The TOR/Privoxy MYDSL extension needs an updateForum: System Topic: The TOR/Privoxy MYDSL extension needs an update started by: nickelplated Posted by nickelplated on May 22 2006,14:50
The Tor extension in my MyDSL repository is over 9 months old, and there have been many security related updates to the software since then. I believe it's irresponsible to continue making such an out-of-date security package available, since it could jeopardize the anonymous status of privacy-seeking individuals.
Posted by cbagger01 on May 24 2006,16:44
I agree. Please submit an updated extension version so the original one can be replaced.
Posted by mikshaw on May 24 2006,18:13
FYI:MyDSL packages are created and maintained by DSL users. They are available from the repository only as a convenience, and the DSL dev team is not responsible for their integrity or upkeep. Had this thread been put in the mydsl section rather than the DSL support/feedback section, I wouldn't have said anything...just wanted to make it clear that this irresponsible behavior you speak of is not applicable to DSL development. Posted by roberts on May 24 2006,19:23
Moved to proper category
Posted by nickelplated on May 26 2006,20:03
I already tried making an updated extension but I'm just not as good of a developer as you guys. When I tried compiling the binary to be static by way of editing the Makefile with $LDFLAGS and $CFLAGS, I get a response that gcc can't find the ssl libs, even though I'm specifically telling it where they are with -L/usr/lib. I then made a dynamically linked binary for the extension. That works fine on my hard-drive installed DSL system, but when I run it on a dsl livecd system it won't work because it wants to drop a couple of libs into the /usr directory which I get told that it's read-only. So I'll surely go ahead and whip yall up a right nice extension, if only somebody would tell me the exact string to enter to squeeze a static, stripped binary outta this, either by way of the Makefile or as command line arguments to make. Posted by mikshaw on May 26 2006,23:43
If you build the mydsl with a *.dsl filename, any included /usr/lib files should be copied into the DSL system without complaining about a read-only filesystem, since *.dsl runs mkwriteable which opens up the directories that start out as read-only.
Posted by cbagger01 on May 27 2006,17:04
You could try booting from livecd and Enable APT and then install the Debian Tor package and then use the deb2dsl script to convert it to a Debian package.Tor version 0.1.1.20 is part of the Debian "unstable" repository and can be installed by changing your /etc/apt/sources.list file to point to "unstable" instead of "oldstable". You can also directly download the package from here: < http://ftp.us.debian.org/debian....386.deb > and try dpkg -i tor_0.1.1.20-1_i386.deb to install. Posted by nickelplated on May 27 2006,17:39
Okay then. I'll try those suggestions and get back to you all. Thanks for the suggestions by the way, I was feeling a bit frustrated with the process, hopefully now I can finish it up one way or the other.
Posted by nickelplated on May 30 2006,20:32
edit: question resolvedI finished the new package for the latest Tor. I'll submit it this afternoon. Posted by bugmenot on July 31 2006,01:02
It's been a while, MyDSL still has an outdated, insecure version of Tor.Any progress been made? Posted by Nym1 on Aug. 01 2006,13:48
Ahem....Posted by nickelplated on May 30 2006,16:32 I finished the new package for the latest Tor. I'll submit it this afternoon. Posted by roberts on June 12 2006,16:22 The much requested updated tor.dsl is now posted. < http://distro.ibiblio.org/pub....sl.info > Posted by nickelplated on Aug. 02 2006,18:32
Yeah. It's been in the testing section since I made that last post. Sorry the testing section isn't very visible man, here's a link though< http://distro.ibiblio.org/pub....testing > |