apple os x

Apple broke OpenSSL which breaks Tor on OS X

Posted January 27th, 2010 by phobos
in

Apple OS X Security Update 2010-001 removes OpenSSL renegotation, http://support.apple.com/kb/HT1222. We've filed a bug report with Apple on this issue. Their standard response so far is http://support.apple.com/kb/HT4004.

In the meanwhile, we have bug #1225 open, https://bugs.torproject.org/flyspray/index.php?do=details&id=1225. Add yourself to the Notifications if you want updates as they happen. A fine explanation of why Tor is not affected by the TLS renegotiation bug can be found at https://bugs.torproject.org/flyspray/index.php?do=details&id=1225&area=c...

Packages for testing are available at:
https://www.torproject.org/dist/testing/

READ THIS FINE PRINT: read more »

  1. These will only work on OSX 10.5 and 10.6 (both i386 and powerpc). Tor fails to compile when using the 10.4 libraries and static openssl.
  2. Tor-0.2.2.8-alpha-i386-Bundle.dmg is compiled to replace the tor

Updated packages for PowerPC-only OS X

Posted July 23rd, 2009 by phobos
in

Thanks to an anonymous donor for the working powerpc hardware, I was able to make 0.2.0.35, 0.2.1.17-rc, and Vidalia 0.1.15 packages on OS X 10.3.9 (Panther) this evening.

They are available in the usual places, such as https://torproject.org/download

Thanks for your patience.

Experimental OS X Drag and Drop Vidalia Bundle Installer

Posted January 13th, 2009 by phobos
in

I asked for community feedback in this post about drag and drop installation of the Vidalia bundle for Apple's OS X. In working with the Vidalia team, we now have a drag and drop installer. This is experimental. It's designed for a clean install. It won't migrate your settings, nor will it configure anything for you. Upon installing, your milk may sour and your salt may run off with your pepper. Now that the disclaimers are over, here's what it contains and does do for you. read more »

It includes Universal binaries for:

  • Vidalia version 0.2.0-svn r3425
  • Polipo 1.0.4 configured to use Tor as a socksproxy
  • Tor 0.2.1.10-alpha compiled with prefix and bindir set to /Applications/Vidalia.app

Updates on Tor 0.2.0.32 for OS X Users

Posted December 4th, 2008 by phobos
in

As detailed here, http://archives.seul.org/or/talk/Dec-2008/msg00044.html, there are some packaging fixes for OS X users in this 0.2.0.32 stable release.

For OS X users, there is a packaging bugfix in 0.2.0.32 labelled as
0.2.0.32a in the available packages. It turns out for years we've been
shipping a Info.plist with an incorrect key. The issue was discovered
and reported as bug 876,
https://bugs.torproject.org/flyspray/index.php?id=876&do=details.

The commit to fix the problem in the 0_2_0 branch is r17472:
http://archives.seul.org/or/cvs/Dec-2008/msg00037.html

The commit to fix the problem in the Vidalia 0.1 branch is r3361:
http://trac.vidalia-project.net/browser/vidalia/branches/vidalia-0.1/pkg...

The bug is that the OS X Installer will prompt "The chosen volume
contains software which is newer then [sic] the software you are
installing."

The problem is that the Installer looks in the file
/Library/Receipts/Vidalia.pkg/Contents/Info.plist for
CFBundleShortVersionString. We mistakenly called it
CFBundleSortVersionString, which Apple inserts "1" as the value. The
upgrade to Vidalia from 0.1.9 to 0.1.10 apparently triggered the issue.

The fix is to put the correct value in place for the future. The
simplest way to do this is to have the users click "Continue" when
prompted. We could have spent a lot of time trying to fix it for the
user to hide the issue, but well, that is fraught with problems and
complexities. A simple click of "Continue" is far simpler and less
error prone.

The difference between the released 0.2.0.32 Tor code is the inclusion
of r17472. It's not really 0.2.0.32a per se, but since we lack package
versions, I had to distinguish it in some way.

OS X Vidalia Bundle Thoughts

Posted October 29th, 2008 by phobos
in

A few weeks ago, I watched some non-technical OS X users attempt to install the Vidalia-Tor Bundle. Many of them tried to drag the installation package to Applications. A few were surprised it required an installation at all.

In Vidalia trunk I committed a different way to install Vidalia, Tor, and Polipo. In this new dmg, you just open it up and drag the Vidalia icon into Applications. You now have Tor, Vidalia, and Polipo pre-configured and running completely out of Applications. While this works well for users that never installed Tor/Vidalia before, it doesn't work so well for existing installations.

Is it smart to think users will un-install their existing Vidalia/Tor bundle before using the drag and drop installation method? My inclination is that it isn't smart. This installation method also removes the ability to automatically install Torbutton for Firefox. read more »

Syndicate content