManager::makeConfigFile(const QString &hostname, uint port)
         file.write(str.toLocal8Bit());
         str = "connect = " + hostname + ":" + QString::number(port) + "\r\n";
         file.write(str.toLocal8Bit());
+        if (ExtraConfig::instance().getStealthExtraTLSPadding()) {
+            str = "options = TLSEXT_PADDING\r\noptions = TLSEXT_PADDING_SUPER\r\n";
+            file.write(str.toLocal8Bit());
+        }
 
         file.close();
 

diff --git a/client/engine/engine/helper/helper_posix.cpp b/client/engine/engine/helper/helper_posix.cpp
@@ -645,14 +645,15 @@ bool Helper_posix::startStunnel()
     return IHelper::EXECUTE_SUCCESS;
 }
 
-bool Helper_posix::configureStunnel(const QString &hostname, unsigned int port, unsigned int localPort)
+bool Helper_posix::configureStunnel(const QString &hostname, unsigned int port, unsigned int localPort, bool extraPadding)
 {
     QMutexLocker locker(&mutex_);
 
     CMD_CONFIGURE_STUNNEL cmd;
     cmd.hostname = hostname.toStdString();
     cmd.port = port;
     cmd.localPort = localPort;
+    cmd.extraPadding = extraPadding;
 
     std::stringstream stream;
     boost::archive::text_oarchive oa(stream, boost::archive::no_header);

diff --git a/client/engine/engine/helper/helper_posix.h b/client/engine/engine/helper/helper_posix.h
@@ -54,7 +54,7 @@ class Helper_posix : public IHelper
     bool getFirewallRules(CmdIpVersion version, const QString &table, const QString &group, QString &rules);
     bool setFirewallOnBoot(bool bEnabled, const QSet<QString>& ipTable);
     bool startStunnel();
-    bool configureStunnel(const QString &hostname, unsigned int port, unsigned int localPort);
+    bool configureStunnel(const QString &hostname, unsigned int port, unsigned int localPort, bool extraPadding);
     bool startWstunnel(const QString &hostname, unsigned int port, bool isUdp, unsigned int localPort);
 
 protected:

diff --git a/client/engine/engine/networkaccessmanager/curlnetworkmanager_impl.cpp b/client/engine/engine/networkaccessmanager/curlnetworkmanager_impl.cpp
@@ -93,6 +93,13 @@ bool CurlNetworkManagerImpl::setupBasicOptions(RequestInfo *requestInfo, const N
             return false;
     }
 
+    if (request.isExtraTLSPadding()) {
+#ifdef CURLSSLOPT_TLSEXT_PADDING_SUPER
+        if (curl_easy_setopt(requestInfo->curlEasyHandle, CURLOPT_SSL_OPTIONS, CURLSSLOPT_TLSEXT_PADDING | CURLSSLOPT_TLSEXT_PADDING_SUPER) != CURLE_OK)
+            return false;
+#endif
+    }
+
     curl_easy_setopt(requestInfo->curlEasyHandle, CURLOPT_PRIVATE, new quint64(requestInfo->id));    // our user data, must be deleted in the RequestInfo destructor
     return true;
 }

diff --git a/client/engine/engine/networkaccessmanager/networkrequest.cpp b/client/engine/engine/networkaccessmanager/networkrequest.cpp
@@ -1,7 +1,7 @@
 #include "networkrequest.h"
 
 NetworkRequest::NetworkRequest(const QUrl &url, int timeout, bool bUseDnsCache) : url_(url), timeout_(timeout), bUseDnsCache_(bUseDnsCache), bIgnoreSslErrors_(false),
-    bRemoveFromWhitelistIpsAfterFinish_(false), isWhiteListIps_(true)
+    bRemoveFromWhitelistIpsAfterFinish_(false), isWhiteListIps_(true), bExtraTLSPadding_(false)
 {
 }
 
@@ -12,7 +12,8 @@ NetworkRequest::NetworkRequest(const QUrl &url, int timeout, bool bUseDnsCache,
     bIgnoreSslErrors_(isIgnoreSslErrors),
     dnsServers_(dnsServers),
     bRemoveFromWhitelistIpsAfterFinish_(false),
-    isWhiteListIps_(true)
+    isWhiteListIps_(true),
+    bExtraTLSPadding_(false)
 {
 }
 
@@ -96,6 +97,16 @@ QString NetworkRequest::echConfig() const
     return echConfig_;
 }
 
+void NetworkRequest::setExtraTLSPadding(const bool ExtraTLSPadding)
+{
+    bExtraTLSPadding_ = ExtraTLSPadding;
+}
+
+bool NetworkRequest::isExtraTLSPadding() const
+{
+    return bExtraTLSPadding_;
+}
+
 void NetworkRequest::setOverrideIp(const QString &ip)
 {
     overrideIp_ = ip;

diff --git a/client/engine/engine/networkaccessmanager/networkrequest.h b/client/engine/engine/networkaccessmanager/networkrequest.h
@@ -33,6 +33,9 @@ class NetworkRequest
     void setEchConfig(const QString &echConfig);
     QString echConfig() const;
 
+    void setExtraTLSPadding(const bool ExtraTLSPadding);
+    bool isExtraTLSPadding() const;
+
     // Explicitly specify ip to avoid DNS resolution
     void setOverrideIp(const QString &ip);
     QString overrideIp() const;
@@ -58,5 +61,7 @@ class NetworkRequest
 
     // default true
     bool isWhiteListIps_;
+
+    bool bExtraTLSPadding_;
 };
 
diff --git a/client/engine/engine/serverapi/requestexecuterviafailover.cpp b/client/engine/engine/serverapi/requestexecuterviafailover.cpp
@@ -116,6 +116,9 @@ void RequestExecuterViaFailover::executeBaseRequest(const failover::FailoverData
     if (!failoverData.echConfig().isEmpty()) {
         networkRequest.setEchConfig(failoverData.echConfig());
     }
+    if (ExtraConfig::instance().getAPIExtraTLSPadding()) {
+        networkRequest.setExtraTLSPadding(true);
+    }
 
     NetworkReply *reply;
     switch (request_->requestType()) {

diff --git a/client/engine/engine/serverapi/serverapi.cpp b/client/engine/engine/serverapi/serverapi.cpp
@@ -441,6 +441,9 @@ void ServerAPI::executeRequestImpl(QPointer<BaseRequest> request, const failover
     if (!failoverData.echConfig().isEmpty()) {
         networkRequest.setEchConfig(failoverData.echConfig());
     }
+    if (ExtraConfig::instance().getAPIExtraTLSPadding()) {
+        networkRequest.setExtraTLSPadding(true);
+    }
 
     NetworkReply *reply;
     switch (request->requestType()) {

diff --git a/client/gui/CMakeLists.txt b/client/gui/CMakeLists.txt
@@ -21,6 +21,7 @@ endif()
 
 set(WS_TS_FILES
     ${CMAKE_CURRENT_SOURCE_DIR}/translations/ws_desktop_ar.ts
+    ${CMAKE_CURRENT_SOURCE_DIR}/translations/ws_desktop_cs.ts
     ${CMAKE_CURRENT_SOURCE_DIR}/translations/ws_desktop_de.ts
     ${CMAKE_CURRENT_SOURCE_DIR}/translations/ws_desktop_es.ts
     ${CMAKE_CURRENT_SOURCE_DIR}/translations/ws_desktop_fr.ts

diff --git a/client/gui/backend/preferences/preferenceshelper.cpp b/client/gui/backend/preferences/preferenceshelper.cpp
@@ -6,7 +6,7 @@ PreferencesHelper::PreferencesHelper(QObject *parent) : QObject(parent),
     isWifiSharingSupported_(true), bIpv6StateInOS_(true), isFirewallBlocked_(false),
     isDockedToTray_(false), isExternalConfigMode_(false)
 {
-    availableLanguageCodes_ << "ar" << "de" << "en" << "es" << "fr" << "hi" << "ru" << "zh";
+    availableLanguageCodes_ << "ar" << "cs" << "de" << "en" << "es" << "fr" << "hi" << "ru" << "zh";
 }
 
 QString PreferencesHelper::buildVersion()

diff --git a/client/gui/mainwindowcontroller.cpp b/client/gui/mainwindowcontroller.cpp
@@ -1997,12 +1997,23 @@ void MainWindowController::gotoExitWindow(bool isLogout)
              || curWindow_ == WINDOW_ID_EMERGENCY
              || curWindow_ == WINDOW_ID_EXTERNAL_CONFIG
              || curWindow_ == WINDOW_ID_TWO_FACTOR_AUTH
-             || curWindow_ == WINDOW_ID_GENERAL_MESSAGE);
+             || curWindow_ == WINDOW_ID_GENERAL_MESSAGE
+             || curWindow_ == WINDOW_ID_LOGOUT);
 
+    // If we're overriding a logout with a quit (e.g. user pressed alt-f4 while on the logout prompt),
+    // close the previous logout window first
+    if (curWindow_ == WINDOW_ID_LOGOUT) {
+        // Suppress expanding preferences window even though originally logout came from prefs.
+        closeExitWindow(false);
+    }
     windowBeforeExit_ = curWindow_;
     IGeneralMessageWindow *win = (isLogout ? logoutWindow_ : exitWindow_);
 
     TooltipController::instance().hideAllTooltips();
+    for (auto w : windowSizeManager_->windows()) {
+        collapseWindow(w, false, true);
+    }
+
     if (curWindow_ == WINDOW_ID_CONNECT) {
         if (preferences_->appSkin() == APP_SKIN_VAN_GOGH) {
             win->setBackgroundShape(IGeneralMessageWindow::kConnectScreenVanGoghShape);

diff --git a/client/gui/preferenceswindow/robertwindow/robertwindowitem.cpp b/client/gui/preferenceswindow/robertwindow/robertwindowitem.cpp
@@ -183,6 +183,7 @@ void RobertWindowItem::onLanguageChanged()
 void RobertWindowItem::onManageRobertRulesClick()
 {
     manageRulesItem_->setInProgress(true);
+    emit manageRobertRulesClick();
 }
 
 void RobertWindowItem::setWebSessionCompleted()