changelog 254 KB
Newer Older
1
tails (2.7) UNRELEASED; urgency=medium
anonym's avatar
anonym committed
2

bertagaz's avatar
bertagaz committed
3
  * Major new features and changes
4
5
    - Upgrade Icedove to 1:45.4.0-1~deb8u1+tails1. (Closes: #11854,
      #11860)
bertagaz's avatar
bertagaz committed
6

7
8
9
10
11
12
13
14
15
16
17
18
19
  * Security fixes
    - Upgrade to Linux 4.7. (Closes: #11885, #11818)
    - Upgrade to Tor 0.2.8.9. (Closes: #11832, #11891)
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u5.
    - Upgrade openssl to 1.0.1t-1+deb8u5.
    - Upgrade libarchive to 3.1.2-11+deb8u3.
    - Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u8.
    - Upgrade c-ares to 1.10.0-2+deb8u1.
    - Upgrade nspr to 2:4.12-1+debu8u1.
    - Upgrade nss to 2:3.26-1+debu8u1.
    - Upgrade tar to 1.27.1-2+deb8u1.
    - Upgrade mat to 0.5.2-3+deb8u1.

bertagaz's avatar
bertagaz committed
20
21
22
23
24
25
26
27
  * Minor improvements
    - Ship Let's encrypt intermediate certificate to prepare the
      the next certificate renewal of our website. Also unify the
      way our upgrades and security checkers verify this SSL
      certificate using our dedicated perl lib code. (Closes: #11810)

  * Bugfixes
    - Fix multiarch support in Synaptic. (Closes: #11820)
bertagaz's avatar
bertagaz committed
28
    - Set default spelling language to en_US in Icedove. (Closes: #11037)
bertagaz's avatar
bertagaz committed
29

bertagaz's avatar
bertagaz committed
30
31
32
  * Build system
    - Disable debootstrap merged-usr option. (Closes: #11903)

bertagaz's avatar
bertagaz committed
33
  * Test suite
34
35
    - Add test for incremental upgrades. (Closes: #6309)
    - Add tests for Icedove. (Closes: #6304)
36
37
    - Decrease timeout to Tails Greeter to speed up testing of branches
      where it is broken. (Closes: #11449)
38
39
    - Add a ID field to the remote shell responses to filter out
      unrelated ones. (Closes: #11846)
40
    - Reliabily wait for the Greeter PostLogin script. (Closes: #5666)
41
42
43
44
45
    - Reliabily type the kernel command line in the prompt at the boot
      menu to ensure the remote shell is started. (Closes: #10777)
    - Remove DVDROM device when not used, to workaround QEMU/Libvirt
      compatibility issue. (Closes: #11874)

anonym's avatar
anonym committed
46

47
 -- Tails developers <tails@boum.org>  Mon, 03 Oct 2016 23:06:51 +0200
anonym's avatar
anonym committed
48

anonym's avatar
anonym committed
49
tails (2.6) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
50

anonym's avatar
anonym committed
51
  * Major new features and changes
anonym's avatar
anonym committed
52
    - Install Tor 0.2.8.7. (Closes: #11351)
anonym's avatar
anonym committed
53
54
55
56
57
58
59
60
61
62
63
64
65
    - Enable kASLR in the Linux kernel. (Closes: #11281)
    - Upgrade Icedove to 1:45.2.0-1~deb8u1+tails1: (Closes: #11714)
      · Drop auto-fetched configurations using Oauth2.  They do not
        work together with Torbirdy since it disables needed
        functionality (like JavaScript and cookies) in the embedded
        browser. This should make auto-configuration work for GMail
        again, for instance.  (Closes: ##11536)
      · Pin Icedove to be installed from our APT repo. Debian's
        Icedove packages still do not have our secure Icedove
        autoconfig wizard patches applied, so installing them would be
        a serious security regression. (Closes: #11613)
      · Add missing icedove-l10n-* packages to our custom APT
        repository (Closes: #11550)
anonym's avatar
anonym committed
66
    - Upgrade to Linux 4.6: (Closes: #10298)
anonym's avatar
anonym committed
67
68
69
70
71
72
73
74
75
76
77
78
79
      · Install the 686 kernel flavour instead of the obsolete 586
        one.
      · APT, dpkg: add amd64 architecture. The amd64 kernel flavour is
        not built anymore for the i386 architecture, so we need to use
        multiarch now.
      · Build and install the out-of-tree aufs4 module. (Closes: #10298)
      · Disable kernel modesetting for QXL: it's not compatible with
        Jessie's QXL X.Org driver.

  * Security fixes
    - Hopefully fixed an issue which would sometimes make the Greeter
      ignore the "disable networking" or "bridge mode"
      options. (Closes: #11593)
intrigeri's avatar
intrigeri committed
80

anonym's avatar
anonym committed
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
  * Minor improvements
    - Install firmware-intel-sound and firmware-ti-connectivity.  This
      adds support for some sound cards and Wi-Fi adapters.  (Closes:
      #11502)
    - Install OpenPGP Applet from Debian. (Closes: #10190)
    - Port the "About Tails" dialog to python3.
    - Run our initramfs memory erasure hook earlier (Closes:
      #10733). The goal here is to:
      · save a few seconds on shutdown (it might matter especially for
        the emergency one);
      · work in a less heavily multitasking / event-driven
        environment, for more robust operation.
    - Install rngd, and make rng-tools initscript return success when
      it can't find any hardware RNG device. Most Tails systems around
      probably have no such device, and we don't want systemd to
      believe they failed to boot properly. (Closes: #5650)
    - Don't force using the vboxvideo X.Org driver. According to our
      tests, this forced setting is:
       · harmful: it breaks X startup when the vboxvideo *kernel*
         driver is loaded;
       · useless: X.Org now autodetects the vboxvideo X.Org driver and
         uses it when running in VirtualBox and the vboxvideo kernel
         is not present.
    - Port boot-profile to python3 (Closes: #10083). Thanks to
      heartsucker <heartsucker@autistici.org> for the patch!
    - Include /proc/cmdline and the content of persistent APT sources
      in WhisperBack bug reports. (Closes: #11675, #11635)
    - Disable non-free APT sources at boot time. (Closes: #10130)
    - Have a dedicated page for the homepage of Tor Browser in
      Tails. (Closes: # 11725)
    - Only build the VirtualBox kernel modules for the 32-bit kernel.
      It's both hard and useless to build it for 64-bit in the current
      state of things, as long as we're shipping a 32-bit userspace.
      Also, install virtualbox-* from jessie-backports, since the
      version in Jessie is not compatible with Linux 4.x.
intrigeri's avatar
intrigeri committed
116

anonym's avatar
anonym committed
117
118
119
120
121
  * Build system
    - Don't install+remove dpatch during the build. It's not been
      needed in this hook for ages.
    - Bump BUILD_SPACE_REQUIREMENT: at least one of us needed that to
      build feature/10298-linux-4.x-aufs with the gzipcomp option.
122

anonym's avatar
anonym committed
123
124
125
126
127
128
129
130
131
132
133
  * Test suite
    - Send Tails Installer's debug log to the Cucumber debug log on
      failure. This is meant to debug #10720 since I can't
      reproduce it locally.
    - Give the system under testing 2 vCPUs. (Closes: #6729)
    - Split scenarios from checks.feature. (Closes: #5707)
    - Add retry-logic to the Synaptic tests. (Closes: #10412, #10441,
      #10991)
    - Run usb_upgrade.feature earlier, when there is enough free disk
      space left. (Closes: #11582)
    - Use more recent virtual hardware in the system under test,
anonym's avatar
anonym committed
134
135
136
137
138
      i.e. USB 3.0 (nec-xhci) on a pc-i440fx-2.5 machine. Switching
      USB controllers has helped with problems we see on Jenkins when
      booting from USB (#11588). Also, there are chances that more
      recent virtual hardware sees more testing these days, so it
      sounds potentially useful to "upgrade".
anonym's avatar
anonym committed
139
140
141
142
143
144
145
    - Add support for Cucumber 2.4. (Closes: #11690)
    - Always write {pretty,debug} logs and JSON output to the artifact
      directory.
    - Disable info level logging on Chutney nodes to save disk
      space. For our network all these add up to > 1 GiB and we didn't
      take this into account when budgeting RAM to the isotesters on
      Jenkins.
146

anonym's avatar
anonym committed
147
 -- Tails developers <tails@boum.org>  Tue, 20 Sep 2016 04:16:33 +0200
148

intrigeri's avatar
intrigeri committed
149
tails (2.5) unstable; urgency=medium
anonym's avatar
anonym committed
150

intrigeri's avatar
intrigeri committed
151
152
153
154
155
156
157
158
159
160
161
162
163
164
  * Major new features and changes
    - Upgrade Icedove to 1:45.1.0-1~deb8u1+tails2. (Closes: #11530)
      · Fix long delay causing bad UX in the autoconfig wizard,
        when it does not manage to guess proper settings on some domains.
        (Closes: #11486)
      · Better support sending email through some ISPs, such as Riseup.
        (Closes: #10933)
      · Fix spurious error message when creating an account and providing
        its password. (Closes: #11550)

  * Security fixes
    - Upgrade Tor Browser to 6.0.3 based on Firefox 45.3. (Closes: #11611)
    - Upgrade GIMP to 2.8.14-1+deb8u1.
    - Upgrade libav to 6:11.7-1~deb8u1.
intrigeri's avatar
intrigeri committed
165
    - Upgrade expat to 2.1.0-6+deb8u3.
intrigeri's avatar
intrigeri committed
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
    - Upgrade libgd3 to 2.1.0-5+deb8u6.
    - Upgrade libmodule-build-perl to 0.421000-2+deb8u1.
    - Upgrade perl to 5.20.2-3+deb8u6.
    - Upgrade Pidgin to 2.11.0-0+deb8u1.
    - Upgrade LibreOffice to 1:4.3.3-2+deb8u5.
    - Upgrade libxslt1.1 to 1.1.28-2+deb8u1.
    - Upgrade Linux to 3.16.7-ckt25-2+deb8u3.
    - Upgrade OpenSSH to 1:6.7p1-5+deb8u3.
    - Upgrade p7zip to 9.20.1~dfsg.1-4.1+deb8u2.

  * Minor improvements
    - htpdate: replace obsolete and unreliable URIs in HTP pools, and decrease
      timeout for HTTP operations for more robust time synchronization.
      (Closes: #11577)
    - Hide settings panel for the Online Accounts component of GNOME,
      that we don't support. (Closes: #11545)
    - Vastly improve graphics performance in KVM guest with QXL driver.
      (Closes: #11500)
    - Fix graphics artifacts in Tor Browser in KVM guest with QXL driver.
      (Closes: #11489)

  * Build system
    - Wrap Pidgin in a more maintainable way. (Closes: #11567)

  * Test suite
    - Add a test scenario for the persistence "dotfiles" feature.
      (Closes: #10840)
    - Improve robustness of most APT, Git, SFTP and SSH scenarios,
      enough to enable them on Jenkins. (Closes: #10444, #10496, #10498)
    - Improve robustness of checking for persistence partition. (Closes: #11558)
    - Treat Tails booting from /dev/sda as OK, to support all cases
      including a weird one caused by hybrid ISO images. (Closes: #10504)
    - Bump a bunch of timeouts to cope with the occasional slowness on Jenkins.
    - Only query A records when exercising DNS lookups, to improve robustness.
anonym's avatar
anonym committed
200

intrigeri's avatar
intrigeri committed
201
 -- Tails developers <tails@boum.org>  Sun, 31 Jul 2016 16:50:35 +0000
anonym's avatar
anonym committed
202

anonym's avatar
anonym committed
203
tails (2.4) unstable; urgency=medium
anonym's avatar
anonym committed
204

anonym's avatar
anonym committed
205
  * Major new features and changes
anonym's avatar
anonym committed
206
207
    - Upgrade Tor Browser to 6.0.1 based on Firefox 45.2. (Closes:
      #11403, #11513).
anonym's avatar
anonym committed
208
209
210
211
212
213
    - Enable Icedove's automatic configuration wizard. We patch the
      wizard to only use secure protocols when probing, and only
      accept secure protocols, while keeping the improvements done by
      TorBirdy in its own non-automatic configuration wizard. (Closes:
      #6158, #11204)

anonym's avatar
anonym committed
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
  * Security fixes
    - Upgrade bsdtar and libarchive13 to 3.1.2-11+deb8u1.
    - Upgrade icedove to 38.8.0-1~deb8u1+tails3.
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u3.
    - Upgrade libexpat1 to 2.1.0-6+deb8u2.
    - Upgrade libgd3 to 2.1.0-5+deb8u3.
    - Upgrade gdk-pixbuf-based packages to 2.31.1-2+deb8u5.
    - Upgrade libidn11 to 1.29-1+deb8u1.
    - Upgrade libndp0 to 1.4-2+deb8u1.
    - Upgrade poppler-based packages to 0.26.5-2+deb8u1.
    - Upgrade librsvg2-2 to 2.40.5-1+deb8u2.
    - Upgrade libsmbclient to 2:4.2.10+dfsg-0+deb8u3.
    - Upgrade OpenSSL to 1.0.1k-3+deb8u5.
    - Upgrade libtasn1-6 to 4.2-3+deb8u2.
    - Upgrade libxml2 to 2.9.1+dfsg1-5+deb8u2.
    - Upgrade openjdk-7-jre to 7u101-2.6.6-1~deb8u1.

anonym's avatar
anonym committed
231
232
233
234
235
236
237
238
239
240
241
  * Bugfixes
    - Enable Packetization Layer Path MTU Discovery for IPv4. If any
      system on the path to the remote host has a MTU smaller than the
      standard Ethernet one, then Tails will receive an ICMP packet
      asking it to send smaller packets. Our firewall will drop such
      ICMP packets to the floor, and then the TCP connection won't
      work properly. This can happen to any TCP connection, but so far
      it's been reported as breaking obfs4 for actual users. Thanks to
      Yawning for the help! (Closes: #9268)
    - Make Tails Upgrader ship other locales than English. (Closes:
      #10221)
anonym's avatar
anonym committed
242
243
    - Make it possible to add local USB printers again. Bugfix on
      Tails 2.0. (Closes #10965).
anonym's avatar
anonym committed
244
245

  * Minor improvements
sajolida's avatar
sajolida committed
246
247
248
    - Remove custom SSH ciphers and MACs settings. (Closes: #7315)
    - Bring back "minimize" and "maximize" buttons in titlebars by
      default. (Closes: #11270)
anonym's avatar
anonym committed
249
250
251
252
    - Icedove improvements:
      * Stop patching in our default into Torbirdy. We've upstreamed
        some parts, and the rest we set with pref branch overrides in
        /etc/xul-ext/torbirdy.js. (Closes: #10905)
sajolida's avatar
sajolida committed
253
      * Use hkps keyserver in Enigmail. (Closes: #10906)
anonym's avatar
anonym committed
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
      * Default to POP if persistence is enabled, IMAP is
        not. (Closes: #10574)
      * Disable remote email account creation in Icedove. (Closes:
        #10464)
    - Firewall hardening (Closes: #11391):
      * Don't accept RELATED packets. This enables quite a lot of code
        in the kernel that we don't need. Let's reduce the attack
        surface a bit.
      * Restrict debian-tor user to NEW TCP syn packets. It doesn't
        need to do more, so let's do a little bit of security in
        depth.
      * Disable netfilter's nf_conntrack_helper.
      * Fix disabling of automatic conntrack helper assignment.
    - Kernel hardening:
      * Set various kernel boot options: slab_nomerge slub_debug=FZ
        mce=0 vsyscall=none. (Closes: #11143)
      * Remove the kernel .map files. These are only useful for kernel
        debugging and slightly make things easier for malware, perhaps
        and otherwise just occupy disk space. Also stop exposing
        kernel memory addresses through /proc etc. (Closes: #10951)
    - Drop zenity hacks to "focus" the negative answer. Jessie's
      zenity introduced the --default-cancel option, finally!
      (Closes: #11229)
    - Drop useless APT pinning for Linux.
    - Remove gnome-tweak-tool. (Closes: #11237)
    - Install python-dogtail, to enable accessibility technologies in
      our automated test suite (see below). (Part of: #10721)
    - Install libdrm and mesa from jessie-backports. (Closes: #11303)
    - Remove hledger. (Closes: #11346)
    - Don't pre-configure the #tails chan on the default OFTC account.
      (Part of: #11306)
    - Install onioncircuits from jessie-backports. (Closes: #11443)
    - Remove nmh. (Closes: #10477)
    - Drop Debian experimental APT source: we don't use it.
    - Use APT codenames (e.g. "stretch") instead of suites, to be
      compatible with our tagged APT snapshots.
    - Drop module-assistant hook and its cleanup. We've not been using
      it since 2010.
    - Remove 'Reboot' and 'Power Off' entries from Applications →
      System Tools. (Closes: #11075)
    - Pin our custom APT repo to the same level as Debian ones, and
      explicitly pin higher the packages we want to pull from our custom
      APT repo, when needed.
    - config/chroot_local-hooks/59-libdvd-pkg: verify libdvdcss
      package installation. (Closes: #11420)
    - Make Tails Upgrader use our new mirror pool design. (Closes:
      #11123)
anonym's avatar
anonym committed
301
302
303
304
305
306
307
308
    - Drop custom OpenSSH client ciphers and MACs settings. We did a
      pretty bad job at maintaining them compared to the Debian
      upstream. (Closes: #7315)
    - Install jessie-backports version of all binary packages built
      from src:hplip. This adds support for quite a few new
      printers.
    - Install printer-driver-postscript-hp, which adds support for
      some more printers.
anonym's avatar
anonym committed
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

  * Build system
    - Use a freezable APT repo when building Tails. This is a first
      step towards reproducible builds, and improves our QA and
      development processes by making our builds more predictable. For
      details, see: https://tails.boum.org/contribute/APT_repository/
    - There has been a massive amount of improvements to the
      Vagrant-based build system, and now it could be considered the
      de-facto build system for Tails! Improvements and fixes include:
      * Migrate Vagrant to use libvirt/KVM instead of
        Virtualbox. (Closes: #6354)
      * Make apt-get stuff non-interactive while provisioning.
        Because there is no interaction, so that will results in
        errors.
      * Bump disk space (=> RAM for RAM builds) needed to build with
        Vagrant. Since the Jessie migration it seems impossible to
        keep this low enough to fit in 8 GiB or RAM. For this reason
        we also drop the space optimization where we build inside a
        crazy aufs stack; now we just build in a tmpfs.
      * Clean up apt-cacher-ng cache on vm:provision to save disk
        space on the builder.
      * Add convenient Rake task for SSH:ing into the builder VM:
        `rake vm:ssh`.
      * Add rake task for generating a new Vagrant base box.
      * Automatically provision the VM on build to keep things up-to-date.
      * Don't enable extproxy unless explicitly given as an
        option. Previously it would automatically be enabled when
        `http_proxy` is set in the environment, unlike what is
        documented. This will hopefully lead to fewer surprises for users
        who e.g. point http_proxy to a torified polipo, or similar.
      * Re-fetch tags when running build-tails with Vagrant. That
        should fix an annoyance related to #7182 that I frequently
        encounter: when I, as the RM, rebuild the release image the
        second time from the force-updated tag, the build system would
        not have the force-updated tag. (Closes: #7182)
      * Make sure we use the intended locale in the Tails builder VM.
        Since we communicate via SSH, and e.g. Debian forward the
        locale env vars by default, we have to take some steps
        ensuring we do not do that.
    - Pull monkeysphere from stretch to avoid failing to install under
      eatmydata. Patch submitted by Cyril Brulebois <cyril@debamax.com>.

  * Test suite
    - Add wrapper around dogtail (inside Tails) for "remote" usage in
      the automated test suite. This provides a simple interface for
      generating dogtail python code, sending it to the guest, and
      executing it, and should allow us to write more robust tests
      leveraging assistive technologies. (Closes: #10721)
    - A few previously sikuli-based tests has been migrated to use
      dogtail instead, e.g. GNOME Applications menu interaction.
    - Add a test for re-configuring an existing persistent volume.
      This is a regression test for #10809. (Closes: #10834)
    - Use a simulated Tor network provided by Chutney in the automated
      test suite. The main motivation here is improved robustness --
      since the "Tor network" we now use will exit from the host
      running the automated test suite, we won't have to deal with Tor
      network blocking, or unreliable circuits. Performance should
      also be improved. (Closes: #9521)
    - Drop the usage of Tor Check in our tests. It doesn't make sense
      now when we use Chutney since that always means it will report
      that Tor is not being used.
    - Stop testing obsolete pluggable transports.
    - Completely rewrite the firewall leak detector to something more
      flexible and expressive.
    - Run tcpdump with --immediate-mode for the network sniffer. With
      this option, "packets are delivered to tcpdump as soon as they
      arrive, rather than being buffered for efficiency" which is
      required to make the sniffing work reliable the way we use it.
    - Remove most scenarios testing "tordate". It just isn't working
      well in Tails, so we shouldn't expect the tests to actually work
      all of the time. (Closes: #10440)
anonym's avatar
anonym committed
380
381
382
383
384
385
386
387
388
389
390
    - Close Pidgin before we inspect or persist its accounts.xml.
      I've seen a case when that file is _not_ saved (and thus, not
      persisted) if we shut down the system while Pidgin is still
      running. (Closes: #11413)
    - Close the GNOME Notification bar by pressing ESC, instead of
      opening the Applications menu. The Applications menu often
      covers other elements that we're looking for on the
      screen. (Closes #11401)
    - Hide Florence keyboard window when it doesn't vanish by itself
      (Closes: #11398) and wait a bit less for Florence to disappear
      (Closes: #11464).
anonym's avatar
anonym committed
391

anonym's avatar
anonym committed
392
 -- Tails developers <tails@boum.org>  Mon, 06 Jun 2016 20:10:56 +0200
anonym's avatar
anonym committed
393

anonym's avatar
anonym committed
394
tails (2.3) unstable; urgency=medium
anonym's avatar
anonym committed
395

anonym's avatar
anonym committed
396
397
398
399
  * Security fixes
    - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
    - Upgrade icedove to 38.7.0-1~deb8u1
    - Upgrade git to 1:2.1.4-2.1+deb8u2
400
    - Upgrade libgd3 to 2.1.0-5+deb8u1
anonym's avatar
anonym committed
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
    - Upgrade pidgin-otr to 4.0.1-1+deb8u1
    - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
    - Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
    - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
    - Upgrade openssh to 1:6.7p1-5+deb8u2

  * Bugfixes
    - Refresh Tor Browser's AppArmor profile patch against the one from
      torbrowser-launcher 0.2.4-1. (Fixes: #11264)
    - Pull monkeysphere from stretch to avoid failing to install under
      eatmydata. (Fixes: #11170)
    - Start gpg-agent with no-grab option due to issues with pinentry and
      GNOME's top bar. (Fixes: #11038)
    - Tails Installer: Update error message to match new name of 'Clone
      & Install'. (Fixes: #11238)
    - Onion Circuits:
      * Cope with a missing geoipdb. (Fixes: #11203)
      * Make both panes of the window scrollable. (Fixes #11192)
    - WhisperBack: Workaround socks bug. When the Tor fails to connect to
      the host, WisperBack used to display a ValueError.  This is caused by
      a socks bug that is solved in upstream's master but not in Tails.
      This commit workarounds this bug Unclear error message in WhisperBack
      when failing to connect to the server. (Fixes: #11136)

  * Minor improvements
    - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
      and fixes to various packages . (Fixes: #11232)
    - Upgrade I2P to 0.9.25. (Fixes: #11363)
    - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
      passwords from the clipboard. (Fixes: #11239)
    - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
      (Fixes: #11273)
    - Make the Tor Status "disconnected" icon more contrasted with the
      "connected" one. (Fixes: #11199)

  * Test suite
    - Add UTF-8 support to OTR Bot. (Fixes: #10866)
    - Don't explicitly depend on openjdk-7-jre or any JRE for that
      matter. Sikuli will pull in a suitable one, so depending on one
      ourselves is only risks causing trouble. (Fixes: #11335)
anonym's avatar
anonym committed
441

anonym's avatar
anonym committed
442
 -- Tails developers <tails@boum.org>  Mon, 25 Apr 2016 14:12:22 +0200
anonym's avatar
anonym committed
443

anonym's avatar
anonym committed
444
tails (2.2.1) unstable; urgency=medium
anonym's avatar
anonym committed
445

anonym's avatar
anonym committed
446
447
448
449
450
451
  * Security fixes
    - Upgrade Tor Browser to 5.5.4. (Closes: #11254)
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u6
    - Upgrade libotr to 4.1.0-2+deb8u1
    - Upgrade samba-related packages to 2:4.1.17+dfsg-2+deb8u2.
    - Upgrade libgraphite2 to 1.3.6-1~deb8u1.
anonym's avatar
anonym committed
452

anonym's avatar
anonym committed
453
 -- Tails developers <tails@boum.org>  Thu, 17 Mar 2016 15:03:52 +0100
anonym's avatar
anonym committed
454

anonym's avatar
anonym committed
455
tails (2.2) unstable; urgency=medium
456

anonym's avatar
anonym committed
457
458
459
460
461
462
463
464
  * Major new features and changes
    - Replace Vidalia (which has been unmaintained for years) with:
      (Closes: #6841)
      * the Tor Status GNOME Shell extension, which adds a System Status
        icon indicating whether Tor is ready or not.
      * Onion Circuits, a simple Tor circuit monitoring tool.

  * Security fixes
anonym's avatar
anonym committed
465
466
    - Upgrade Tor Browser to 5.5.3 (Closes: #11189).
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u4.
anonym's avatar
anonym committed
467
468
    - Upgrade cpio to 2.11+dfsg-4.1+deb8u1.
    - Upgrade glibc to 2.19-18+deb8u3.
anonym's avatar
anonym committed
469
    - Upgrade libav to 6:11.6-1~deb8u1.
anonym's avatar
anonym committed
470
    - Upgrade libgraphite2 to 1.3.5-1~deb8u1.
anonym's avatar
anonym committed
471
    - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u1.
anonym's avatar
anonym committed
472
473
    - Upgrade libreoffice to 4.3.3-2+deb8u3.
    - Upgrade libssh2 to 1.4.3-4.1+deb8u1.
anonym's avatar
anonym committed
474
475
476
    - Upgrade openssl to 1.0.1k-3+deb8u4.
    - Upgrade perl to 5.20.2-3+deb8u4.
    - Upgrade python-imaging, python-pil to 2.6.1-2 2.6.1-2+deb8u2.
anonym's avatar
anonym committed
477
478
479
480
481
482
483
484
485
486

  * Bugfixes
    - Hide "Laptop Mode Tools Configuration" menu entry. We don't
      support configuring l-m-t in Tails, and it doesn't work out of
      the box. (Closes: #11074)
    - WhisperBack:
      * Actually write a string when saving bug report to
        disk. (Closes: #11133)
      * Add missing argument to OpenPGP dialog so the optional OpenPGP
        key can be added again. (Closes: #11033)
anonym's avatar
anonym committed
487

anonym's avatar
anonym committed
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
  * Minor improvements
    - Upgrade I2P to 0.9.24-1~deb8u+1.
    - Add support for viewing DRM protected DVD videos using
      libdvdcss2. Patch series submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #7674)
    - Automatically save KeePassX database after every change by default.
      (Closes: #11147)
    - Implement Tor stream isolation for WhisperBack
    - Delete unused tor-tsocks-mua.conf previously used by Claws
      Mail. (Closes: #10904)
    - Add set -u to all gettext:ized shell scripts. In gettext-base <
      1.8.2, like the one we had in Wheezy, gettext.sh references the
      environment variable ZSH_VERSION, which we do not set. This has
      prevented us from doing `set -u` without various hacks. (Closes:
      #9371)
    - Also set -e in some shell scripts which lacked it for no good
      reason.
    - Make Git verify the integrity of transferred objects. (Closes:
      #11107)
anonym's avatar
anonym committed
507
508
    - Remove LAlt+Shift and LShift+RShift keyboard layout toggling
      shortcuts. (Closes: #10913, #11042)
anonym's avatar
anonym committed
509
510
511
512

  * Test suite
    - Reorder the execution of feature to decrease peak disk
      usage. (Closes: #10503)
anonym's avatar
anonym committed
513
514
515
516
517
518
519
520
    - Paste into the GTK file chooser, instead of typing. (Closes:
      #10775)
    - Pidgin: wait a bit for text to have stopped scrolling before we
      click on it. (Closes: #10783)
    - Fix step that runs commands in GNOME Terminal, that was broken
      on Jessie when a Terminal is running already. (Closes: #11176)
    - Let ruby-rjb guess JAVA_HOME instead fixing on one jvm
      version. (Closes: #11190)
anonym's avatar
anonym committed
521
522
523
524
525
526
527
528
529
530
531

  * Build system
    - Upgrade build system to Debian Jessie. This includes migrating to a
      new Vagrant basebox based on Debian Jessie.
    - Rakefile: print git status when there are uncommitted
      changes. Patch submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #11108)
    - .gitignore: add .rake_tasks~. Patch submitted by Austin English
      <austinenglish@gmail.com>. (Closes: #11134)
    - config/amnesia: use --show-field over sed filtering. Patch
      submitted by Chris Lamb <lamby@debian.org>.
anonym's avatar
anonym committed
532
533
    - Umount and clean up leftover temporary directories from old
      builds. (Closes: #10772)
534

anonym's avatar
anonym committed
535
 -- Tails developers <tails@boum.org>  Mon, 07 Mar 2016 18:09:50 +0100
536

intrigeri's avatar
intrigeri committed
537
tails (2.0.1) unstable; urgency=medium
anonym's avatar
anonym committed
538

intrigeri's avatar
intrigeri committed
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
  * Major new features and changes
    - Enable the Tor Browser's font fingerprinting protection
      (Closes: #11000). We do it for all browsers (including
      the Unsafe Browser and I2P Browser mainly to avoid making our
      automated test suite overly complex. This implied to set an appropriate
      working directory when launching the Tor Browser, to accommodate for
      the assumptions it makes about this.

  * Security fixes
    - Upgrade Tor Browser to 5.5.2 (Closes: #11105).

  * Bugfixes
    - Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
    - Add libgnome2-bin to installed packages list to provide gnome-open,
      which fixes URL handling at least in KeePassX, Electrum and Icedove
      (Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!

  * Minor improvements
    - Refactor and de-duplicate the chrooted browsers' configuration:
      prefs.js, userChrome.css (Closes: #9896).
    - Make the -profile Tor Launcher workaround simpler (Closes: #7943).
    - Move Torbutton environment configuration to the tor-browser script,
      instead of polluting the default system environment with it.
    - Refresh patch against the Tor Browser AppArmor profile
      (Closes: #11078).
    - Propagate Tor Launcher options via the wrapper.
    - Move tor-launcher script to /usr/local/bin.
    - Move tor-launcher-standalone to /usr/local/lib.
    - Move Tor Launcher env configuration closer to the place where it is used,
      for simplicity's sake.

  * Test suite
    - Mass update browser and Tor Launcher related images due to font change,
      caused by Tor Browser 5.5's font fingerprinting protection
      (Closes: #11097). And then, use separate PrintToFile.png for the browsers,
      and Evince, since it cannot be shared anymore.
    - Adjust to the refactored chrooted browsers configuration handling.
    - Test that Tor Launcher uses the correct Tor Browser libraries.
    - Allow more slack when verifying that the date that was set.
    - Bump a bit the timeout used when waiting for the remote shell.
    - Bump timeout for the process to disappear, when closing Evince.
    - Bump timeout when saving persistence configuration.
    - Bump timeout for bootstrapping I2P.

  * Build system
    - Remove no longer relevant places.sqlite cleanup procedure.
anonym's avatar
anonym committed
585

intrigeri's avatar
intrigeri committed
586
 -- Tails developers <tails@boum.org>  Fri, 12 Feb 2016 13:00:15 +0000
anonym's avatar
anonym committed
587

anonym's avatar
anonym committed
588
tails (2.0) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
589

intrigeri's avatar
intrigeri committed
590
  * Major new features and changes
anonym's avatar
anonym committed
591
592
593
594
595
    - Upgrade to Debian 8 (Jessie).
    - Migrate to GNOME Shell in Classic mode.
    - Use systemd as PID 1, and convert all custom initscripts to systemd units.
    - Remove the Windows camouflage feature: our call for help to port
      it to GNOME Shell (issued in January, 2015) was unsuccessful.
intrigeri's avatar
intrigeri committed
596
597
    - Remove Claws Mail: Icedove is now the default email client
      (Closes: #10167).
anonym's avatar
anonym committed
598
    - Upgrade Tor Browser to 5.5 (Closes: #10858, #10983).
intrigeri's avatar
intrigeri committed
599
600

  * Security fixes
anonym's avatar
anonym committed
601
602
    - Minimally sandbox many services with systemd's namespacing features.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u3.
intrigeri's avatar
intrigeri committed
603
    - Upgrade Git to 1:2.1.4-2.1+deb8u1.
anonym's avatar
anonym committed
604
605
606
607
608
609
    - Upgrade Perl to 5.20.2-3+deb8u3.
    - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u5.
    - Upgrade FUSE to 2.9.3-15+deb8u2.
    - Upgrade isc-dhcp-client tot 4.3.1-6+deb8u2.
    - Upgrade libpng12-0 to 1.2.50-2+deb8u2.
    - Upgrade OpenSSH client to 1:6.7p1-5+deb8u1.
intrigeri's avatar
intrigeri committed
610
611

  * Bugfixes
anonym's avatar
anonym committed
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
    - Restore the logo in the "About Tails" dialog.
    - Don't tell the user that "Tor is ready" before htpdate is done
      (Closes: #7721).
    - Upgrader wrapper: make the check for free memory more accurate
      (Closes: #10540, #8263).
    - Allow the desktop user, when active, to configure printers;
      fixes regression introduced in Tails 1.1 (Closes: #8443).
    - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
      and showing errors while we make sure that Tor bootstraps, which could
      take a while.
    - Allow Totem to read DVDs, by installing apparmor-profiles-extra
      from jessie-backports (Closes: #9990).
    - Make memory erasure on shutdown more robust (Closes: #9707, #10487):
      · don't forcefully overcommit memory
      · don't kill the allocating task
      · make sure the kernel doesn't starve from memory
      · make parallel sdmem handling faster and more robust
intrigeri's avatar
intrigeri committed
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
    - Don't offer the option, in Tor Browser, to open a downloaded file with
      an external application (Closes: #9285). Our AppArmor confinement was
      blocking most such actions anyway, resulting in poor UX; bugfix on 1.3.
      Accordingly, remove the now-obsolete exception we had in the Tor
      Browser AppArmor profile, that allowed executing seahorse-tool.
    - Fix performance issue in Tails Upgrader, that made it very slow to apply
      an automatic upgrade; bugfix on 1.7 (Closes: #10757).
    - Use our wrapper script to start Icedove from the GNOME menus.
    - Make it possible to localize our Icedove wrapper script.
    - List Icedove persistence option in the same position where Claws Mail
      used to be, in the persistent volume assistant (Closes: #10832).
    - Fix Electrum by installing the version from Debian Testing
      (Closes: #10754). We need version >=2.5.4-2, see #9713;
      bugfix on 2.0~beta1. And, explicitly install python-qt4 to enable
      Electrum's GUI: it's a Recommends, and we're not pulling it ourselves
      via other means anymore.
    - Restore default file associations (Closes: #10798);
      bugfix on 2.0~beta1.
    - Update 'nopersistent' boot parameter to 'nopersistence'; bugfix on 0.12
      (Closes: #10831). Thanks to live-media=removable, this had no security
      impact in practice.
    - Repair dotfiles persistence feature, by adding a symlink from
      /lib/live/mount/persistence to /live/persistence; bugfix on 2.0~beta1
      (Closes: #10784).
    - Fix ability to re-configure an existing persistent volume using
      the GUI; bugfix on 2.0~beta1 (Closes: #10809).
    - Associate armored OpenPGP public keys named *.key with Seahorse,
      to workaround https://bugs.freedesktop.org/show_bug.cgi?id=93656;
      bugfix on 1.1 (Closes: #10889).
    - Update the list of enabled GNOME Shell extensions, which might fix
      the "GNOME Shell sometimes leaves Classic mode" bug seen in 2.0~beta1:
      · Remove obsolete "Alternative Status Menu", that is not shipped
        in Debian anymore.
      · Explicitly enable the GNOME Shell extensions that build
        the Classic mode.
    - Make _get_tg_setting() compatible with set -u (Closes: #10785).
anonym's avatar
anonym committed
665
666
667
668
669
    - laptop-mode-tools: don't control autosuspend. Some USB input
      devices don't support autosuspend. This change might help fix
      #10850, but even if it doesn't, it makes sense to me that we
      don't let laptop-mode-tools fiddle with this on a Live system
      (Closes (for now): #10850).
intrigeri's avatar
intrigeri committed
670
671

  * Minor improvements
672
    - Remove obsolete code from various places.
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
    - Tails Greeter:
      · hide all windows while logging in
      · resize and re-position the panel when the screen size grows
      · PostLogin: log into the Journal instead of a dedicated log file
      · use localectl to set the system locale and keyboard mapping
      · delete the Live user's password if no administration password is set
        (Closes: #5589)
      · port to GDBus greeter interface, and adjust to other GDM
        and GNOME changes
    - Tails Installer:
      · port to UDisks2, and from Qt4 to GTK3
      · adapt to work on other GNU/Linux operating systems than Tails
      · clean up enough upstream code and packaging bits to make it
        deserve being uploaded to Debian
      · rename everything from liveusb-creator to tails-installer
    - Port tails-perl5lib to GTK3 and UDisks2. In passing, do some minor
      refactoring and a GUI improvement.
    - Persistent Volume Assistant:
      · port to GTK3 and UDisks2
      · handle errors when deleting persistent volume (Closes: #8435)
      · remove obsolete workarounds
694
    - Don't install UDisks v1.
695
    - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
696
697
    - Adjust import-translations' post-import step for Tails Installer,
      to match how its i18n system works nowadays.
698
    - Use socket activation for CUPS, to save some boot time.
699
    - Set memlockd.service's OOMScoreAdjust to -1000.
intrigeri's avatar
intrigeri committed
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
    - Don't bother creating /var/lib/live in tails-detect-virtualization.
      If it does not exist at this point, we have bigger and more
      noticeable problems.
    - Simplify the virtualization detection & reporting system, and do it
      as a non-root user with systemd-detect-virt rather than virt-what.
    - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
      WhisperBack's logs handling accordingly.
    - Drop tails-save-im-environment.
      It's not been used since we stopped automatically starting the web browser.
    - Add a hook that aborts the build if any *.orig file is found. Such files
      appear mainly when a patch of ours is fuzzy. In most cases they are no big
      deal, but in some cases they end up being taken into account
      and break things.
    - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
    - Install gnome-tweak-tool.
    - Don't bother testing if we're using dependency based boot.
    - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
      This has been fixed in Jessie proper.
    - Don't install ipheth-utils anymore. It seems to be obsolete
      in current desktop environments.
    - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
    - Drop all custom fontconfig configuration, and configure fonts rendering
      via dconf.
    - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
      that was applied upstream.
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
    - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
      it brings new features we need.
    - Have the security check and the upgrader wait for Tor having bootstrapped
      with systemd unit ordering.
    - Get rid of tails-security-check's wrapper.
      Its only purpose was to wait for Tor to have bootstrapped,
      which is now done via systemd.
    - Don't allow the amnesia and tails-upgrade-frontend users to run
      tor-has-bootstrapped as root with sudo. They don't need it anymore,
      thanks to using systemd for starting relevant units only once Tor
      has bootstrapped.
    - Install python-nautilus, that enables MAT's context menu item in Nautilus.
      (Closes: #9151).
    - Configure GDM with a snippet file instead of patching its
      greeter.dconf-defaults.
    - WhisperBack:
      · port to Python 3 and GObject Introspection (Closes: #7755)
      · migrate from the gnutls module to the ssl one
      · use PGP/MIME for better attachments handling
      · migrate from the gnupginterface module to the gnupg one
      · natively support SOCKS  don't wrap with torsocks anymore
        (Closes: #9412)
      · don't try to include the obsolete .xession-errors in bug reports
        (Closes: #9966)
    - chroot-browser.sh: don't use static DISPLAY.
    - Simplify debugging:
      · don't hide the emergency shutdown's stdout
      · tails-unblock-network: trace commands so that they end up in the Journal
    - Configure the console codeset at ISO build time, instead of setting it
      to a constant via the Greeter's PostLogin.default.
    - Order the AppArmor policy compiling in a way that is less of a blocker
      during boot.
    - Include the major KMS modules in the initramfs. This helps seamless
      transition to X.Org when booting, and back to text mode on shutdown,
      can help for proper graphics hardware reinitialization post-kexec,
      and should improve GNOME Shell support in some virtual machines.
761
762
763
764
765
766
767
768
769
770
771
772
773
    - Always show the Universal Access menu icon in the GNOME panel.
    - Drop notification for not-migrated-yet persistence configuration,
      and persistence settings disabled due to wrong access rights.
      That migration happened more two years ago.
    - Remove the restricted network detector, that has been broken for too long;
      see #10560 for next steps (Closes: #8328).
    - Remove unsupported, never completed kiosk mode support.
    - clock_gettime_monotonic: use Perl's own function to get the integer part,
      instead of forking out to sed.
    - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
      and the implementation are obsolete on Jessie.
    - Lower potential for confusion (#8443), by removing system-config-printer.
      One GUI to configure printers is enough (Closes: #8505).
774
    - Add "set -u" to tails-unblock-network.
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
    - Add a systemd target whose completion indicates that Tor has bootstrapped,
      and use it everywhere sensible (Closes: #9393).
    - Disable udev's 75-persistent-net-generator.rules, to preventing races
      between MAC spoofing and interface naming.
    - Replace patch against NetworkManager.conf with drop-in files.
    - Replace resolvconf with simpler NetworkManager and dhclient configuration.
      (Closes: #7708)
    - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
      with 'systemctl disable' (Closes: #9881).
    - Replace patches that wrapped apps with torsocks with dynamic patching with
      a hook, to ease maintenance. Also, patch D-Bus services as needed
      (Closes: #10603).
    - Notify the user if running Tails inside non-free virtualization software
      that does not try to hide its nature (Closes: #5315).
      Thanks to Austin English <austinenglish@gmail.com> for the patch.
    - Declare htpdate.service as being needed for time-sync.target, to ensure
      that "services where correct time is essential should be ordered after
      this unit".
    - Convert some of the X session startup programs to `systemd --user' units.
anonym's avatar
anonym committed
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
    - Let the Pidgin wrapper pass through additional command-line arguments
      (Closes: #10383)
    - Move out of the $PATH a bunch of programs that users should generally
      not run directly: connect-socks, end-profile, getTorBrowserUserAgent,
      generate-tor-browser-profile, kill-boot-profile, tails-spoof-mac,
      tails-set-wireless-devices-state, tails-configure-keyboard,
      do_not_ever_run_me, boot-profile, tails-unblock-network,
      tor-controlport-filter, tails-virt-notify-user, tails-htp-notify-user,
      udev-watchdog-wrapper (Closes: #10658)
    - Upgrade I2P to 0.9.23-2~deb8u+1.
    - Disable I2P's time syncing support.
    - Install Torbirdy from official Jessie backports, instead of from
      our own APT repository (Closes: #10804).
    - Make GNOME Disks' passphrase strength checking new feature work,
      by installing cracklib-runtime (Closes: #10862).
    - Add support for Japanese in Tor Browser.
    - Install xserver-xorg-video-intel from Jessie Backports (currently:
      2.99.917-2~bpo8+1). This adds support for recent chips such as
      Intel Broadwell's HD Graphics (Closes: #10841).
    - Improve a little bit post-Greeter network unblocking:
      · Sleep a bit longer between deleting the blacklist, and triggering udev;
        this might help cure #9012.
      · Increase logging, so that we get more information next time someone
        sees #9012.
      · Touch /etc/modprobe.d/ after deleting the blacklist; this might help,
        in case all this is caused by some aufs bug.
    - Enable and use the Debian jessie-proposed-updates APT repository,
      anticipating on the Jessie 8.3 point-release (Closes: #10897).
    - Upgrade most firmware packages to 20160110-1.
    - Upgrade Intel CPU microcodes to 3.20151106.1~deb8u1.
    - Disable IPv6 for the default wired connection, so that
      NetworkManager does not spam the logs with IPv6 router
      solicitation failure. Note that this does not fix the problem
      for other connections (Partially closes: #10939).
intrigeri's avatar
intrigeri committed
828
829
830
831
832
833

  * Test suite
    - Adapt to the new desktop environment and applications' look.
    - Adapt new changed nmcli syntax and output.
    - New NetworkManager connection files must be manually loaded in Jessie.
    - Adapt to new pkexec behavior.
834
    - Adapt to how we now disable networking.
intrigeri's avatar
intrigeri committed
835
836
837
    - Use sysctl instead of echo:ing into /proc/sys.
    - Use oom_score_adj instead of the older oom_adj.
    - Adapt everything depending on logs to the use of the Journal.
838
839
840
841
842
843
844
    - Port to UDisks v2.
    - Check that the system partition is an EFI System Partition.
    - Add ldlinux.c32 to the list of bootloader files that are expected
      to be modified when we run syslinux (Closes: #9053).
    - Use apt(8) instead of apt-get(8).
    - Don't hide the cursor after opening the GNOME apps menu.
    - Convert the remote shell to into a systemd native service and a Python 3,
845
846
      script that uses the sd_notify facility (Closes: #9057). Also, set its
      OOM score adjustment value via its unit file, and not from the test suite.
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
    - Adjust to match where screenshots are saved nowadays.
    - Check that all system units have started (Closes: #8262)
    - Simplify the "too small device" test.
    - Spawn `poweroff' and `halt' in the background, and don't wait for them
      to return: anything else would be racy vs. the remote shell's stopping.
    - Bump video memory allocated to the system under test, to fix out of video
      memory errors.
    - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
      of a Pentium one: the latter makes GNOME Shell crash.
      See #8778 for details about how Mesa's CPU features detection has
      room for improvement.
    - Adjust free(1) output parsing for Jessie.
    - vm-execute: rename --type option to --spawn.
    - Add method to set the X.Org clipboard, and install its dependency
      (xsel) in the ISO.
    - Paste URLs in one go, to work around issue with lost key presses
      in the browser (Closes: #10467).
    - Reliably wait for Synaptic's search button to fade in.
865
866
867
868
869
870
871
872
873
    - Take into account that the sticky bit is not set on block devices
      on Jessie anymore.
    - Ensure that we can use a NetworkManager connection stored in persistence
      (Closes: #7966).
    - Use a stricter regexp when extracting logs for dropped packets.
    - Clone the host CPU for the test suite guests (Closes: #8778).
    - Run ping as root (aufs does not support file capabilities so we don't
      get cap_net_raw+ep, and if built on a filesystem that does support
      file capabilities, then /bin/ping is not setupd root).
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
    - Escape regexp special characters when constructing the firewall log
      parsing regexp, and pass -P to grep, since Ruby uses PCRE.
    - Adjust is_persistent?() helper to findmnt changes in Jessie.
    - Rework in depth how we measure pattern coverage in memory, with more
      reliable Linux OOM and VM settings, fundamental improvements
      in what exactly we measure, and custom OOM adjutments for fillram
      processes (Closes: #9705).
    - Use blkid instead of parted to determine the filesystem type.
    - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
      the tiny border of the in-viewer menu.
    - Remove now redundant desktop screenshot directory scenario.
    - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
    - Disable screen blanking in the automated test suite, which occasionally
      breaks some test cases (Closes: #10403).
    - Move upgrade scenarios to the feature dedicated to them.
    - Don't make libvirt storage volumes executable.
    - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
      as a breakpoint when debugging.
    - Drop non-essential Totem test that is mostly a duplicate, and too painful
      to be worth automating on Jessie.
    - Retry Totem HTTPS test with a new Tor circuit on failure.
    - Replace iptables status regexp-based parser with a new XML-based
      status analyzer: the previous implementation could not be adjusted
      to the new ip6tables' output (Closes: #9704).
    - Don't reboot in one instance when it is not needed.
    - Optimize memory erasure anti-test: block the boot to save CPU on the host.
anonym's avatar
anonym committed
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
    - Update I2P tests for Jessie, and generally make them more robust.
    - Update Electrum tests for 2.5.4-2 (Closes: #10758).
    - Add workaround for libvirt vs. guestfs permissions issue, to allow
      running the test suite on current Debian sid.
    - Fix buggy code, that happened to work by mistake, in the Seahorse
      test cases; bugfix on 1.8.
    - Update test suite images due to CSS change on Tails' website.
    - Adapt Tor Browser tests to work with the 5.5 series.
    - Automatically test downloading files in Tor Browser.
    - Remove obsolete scenario, that tested opening a downloaded file with
      an external application, which we do not support anymore.
    - Improve robustness of the "Tails OpenPGP keys" scenario (Closes: #10378).
    - Automatically test the "Diable all networking" feature (Closes: #10430).
    - Automatically test that SSH works over LAN (Closes: #9087).
    - Bump some statuc sleeps to fix a few race conditions (Closes: #5330).
    - Automatically test that an emergency shutdown triggers on boot
      medium removal (Closes: #5472).
    - Make the AppArmor checks actually detect errors (Closes: #10926).

  * Build system
    - Bump amount of disk space needed to build Tails with Vagrant.
      The addition of the Japanese Tor Browser tarball made us reach
      the limit of the previous value.
intrigeri's avatar
intrigeri committed
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945

  * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
    - Free the fixed UIDs/GIDs we need before creating the corresponding users.
    - Replace the real gnome-backgrounds with a fake, equivs generated one
      (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
      which is too fat to ship considering we're not using it.
    - AppArmor: adjust CUPS profile to support our Live system environment
      (Closes: #8261):
      · Mangle lib/live/mount/overlay/... as usual for aufs.
      · Pass the the attach_disconnected flag, that's needed for compatibility
        with PrivateTmp.
    - Make sure we don't ship geoclue* (Closes: #7949).
    - Drop deprecated GDM configuration file.
    - Don't add the Live user to the deprecated 'fuse' group.
    - Drop hidepid mount option for /proc (Closes: #8256). In its current,
      simplistic form it cannot be supported by systemd.
    - Don't manually load acpi-cpufreq at boot time. It fails to load
      whenever no device it supports is present, which makes the
      systemd-modules-load.service fail. These days, the kernel
      should just automatically load such modules when they are needed.
    - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
    - Disable the GDM unit file's Restart=always, that breaks our "emergency
      shutdown on boot medium removal" feature.
946
947
948
949
950
951
952
    - Update the implementation of the memory erasure on shutdown feature:
      · check for rebooting state using systemctl, instead of the obsolete
        $RUNLEVEL (Closes: #8306)
      · the kexec-load initscript normally silently exits unless systemd is
        currently running a reboot job. This is not the case when the emergency
        shutdown has been triggered, so we removed this check
      · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
sajolida's avatar
sajolida committed
953
      · don't (try to) switch to tty1 on emergency shutdown: it apparently
954
955
        requires data that we haven't locked into memory, and then it blocks
        the whole emergency shutdown process
intrigeri's avatar
intrigeri committed
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
    - Display a slightly darker version of the desktop wallpaper on the screen
      saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
    - Disable software autorun from external media.
    - Disable a few unneeded D-Bus services. Some of these services are
      automatically started (via D-Bus activation) when GNOME Shell tries
      to use them. The only "use" I've seen for them, except eating
      precious RAM, is to display "No appointment today" in the calendar pop-up.
      (Closes: #9037)
    - Prevent NetworkManager services from starting at boot time
      (Closes: #8313). We start them ourselves after changing the MAC address.
    - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
    - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
      places where we configure keyboard layout and input methods: both are now
      configured in the same place in Jessie's GNOME.
    - Migrate panel launchers to the favorite apps list (Closes: #7992).
    - Drop pre-GNOME Shell menu tweaks.
    - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
    - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
      and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
      functionality from the GNOME user menu, and makes Restart and Shutdown
      immediate, without further user interaction. Accordingly remove our custom
      Shutdown Helper panel applet (#8302).
    - Drop GNOME Panel configuration, now deprecated.
    - Disable GNOME Shell's screen lock feature.
      We're not there yet (see #5684).
    - Disable GNOME Shell screen locker's user switch feature.
    - Explicitly install libany-moose-perl (Closes: #8051).
      It's needed by our OpenPGP applet. On Wheezy, this package was pulled
      by some other dependency. This is not the case anymore on Jessie.
    - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
      over this functionality (Closes: #7481).
    - Don't install ntfsprogs: superseded on Jessie.
    - Don't install barry-util: not part of Jessie.
    - Link udev-watchdog dynamically, and lock it plus its dependencies
      in memory.
    - Migrate from gdm-simple-greeter to a custom gdm-tails session
      (Closes: #7599).
993
994
995
996
997
998
999
1000
1001
    - Update Plymouth installation and configuration:
      · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
        packages list pulls console-common in, which plymouth now conflicts with
      · don't patch the plymouth initscript anymore, that was superseded
        by native systemd unit files
      · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
        to prevent them from occupying the active TTY with an (empty) splash
        screen on shutdown/reboot, that would hide the messages we want to show
        to the user via tails-kexec (Closes: #9032)
intrigeri's avatar
intrigeri committed
1002
1003
1004
1005
1006
1007
    - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
      (Closes: #7898).
    - Explicitly install syslinux-efi, that we need and is not automatically
      pulled by anything else anymore.
    - Workaround #7248 for GDM: use a solid blue background picture,
      instead of a solid color fill, in the Greeter session.
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
    - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
    - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
    - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
    - Remove obsolete dconf screenshot settings and the corresponding test.
    - Drop our patched python-dbus{,-dev} package (Closes: #9177).
    - live-persist: stop overriding live-boot's functions, we now have
      a recent enough blkid.
    - Adjust sdmem initramfs bits for Jessie:
      · Directly call poweroff instead of halt -p.
      · Don't pass -n to poweroff and reboot, it's not supported anymore.
    - Wrap text in the Unsafe Browser startup warning dialog
      (Jessie's zenity does not wrap it itself).
    - Associate application/pgp-keys with Seahorse's "Import Key" application
      (Closes: #10571).
    - Install topIcons GNOME Shell extension (v28), to work around the fact
      that a few of the applets we use hijack the notification area.
    - "cd /" to fix permissions issue at tails-persistence-setup startup
      (Closes: #8097).
    - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
    - Adjust APT sources configuration:
      · remove explicit jessie and jessie-updates sources:
        automatically added by live-build
      · add Debian testing
      · add jessie-backports
    - Firewall: white-list access to the accessibility daemon (Closes: #8075).
    - Adjust to changed desktop notification behavior and supported feature set
      (Closes: #7989):
      · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
        to notify-send
      · update waiting for a notification handler: gnome-panel and nm-applet
        are obsolete, GNOME Shell is now providing this facility, so instead
        wait for a process that starts once GNOME Shell is ready, namely
        ibus-daemon (Closes: #8685)
      · port tails-warn-about-disabled-persistence and tails-virt-notify-user
        to notification actions (instead of hyperlinks), and make the latter
        transient; to this end, add support to Desktop::Notify for "hints"
        and notification actions
      · tails-security-check: use a dialog box instead of desktop notifications
      · MAC spoofing failure notification: remove the link to the documentation;
        it was broken on Tails/Wheezy already, see #10559 for next steps
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
    - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
      whenever the Greeter does not pull them in anymore.
    - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
    - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
      ourselves for seccomp support anymore.
    - Wrap Seahorse with torsocks when it is started as a D-Bus service too
      (Closes: #9792).
    - Rename the AppArmor profile for Tor, so it applies to the system-wide
      Tor service we run (Closes: #10528).
    - Essentially revert ALSA state handling to how it was pre-Jessie, so that
      mixer levels are unmuted and sanitized at boot time (Closes: #7591).
intrigeri's avatar
intrigeri committed
1059
    - Pass --yes to apt-get when installing imagemagick.
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
    - Make removable devices, that we support installing Tails to, user writable:
      Tails Installer requires raw block device access to such devices
      (Closes: #8273). Similarly, allow the amnesia user, when active, to open
      non-system devices for writing with udisks2. This is roughly udisks2's
      equivalent of having direct write access to raw block storage devices.
      Here too, Tails Installer uses this functionality.
    - Disable networkd to prevent any risk of DNS leaks it might cause; and
      disable timesyncd, as we have our own time synchronization mechanism.
      They are not enabled by default in Jessie, but may be in Stretch,
      so let's be explicit about it.
    - Mask hwclock-save.service, to avoid sync'ing the system clock
      to the hardware clock on shutdown (Closes: #9363).
    - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
      (Closes: #9963)
    - Explicitly use tor@default.service when it's the one we mean.
    - Refactor GNOME/X env exporting to Tails' shell library, and grab
      more of useful bits of the desktop session environment.
      Then, use the result in the test suite's remote shell.
    - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
      automatically (Closes: #10609).
    - Have systemd hardening let Tor modify its configuration (needed by Tor
      Launcher), and start obfs4proy (Closes: #10696, #10724).
1082
1083
1084
    - Bump extensions.adblockplus.currentVersion and
      extensions.enigmail.configuredVersion to match what we currently get
      on Jessie.
anonym's avatar
anonym committed
1085
    - I2P: switch from 'service' to 'systemctl' where possible.
1086

anonym's avatar
anonym committed
1087
 -- Tails developers <tails@boum.org>  Mon, 25 Jan 2016 18:06:33 +0100
1088

anonym's avatar
anonym committed
1089
tails (1.8.2) unstable; urgency=medium
1090

anonym's avatar
anonym committed
1091
1092
1093
1094
1095
1096
1097
1098
  * Security fixes
    - Upgrade Tor Browser to 5.0.7.
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u2.
    - Upgrade foomatic-filters to 4.0.17-1+deb7u1.
    - Upgrade git to 1:1.7.10.4-1+wheezy2.
    - Upgrade Icedove to 38.5.0-1~deb7u1.
    - Upgrade libxml2-related packages to 2.8.0+dfsg1-7+wheezy5.
    - Upgrade OpenSSL-related packages to 1.0.1e-2+deb7u19.
anonym's avatar
anonym committed
1099
    - Upgrade libsmbclient to 2:3.6.6-6+deb7u6.
anonym's avatar
anonym committed
1100
1101

 -- Tails developers <tails@boum.org>  Sat, 09 Jan 2016 16:27:27 +0100
1102

intrigeri's avatar
intrigeri committed
1103
tails (1.8.1) unstable; urgency=medium
1104

intrigeri's avatar
intrigeri committed
1105
1106
  * Security fixes
    - Upgrade Tor Browser to 5.0.6.
1107
1108
1109
    - Upgrade Linux to 3.16.7-ckt20-1+deb8u1
    - Upgrade gdkpixbuf to 2.26.1-1+deb7u3
    - Upgrade bind9 tools to 1:9.8.4.dfsg.P1-6+nmu2+deb7u8
intrigeri's avatar
intrigeri committed
1110
1111
1112
1113

  * Bugfixes
    - Fix time synchronization in bridge mode by refreshing our patch
      against Tor's AppArmor profile.
1114

intrigeri's avatar
intrigeri committed
1115
 -- Tails developers <tails@boum.org>  Fri, 18 Dec 2015 19:05:18 +0000
1116

anonym's avatar
anonym committed
1117
tails (1.8) unstable; urgency=medium
anonym's avatar
anonym committed
1118

anonym's avatar
anonym committed
1119
1120
  * Security fixes
    - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
sajolida's avatar
sajolida committed
1121
    - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
    - Upgrade wpasupplicant to 1.0-3+deb7u3.
    - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
    - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
    - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
    - Upgrade dpkg to 1.16.17.
    - Upgrade gnutls26 to 2.12.20-8+deb7u4.
    - Upgrade Icedove to 1:38.0.1-1~deb7u1.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u18.
anonym's avatar
anonym committed
1133

anonym's avatar
anonym committed
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
  * Bugfixes
    - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
      should work again. Note that the documentation has not been
      adapted to the slight changes in the Electrum account setup
      wizard yet.

  * Minor improvements
    - Upgrade I2P to 0.9.23-2~deb7u+1.
    - Rebase our patch against the Tor Browser AppArmor profile on top
      of the one shipped in torbrowser-launcher 0.2.1-2.
    - Warn if the claws-mail persistence is enabled and contains a
      Claws Mail configuration when starting icedove. (Closes: #10458)
    - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
      #10739)
    - Remove the Claws Mail persistence feature from the Persistence
      Assistant. (Closes: #10742)

  * Build system
    - Simplify ISO image naming rules by using the base rule we use
      for Jenkins all the time, except when building from a tag
      (i.e. building a release).  (Closes: #10349)

  * Test suite
    - Lower the waiting time for USB installation in the test suite.
      So far we were waiting up to one hour, which is just the same as
      our Jenkins inactivity timeout, so in practice when Tails
      Installer fails and displays an error message, instead of
      reporting that the job failed (which is the point of the
      exercise) we abort the job due to this timeout which
      communicates less clearly that there's probably a bug. (Closes:
      #10718)
    - Remove the check for the sound icon in the systray in the
      Windows Camouflage tests. (Closes: #10493)
    - Retry running whois when "LIMIT EXCEEDED" is in its output for
      increased robustness. (Closes: #10523)
    - Make Seahorse tests more robust. (Closes: #9095, #10501)
    - Make the handling of Pidgin's account manager more robust.
      (Closes: #10506)
anonym's avatar
anonym committed
1172

anonym's avatar
anonym committed
1173
 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2015 23:07:19 +0100
anonym's avatar
anonym committed
1174

anonym's avatar
anonym committed
1175
tails (1.7) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
1176

anonym's avatar
anonym committed
1177
  * Major new features and changes
anonym's avatar
anonym committed
1178
    - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
anonym's avatar
anonym committed
1179
1180
1181
    - Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
sajolida's avatar
sajolida committed
1182
      improvements via the Torbirdy add-on, and complete persistence
anonym's avatar
anonym committed
1183
1184
1185
1186
1187
1188
1189
1190
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Tails in a future
      release. (Closes: #6151, #9498, #10285)
    - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
sajolida's avatar
sajolida committed
1191
      enabled similar (but inferior) functionality for *all*
anonym's avatar
anonym committed
1192
1193
1194
1195
1196
1197
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)
    - Add an option to Tails Greeter which disables networking
      completely. This is useful when intending to use Tails for
      offline work only. (Closes: #6811)
bertagaz's avatar
bertagaz committed
1198

anonym's avatar
anonym committed
1199
1200
  * Security fixes
    - Fix CVE-2015-7665, which could lead to a network interface's IP
elouann's avatar
elouann committed
1201
      address being exposed through wget. (Closes: #10364)
anonym's avatar
anonym committed
1202
1203
1204
1205
    - Prevent a symlink attack on ~/.xsession-errors via
      tails-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)
anonym's avatar
anonym committed
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
    - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
    - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
    - Upgrade unzip to 6.0-8+deb7u4.

  * Bugfixes
    - Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)
    - Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)
anonym's avatar
anonym committed
1219
1220

  * Minor improvements
anonym's avatar
anonym committed
1221
1222
    - Rework the wordings of the various installation and upgrade
      options available in Tails installer in Wheezy. (Closes: #9672)
anonym's avatar
anonym committed
1223
1224
1225
1226
1227
    - Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)
    - Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.
    - Update the Tails signing key. (Closes: #10012)
anonym's avatar
anonym committed
1228
1229
1230
1231
1232
1233
    - Update the Tails APT repo signing key. (Closes: #10419)
    - Install the nmh package. (Closes: #10457)
    - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.
anonym's avatar
anonym committed
1234
1235
1236

  * Test suite
    - Add initial automated tests for Icedove. (Closes: #10332)
elouann's avatar
elouann committed
1237
    - Add automated tests of the MAC spoofing feature. (Closes: #6302)
anonym's avatar
anonym committed
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
    - Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)
    - Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)
    - Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)
    - Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:
      #10219)
    - Extract TBB languages from the Tails source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)
anonym's avatar
anonym committed
1256
1257
    - Automatically test that tails-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.
anonym's avatar
anonym committed
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
    - Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)
    - Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via `--out`. (Closes: #10342)
    - Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)
    - Add more automatic tests for I2P. (Closes: #6406)
    - Bump the Tor circuit retry count to 10. (Closes: #10375)
    - Clean up dependencies: (Closes: #10208)
      * libxslt1-dev
      * radvd
      * x11-apps
anonym's avatar
anonym committed
1273

anonym's avatar
anonym committed
1274
 -- Tails developers <tails@boum.org>  Tue, 03 Nov 2015 01:09:41 +0100
bertagaz's avatar
bertagaz committed
1275

anonym's avatar
anonym committed
1276
tails (1.6) unstable; urgency=medium
anonym's avatar
anonym committed
1277

anonym's avatar
anonym committed
1278
1279
1280
  * Security fixes
    - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
1281
    - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
anonym's avatar
anonym committed
1282
1283
    - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
    - Upgrade libslp1 to 1.2.1-9+deb7u1.
1284
    - Upgrade ssl-cert to 1.0.32+deb7u1.
anonym's avatar
anonym committed
1285

anonym's avatar
anonym committed
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
  * Bugfixes
    - Fix a corner case for the MAC spoofing panic mode. If panic mode
      failed to disable the specific device that couldn't be spoofed
      (by unloading the module) we disable networking. Previously we
      only stopped NetworkManager. The problem is that NM isn't even
      started at this time, but will specifically be started when
      we're done with MAC spoofing. Therefore, let's completely
      disable NetworkManager so it cannot possibly be
      started. (Closes: #10160)
    - Avoid use of uninitialized value in restricted-network-detector.
      If NetworkManager decides that a wireless connection has timed
      out before "supplicant connection state" has occued, our idea of
      the state is `undef`, so it cannot be used in a string
      comparison. Hence, let's initialize the state to the empty
      string instead of `undef`. Also fix the state
      recording. Apparently NetworkManager can say a few different
      things when it logs the device state transitions. (Closes:
      #7689)

  * Minor improvements
    - Remove workaround for localizing search engine plugins. The
      workaround has recently become unnecessary, possibly due to the
      changes made for the seach bar after the Tor Browser was rebased
      on Firefox 38esr. (Closes: #9146)
    - Refer to the I2P Browser in the I2P notifications. Instead of
      some obscure links that won't work in the Tor Browser, where
      users likely will try them, and which I believe will open them
      by default. (Closes: #10182)
    - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
      enforce mode. (Closes: #9830)

  * Test suite
    - Test that udev-watchdog is monitoring the correct device when
      booted from USB. (Closes: #9890)
    - Remove unused 'gksu' step. This causes a false-positive to be
      found for #5330. (Closes: #9877)
    - Make --capture capture individual videos for failed scenarios
      only, and --capture-all to capture videos for all scenarios.
      (Closes: #10148)
anonym's avatar
anonym committed
1325
    - Use the more efficient x264 encoding when capturing videos using
anonym's avatar
anonym committed
1326
      the --capture* options. (Closes: #10001)
anonym's avatar
anonym committed
1327
    - Make --old-iso default to --iso if omitted. Using the same ISO
anonym's avatar
anonym committed
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
      for the USB upgrade tests most often still does what we want,
      e.g. test that the current version of Tails being tested has a
      working Tails installer. Hence this seems like a reasonable
      default. (Closes: #10147)
    - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
      throw a new dedicated FindAnyFailed exception if these fail
      instead. Rjb::throw doesn't block Ruby's execution until the
      Java exception has been received by Ruby, so strange things can
      happen and we must avoid it. (Closes: #9633)
    - Fix the Download Management page in our browsers. Without the
      browser.download.panel.shown pref set, the progress being made
      will not update until after the browser has been restarted.
      (Closes: #8159)
    - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
      that deals with debugging instead of printing it to STDERR via
      the `--debug` option (which now has been removed). This gives us
      the full flexibility of Cucumber's formatter system, e.g. one
      easy-to-read formatter can print to the terminal, while we get
      the full debug log printed to a file. (Closes: #9491)
    - Import logging module in otr-bot.py. Our otr-bot.py does not use
      logging but the jabberbot library makes logging calls, causing a
      one-off message No handlers could be found for logger
      "jabberbot" to be printed to the console. This commit
      effectively prevents logging/outputting anything to the terminal
      which is at a level lower than CRITICAL. (Closes: 9375)
    - Force new Tor circuit and reload web site on browser
      timeouts. (Closes: #10116)
    - Focus Pidgin's buddy list before trying to access the tools
      menu. (Closes: #10217)
    - Optimize IRC test using waitAny. If connecting to IRC fails,
      such as when OFTC is blocking Tor, waiting 60 seconds to connect
      while a a Reconnect button is visible is sub-optimal. It would
      be better to try forcing a new Tor circuit and clicking the
      reconnect button. (Closes: #9653)
    - Wait for (and focus if necessary) Pidgin's Certificate windows.
      (Closes: #10222)

 -- Tails developers <tails@boum.org>  Sun, 20 Sep 2015 17:47:26 +0000
anonym's avatar
anonym committed
1366

anonym's avatar
anonym committed
1367
tails (1.5.1) unstable; urgency=medium
anonym's avatar
anonym committed
1368

anonym's avatar
anonym committed
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
  * Security fixes
    - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
    - Upgrade libnss3 to 2:3.14.5-1+deb7u5.

  * Bugfixes
    - Refresh Tor Browser AppArmor profile patch. The old one doesn't
      apply on top of testing's torbrowser-launcher anymore.

  * Build system
    - Make sure Jenkins creates new jobs to build the testing branch
      after freezes. (Closes: #9925)
anonym's avatar
anonym committed
1381

anonym's avatar
anonym committed
1382
 -- Tails developers <tails@boum.org>  Fri, 28 Aug 2015 01:52:14 +0200
anonym's avatar
anonym committed
1383

anonym's avatar
anonym committed
1384
tails (1.5) unstable; urgency=medium
anonym's avatar
anonym committed
1385

intrigeri's avatar
intrigeri committed
1386
1387
1388
  * Major new features and changes
    - Move LAN web browsing from Tor Browser to the Unsafe Browser,
      and forbid access to the LAN from the former. (Closes: #7976)
1389
1390
    - Install a 32-bit GRUB EFI boot loader. This at least works
      on some Intel Baytrail systems. (Closes: #8471)
anonym's avatar
anonym committed
1391

intrigeri's avatar
intrigeri committed
1392
  * Security fixes
anonym's avatar
anonym committed
1393
    - Upgrade Tor Browser to 5.0, and integrate it:
1394
1395
1396
      · Disable Tiles in all browsers' new tab page.
      · Don't use geo-specific search engine prefs in our browsers.
      · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
anonym's avatar
anonym committed
1397
        Marketplace), and the "Share this page" button in the Tool bar.
anonym's avatar
anonym committed
1398
1399
1400
      · Generate localized Wikipedia search engine plugin icons so the
        English and localized versions can be distinguished in the new
        search bar. (Closes: #9955)
intrigeri's avatar
intrigeri committed
1401
    - Fix panic mode on MAC spoofing failure. (Closes: #9531)
intrigeri's avatar
intrigeri committed
1402
1403
1404
1405
    - Deny Tor Browser access to global tmp directories with AppArmor,
      and give it its own $TMPDIR. (Closes: #9558)
    - Tails Installer: don't use a predictable file name for the subprocess
      error log. (Closes: #9349)
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
    - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
      which is too wide-open.
    - Use aliases so that our AppArmor policy applies to
      /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
      it applies to /. And accordingly:
      · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
      · Install rsyslog from wheezy-backports, since the version from Wheezy
        conflicts with AppArmor 2.9.
      · Stop installing systemd for now: the migration work is being done in
        the feature/jessie branch, and it conflicts with rsyslog from
        wheezy-backports.
      · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
      · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
      · Take into account aufs whiteouts in the system_tor profile.
      · Adjust the Vidalia profile to take into account Live-specific paths.
1421
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
intrigeri's avatar
intrigeri committed
1422
1423
1424
1425
1426
1427
1428
1429
1430
    - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    - Upgrade libexpat1 to 2.1.0-1+deb7u2.
    - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  * Bugfixes
1431
    - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
intrigeri's avatar
intrigeri committed
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444

  * Minor improvements
    - Tails Installer: let the user know when it has rejected a candidate
      destination device because it is too small. (Closes: #9130)
    - Tails Installer: prevent users from trying to "upgrade" a device
      that contains no Tails, or that was not installed with Tails Installer.
      (Closes: #5623)
    - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
      support for the OTRv3 protocol and for multiple concurrent connections
      to the same account. (Closes: #9513)
    - Skip warning dialog when starting Tor Browser while being offline,
      in case it is already running. Thanks to Austin English for the patch!
      (Closes: #7525)
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
    - Install the apparmor-profiles package (Closes: #9539), but don't ship
      a bunch of AppArmor profiles we don't use, to avoid increasing
      boot time. (Closes: #9757)
    - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
      of patching /etc/apparmor.d/tunables/home.
    - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
      is actually used as the read-write branch of the root filesystem's union
      mount, is visible. As a consequence:
      · One can now inspect how much space is used, at a given time, in the
        read-write branch of the root filesystem's union mount.
      · We can make sure our AppArmor policy works fine when that filesystem
anonym's avatar
anonym committed
1456
        is visible, which is safer in case e.g. live-boot's behavior changes
1457
1458
        under our feet in the future... or in case these "hidden" files are
        actually accessible somehow already.
intrigeri's avatar
intrigeri committed
1459
1460
1461
1462
1463

  * Build system
    - Add our jenkins-tools repository as a Git submodule, and replace
      check_po.sh with a symlink pointing to the same script in that submodule.
      Adjust the automated test suite accordingly. (Closes: #9567)
anonym's avatar
anonym committed
1464
1465
1466
    - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
      particular the inclusion of the Tor Browser 5.0 series has recently
      increased the amount of space needed to build Tails. (Closes: #9901)
intrigeri's avatar
intrigeri committed
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496

  * Test suite
    - Test that the Tor Browser cannot access LAN resources.
    - Test that the Unsafe Browser can access the LAN.
    - Installer: test new behavior when trying to upgrade an empty device, and
      when attempting to upgrade a non-Tails FAT partition on GPT; also, take
      into account that all unsupported upgrade scenarios now trigger
      the same behavior.
    - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
      on failure. (Closes: #9518, #9709)
    - run_test_suite: remove control chars from log file even when cucumber
      exits with non-zero. (Closes: #9376)
    - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
    - Use custom exception when 'execute_successfully' fails.
    - Retry looking up whois info on transient failure. (Closes: #9668)
    - Retry wget on transient failure. (Closes: #9715)
    - Test that Tor Browser cannot access files in /tmp.
    - Allow running the test suite without ntp installed. There are other means
      to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
      (Closes: #9651)
    - Bump timeout in the Totem feature.
    - Grep memory dump using the --text option. This is necessary with recent
      versions of grep, such as the one in current Debian sid, otherwise it
      will count only one occurrence of the pattern we're looking for.
      (Closes: #9759)
    - Include execute_successfully's error in the exception, instead
      of writing it to stdout via puts. (Closes: #9795)
    - Test that udev-watchdog is actually monitoring the correct device.
      (Closes: #5560)
    - IUK: workaround weird Archive::Tar behaviour on current sid.
1497
1498
1499
1500
1501
1502
1503
1504
    - Test the SocksPort:s given in torrc in the Unsafe Browser.
      This way we don't get any sneaky errors in case we change them and
      forget to update this test.
    - Directly verify AppArmor blocking of the Tor Browser by looking in
      the audit log: Firefox 38 does no longer provide any graphical feedback
      when the kernel blocks its access to files the user wants to access.
    - Update browser-related automated test suite images, and workaround
      weirdness introduced by the new Tor Browser fonts.
1505
1506
1507
    - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
      via alternate, live-boot generated paths.
    - Adjust tests to cope with our new AppArmor aliases.
anonym's avatar
anonym committed
1508
    - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
intrigeri's avatar
intrigeri committed
1509

anonym's avatar
anonym committed
1510
 -- Tails developers <tails@boum.org>  Mon, 10 Aug 2015 19:12:58 +0200
anonym's avatar
anonym committed
1511

intrigeri's avatar
intrigeri committed
1512
tails (1.4.1) unstable; urgency=medium
1513

intrigeri's avatar
intrigeri committed
1514
1515
1516
1517
1518
1519
1520
1521
1522
  * Security fixes
    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
      isolation bugfix. (Closes: #9560)
    - AppArmor: deny Tor Browser access to the list of recently used files.
      (Closes: #9126)
    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
    - Upgrade Linux to 3.16.7-ckt11-1.
    - Upgrade CUPS to 1.5.3-5+deb7u6.
1523
    - Upgrade FUSE to 2.9.0-2+deb7u2.
intrigeri's avatar
intrigeri committed
1524
1525
1526
    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.