Go to file
kali e694a038c7
[bug] avoid installing in custom paths
A vulnerability in QtIFW produces improper ACLs to be set when
installing in custom locations. This can lead to privilege escalation if
a non-privileged user overwrites the openvpn binary. Thanks to
researchers at Tenable for finding and reporting this!

Impact is considered low-medium, since an installation outside of the
suggested path is needed to trigger the issue.

Privileged execution of openvpn should be abandoned in next release, in
favor of the interactive service.

A bug upstream should be filed since other projects could be affected by
this vulnerability too.

-Resolves: #569
2021-12-15 20:02:12 +01:00
branding [bug] avoid installing in custom paths 2021-12-15 20:02:12 +01:00
cmd [feat] snowflake client support 2021-11-29 18:14:21 +01:00
debian [pkg] riseup beta provider 2021-11-23 21:51:24 +01:00
docker [pkg] add build deps 2021-02-10 22:04:12 +01:00
docs [docs] windows docs 2021-12-14 00:51:55 +01:00
gui [pkg] bugfixes windows 2021-12-14 18:21:32 +01:00
helpers [feat] whitelist log file 2021-12-08 19:54:34 +01:00
pkg [pkg] bump version 2021-12-14 19:30:07 +01:00
providers [bug] minor, recurrent gotchas 2021-12-10 18:24:04 +01:00
tests [feat] simple update check 2021-11-23 21:51:25 +01:00
vendor [pkg] update vendor 2021-11-29 18:14:16 +01:00
.gitignore [pkg] modify version gen to read static version file 2021-04-14 16:49:53 +02:00
.gitlab-ci.yml [pkg] build debian package 2021-02-11 23:04:14 +01:00
AUTHORS [docs] add AUTHORS file 2020-11-21 20:50:17 +01:00
CHANGELOG [bug] avoid installing in custom paths 2021-12-15 20:02:12 +01:00
LICENSE [doc] add copyright notice 2018-02-13 17:04:12 +01:00
Makefile [bug] avoid installing in custom paths 2021-12-15 20:02:12 +01:00
README.md README.md: Add note on the ebuild in ::gentoo 2021-09-23 12:04:46 +02:00
bitmask.pro [pkg] add svg to pro 2021-11-23 21:51:02 +01:00
code-of-conduct.txt [docs] add copy of code of conduct 2020-10-27 15:38:15 +01:00
go.mod [pkg] update vendor 2021-11-29 18:14:16 +01:00
go.sum [pkg] update vendor 2021-11-29 18:14:16 +01:00
test.pro [test] update ui smoke test, add it to ci 2020-10-02 19:31:54 +02:00




sudo snap install riseup-vpn --classic

You can track beta channel, where we push versions to test:

sudo snap install riseup-vpn --classic --beta


There's a package in AUR that tracks main branch, so expect some instabilities (early birds catch the bugs they say, and we're thankful for that)

yaourt -Sy riseup-vpn-git


An ebuild is available in Gentoo's main repository.

emerge riseup-vpn


We haven't updated deb.leap.se repo yet 😞 (see #466), but if you really desire a debian package you can build your own for the time being:

debuild -us -uc
sudo dpkg -i ../riseup-vpn*.deb

If you're using ubuntu, you can use kali's ppa.


Clone this repo, install dependencies and build the application. Dependencies assume debian packages, or homebrew for osx. For Windows OS see corresponding section below. For other systems try manually, or send us a patch.

  git clone git@0xacab.org:leap/bitmask-vpn.git && cd bitmask-vpn
  sudo make depends  # do not use sudo in osx 
  make build

You need at least go 1.11.

If you have Ubuntu Bionic/18.04, the package in the repositories is too old. To resolve this, you can do make install_go. Do not do this if you have a later version.

For other situations, have a look at https://github.com/golang/go/wiki#working-with-go


You can run some tests too.

  sudo apt install qml-module-qttest
  make test
  make test_ui


As for now app can be build on Win OS using Cygwin terminal.


You need to have installed and added to your user PATH (mentioned version tested in Win10):

  1. Go (>= go1.15.4)
  2. QT (>= Qt5.12.9)
  3. QtIFW (>= QtIFW-4.0.0)
  4. Cygwin64 (>= 2.905 64 bit)
  5. Using Cygwin Package Select window install python3 and make packages.

Note: for #5 you don't need to add packages to PATH they will available in cygwin after installation.

Get Source

    git clone git@0xacab.org:leap/bitmask-vpn.git && cd bitmask-vpn


Build script uses a symbolic link in one of the stages. Unfortunately Cygwin can't create native symlink from local non
admin user due to windows security restriction. To avoid this issue we need to call next target from cygwin terminal as
Administrator. This need to be done only once.

    make relink_vendor

After relink_vendor use this to build the app:

    make build

After successful build application will be available at: build/qt/release/riseup-vpn.exe


To run tests:

    make test
    make test_ui


We use transifex to coordinate translations. Any help is welcome!

Bugs? Crashes? UI feedback? Any other suggestions or complains?

When you are willing to report an issue please use the search tool first. if you cannot find your issue, please make sure to include the following information:

  • the platform you're using and the installation method.
  • the version of the program. You can check the version on the "about" menu.
  • what you expected to see.
  • what you got instead.
  • the logs of the program. The location of the logs depends on the OS:
    • gnu/linux: /home/<your user>/.config/leap/systray.log
    • OSX: /Users/<your user>/Library/Preferences/leap/systray.log, /Applications/RiseupVPN.app/Contents/helper/helper.log & /Applications/RiseupVPN.app/Contents/helper/openvpn.log
    • windows: C:\Users\<your user>\AppData\Local\leap\systray.log, C:\Program Files\RiseupVPN\helper.log & C:\Program Files\RiseupVPN\openvp.log