Re: Tor 0.2.0.32 is released
Hi Andrew, I got the same 'Errors have occurred' message with the https://www.torproject.org/dist/osx-old/Tor-0.2.0.32b-ppc-Bundle.dmg package: however, Tor does start up - "Dec 05 08:40:05.209 [Notice] Tor v0.2.0.32 (r17346). This is experimental software. Do not rely on it for strong anonymity. (Running on Darwin Power Macintosh) Dec 05 08:40:05.247 [Notice] Initialized libevent version 1.4.8-stable using method kqueue. Good. Dec 05 08:40:05.248 [Notice] Opening Socks listener on 127.0.0.1:9050 Dec 05 08:40:05.248 [Notice] Opening Control listener on 127.0.0.1:9051 " and it's functional as a client. Just one entry in console.log that looks relevant: "2008-12-05 08:39:14.897 Installer[419] Exception raised during posting of notification. Ignored. exception: The postflight script in Tor failed. (code 126)" Thanks, downie On 5 Dec 2008, at 02:29, [EMAIL PROTECTED] wrote: On Fri, Dec 05, 2008 at 12:55:34AM +, [EMAIL PROTECTED] wrote 1.5K bytes in 40 lines about: Standard install failed the same way. You found another packaging bug. It's fixed. The Tor PowerPC-only binary is available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32b-ppc-Bundle.dmg and .asc. The issue didn't show up during testing because I had a test version of libevent installed. Libevent 1.4.8 is compiled and installed according to the OS X build directions. And on a clean OS X 10.3.9 system, the "b" package installs correctly and without error. Thanks for reporting the issue. -- Andrew
Re: Tor 0.2.0.32 is released
And thank you for responding so promptly and helpfully. Whilst we're on distribution issues, the page http://keyserver.noreply.org/ is offline (referred to in the Tor wiki page on verifying signatures: https://wiki.torproject.org/noreply/TheOnionRouter/ VerifyingSignatures). It took me a while to work out whose key to download - in the end I got them all. GD On 5 Dec 2008, at 02:29, [EMAIL PROTECTED] wrote: On Fri, Dec 05, 2008 at 12:55:34AM +, [EMAIL PROTECTED] wrote 1.5K bytes in 40 lines about: Standard install failed the same way. You found another packaging bug. It's fixed. The Tor PowerPC-only binary is available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32b-ppc-Bundle.dmg and .asc. The issue didn't show up during testing because I had a test version of libevent installed. Libevent 1.4.8 is compiled and installed according to the OS X build directions. And on a clean OS X 10.3.9 system, the "b" package installs correctly and without error. Thanks for reporting the issue. -- Andrew
Re: Tor 0.2.0.32 is released
On Fri, Dec 05, 2008 at 12:55:34AM +, [EMAIL PROTECTED] wrote 1.5K bytes in 40 lines about: > Standard install failed the same way. You found another packaging bug. It's fixed. The Tor PowerPC-only binary is available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32b-ppc-Bundle.dmg and .asc. The issue didn't show up during testing because I had a test version of libevent installed. Libevent 1.4.8 is compiled and installed according to the OS X build directions. And on a clean OS X 10.3.9 system, the "b" package installs correctly and without error. Thanks for reporting the issue. -- Andrew
Re: Tor 0.2.0.32 is released
Standard install failed the same way. When I tried to install https://www.torproject.org/dist/osx-old/Tor-0.2.0.31-ppc-Bundle.dmg I got an 'unknown package error' before the install process began. Fortunately the https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle -0.2.0.31-0.1.9-ppc.dmg still worked to restore the status-quo-ante. On 4 Dec 2008, at 18:20, Geoff Down wrote: That's a binary install? I tried it (custom install without the startup script) but got a 'There were errors, try reinstalling' message. I's broken my old version "dyld: /usr/bin/tor can't open library: /usr/local/lib/libevent-1.4.2.dylib (No such file or directory, errno = 2) Trace/BPT trap" GD On 4 Dec 2008, at 18:07, [EMAIL PROTECTED] wrote: On Thu, Dec 04, 2008 at 05:56:11PM +, [EMAIL PROTECTED] wrote 1.8K bytes in 43 lines about: Thank you, is a new version for OSX10.3.9 on the way? Yes. There is a tor-only package for 10.3.9 available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32a-ppc-Bundle.dmg The vidalia bundle for PPC is coming shortly. The machine I use to make the ppc bundles is a G3 iMac. Qt 4.4.3 takes 23 hours to compile, assuming no errors. It appears Qt 4.4.3 doesn't support 10.3.9 anymore, so it has a slew of issues when compiling. I'm compiling qt 4.4.1 right now (because 4.4.2 had lots of issues) and well, it has another 10 hours of compiling to go. -- Andrew
Re: Tor 0.2.0.32 is released
On Thu, Dec 4, 2008 at 11:34 AM, <[EMAIL PROTECTED]> wrote: > Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu packages > (and maybe other packages) noticed by Theo de Raadt, fixes a smaller > security flaw that might allow an attacker to access local services, > further improves hidden service performance, and fixes a variety of > other issues. Are there any bugs open with Debian/Ubuntu to get these merged into the security branches? I haven't checked Debian, but Ubuntu 8.10 is currently still at 0.31. > > https://www.torproject.org/download.html > > Or use our new https://www.torproject.org/easy-download page. > > Changes in version 0.2.0.32 - 2008-11-20 > o Security fixes: >- The "User" and "Group" config options did not clear the > supplementary group entries for the Tor process. The "User" option > is now more robust, and we now set the groups to the specified > user's primary group. The "Group" option is now ignored. For more > detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL > in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum > and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857. >- The "ClientDNSRejectInternalAddresses" config option wasn't being > consistently obeyed: if an exit relay refuses a stream because its > exit policy doesn't allow it, we would remember what IP address > the relay said the destination address resolves to, even if it's > an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv. > > o Major bugfixes: >- Fix a DOS opportunity during the voting signature collection process > at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x. > > o Major bugfixes (hidden services): >- When fetching v0 and v2 rendezvous service descriptors in parallel, > we were failing the whole hidden service request when the v0 > descriptor fetch fails, even if the v2 fetch is still pending and > might succeed. Similarly, if the last v2 fetch fails, we were > failing the whole hidden service request even if a v0 fetch is > still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha. >- When extending a circuit to a hidden service directory to upload a > rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all > requests failed, because the router descriptor has not been > downloaded yet. In these cases, do not attempt to upload the > rendezvous descriptor, but wait until the router descriptor is > downloaded and retry. Likewise, do not attempt to fetch a rendezvous > descriptor from a hidden service directory for which the router > descriptor has not yet been downloaded. Fixes bug 767. Bugfix > on 0.2.0.10-alpha. > > o Minor bugfixes: >- Fix several infrequent memory leaks spotted by Coverity. >- When testing for libevent functions, set the LDFLAGS variable > correctly. Found by Riastradh. >- Avoid a bug where the FastFirstHopPK 0 option would keep Tor from > bootstrapping with tunneled directory connections. Bugfix on > 0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam. >- When asked to connect to A.B.exit:80, if we don't know the IP for A > and we know that server B rejects most-but-not all connections to > port 80, we would previously reject the connection. Now, we assume > the user knows what they were asking for. Fixes bug 752. Bugfix > on 0.0.9rc5. Diagnosed by BarkerJr. >- If we overrun our per-second write limits a little, count this as > having used up our write allocation for the second, and choke > outgoing directory writes. Previously, we had only counted this when > we had met our limits precisely. Fixes bug 824. Patch from by rovv. > Bugfix on 0.2.0.x. >- Remove the old v2 directory authority 'lefkada' from the default > list. It has been gone for many months. >- Stop doing unaligned memory access that generated bus errors on > sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862. >- Make USR2 log-level switch take effect immediately. Bugfix on > 0.1.2.8-beta. > > o Minor bugfixes (controller): >- Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on > 0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807. > > -- > Andrew > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJOBSYO50JPzGwl0sRAo63AJ9uVH8Rk0CSf9PXPlWfQuxqTt1IzQCeMtFB > hvuayLifVdMBanIy2Za6y5M= > =UkKO > -END PGP SIGNATURE- > >
Re: Tor 0.2.0.32 is released
That's a binary install? I tried it (custom install without the startup script) but got a 'There were errors, try reinstalling' message. I's broken my old version "dyld: /usr/bin/tor can't open library: /usr/local/lib/libevent-1.4.2.dylib (No such file or directory, errno = 2) Trace/BPT trap" GD On 4 Dec 2008, at 18:07, [EMAIL PROTECTED] wrote: On Thu, Dec 04, 2008 at 05:56:11PM +, [EMAIL PROTECTED] wrote 1.8K bytes in 43 lines about: Thank you, is a new version for OSX10.3.9 on the way? Yes. There is a tor-only package for 10.3.9 available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32a-ppc-Bundle.dmg The vidalia bundle for PPC is coming shortly. The machine I use to make the ppc bundles is a G3 iMac. Qt 4.4.3 takes 23 hours to compile, assuming no errors. It appears Qt 4.4.3 doesn't support 10.3.9 anymore, so it has a slew of issues when compiling. I'm compiling qt 4.4.1 right now (because 4.4.2 had lots of issues) and well, it has another 10 hours of compiling to go. -- Andrew
Re: Tor 0.2.0.32 is released
On Thu, Dec 04, 2008 at 05:56:11PM +, [EMAIL PROTECTED] wrote 1.8K bytes in 43 lines about: > Thank you, is a new version for OSX10.3.9 on the way? Yes. There is a tor-only package for 10.3.9 available at: https://www.torproject.org/dist/osx-old/Tor-0.2.0.32a-ppc-Bundle.dmg The vidalia bundle for PPC is coming shortly. The machine I use to make the ppc bundles is a G3 iMac. Qt 4.4.3 takes 23 hours to compile, assuming no errors. It appears Qt 4.4.3 doesn't support 10.3.9 anymore, so it has a slew of issues when compiling. I'm compiling qt 4.4.1 right now (because 4.4.2 had lots of issues) and well, it has another 10 hours of compiling to go. -- Andrew
Re: Tor 0.2.0.32 is released
Thank you, is a new version for OSX10.3.9 on the way? GD On 4 Dec 2008, at 17:48, [EMAIL PROTECTED] wrote: On Thu, Dec 04, 2008 at 12:34:16PM -0500, [EMAIL PROTECTED] wrote 4.4K bytes in 97 lines about: For OS X users, there is a packaging bugfix in 0.2.0.32 labelled as 0.2.0.32a in the available packages. It turns out for years we've been shipping a Info.plist with an incorrect key. The issue was discovered and reported as bug 876, https://bugs.torproject.org/flyspray/index.php?id=876&do=details. The commit to fix the problem in the 0_2_0 branch is r17472: http://archives.seul.org/or/cvs/Dec-2008/msg00037.html The commit to fix the problem in the Vidalia 0.1 branch is r3361: http://trac.vidalia-project.net/browser/vidalia/branches/vidalia-0.1/ pkg/osx?order=date&desc=1 The bug is that the OS X Installer will prompt "The chosen volume contains software which is newer then [sic] the software you are installing." The problem is that the Installer looks in the file /Library/Receipts/Vidalia.pkg/Contents/Info.plist for CFBundleShortVersionString. We mistakenly called it CFBundleSortVersionString, which Apple inserts "1" as the value. The upgrade to Vidalia from 0.1.9 to 0.1.10 apparently triggered the issue. The fix is to put the correct value in place for the future. The simplest way to do this is to have the users click "Continue" when prompted. We could have spent a lot of time trying to fix it for the user to hide the issue, but well, that is fraught with problems and complexities. A simple click of "Continue" is far simpler and less error prone. The difference between the released 0.2.0.32 Tor code is the inclusion of r17472. It's not really 0.2.0.32a per se, but since we lack package versions, I had to distinguish it in some way. -- Andrew
Re: Tor 0.2.0.32 is released
On Thu, Dec 04, 2008 at 12:34:16PM -0500, [EMAIL PROTECTED] wrote 4.4K bytes in 97 lines about: For OS X users, there is a packaging bugfix in 0.2.0.32 labelled as 0.2.0.32a in the available packages. It turns out for years we've been shipping a Info.plist with an incorrect key. The issue was discovered and reported as bug 876, https://bugs.torproject.org/flyspray/index.php?id=876&do=details. The commit to fix the problem in the 0_2_0 branch is r17472: http://archives.seul.org/or/cvs/Dec-2008/msg00037.html The commit to fix the problem in the Vidalia 0.1 branch is r3361: http://trac.vidalia-project.net/browser/vidalia/branches/vidalia-0.1/pkg/osx?order=date&desc=1 The bug is that the OS X Installer will prompt "The chosen volume contains software which is newer then [sic] the software you are installing." The problem is that the Installer looks in the file /Library/Receipts/Vidalia.pkg/Contents/Info.plist for CFBundleShortVersionString. We mistakenly called it CFBundleSortVersionString, which Apple inserts "1" as the value. The upgrade to Vidalia from 0.1.9 to 0.1.10 apparently triggered the issue. The fix is to put the correct value in place for the future. The simplest way to do this is to have the users click "Continue" when prompted. We could have spent a lot of time trying to fix it for the user to hide the issue, but well, that is fraught with problems and complexities. A simple click of "Continue" is far simpler and less error prone. The difference between the released 0.2.0.32 Tor code is the inclusion of r17472. It's not really 0.2.0.32a per se, but since we lack package versions, I had to distinguish it in some way. -- Andrew signature.asc Description: Digital signature