changelog 519 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
tails (4.18) unstable; urgency=medium
2

intrigeri's avatar
intrigeri committed
3
  * Upgrade Thunderbird to 78.9.0-1~deb10u1
4

intrigeri's avatar
intrigeri committed
5
  * Upgrade Tor Browser to 10.0.16 (tails/tails!400)
6

intrigeri's avatar
intrigeri committed
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
    Closes issues:
      - Upgrade to Tor Browser based on Firefox 78.10 (tails/tails#18252)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.15.

  * Upgrade Intel microcodes to 3.20210216.1~deb10u1

  * Upgrade firmware-linux-nonfree to 20210315-2

  * Remove Poedit (#18236) (tails/tails!395)

    Commits:
      - Remove Poedit (#18236)

  * Display an error message when the Upgrader fails to download the signing key
    (tails/tails!390)

    Closes issues:
      - Display an error message when the Upgrader fails to check for available
        upgrades (tails/tails#18238)

    Commits:
      - Display an error message when the Upgrader fails to download the signing key

  * Remove clock sync notification (tails/tails!389)

    Closes issues:
      - Remove the "clock synchronization" notification (tails/tails#7439)

    Commits:
      - tails-htp-notify-user only notifies if $problems

  * Bump snapshots of the Debian APT archive to 2021033101 (tails/tails!388)

    Commits:
      - Bump snapshots of the Debian APT archive to 2021033101

  * APT: use non-onion HTTPS sources for Debian repositories (tails/tails!383)

    Closes issues:
      - Fix failures with Debian's APT repository onion service (tails/tails#17993)

    Commits:
      - APT: use non-onion HTTPS sources for Debian repositories

  * Merge base branch earlier (tails/tails!381)

    Closes issues:
      - The mergebasebranch option merges the base branch too late (tails/tails#12557)

    Commits:
      - Document that faketime is needed on the host to build Tails.
      - Vagrant: don't install faketime any more.
      - Drop useless version part from development build filenames.
      - Build system: only add base branch info to image names when relevant.
      - Build system: make development images' names more consistent.
      - Build system: move around logic to reduce ENV state.
      - Build system: re-run rake after merging base branch (#12557)
      - Rakefile: handle jenkins passing the now obsolete mergebasebranch.
      - Build system: by default, merge the base branch early when building (#12557)

intrigeri's avatar
intrigeri committed
70
71
 -- Tails developers <tails@boum.org>  Mon, 19 Apr 2021 14:19:38 +0000

intrigeri's avatar
intrigeri committed
72
tails (4.17) unstable; urgency=medium
anonym's avatar
anonym committed
73

intrigeri's avatar
intrigeri committed
74
75
76
  * Upgrade Thunderbird to 78.8.0-1~deb10u1
  
  * Upgrade Tor Browser to 10.0.14-build1 (tails/tails!382)
anonym's avatar
anonym committed
77

intrigeri's avatar
intrigeri committed
78
79
    Commits:
      - Upgrade Tor Browser to 10.0.14-build1.
anonym's avatar
anonym committed
80

intrigeri's avatar
intrigeri committed
81
  * Upgrade tor to 0.4.5.7 (tails/tails!380)
anonym's avatar
anonym committed
82

intrigeri's avatar
intrigeri committed
83
84
    Closes issues:
      - Upgrade tor to 0.4.5.7 (tails/tails#18244)
anonym's avatar
anonym committed
85

intrigeri's avatar
intrigeri committed
86
87
88
89
90
    Commits:
      - Upgrade tor to 0.4.5.7

  * Retry failed upgrade downloads, reusing the previously downloaded data, and
    fallback to the DNS mirror pool (tails/tails!379)
anonym's avatar
anonym committed
91

anonym's avatar
anonym committed
92
    Closes issues:
intrigeri's avatar
intrigeri committed
93
94
      - Make it possible to resume an automatic upgrade download (tails/tails#15875)
      - Make Tails Upgrader resilient to broken mirrors (tails/tails#17615)
95

anonym's avatar
anonym committed
96
    Commits:
intrigeri's avatar
intrigeri committed
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
      - Tails::IUK::TargetFile::Download: always disable exponential backoff when
        running tests
      - Tails::IUK::LWP::UserAgent::WithProgress: display correct progress status when
        resuming a previously failed download
      - Give Tails::IUK::LWP::UserAgent::WithProgress information that it'll need
      - Refactoring: make temp_file an attribute
      - Refactoring: use more meaningful variable name and document what value it holds
      - GitLab CI: disable test that now requires systemd
      - Retry failed upgrade downloads, reusing the previously downloaded data, and
        fallback to the DNS mirror pool
      - Upgrader hardening: comment out sudo env_keep settings that are not needed in
        production
      - Tails::Download::HTTPS hardening: drop support for SSL_NO_VERIFY
      - Upgrader test suite: remove useless Win32 support code

  * Repair the filesystem on the system partition and avoid breaking it in the
    first place (tails/tails!374)
anonym's avatar
anonym committed
114
115

    Closes issues:
intrigeri's avatar
intrigeri committed
116
117
      - Deleted obsolete automatic upgrades still occupy disk space ⇒ no automatic
        upgrade possible after a while (tails/tails#17902)
anonym's avatar
anonym committed
118
119

    Commits:
intrigeri's avatar
intrigeri committed
120
121
122
      - On boot, repair the filesystem on the system partition
      - Refactoring: move repartitioning code to a function
      - Unmount the system partition on shutdown
anonym's avatar
anonym committed
123

intrigeri's avatar
intrigeri committed
124
  * Upgrade GRUB2 to 2.04-16+ (tails/tails!372)
anonym's avatar
anonym committed
125
126

    Closes issues:
intrigeri's avatar
intrigeri committed
127
128
      - Upgrade GRUB2 to 2.04-16+ (tails/tails#18227)
      - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)
anonym's avatar
anonym committed
129
130

    Commits:
intrigeri's avatar
intrigeri committed
131
      - Bump snapshots of the Debian APT archive to 2021030401
anonym's avatar
anonym committed
132

intrigeri's avatar
intrigeri committed
133
  * Upgrade non-free Linux firmware to 20210208-3 (tails/tails!371)
anonym's avatar
anonym committed
134
135

    Closes issues:
intrigeri's avatar
intrigeri committed
136
137
      - Upgrade non-free Linux firmware to 20210208-3+ (tails/tails#18226)
      - devel branch FTBFS with uBlock 1.33.0+dfsg-1 (tails/tails#18191)
anonym's avatar
anonym committed
138
139

    Commits:
intrigeri's avatar
intrigeri committed
140
141
142
      - Revert "Temporarily install the kernel from Bullseye"
      - Refresh uBlock patch
      - Bump snapshots of the Debian APT archive to 2021030101
anonym's avatar
anonym committed
143

intrigeri's avatar
intrigeri committed
144
  * Test suite: relax delay for OpenPGP future expiration date (tails/tails!370)
anonym's avatar
anonym committed
145
146

    Commits:
intrigeri's avatar
intrigeri committed
147
      - Test suite: relax delay for OpenPGP future expiration date
anonym's avatar
anonym committed
148

intrigeri's avatar
intrigeri committed
149
150
  * Improve security advisory since they don't list vulnerabilities anymore
    (tails/tails!369)
anonym's avatar
anonym committed
151
152

    Commits:
intrigeri's avatar
intrigeri committed
153
154
155
156
      - Help people find the information on their own (#18221)
      - Remove not-so-helpful TOC
      - Simplify and reuse the same wording
      - Don't make people click for nothing (#18221)
anonym's avatar
anonym committed
157

intrigeri's avatar
intrigeri committed
158
159
  * Clarify error message when starting the Unsafe Browser while offline
    (tails/tails!367)
anonym's avatar
anonym committed
160
161

    Closes issues:
intrigeri's avatar
intrigeri committed
162
163
      - Clarify error message when the Unsafe Browser was launched without network
        connection (tails/tails#12251)
anonym's avatar
anonym committed
164
165

    Commits:
intrigeri's avatar
intrigeri committed
166
167
      - Test suite: update to match UI change
      - Clarify error message when starting offline (#12251)
anonym's avatar
anonym committed
168

intrigeri's avatar
intrigeri committed
169
  * Release process: add po4a version sanity checks (tails/tails!364)
anonym's avatar
anonym committed
170
171

    Commits:
intrigeri's avatar
intrigeri committed
172
      - Release process: ensure the RM has the correct version of po4a
anonym's avatar
anonym committed
173

intrigeri's avatar
intrigeri committed
174
  * Upgrade our production and test-only tor configuration (tails/tails!363)
anonym's avatar
anonym committed
175
176

    Closes issues:
intrigeri's avatar
intrigeri committed
177
      - Upgrade our production and test-only tor configuration (tails/tails#18216)
anonym's avatar
anonym committed
178
179

    Commits:
intrigeri's avatar
intrigeri committed
180
181
182
183
184
185
186
187
188
189
190
191
192
      - Test suite: bump PathsNeededToBuildCircuits to 0.67, like Chutney
      - Test suite: drop "TestingBridgeDownloadInitialDelay" customization
      - Test suite: drop "DownloadInitialDelay" testing options that we set to their
        default value
      - Test suite: drop unused second argument for the "DownloadInitialDelay" tor
        testing options
      - Test suite: use the new "DownloadInitialDelay" names for the "DownloadSchedule"
        tor testing options
      - torrc: drop obsolete WarnUnsafeSocks setting
      - torrc: migrate from deprecated {Control,Trans}ListenAddress to
        {Control,Trans}Port address syntax

  * Upgrade tor to 0.4.5.6 (tails/tails!361)
anonym's avatar
anonym committed
193
194

    Commits:
intrigeri's avatar
intrigeri committed
195
196
197
198
      - run_test_suite: abort if the host system's tor is too old
      - Test suite setup doc: ensure we have a recent enough tor
      - Test suite setup doc: update APT pinning to support current QEMU backport
      - Upgrade tor to 0.4.5.6 final
anonym's avatar
anonym committed
199

intrigeri's avatar
intrigeri committed
200
  * Update uBlock Origin patch (tails/tails!354)
anonym's avatar
anonym committed
201
202

    Commits:
intrigeri's avatar
intrigeri committed
203
      - Refresh uBlock patch
anonym's avatar
anonym committed
204

intrigeri's avatar
intrigeri committed
205
  * Resolve "onion-grater race condition" (tails/tails!345)
anonym's avatar
anonym committed
206
207

    Closes issues:
intrigeri's avatar
intrigeri committed
208
      - onion-grater race condition (tails/tails#18123)
anonym's avatar
anonym committed
209
210

    Commits:
intrigeri's avatar
intrigeri committed
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
      - whitespace
      - onioncircuits: longer options are more readable
      - tails-create-netns: more consistent style
      - tails-create-netns: avoid bashisms
      - a11y-proxy-netns: explain behavior with comments
      - review tips: is_veth_nic is more readable
      - review tips: clearer behaviour
      - Remove another remain from the reverted TBB experiment.
      - veth exclusion: log to debug
      - don't spoof veth interfaces
      - a11y proxy now can be passed to the right netns
      - onioncircuits is accessible!
      - small cleanup to tailslib.gnome
      - really: let's forget about TBB and its netns
      - Let's forget about TBB in its netns
      - get_all_ethernet_nics behave even if no real eth
      - update design doc for netns improvements
      - test: tor can bind a non-127.0.0.1 port
      - FIX helper lib to recognize veth appropriately
      - better wording
      - tails-documentation: fixed when Tor is not ready
      - sudo tor-browser allowed
      - FIX service: run before network.target
      - we need veth: don't blacklist it, it's harmless
      - /stop tails-create-netns service can stop
      - FIX tails-create-netns.service
      - TBB: changed onion-grater
      - TBB works + port 9150 drop
      - netns: firewall configuration moved to ferm
      - configure tor and ferm for TBB netns address
      - tails-create-netns is a systemd.service
      - onion-grater whitelisted in sane_defaults
      - onioncircuits profile adapted to netns
      - onioncircuits wrapper to use netns
      - still a draft, but at least tidier
      - DRAFT of network namespace support

  * Test suite: disable sound forwarding to host (tails/tails!333)
anonym's avatar
anonym committed
249

intrigeri's avatar
intrigeri committed
250
251
252
253
254
    Closes issues:
      - Test suite: consider disabling SPICE audio (tails/tails#18122)

    Commits:
      - Test suite: disable sound forwarding to host (Closes: #18122)
255

intrigeri's avatar
intrigeri committed
256
 -- Tails developers <tails@boum.org>  Mon, 22 Mar 2021 08:11:53 +0000
intrigeri's avatar
intrigeri committed
257

intrigeri's avatar
intrigeri committed
258
259
260
261
262
263
264
tails (4.15.1) unstable; urgency=medium

  * Upgrade sudo to 1.8.27-1+deb10u3 due to CVE-2021-3156 ("Baron
    Samedit").

 -- Tails developers <tails@boum.org>  Wed, 27 Jan 2021 19:33:08 +0100

intrigeri's avatar
intrigeri committed
265
tails (4.15) unstable; urgency=medium
266

intrigeri's avatar
intrigeri committed
267
  * Upgrade Thunderbird to 1:78.6.0-1~deb10u1
268

intrigeri's avatar
intrigeri committed
269
  * Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails!331)
270

intrigeri's avatar
intrigeri committed
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
    Closes issues:
      - Upgrade Tor Browser to 10.0.9, based on Firefox 78.7 (tails/tails#18100)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.9-build2.

  * Test suite: support path of tcpdump in current sid (tails/tails!328)

    Closes issues:
      - Test suite broken on current sid: "No such file or directory -
        /usr/sbin/tcpdump" (tails/tails#18126)

    Commits:
      - Test suite: support path of tcpdump in current sid

  * Update CAs trusted to connect to our website (tails/tails!327)

    Closes issues:
      - Upgrader fails to check upgrades: CA changed for our website
        (tails/tails#18127)
      - Remove AddTrust_External_Root.pem from our website CA bundle
        (tails/tails#11811)

    Commits:
      - Fix shell syntax
      - Reference issue and add another related XXX
      - Don't ship individual Let's Encrypt intermediate certificates files in the
        image
      - Move Let's Encrypt intermediate certificates outside of the system-wide CA
        store
      - Upgrader: trust current and upcoming Let's Encrypt intermediate certificates
      - Add current and upcoming Let's Encrypt intermediate certificates
      - Remove AddTrust_External_Root.pem from our website CA bundle (refs: #11811).

  * Upgrade Linux to 5.9.15-1~bpo10+1 (stable branch) (tails/tails!325)

    Closes issues:
      - Upgrade to Linux 5.9.15 (tails/tails#18104)
      - Install Intel SOF Firmware and Topology binaries from Debian
        (tails/tails#18096)
      - USB tethering is broken with iOS 14 => Need kernel upgrade (tails/tails#18097)

    Commits:
      - Refresh uBlock patch
      - Install Intel SOF Firmware and Topology binaries from Debian
      - Upgrade Linux to 5.9.15-1~bpo10+1
      - Update APT snapshot for the "debian" archive to 2021011501

  * Upgrade firmware-linux to 20201218-1

  * Migrate blueprints to GitLab wiki (tails/tails!323)

  * Fix stream isolation test suite after !306 (tails/tails!319)

    Closes issues:
      - Test suite: update wrt. recent htpdate changes (tails/tails#18095)

    Commits:
      - fix stream isolation test suite after !306

  * Refresh uBlock patch to fix devel branch FTBFS (tails/tails!318)

    Commits:
      - Refresh uBlock patch

  * Test suite: improve error reporting for GuestFS problems and user mistakes
    (tails/tails!317)

    Commits:
      - Test suite: error out early if images to be tested are directories
      - Test suite: log all guestfs events, not only "trace" level messages

  * Make 'Upgrading the system' dialog appear faster (tails/tails!316)

    Closes issues:
      - Make  "Upgrading the system" dialog appear faster (tails/tails#18051)

    Commits:
      - Upgrader test suite: adjust to match UI changes
      - Warn in advance about the network connection being disabled (#18051)
      - Avoid ambiguous future tense
      - Lint.
      - Upgrader: don't declare variable in conditional statement
      - Upgrader: adjust test suite to user interaction changes
      - Fix typo
      - Make 'Upgrading the system' dialog appear faster

  * Make writing Tails.module more robust (tails/tails!315)

    Closes issues:
      - Make writing Tails.module more robust (tails/tails#17906)

    Commits:
      - Make writing Tails.module more robust

  * Fix support for Ledger hardware wallet, by upgrading python3-btchip
    (tails/tails!313)

    Closes issues:
      - "No hardware device detected" with Ledger Nano S wallet in Electrum
        (tails/tails#18080)

    Commits:
      - Fix support for Ledger hardware wallet, by upgrading python3-btchip

  * Test expiration date for all keys trusted by APT (tails/tails!310)

    Closes issues:
      - Test expiration date for all keys trusted by APT (tails/tails#18094)

    Commits:
      - Test suite: improve Gherkin phrasing
      - Test suite: check expiration date for all trusted APT keys

  * Log more info upon curl failure in htpdate (tails/tails!306)

    Commits:
      - htpdate: make output more useful on name resolution errors
      - htpdate: include stdout and stderr of curl(1) upon failure
      - htpdate: remove misleading comment

  * Clarify that this message is about the size of the USB stick (#18073)
    (tails/tails!305)

    Closes issues:
      - Improve error message when the USB stick is too small (tails/tails#18073)

    Commits:
      - Add comment to explain the unit being used
      - Display too small boot device size in GB, not GiB
      - Display too small boot device size with 1 digit of precision after the decimal
        point
      - Make displayed number and unit match
      - Only use variable after we've assigned it a value
      - Clarify that this message is about the size of the USB stick (#18073)

  * Thunderbird: drop obsolete patch. (tails/tails!304)

    Commits:
      - Thunderbird: drop obsolete patch.

  * Make build reproducibility verification easier (tails/tails!303)

    Commits:
      - Don't trust any random key that has a UID which contains "deb.tails.boum.org"
      - Make formatting consistent with other command lines
      - Minor rephrasing
      - Fix typo
      - Use numbered list: order matters
      - Reorder instructions to avoid a step essentially depend on the next one
      - contribute/build.mdwn: add instruction for importing deb.tails.boum.org key
      - release_process/test/reproducibility.mdwn: add -p to mkdir
      - Rakefile: add option to scp to disable agent

  * Test suite: differentiate between tordate and htpdate errors (tails/tails!295)

    Commits:
      - Test suite: split exception.
      - Test suite: use more specific exception.
      - We can have TimeSyncingError due to tordate, so no htpdate log exists.
      - Rename variable and rearrange code to fix scoping issues.
      - Test suite: differentiate between tordate and htpdate errors.

  * Add "Don't Show Again" button to the notification when starting Tails in a VM
    (tails/tails!284)

    Closes issues:
      - Add "Don't Show Again" button to notifications where appropriate
        (tails/tails#10553)

    Commits:
      - swap buttons in tails-virt-notify-user
      - Refresh translations.
      - tails-documentation: drop yelp dependency.
      - Revert "Patch libdesktop-notify-perl to accept an array ref for actions."
      - tails-documentation: let Gnome start Tor Browser so it can quit.
      - tails-virt-notify-user: port form Perl to Python.
      - Simply
      - Improve button labels
      - Apply 1 suggestion(s) to 1 file(s)
      - Apply 1 suggestion(s) to 1 file(s)
      - tails-virt-notify-user: make action IDs globally unique again.
      - Simplify.
      - tails-virt-notify-user: make action buttons ordering deterministic.
      - Patch libdesktop-notify-perl to accept an array ref for actions.
      - live-persist: always enable support for "Don't ask again" (refs: #10553).
      - tails-virt-notify-user: only show "Don't ask again" if feature is available
        (refs: #10553).
      - tails-virt-notify-user: add "Don't ask again" button PoC (refs: #10553).
      - Add tooling for "Don't ask me again" feature for notifications etc.

intrigeri's avatar
intrigeri committed
463
464
 -- Tails developers <tails@boum.org>  Mon, 25 Jan 2021 08:23:10 +0000

intrigeri's avatar
intrigeri committed
465
tails (4.14) unstable; urgency=medium
anonym's avatar
anonym committed
466

intrigeri's avatar
intrigeri committed
467
  * Grant the user read access to external Persistent Storage (tails/tails!300)
anonym's avatar
anonym committed
468

intrigeri's avatar
intrigeri committed
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
    Closes issues:
      - Nautilus cannot open a plugged Tails Persistent Storage anymore
        (tails/tails#18050)

    Commits:
      - Make *external* TailsData's root user-readable when mounted (closes: #18050)

  * Upgrade Tor Browser to 10.0.7 (tails/tails!297)

    Closes issues:
      - Upgrade Tor Browser to 10.0.7 (tails/tails#18058)

    Commits:
      - Fetch Tor Browser from our own archive.
      - Upgrade Tor Browser to 10.0.7-build1.

  * Add a script to help updating our UX debt spreadsheet (tails/tails!292)

    Commits:
      - ux-debt-changes: list issues that had the UX:debt label removed
      - ux-debt-changes: list issues that had the UX:debt label added
      - ux-debt-changes: allow running only some of the supported reports
      - ux-debt-changes: cache GitLab API responses
      - ux-debt-changes initial version: lists solved or rejected UX:debt issues since
        a date

  * Upgrade to Linux 5.9 and to Buster 10.7 (tails/tails!288)

    Closes issues:
      - Upgrade Linux to 5.9 (tails/tails#17973)
      - Upgrade to Buster 10.7 (tails/tails#17995)

    Commits:
      - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1
      - Install the kernel from buster-backports
      - Upgrade Tails and the Vagrant build box to Debian Buster 10.7

  * Test suite: make evince "Print to File" test more robust (tails/tails!287)

    Commits:
      - Test suite: update and fix comment
      - Test suite: make evince "Print to File" test more robust

  * Upgrade Linux to 5.9 (devel branch) (tails/tails!285)

    Commits:
      - Upgrade Linux to 5.9.0-0.bpo.2, currently at version 5.9.6-1~bpo10+1

  * Don't include URLs pointing to our live website in translatable strings
    (tails/tails!283)

    Commits:
      - Upgrader: don't use non-existent debug method
      - GitLab CI: ensure we don't re-add translatable URLs to our live website
      - Update POT and PO files
      - Don't include URLs pointing to our live website in translatable strings
      - Lint

  * Test suite: bump timeout for the Greeter's GUI to update after language change.
    (tails/tails!279)

    Commits:
      - Revert "Test suite: switch from sleep() to more robust approach."
      - Test suite: switch from sleep() to more robust approach.
      - Test suite: bump timeout for the Greeter's GUI to update after language change.

  * Port otr-bot to Python 3 and migrate to slixmpp (tails/tails!278)

    Closes issues:
      - Test suite's otr-bot.py has obsolete dependencies (tails/tails#17031)

    Commits:
      - Test suite doc: update dependencies
      - Make otr-bot quiet.
      - otr-bot: linting.
      - Improve variable names.
      - otr-bot: port to python3 and migrate from jabberbot to slixmpp.

  * Detect corrupt GnuPG public keyring and restore its backup (tails/tails!275)

    Closes issues:
      - Automate fix for "GnuPG keys missing" problem (tails/tails#17807)

    Commits:
      - Try to detect corrupt GnuPG pubring.kbx and restore any backup (refs: #17807)

  * Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter
    (tails/tails!274)

    Commits:
      - Drop superfluous block.events_dfl_poll_msecs=1000 kernel parameter

  * Install the kernel from buster-backports (tails/tails!273)

    Commits:
      - Install the kernel from buster-backports

  * Enable Electrum's Ledger hardware wallet support (tails/tails!272)

    Closes issues:
      - Ledger Nano S hardware wallet is not recognized due to wrong udev rules
        (tails/tails#15353)

    Commits:
      - Enable Electrum's Ledger hardware wallet support

  * Test suite: update expected title of the GitLab page we use (tails/tails!271)

    Commits:
      - Test suite: update expected title of the GitLab page we use

  * Port Tails Installer to Python 3 (tails/tails!270)

    Closes issues:
      - Port Tails Installer to Python 3 (tails/tails#10085)
      - Installer: get rid of workaround for udisks bug#418 in SetFlags()
        (tails/tails#15010)

    Commits:
      - Update POT and PO files
      - Also undo mistaken changes to Tails 3.0 release note PO files.
      - Installer: get rid of workaround for udisks#418 in SetFlags()
      - Installer: update URL (Redmine → GitLab)
      - Installer: drop obsolete comment
      - Installer: don't make user-facing URLs translatable
      - Undo mistaken change to Tails 3.0 release notes.
      - Tails Installer: fix incorrect function/variable names.
      - Update installer's deps after porting to Python 3 (refs: #10085)
      - Apply 1 suggestion(s) to 1 file(s)
      - Tails Installer: don't show install/cancel buttons on warning prompts.
      - Tails Installer: delay deletion of parents until all drives have been examined.
      - Tails Installer: update PO/POT files after migration to Python 3.
      - Tails Installer: move into Python 3's dist-packages.
      - Tails Installer: revive _set_liberal_perms_recursive().
      - Tails Installer: pass argument list to subprocess.Popen().
      - Tails Installer: port to Python 3 based on saschamarkus's patches (refs:
        #10085).

  * Update deb.torproject.org's APT key (tails/tails!269)

    Closes issues:
      - Outdated APT key for deb.torproject.org (tails/tails#18042)

    Commits:
      - Stop installing deb.torproject.org-keyring
      - Update deb.torproject.org's APT key

  * Release process: drop dependency on parallel_collect_IUKs (tails/tails!267)

    Commits:
      - Lint
      - Release process: don't pass --debug to copy-iuks-to-rsync-server-and-verify
      - Release process: drop dependency on parallel_collect_IUKs
      - Lint

  * Allow users to change persisted admin password option (tails/tails!266)

    Closes issues:
      - Allow users to change persisted admin password option (tails/tails#18018)

    Commits:
      - Fix not being able to delete a once persisted admin password

  * Upgrade Thunderbird to 1:78.5.1-1~deb10u1, and accordingly update
    its patch series (tails/tails!264)

    Closes issues:
      - All branches FTBFS since Thunderbird 78.5.0 upload (tails/tails#18034)

    Commits:
      - Drop Thunderbird patch: applied in 78.5.0 upstream
      - Drop Thunderbird patch: applied in 78.5.0 upstream
      - patch-thunderbird: log which patch we're currently trying to apply
      - Lint

  * Stop installing the Unifont fonts (tails/tails!263)

    Commits:
      - Stop installing the Unifont fonts

  * Upgrade tor to 0.4.4.6 (tails/tails!259)

    Commits:
      - Upgrade tor to 0.4.4.6

  * Document python-gitlab setup needed for generate-changelog and generate-report
    (tails/tails!258)

    Commits:
      - Don't track testing forever
      - Make instructions work on sid
      - python3-gitlab from Buster doesn't work
      - Document torsocks for GitLab scripts
      - Improve readibility
      - generate-changelog, generate-report: point to documentation
      - Document how to configure python-gitlab

  * Test suite: use the qemu-xhci USB controller (tails/tails!255)

    Closes issues:
      - Use qemu-xhci for TailsToaster (tails/tails#15831)

    Commits:
      - Test suite: use the qemu-xhci USB controller

  * Require Buster or newer for running our test suite (tails/tails!254)

    Closes issues:
      - Require Buster or newer for running our test suite (tails/tails#17842)

    Commits:
      - Test suite: run a Q35 5.0 machine
      - Test suite: drop workarounds for running on Stretch
      - run_test_suite: drop support for Stretch
      - Test suite doc: drop support for Stretch
anonym's avatar
anonym committed
684

intrigeri's avatar
intrigeri committed
685
686
 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2020 08:56:31 +0000

anonym's avatar
anonym committed
687
tails (4.13) unstable; urgency=medium
688

anonym's avatar
anonym committed
689
  * Tor Browser 10.0.5 (tails/tails!253)
690

anonym's avatar
anonym committed
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
    Closes issues:
      - Upgrade to Tor Browser 10.0.5 (tails/tails#18017)
      - Most Tor Browser scenarios fail (tails/tails#18016)
      - Only ship locale definitions that the user can select in the Welcome Screen
        (tails/tails#17139)

    Commits:
      - Mark security issue as fixed
      - Test suite: avoid wait_any() in error-prone situation.
      - Test suite: adapt image so it works for RTL locales too.
      - Upgrade Tor Browser to 10.0.5-build1.
      - Automate++

  * Browsers: drop el-GR from browser localization (tails/tails!252)

    Closes issues:
      - "The Unsafe Browser can be used in all languages supported in Tails" scenario
        fails in Greek (tails/tails#18015)

    Commits:
      - Browsers: drop el-GR from browser localization.

  * Test suite: wait for GNOME Overview launchers to be ready before interacting
    with them (tails/tails!251)

    Closes issues:
      - Most Tor Browser scenarios fail (tails/tails#18016)

    Commits:
      - Test suite: wait for GNOME Overview launchers to be ready before interacting
        with them (fixes: #18016).

  * Garbage collect website cache more aggressively (tails/tails!248)

    Closes issues:
      - Some builds fail on Jenkins due to lack of disk space to store cached built
        website (tails/tails#18010)

    Commits:
      - website-cache: don't delete lost+found directory
      - Lint
      - website-cache: garbage collect cache directories older than 20 days

  * generate-report: Buster compatibility, help the user install dependencies
    (tails/tails!247)

    Commits:
      - generate-report: add helpful message on missing Python modules
      - generate-changelog, generate-report: support Python 3.7

  * custom-apt-cruft-check: fix output when there's nothing to remove
    (tails/tails!246)

    Commits:
      - custom-apt-cruft-check: fix output when there's nothing to remove

  * Release process: streamline configuration and environment management
    (tails/tails!245)

    Commits:
      - Release process: rename variable to avoid confusion
      - Apply 1 suggestion(s) to 1 file(s)
      - Fix typo in suggestion
      - Apply 3 suggestion(s) to 3 file(s)
      - rm-config: workaround pylint false positives
      - remove-unused-udfs: lint
      - remove-unused-udfs: actually use passed before_version
      - rm-config: add mypy exceptions
      - rm-config: add docstrings
      - rm-config: lint
      - rm-config: drop unused import
      - rm-config: import generation of IUK_SOURCE_VERSIONS
      - Factorize
      - rm-config: import more configuration generation
      - rm-config: validate configuration
      - RM config template: quote "FIXME" as it should be in the manually-filled
        version
      - rm-config: fix generate-environment for non-string values
      - rm-config: log config before validating
      - rm-config: pass stage to Config()
      - rm-config: add validate-configuration action
      - Release process: consistently provide editor command-line
      - rm-config: ensure generated shell snippet has a trailing newline
      - Release process: move generation of derived values to rm-config
      - Lint
      - Release process: fully phrase the rm-config usage bits
      - Release process: bring all notes together
      - Release process: document how to get your own local.yml
      - Release process: convert example local.yml to YAML, move generated variable out
        of it
      - Add type hints
      - Lint
      - rm-config: generate boilerplate config, read config & export it as shell
        environment
      - Release process: ensure the configuration does not taint the next release
        process
      - Document config format
      - Ensure RM config snippets produce 1 single YAML document when concatenated
      - Release process: specify interface for new RM config management.

  * WhisperBack: include the output of lsusb in reports (tails/tails!244)

    Commits:
      - WhisperBack: include the output of lsusb in reports

  * Automate Tor Browser WebRTC tests (tails/tails!243)

    Closes issues:
      - Automate Tor Browser WebRTC tests (tails/tails#10264)

    Commits:
      - Test suite: automatically test that WebRTC is disabled in Tor Browser
      - Test suite: refactoring (extract code to function)

  * GitLab CI: only run the apt-snapshots-expiry job when relevant
    (tails/tails!242)

    Commits:
      - GitLab CI: only run the apt-snapshots-expiry job when relevant
      - GitLab CI: switch to "Pipelines for Merge Requests" mode

  * GitLab CI: check PO files that we did not import from Transifex yet, only run
    PO checks when relevant (tails/tails!241)

    Commits:
      - Lint
      - GitLab CI: lint
      - GitLab CI: only run check-po-msgfmt and lint-po when relevant
      - GitLab CI: check PO files that we did not import from Transifex yet

  * Add script that checks which packages in our custom APT repo are unused
    (tails/tails!240)

    Closes issues:
      - Remove cruft from our custom APT repository (2020Q4 edition)
        (tails/tails#17997)

    Commits:
      - custom-apt-cruft-check: look for custom package on the suite we're working on
      - custom-apt-cruft-check: update script description to match current usage
      - custom-apt-cruft-check: fix generated reprepro command
      - custom-apt-cruft-check: make output command line easier to copy'n'paste
      - custom-apt-cruft-check: use a command line argument to specify which suite to
        check
      - Revert overzealous linting
      - custom-apt-cruft-check: fix branch check
      - Lint
      - custom-apt-cruft-check: add helpful comment to error message
      - custom-apt-cruft-check: output require reprepro clean up command
      - custom-apt-cruft-check: fetch .build-manifest from Jenkins
      - custom-apt-cruft-check: change quoting so \n becomes an actual newline
      - custom-apt-cruft-check: also support the devel branch/APT suite
      - Lint
      - custom-apt-cruft-check: add support for Onion service
      - Add script that checks which packages in our custom APT repo that are unused.

  * Release process: automate removing unused UDFs (tails/tails!239)

    Commits:
      - Remove UDFs for versions we'll never release
      - remove-unused-udfs: avoid computing the list of tags multiple times
      - remove-unused-udfs: avoid using global variable.
      - Release process: automate removing unused UDFs
      - Release process: remove now-irrelevant case
      - Release process: move cleaning up Changelog to a smarter place
      - Release process: remove duplicate operation
      - Release process: bundle together actions on the devel branch

  * GitLab CI: check that no APT snapshot will expire within 1 month
    (tails/tails!238)

    Commits:
      - GitLab CI: give job a name that better reflects its, well, job
      - Cleanup
      - GitLab CI: check that no APT snapshot will expire within 1 month.
      - apt-snapshot-expiry: exit with error if any snapshot will expire within 1
        month.
      - Get rid of subshell.

  * Release process: automate generation of email to manual testers
    (tails/tails!237)

    Commits:
      - Release process: make the shell complain if setting PAD was forgotten.
      - Release process: de-duplicate
      - Release process: automate generating the call for manual testing

  * Release process: streamline APT repository operations (tails/tails!236)

    Commits:
      - Release process: only context switch to freeze exception management if needed
      - Release process: streamline thawing time-based APT snapshots
      - Release process: streamline bumping time-based APT snapshots expiration date
      - Fix Vagrant build box APT snapshots updating info
      - Release process: streamline freezing time-based APT snapshots
      - Release process: automate
      - Release process: streamline post-release operations
      - Release process: streamline initializing the versioned custom APT suite
      - Replace link to obsolete reprepro homepage with link to Tracker
      - Release process: automate
      - Release process: streamline merging base branches
      - Custom APT repo doc: move to a script merging a main branch
      - Release process: streamline resetting custom APT suites
      - Lint
      - Custom APT repo doc: move to a script resetting a suite
      - Release process: streamline merging APT overlays
      - Release process: be extra explicit about what "freeze time" means
      - Revert "Release process: be explicit about the required setting when merging"

  * Ensure that we install the required custom packages from our custom APT repo
    (tails/tails!235)

    Commits:
      - Release process: drop VeraCrypt reminder.
      - Build system: ensure we install the required custom packages from our custom
        APT repo.

  * Release process: move big code snippets to scripts (tails/tails!234)

    Commits:
      - Lint
      - Release process: move to a script preparing the included website
      - Release process: move to a script cleaning SquashFS sort file
      - Lint
      - Release process: move to a script generating images signatures and Torrents
      - Lint
      - Release process: move to a script publishing test UDFs
      - Lint
      - Release process: move to a script signing UDFs
      - Release process: move to a script updating the trace file
      - Lint
      - Release process: move to a script publishing IUKs
      - Lint
      - Release process: move to a script announcing and seeding the Torrents
      - Lint
      - Release process: move to a script copying release files to the website
      - Release process: move Tor blog post generation to a script

  * check-po-msgstr: Add option to sanitize .po files (tails#17661)
    (tails/tails!232)

    Commits:
      - check-po-msgstr: Add option to sanitize .po files (tails#17661)

  * GitLab CI: run the perl5lib, persistence-setup, and a subset of the upgrader
    test suites (tails/tails!228)

    Commits:
      - Upgrader test suite: drop noisy output
      - Add missing strictures
      - GitLab CI: run the subset of the iuk test suite that works in a Docker
        environment
      - GitLab CI: run the persistence-setup test suite
      - GitLab CI: run the perl5lib test suite
      - Skip chattr when running in a test environment
      - Perl program test suite doc: run tests in a UTF-8 locale
      - Perl program test suite doc: use command-line --all flag instead of environment
        variable
      - Perl program test suite doc: add missing dependency

  * GitLab CI: run unit tests for tails-gdm-error-message (tails/tails!224)

    Commits:
      - GitLab CI: run unit tests for tails-gdm-error-message

  * GitLab CI: run WhisperBack unit tests (tails/tails!222)

    Commits:
      - GitLab CI: run WhisperBack unit tests

  * GitLab CI: check PO files with lint_po, that calls i18nspector
    (tails/tails!221)

    Commits:
      - GitLab CI: use Debian testing for lint-po stage
      - GitLab CI: check PO files with lint_po, that calls i18nspector

  * Fix test suite robustness regression introduced by the upgrade of lizard
    isotesters to Buster (tails/tails!218)

    Closes issues:
      - Test suite robustness regressed since the lizard isotesters were upgraded to
        Buster (tails/tails#17985)

    Commits:
      - Test suite: don't let Screen#find mess with Screen#wait_vanish's timeout
        argument
      - Test suite: make @screen.find() @screen.wait() for 5 seconds

  * Fix Tails Installer in Turkish and in languages that have a translation for the
    "Clone the current Tails" string (tails/tails!217)

    Closes issues:
      - Tails Installer does not allow upgrade in languages that have a translation for
        the "Clone the current Tails" string (tails/tails#17982)
      - tails-installer fails to operate in Turkish (tails/tails#17576)

    Commits:
      - Fix Tails Installer in Turkish
      - Update POT and PO files
      - Installer: s/Live.?OS/Tails/
      - Installer: use translations for strings defined in Glade

  * Move wrap_test_suite cucumber args logic into run_test_suite (tails/tails!216)

    Commits:
      - run_test_suite: use variable consistently.
      - run_test_suite: don't use current Git state, but the one described by Jenkin's
        environment variables.
      - Fix comment.
For faster browsing, not all history is shown. View entire blame