The TOR/Privoxy MYDSL extension needs an update


Forum: System
Topic: The TOR/Privoxy MYDSL extension needs an update
started by: nickelplated

Posted by nickelplated on May 22 2006,14:50
The Tor extension in my MyDSL repository is over 9 months old, and there have been many security related updates to the software since then. I believe it's irresponsible to continue making such an out-of-date security package available, since it could jeopardize the anonymous status of privacy-seeking individuals.
Posted by cbagger01 on May 24 2006,16:44
I agree.  Please submit an updated extension version so the original one can be replaced.
Posted by mikshaw on May 24 2006,18:13
FYI:

MyDSL packages are created and maintained by DSL users.  They are available from the repository only as a convenience, and the DSL dev team is not responsible for their integrity or upkeep.

Had this thread been put in the mydsl section rather than the DSL support/feedback section, I wouldn't have said anything...just wanted to make it clear that this irresponsible behavior you speak of is not applicable to DSL development.

Posted by roberts on May 24 2006,19:23
Moved to proper category
Posted by nickelplated on May 26 2006,20:03
I already tried making an updated extension but I'm just not as good of a developer as you guys. When I tried compiling the binary to be static by way of editing the Makefile with $LDFLAGS and $CFLAGS, I get a response that gcc can't find the ssl libs, even though I'm specifically telling it where they are with -L/usr/lib.

I then made a dynamically linked binary for the extension. That works fine on my hard-drive installed DSL system, but when I run it on a dsl livecd system it won't work because it wants to drop a couple of libs into the /usr directory which I get told that it's read-only.


So I'll surely go ahead and whip yall up a right nice extension, if only somebody would tell me the exact string to enter to squeeze a static, stripped binary outta this, either by way of the Makefile or as command line arguments to make.

Posted by mikshaw on May 26 2006,23:43
If you build the mydsl with a *.dsl filename, any included /usr/lib files should be copied into the DSL system without complaining about a read-only filesystem, since *.dsl runs mkwriteable which opens up the directories that start out as read-only.
Posted by cbagger01 on May 27 2006,17:04
You could try booting from livecd and Enable APT and then install the Debian Tor package and then use the deb2dsl script to convert it to a Debian package.

Tor version 0.1.1.20 is part of the Debian "unstable" repository and can be installed by changing your /etc/apt/sources.list file to point to "unstable" instead of "oldstable".

You can also directly download the package from here:

< http://ftp.us.debian.org/debian....386.deb >

and try dpkg -i tor_0.1.1.20-1_i386.deb

to install.

Posted by nickelplated on May 27 2006,17:39
Okay then. I'll try those suggestions and get back to you all. Thanks for the suggestions by the way, I was feeling a bit frustrated with the process, hopefully now I can finish it up one way or the other.
Posted by nickelplated on May 30 2006,20:32
edit: question resolved
I finished the new package for the latest Tor. I'll submit it this afternoon.

Posted by bugmenot on July 31 2006,01:02
It's been a while, MyDSL still has an outdated, insecure version of Tor.

Any progress been made?

Posted by Nym1 on Aug. 01 2006,13:48
Ahem....

Posted by nickelplated on May 30 2006,16:32
I finished the new package for the latest Tor. I'll submit it this afternoon.

Posted by roberts on June 12 2006,16:22
The much requested updated tor.dsl is now posted.

< http://distro.ibiblio.org/pub....sl.info >

Posted by nickelplated on Aug. 02 2006,18:32
Yeah. It's been in the testing section since I made that last post. Sorry the testing section isn't very visible man, here's a link though
< http://distro.ibiblio.org/pub....testing >

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.