changelog 425 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
tails (4.0~rc1) unstable; urgency=medium
2

intrigeri's avatar
intrigeri committed
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
  * Major changes
    - Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
    - Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
      Accordingly:
      · Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
      · Disable the update check (Closes: #15483).
    - Curate the list of languages in Tails Greeter (Closes: #16095).
      Only include languages which meet one of these conditions:
      · Have a PO file in tails.git (i.e. have at least one translated
        and reviewed string)
      · Are on our list of tier-1 supported languages.
    - Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
    - Bump APT snapshots of the 'debian' and 'torproject' archives
      to 2019100904. This includes the update to the Buster 10.1
      point-release.

  * Security fixes
    - Drop NoScript customization that makes our web fingerprint diverge
      from Tor Browser's (related to #5362).
    - Enable Buster security APT sources (Closes: #17119).
    - Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
      and more security fixes).
    - Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
      flooding attack.
    - Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
    - Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
    - Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
    - Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
    - Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
    - Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
    - Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
    - Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
    - Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
      CVE-2019-11729).
    - Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
      DSA-4483-1, and CVE-2019-9848).
    - Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
    - Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
    - Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
      CVE-2019-13118).
    - Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
    - Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
    - Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
    - Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).

  * Bugfixes
    - Ensure that tor-has-bootstrapped systemd units are stopped
      if tor@default.service stops; replace the tor-has-bootstrapped
      script with a tor_has_bootstrapped() function that checks the status
      of tails-tor-has-bootstrapped.target (Closes: #16664).
    - Fix MIME info data build reproducibility (Closes: #17023).
    - Fix missing GNOME bookmarks, by adding them earlier in the session
      login process (Closes: #17030).
    - Increase left dock width in GIMP's sessionrc (Closes: #16807).
    - Use hardware defaults for the touchpad click method (Closes: #17045).
    - Fix image thumbnails in GNOME Files (Closes: #17062).
    - Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
      (Closes: #17060).
    - Fix sdhci-pci support.
    - Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
    - Fix administration password not being applied in some cases
      (Closes: #13447).
    - Fix Greeter settings being applied when clicking "Cancel"
      (Closes: #17087).
    - Fix bridge information not always shown when the user selects
      bridge mode in the Greeter.
    - Fix path in whisperback's debugging info (Closes: #17109).
    - Fix Tor Browser functionality that was broken when it was started
      by clicking a link in Thunderbird (Closes: #17105).
    - Fix WhisperBack that was broken due to an expired X.509 certificate:
      stop using TLS (we already have end-to-end encryption via OpenPGP,
      plus end-to-end encryption and remote peer authentication via
      Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
    - Install Stretch's po4a (0.47-2) from our custom APT repository:
      the upgrade to Buster's version will need more work and coordination
      (Closes: #17127).
    - Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
      Regression introduced when we upgraded to Tor Browser based on Firefox
      ESR 60.
    - Mention USB images as a valid installation technique when trying
      to create a persistent volume on a device that can't have one
      (Closes: #17025).

  * Minor improvements and updates
    - Add iPhone USB tethering support (Closes: #16180).
    - Install Enigmail from Buster (Closes: #16978).
    - Disable GDM debug logs (Closes: #17011).
    - Hide less common keyboard layouts in the Greeter (Closes: #17084).
    - Major refactoring and cleanup of Tails Greeter (Closes: #17098).
    - Use a localized page for the Greeter help window, if available
      (Closes: #17101).
    - Separate Chinese into simplified and traditional scripts
      in the Greeter (Closes: #16094).
    - Allow the user to show the passphrase they're typing when creating
      a new persistent volume (Closes: #15102).
    - When saving persistence.conf or its backup, also run sync(1)
      on its parent directory (might help fix #10976).
    - Improve Tails Installer wording (Closes: #15564).
    - Update tor to 0.4.1.6-1~d10.buster+1.
    - Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.

  * Build system
    - SquashFS sort file: remove more noise.
    - Improve lint_po's UX (refs: #16864).
    - Import our pythonlib, previously included as a submodule (Closes: #16935).
    - Use a consistent, standard Python packages directory (Closes: #17082).

  * Test suite
    - Make various steps more robust:
      · "all notifications are disappeared" (Closes: #17012)
      · "Additional Software is correctly configured for package"
      · "I unlock and mount this VeraCrypt file container
        with Unlock VeraCrypt Volumes"
      · "I open the Unsafe Browser proxy settings dialog"
      · starting apps via the GNOME Activities Overview (Closes: #13469)
      · "I start the Tor Browser in offline mode"
    - Handle Guestfs::Error exceptions.
    - Provide guidance to fix problematic situation.
    - Update various reference images for Buster.
    - Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
      matching is enabled (Closes: #17029).
    - Dogtail'ify all interactions with gedit (Closes: #17028).
    - New test: ensure that no experimental APT suite is enabled
      for deb.torproject.org (Closes: #16931).
    - Remove dead IRC-related code and dependencies.
    - Take into account that Evince and Tor Browser's print-to-file dialogs
      are rendered in a subtly different manner.
    - Drop fragile tag for actual Tails bugs (#17007).
    - Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
    - Fix regression in the Persistent browser bookmarks scenario
      (Closes: #17125).
134

intrigeri's avatar
intrigeri committed
135
 -- Tails developers <tails@boum.org>  Thu, 10 Oct 2019 11:23:53 +0000
136

intrigeri's avatar
intrigeri committed
137
tails (4.0~beta2) unstable; urgency=medium
138

intrigeri's avatar
intrigeri committed
139
  * All changes included in Tails 3.16, see the corresponding changelog entry.
140

intrigeri's avatar
intrigeri committed
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
  * Major changes
    - Upgrade tor to 0.4.1.5 (Closes: #16986).

  * Security fixes
    - Upgrade the Linux kernel to 5.2.0-2 (Closes: #16942).
      This mitigates the Spectre v1 swapgs vulnerability (CVE-2019-1125).
      Accordingly, aufs to aufs5.2 20190805.
    - Install enigmail from Bullseye (Closes: #16738).
      This fixes CVE-2019-12269.

  * Bugfixes
    - tails-unblock-network: only sleep until all-net-blacklist.conf is gone,
      instead of unconditionally delaying the login process for 5 seconds
      (Closes: #16805).
    - Terminate GDM's GNOME session after the amnesia user logs in,
      to free 200-300 MiB of memory (Closes: #12092).
      Temporarily enable GDM debug logs so we get enough information to fix
      any issue this might cause.
    - Make our KeePassXC wrapper translatable (Closes: #16952).
    - Adjust boot-time backports APT pinning for Buster.
    - Ensure we don't install unwanted packages even if they become
      "Priority: standard" again (Closes: #16949).
    - Move some GNOME apps to different menu categories (Closes: #16981).
    - Update HTP pools: replace boum.org (invalid certificate) with puscii.nl,
      replace www.myspace.com with myspace.com (the former redirects to
      the latter).
    - AppArmor: allow OnionShare to open URLs with Tor Browser (Closes: #16914).
    - Make file transfers with Spice reliable.

  * Minor improvements and updates
    - Greeter: improve formatting of printed exceptions.
    - Use the same icon for Tails Documentation in the Applications menu
      as on te Desktop (Closes: #16800).
    - Drop migration path from GnuPG persistent configuration created
      in the Tails 2.x era.
    - Remove various hacks that we don't need on Buster anymore.
    - Stop installing libcaribou-gtk3-module (Closes: #16757).
    - Stop installing python-cairo: mat2 does not use it anymore.
    - tails-unblock-network: have udev reload the databases it uses.
      This should avoid our fix for #16805 introducing regressions.

  * Build system
    - Bump APT snapshot of the 'debian' and 'torproject' archives
      to 2019090202.
    - Import the Greeter codebase into tails.git (Closes: #16912).
    - Explicitly install gnome-shell to make the set of installed packages
      more deterministic (related to #16947).
    - Don't try to follow symlinks when normalizing timestamps on source files.
    - Add missing "set -u" to build-time hook.
    - Use consistent method to extract translatable strings from Glade files.
    - Create gdm-tails related files from the original GNOME files
      (Closes: #12551).
    - Stop installing libimage-exiftool-perl explicitly: mat2 depends on it
      already.
    - Rakefile: disable compression when retrieving artifacts via scp.
      This makes this build step faster on systems that have SSH compression
      enabled by default.
    - import-translations: use tails-misc_release for tails.git's PO files
      (i.e. the Tails part of #16774).
    - Use squashfs-tools from sid (Closes: #16637).
    - Lower VM_MEMORY_BASE to 1536M.
    - Remove unneeded package cleanup (Closes: #16950).

  * Test suite
    - New scenario: installing with GNOME Disks from a USB image
      (Closes: #16004).
    - New scenarios: VeraCrypt PIM support (Closes: #15946).
    - Revert timeout bump that's not needed anymore.
    - Add a showing method on Dogtail objects.
    - VeraCrypt: ensure the temporary keyfile file is not garbage collected
      while we still need it.
    - Remote shell: print traceback to stderr so we can see it.
    - Install Dogtail from Bullseye and run it with Python 3 (Closes: #16976).
      This gives us UTF-8 support. Accordingly, drop anonym's "showingOnly"
      patch that was merged upstream, and port some test suite code to Dogtail,
      which we could not do before it got UTF-8 support.
    - Dogtail'ify some steps.
    - Make "^the Tor Browser shows the "([^"]+)" error$" step more robust
      (Closes: #11592.
    - Make the "the support documentation page opens in Tor Browser" step more
      robust (Closes: #15321)
    - Remove a bunch of obsolete @fragile tags, update the reasons why
      the remaining ones are fragile, and add some missing @fragile tags.
    - Drop useless code based on wrong assumptions (refs: #13470).
    - Make the "I set an administration password" step more robust.

intrigeri's avatar
intrigeri committed
227
 -- Tails developers <tails@boum.org>  Mon, 02 Sep 2019 19:55:24 +0000
228

anonym's avatar
anonym committed
229
tails (4.0~beta1) unstable; urgency=medium
anonym's avatar
anonym committed
230
231
232
233
234

  * Major changes
    - Upgrade to a snapshot of Debian 10 (Buster) from 2018-08-06.

  * Removed features
sajolida's avatar
sajolida committed
235
    - Remove scribus completely (refs: 16290).
anonym's avatar
anonym committed
236
237
238
    - Remove LibreOffice Math (#16911).

  * Bugfixes
anonym's avatar
anonym committed
239
240
241
    - Fix Electrum wrapper's persistence check (Closes: #16821).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Hide the security level button in the unsafe browser (Closes:
anonym's avatar
anonym committed
242
243
      #16735).
    - Only hide unlocked TailsData partitions from the boot device
anonym's avatar
anonym committed
244
      (Closes: #16789).
anonym's avatar
anonym committed
245
246

  * Minor improvements and updates
anonym's avatar
anonym committed
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
    - Remove KeePassX and replace it with KeePassXC (Closes:
      #15297). As KeePassX was used around for a longer time, we don't
      need automatic upgrading cappability from old KeePass file
      format (Tails 2 times). The user can still import those old
      files, if they want to access it.
    - Ship a pre-compiled AppArmor policy to make boot faster (Closes:
      #16138).
    - Change the splash screen for Tails 4.0 (#16837). Add SVG source
      while we're at it!
    - Remove our predefined bookmarks and ship default upstream Tor
      Browser bookmarks instead (Closes: #15895).
    - Install bolt for improved Thunderbolt support (Closes: #5463).
    - Don't display the Home launcher on the desktop (Closes: #16799).
      Since the switch to the desktop-icons GNOME Shell extension, the
      nicer XDG-blah name ("Home" in English, translated in many
      languages) is not used to label this launcher anymore: instead,
      the name of the directory is displayed, in this case: "amnesia",
      which makes no sense to our users. Our other options to fix that
      are more costly and we've decided a while ago, when I proposed
      to remove the desktop icons, to keep them until they were too
      expensive to support. So this one goes: we have the Places menu
      already.
    - Add Files to favorite apps (Closes: #16799). This gives another
      entry point to the home folder, which partially mitigates any UX
      regression that might be caused by the previous changelog entry.
anonym's avatar
anonym committed
272
273
    - Explicitly install imagemagick. We ship it on purpose (see
      [[contribute/meetings/201707]]).
anonym's avatar
anonym committed
274
275
276
277
278
279
280
    - MAT:
      * Drop obsolete optional MAT dependencies it isn't using any
        more.
      * Stop explicitly installing MAT dependencies. The package
        depends on those so we don't need to pull them ourselves.
    - Move translations from root-terminal.desktop.in into own PO
      files (Closes: #15335).
anonym's avatar
anonym committed
281
282
283
    - Drop obsolete live-boot patch: the bug it workarounds only
      happens with CONFIG_AUFS_DEBUG enabled. We disable
      CONFIG_AUFS_DEBUG in config/chroot_local-hooks/13-aufs and the
anonym's avatar
anonym committed
284
      Debian package did it as well (Refs: Debian#886329).
anonym's avatar
anonym committed
285
    - Rename /usr/share/amnesia to /usr/share/tails.
anonym's avatar
anonym committed
286
287
    - Drop APT pinning for non-existing live.debian.net, that we
      haven't used since 2010.
anonym's avatar
anonym committed
288
    - Don't install the cryptsetup initramfs integration and startup
anonym's avatar
anonym committed
289
      scripts (Closes: #16264). We probably only need the binaries.
anonym's avatar
anonym committed
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
      Not installing the initramfs integration will get rid of some
      noise
    - Don't install full-blown cryptsetup, take 2 (refs: #15690). We've
      stopped installing it (#16264) but this branch independently
      reintroduced it.
    - Disable live-tools.service (Closes: #16324). This service is only
      useful to display the "Please remove the live-medium, close the
      tray (if any) and press ENTER to continue:" prompt on shutdown,
      that we don't want to display in Tails: shutdown and memory
      erasure should not require a confirmation once the user has
      triggered it. In Stretch this code was broken and we were
      relying on this. But the Buster upgrade of this code has
      repaired it, so I sometimes see that prompt. This might also
      explain some issues such as #16312.
    - AppArmor: allow cups-brf, driverless, and gutenprint53+usb
anonym's avatar
anonym committed
305
306
307
308
309
310
311
312
313
      printer backends (Closes: #15030). Technically, cups-brf and
      driverless are not third-party and should be confined more
      strictly with "ixr", under the cupsd profile. But I don't know
      how to to test these backends and confining them more strictly
      may break them.  Anyway, that's an upstream matter: the purpose
      of our Tails-specific patch is to replace the third party
      backends /usr/lib/cups/backend/* catch all rule, that doesn't
      work for us, and not to keep the list of backends which come
      with CUPS up-to-date.
anonym's avatar
anonym committed
314
315
316
317
318
319
320
321
322
323
    - Make export_gnome_env() exit early if gnome-shell isn't running.
      Without this e.g. the automated test suite, which will call
      export_gnome_env() before gnome-shell is running, will have its
      journal polluted with errors about this. This is not the first
      time I see this and get worried and waste minutes investigating,
      so let's just fix it.

  * Build system
    - Bump VM_MEMORY_BASE to 2048M. With the previous 1024M setting,
      the squashfs preparation gets OOM-killed.
anonym's avatar
anonym committed
324
    - Limit the memory used by mksquashfs to 512M (Closes: #16177). By
anonym's avatar
anonym committed
325
326
327
328
329
330
331
332
333
334
335
336
337
338
      default mksquashfs will use 25% of the physical memory. So when
      we use the "ram" build option, build in a VM with 13GB of RAM,
      of which up to 12G is supposed to be used by the build tmpfs,
      mksquashfs will try using 13/4 = 3.25G of memory. And then it
      will get reaped by the OOM killer more or less occasionally
      depending on how much space is really used in the build tmpfs
      and how much memory the rest of the system is using. So let's
      limit the memory used by mksquashfs to 50% of the memory we
      allocate to the build VM, excluding the part of it that we
      expect tmpfs data to fill. In passing, the fact mksquashfs does
      not get killed every time suggests that our current
      BUILD_SPACE_REQUIREMENT value exceeds the real needs of a build:
      a value around 10 or 11G should be enough. But that will be for
      another commit.
anonym's avatar
anonym committed
339
340
    - Use xz with default settings to compress non-release SquashFS
      (refs: #16177). squashfs-tools 1:4.3-11, used to build
anonym's avatar
anonym committed
341
342
343
344
345
346
347
348
349
      feature/buster, does not consistently honor the value passed to
      -mem: the xz compressor does but at least the gzip and lzo ones
      don't. This makes the build often fail because mksquashfs gets
      reaped by the OOM-killer. Our only other option is currently to
      bump the build VM memory a lot, which is going to be painful on
      developers' systems and might not be an option on Jenkins. So
      let's fall back to xz with default settings (not the crazy slow
      but efficient we use at release time) when building non-release
      images.
anonym's avatar
anonym committed
350
351
    - Rename the "gzipcomp" build option to "fastcomp". What matters
      in the "user" interface is not the exact algorithm that's used,
anonym's avatar
anonym committed
352
353
354
355
356
357
      it's the fact it's supposed to be faster than the compression
      settings we use to build releases. We may have to changes these
      fast(er) settings occasionally, possibly to use a non-gzip
      algorithm. So let's keep supporting "gzipcomp" for backward
      compatibility but stop documenting it. Instead, support and
      document "fastcomp".
anonym's avatar
anonym committed
358
359
360
    - Add the vmproxy+extproxy build option. When enabled, use the
      vmproxy but configure it to in turn use the exproxy set via the
      http_proxy environment variable.
anonym's avatar
anonym committed
361
362
363
    - Support the case when we don't ship a custom AppArmor feature
      set. Let's keep this sanity check for the times when we do ship
      a custom feature set, but building an ISO without a custom one
anonym's avatar
anonym committed
364
      should remain supported. (Closes: #15149)
anonym's avatar
anonym committed
365
366
367
368
369
    - Don't remove packages whose deinstallation removes most of the
      system; don't explicitly remove packages that are taken care of
      by "apt-get autoremove" already. On Buster, removing dpkg-dev
      or make deinstalls python3, gnome-shell and more.
    - Install all "Priority: standard" packages via an explicit
anonym's avatar
anonym committed
370
      packages list instead of via --tasks (Closes: #15690). This will
anonym's avatar
anonym committed
371
372
373
374
      make it easier to remove some of these packages from the list of
      those that should be installed in the first place, as opposed to
      letting them be installed by tasksel only to uninstall them
      later. I've seeded tails-000-standard.list with the output of:
anonym's avatar
anonym committed
375
      tasksel --task-packages standard | sort … run on a clean Buster
anonym's avatar
anonym committed
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
      system. Also:
       * live-build forcibly translates --packages-lists="standard"
         into "tasksel install standard", so to make this change
         effective we also need to switch to "--packages-lists
         minimal" or "--packages-lists none". The former has
         problematic side-effects so let's use the latter.
       * Add to tails-common.list some of the packages that were
         previously installed automatically, e.g. via live-build's
         lists/standard → lists/minimal.

  * Test suite
    - Tons of tiny updates for the Stretch → Buster transition, mainly
      updated reference images, but also a few other trivial changes
      (e.g. close with Alt+F4 instead of menu, or vice versa) due to
      changes in applications.
anonym's avatar
anonym committed
391
    - Drop test case about migrating from a Jessie-area persistent
anonym's avatar
anonym committed
392
393
394
395
      volume. If our code happens to support Tails 2.x → 4.x upgrades
      without going through 3.x, fine. But let's not spend cycles in
      our CI to guarantee this.
    - Revert "Test suite: add backward compatibility with redir <
anonym's avatar
anonym committed
396
397
398
399
      3.0." We don't support running the test suite on Jessie anymore.
    - Adjust dhclient listening address for Buster.
    - Bump timeout for poweroff from 3 to 10 minutes (Refs: #16312).
    - Adjust dogtail patterns for gobby test (Closes: #16335). With the
anonym's avatar
anonym committed
400
401
402
      gobby upgrade from 0.5.0 to 0.6.0 pre-series, the case changed a
      little for a menu item and the window it leads to.
    - Update key shortcut to close seahorse's Preferences window
anonym's avatar
anonym committed
403
404
405
406
407
408
      (Closes: #16341). The Close button is gone from the
      Preferences window in the buster version of the seahorse
      package, making it impossible to close that window. Switch to
      sending ESC instead of Alt-C.
    - Update MAT test case for MAT2 (Closes: #16623).
    - Add debug logging for when we call Sikuli. When following a
anonym's avatar
anonym committed
409
410
411
      (debug) log live (through `--format debug`) I find this change
      useful to know what is going on *right now* since Sikuli only
      reports what it has done after it is done.
anonym's avatar
anonym committed
412
    - Be more careful when finding ASP notifications. For some reason
anonym's avatar
anonym committed
413
      both the label and button has a "weird" invisible (despite
anonym's avatar
anonym committed
414
      `showingOnly`) twin located just below the Applications
anonym's avatar
anonym committed
415
416
417
      menu. So let's make some extra effort to actually find the real
      notification, and then look for the label and button among its
      children.
anonym's avatar
anonym committed
418
    - Remove obsolete method. Display::take_screenshot() hasn't
anonym's avatar
anonym committed
419
      existed for years.
anonym's avatar
anonym committed
420
    - Remove workaround "Desktop icons are sometimes not shown" (Refs:
anonym's avatar
anonym committed
421
      #13461)
anonym's avatar
anonym committed
422
    - Wait longer between search steps in the GNOME Overview. On
anonym's avatar
anonym committed
423
424
425
426
427
428
429
430
431
432
433
434
435
      jenkins.lizard  which was under high load at that time  I've
      seen failures while starting GNOME Terminal from the Overview,
      where:
       - The debug log claims we did type "c", waited 1 second, then
         typed "ommandline", then slept another 1 second, then pressed
         Enter. I.e. just as the code says.
       - The video shows that GNOME Shell did pick up "c", which
         selected the first search result ("Configure Persistent
         Volume"), but then there's no trace of typing "ommandline".
         So I suspect that "ommandline" was lost because GNOME Shell
         was still busy, somehow. Let's sleep a bit longer before
         these steps, to give GNOME Shell a better chance to recover
         and notice keyboard input.
anonym's avatar
anonym committed
436
437
438
    - Log exceptions thrown in generated (i.e. snapshot) steps (Refs:
      #16747). Hopefully this will help us track down these elusive
      exceptions.
anonym's avatar
anonym committed
439
440
    - Extend waiting time for additional software to be installed.
    - Sometimes we need more more time to load a page over tor.
anonym's avatar
anonym committed
441
442
443
444
445
    - Remove useless TailsUpgraderApplyingUpgrade.png. The "progress
      prompt" it was used for just flashes by and can easily be
      missed. There is no reason at all to wait for it since the only
      two final outcomes are success or failure, which we already look
      for.
anonym's avatar
anonym committed
446
447
448
449
    - debug_log() when we save/restore snapshots. These actions can
      take a long time (especially saving snapshots on a system under
      load) and can make it appear like if the test suite has gotten
      stuck for those following the debug log.
anonym's avatar
anonym committed
450
451
    - Don't rely on mtimes from Debian packages we download, to
      indicate which one has the biggest version (Closes: #16819).
anonym's avatar
anonym committed
452
453
454
455
      These mtimes are copied from the HTTP server where APT downloads
      packages from, which contradicts our assumption that the newest
      file must be the one with the biggest version. Instead we use ls
      to sort by version number, to pick the biggest version.
anonym's avatar
anonym committed
456
457
458
    - Only send TAB every second to get the syslinux kernel
      command-line (Closes: #16820). Our syslinux has a timeout of 5s so
      sending TAB every second should be enough to guarantee we do
anonym's avatar
anonym committed
459
      open the kernel command line. As anonym reported, "the spammer
anonym's avatar
anonym committed
460
461
462
463
      makes the splash show for significantly longer: I've seen >10x,
      so the boot splash never managed to appear, which is worrying".
    - Drop workaround to make the TAB spammer compatible with the UEFI
      firmware (Closes: #16820). As reported by anonym on #16820, and
anonym's avatar
anonym committed
464
465
466
467
      confirmed by my testing, pressing TAB doesn't seem to open the
      UEFI configuration, so the very reason why we had this
      workaround is gone.

anonym's avatar
anonym committed
468
469
470
  * Adjustments for Debian 10 (Buster) with no or very little user-visible impact
    - Adjust APT sources and pinning for Buster.
    - Refresh and unfuzzy patches for Buster.
anonym's avatar
anonym committed
471
    - Pass --ellipsize to zenity (refs: #16286). This fixes dialog
anonym's avatar
anonym committed
472
      width and height on Buster.
anonym's avatar
anonym committed
473
    - Update expected /etc/passwd and /etc/group for Buster.
anonym's avatar
anonym committed
474
475
476
477
    - Display TopIcons systray on the left of the system menu (Refs:
      #14796).
    - Remove apparmor-adjust-freedesktop-abstraction.diff patch,
      merged upstream in apparmor. The
anonym's avatar
anonym committed
478
479
      9d8b6f4dbd8a04470490ae2bfd52044906abd7f6 commit (first appeared
      upstream in apparmor v2.13.1) implements this change in a
anonym's avatar
anonym committed
480
      generic way.
anonym's avatar
anonym committed
481
482
    - Adjust hook to the fact the Dovecot AppArmor profiles are not
      shipped in /etc anymore.
anonym's avatar
anonym committed
483
484
485
    - Import iuk.git's feature/buster branch at commit 919335e
      (Closes: #16286).
    - Enable desktop-icons gnome-shell extension (Closes: #16283).
anonym's avatar
anonym committed
486
    - Add autostart script to have gnome-shell trust desktop icons
anonym's avatar
anonym committed
487
      (Closes: #16283). Various conditions must be met for gnome-shell
anonym's avatar
anonym committed
488
489
490
      to make desktop icons launchable, including file
      permissions. But the GIO metadata::trusted setting is also
      needed, and can apparently only be set from an opened session,
anonym's avatar
anonym committed
491
      so let's set the right things with an autostart script.
anonym's avatar
anonym committed
492
493
494
495
    - Drop code that sets the cursor to "WATCH" (hourglass) after
      logging in (Closes: #16305) This fixes "GDM's GNOME Shell floods
      the Journal with XFIXES/cursor issues on Buster" by importing
      the relevant bits of greeter:feature/buster's commit abad17b6.
anonym's avatar
anonym committed
496
497
498
499
    - Remove 8 development packages that are not part of Tails 3.11 so
      we probably don't need to ship them in Tails 4.0 either (Closes:
      #16272).
    - Completely get rid of Qt4 (Closes: #15182).
anonym's avatar
anonym committed
500
501
    - SSH client: remove obsolete CompressionLevel setting (Closes:
      #16320).
anonym's avatar
anonym committed
502
503
504
    - Removing /usr/share/live/config/xserver-xorg/intel.ids (Closes:
      #14991). Let's hope the graphics hardware issues we fixed via
      that file is fixed no.
anonym's avatar
anonym committed
505
    - Adjust Onion Grater and AppArmor configuration for OnionShare
anonym's avatar
anonym committed
506
507
508
      1.3 (Closes: #16306).
    - Have OnionShare 1.3 connect to the system Tor via Onion Grater
      for the control port (Closes: #16306). By default, OnionShare
anonym's avatar
anonym committed
509
510
      1.3 will start its own tor process, which can't possibly work on
      Tails.
anonym's avatar
anonym committed
511
    - Don't install binutils-* (Closes: #16272). It wasn't in Tails 3.x
anonym's avatar
anonym committed
512
513
      and we have no reason to ship it in 4.0.
    - Install mat2 instead of the transitional mat package.
anonym's avatar
anonym committed
514
    - Don't suspend automatically (Closes: #16624)
anonym's avatar
anonym committed
515
    - tails-additional-software: Adjust arguments to
anonym's avatar
anonym committed
516
      tails-persistence-setup (Closes: #16622). It seems like the perl
anonym's avatar
anonym committed
517
518
519
      library which previously nicely handled the tps command-line
      arguments now doesn't support taking dashes instead of
      underscores anymore.
anonym's avatar
anonym committed
520
    - Start tails-unblock-network in a blocking way (Closes: #16620)
anonym's avatar
anonym committed
521
522
523
524
      This reverts commit 59e99c51f15ab9e756e287acb03b4d3a91ca1dd2 in
      greeter.git. NetworkManager starting at the same time as GNOME
      Shell makes things racy: the Wi-Fi password prompt is sometimes
      not displayed (unreproduce on Debian Buster Live).
anonym's avatar
anonym committed
525
526
    - Patch ibus to fix an issue that prevented the on-screen keyboard
      from displaying in Tails Greeter (Closes: #16291).
anonym's avatar
anonym committed
527
528
529
    - oniongrater: give onioncircuits empty STATUS_SERVER events.
      Connection to STATUS_SERVER events is required by stem 1.7
      connect() function, but we actually don't need them, so let's
anonym's avatar
anonym committed
530
531
532
533
      suppress them (Closes: #16626).
    - Fix GNOME bookmarks file for Buster (Closes: #16629).
    - Build VeraCrypt packages with our patches applied for Buster
      (Closes: #16634).
anonym's avatar
anonym committed
534
    - Avoid new "render" group stealing a GID we have already
anonym's avatar
anonym committed
535
      statically allocated to another group (Closes: #16649) With the
anonym's avatar
anonym committed
536
537
538
539
540
541
      systemd 241-1~bpo9+1 → 241-3~bpo9+1 upgrade, udev.postinst now
      creates a "render" system group, which shifts GIDs and makes our
      devel branch FTBFS.
    - update-acng-config: add support for 4.x and 5.x, drop 2.x. We
      won't build 2.x releases anymore but we'll start building 4.x
      from this branch soon.
anonym's avatar
anonym committed
542
    - Restore Plymouth theme to "text" (Closes: #16743). The default
anonym's avatar
anonym committed
543
544
545
546
      theme in Buster ("futureprototype") is Debian-branded and thus
      unsuitable for Tails. Let's revert to the one we use in Tails
      3.x.
    - Stop installing caribou and libcaribou*: they're not used by
anonym's avatar
anonym committed
547
      GNOME Shell in Buster anymore (Closes: #16628)
anonym's avatar
anonym committed
548
    - Allow read access to /etc/machine-id in the AppArmor profile for
anonym's avatar
anonym committed
549
550
551
552
553
554
555
556
      Thunderbird (Closes: #16756). It breaks access to the D-Bus
      service where the GNOME on-screen keyboard listens on Buster.
    - Fix screen locker not working in Buster (Closes: #16763).
    - Hide lstopo in the Applications menu (Closes: #16797). It's
      pulled as a dependency by aircrack-ng but is probably not useful
      to the vast majority of Tails users.
    - Hide nm-connection-editor in the Applications menu (Closes:
      #16798). We still need the network-manager-gnome package that
anonym's avatar
anonym committed
557
558
559
      installs this .desktop file (for details, see
      commit:40290be3651eaa6f08346231aef80eddd8b33c64), but there's no
      reason to expose it directly to users.
anonym's avatar
anonym committed
560
561
562
563
564
565
566
    - TorStatus: call our custom destructor to avoid a use-after-free
      crashing GNOME Shell (Closes: #16791). It was ported to an ES6
      class in the process.
    - Copy dmidecode to initramfs (Closes: #16857). On Buster,
      partprobe complains if dmidecode is missing. It's not clear what
      the consequences are, at least it doesn't cause partprobe to
      exit with an error status code - but it's cheap to just copy
anonym's avatar
anonym committed
567
      dmidecode to the initramfs.
anonym's avatar
anonym committed
568
    - Adjust path for webext-ublock-origin 1.19.0+dfsg-2 (Closes:
anonym's avatar
anonym committed
569
570
      #16858).
    - Update Tor Browser AppArmor profile to take into account new
anonym's avatar
anonym committed
571
572
      uBlock installation path (Closes: #16858).
    - Disable the uBlock logger sidebar. This  brings back
anonym's avatar
anonym committed
573
      the hack we had before we removed it in #16206. Without this,
anonym's avatar
anonym committed
574
      the uBlock logger sidebar is displayed.
anonym's avatar
anonym committed
575
576
577
578
579
580
581
582
583
    - Reintroduce the same APT pinning as we use in 3.x for uBlock.
      Granted, the version from Buster should probably be sufficient
      right now, but it probably won't be once Tor Browser gets
      updated to a future major Firefox ESR. And in the meantime,
      this pinning discrepancy between devel and feature/buster makes
      it harder to maintain our patch against
      /usr/share/webext/ublock-origin/js/background.js.
    - Drop obsolete libdesktop-notify-perl patches: they were merged
      upstream.
anonym's avatar
anonym committed
584
    - Use X.Org in amnesia's GNOME session (Closes: #12213). Since a
anonym's avatar
anonym committed
585
586
      few months gdm3 defaults to Wayland in Debian testing/sid, just
      like upstream. But we're not ready yet.
anonym's avatar
anonym committed
587
588
589
590
591
592
    - Adjust Greeter's gdm-tails.session for Buster (Closes:
      #12551). This should ultimately be applied in greeter.git, but
      let's deal with it as a patch for now to avoid having to
      maintain two parallel branches of the Greeter.
    - Patch udisks2 and libblockdev and fix Tails Installer to repair
      USB boot on Buster (Closes: #14809).
anonym's avatar
anonym committed
593
594
595
    - Install gnome-user-docs directly instead of the gnome-user-guide
      transitional package.
    - Install the "crypto" libblockdev plugin (Closes: #14816). It's
anonym's avatar
anonym committed
596
      needed by recent udisks to do crypto operations.
anonym's avatar
anonym committed
597
    - Use ConditionUser=1000 instead of manually testing the output of
anonym's avatar
anonym committed
598
      `id -u' in some of our systemd services.
anonym's avatar
anonym committed
599
600
601
602
603
604
605
    - Have debootstrap install gnupg when setting up the chroot.
      Otherwise the build fails after debootstrap has done its job and
      live-build tries to use apt-key.
    - Don't try to install the obsolete gnome-search-tool package.
      It's been removed from testing/sid by its maintainers:
      https://bugs.debian.org/885975
    - Don't try to retrieve syslinux.exe from the syslinux source
anonym's avatar
anonym committed
606
607
608
609
610
      package. Since syslinux 3:6.03+dfsg1-1 this file is (rightfully)
      not included anymore in the Debian source package.  This commit
      is meant to fix the feature/buster ISO build. We of course need
      to find a proper solution, which is what #15178 is about.
    - Drop our pinned AppArmor feature set (Closes: #15149). On current
anonym's avatar
anonym committed
611
612
613
614
615
616
617
618
619
620
      Buster the AppArmor package pins to the Linux 4.14.13-1 feature
      set and I expect it'll keep pinning something that should work
      with the policy shipped in Buster.
    - Drop Stretch-specific workaround. This essentially workarounds
      4f8b50afb10a1ce1faf7645971bc020d2eb5d7dd,
      3e2d8a6a025b86f8191d125783ad507c57171bad and
      d56633a3089e5b177e07c2888442745557772f42.
    - Disable the usr.bin.man AppArmor profile. On Buster it breaks
      apparmor.service due to "profile has merged rule with
      conflicting x modifiers" that's most likely caused by the "/**
anonym's avatar
anonym committed
621
622
623
624
      mrixwlk" rule vs. our tweaks for aufs support.
    - Import files (from gksu 2.0.2-9+b1) needed for the Root Terminal
      into Git instead of fetching the package and extracting them at
      build time.
anonym's avatar
anonym committed
625
626
627
628
629
630
631
    - Use orca's current package name instead of pre-Buster
      transitional one.
    - Stop explicitly installing gstreamer1.0-pulseaudio. This was
      needed on Jessie due to Debian#852870 which was fixed in
      Stretch.
    - Drop adwaita-qt4: it was removed from Debian sid and won't be in
      Buster.
anonym's avatar
anonym committed
632
    - Disable man-db.timer on Buster (Closes: #16631)
633
634
    - Fix invalid seq range in update-acng-config so we geberate proper
      rules for Tails 4.x and 5.x.
anonym's avatar
anonym committed
635

anonym's avatar
anonym committed
636
 -- Tails developers <tails@boum.org>  Wed, 07 Aug 2019 20:30:15 +0200
anonym's avatar
anonym committed
637

638
tails (3.16) unstable; urgency=medium
639

640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
  * Major changes
    - Upgrade Tor Browser to 8.5.5 (Closes: #16692).

  * Security fixes
    - Install Linux kernel from the Buster security repository (Closes: #16970).
      The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
      in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
      release. Let's instead track Buster (+ security) for the time being.
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
    - Upgrade Thunderbird to 60.8 (DSA-4482-1).
    - Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
    - Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
    - Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).

  * Bugfixes
    - Additional software: Improve/fix support for translations (Closes: #16601).
    - Rework the implementation for hiding TailsData partitions (Closes: #16789).
    - Adjust how tordate determines whether the clock is in a valid range,
      fixing issues with obfs4 (Closes: #16972).

  * Minor improvements and updates
    - Ship default upstream Tor Browser bookmarks, and remove our predefined
      bookmarks (Closes: #15895).
    - Hide the security level button in the unsafe browser (Closes: #16735).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Remove LibreOffice Math (Closes: #16911).
    - Website: Make sandbox page translatable (Closes: #16873).
    - Website: Only scrub HTML on blueprints (Closes: #16901).
    - Website: Point history & diff URLs to Salsa.

  * Build system
    - Bump APT snapshot of the torproject archive to 2019073103, and drop
      tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
    - Bump APT snapshot of the Debian archive to 2019080801 to get fixed
      firmware packages from sid instead of sticking to those from
      stretch-backports (Closes: #16728).
    - Enable the buster APT repository and install some packages from there:
      hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
    - Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
      Browser AppArmor profile accordingly (Closes: #16858).
    - Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
      0.3.2-1 (Closes: #16941).

  * Test suite
    - Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
    - Adjust both locale handling and reference pictures for the Unsafe
      Browser homepage (Closes: #17004).
    - Fix "Watching a WebM video over HTTPS" scenario on Jenkins
      (Closes: #10442).
    - Tag "Watching a WebM video" as fragile.
    - Make @check_tor_leaks more verbose (See: #10442).
    - Remove broken Electrum scenario since Electrum support is currently
      missing (Closes: #16421).
693

694
 -- Tails developers <tails@boum.org>  Tue, 03 Sep 2019 20:30:14 +0200
695

696
tails (3.15) unstable; urgency=medium
anonym's avatar
anonym committed
697

698
699
700
  * Major changes
    - Upgrade Tor Browser to 8.5.4 (Closes: #16691).
    - Upgrade Thunderbird to 60.7.2 (Closes: #16834).
anonym's avatar
anonym committed
701

702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
  * Security fixes
    - Upgrade Expat to 2.2.0-2+deb9u2 (DSA-4472-1).
    - Upgrade OpenSSL 1.0 to 1.0.2s-1~deb9u1 (DSA-4475-1).
    - Upgrade OpenSSL to 1.1.0k-1~deb9u1 (DSA-4475-1).
    - Upgrade Vim to 2:8.0.0197-4+deb9u3 (DSA-4467-1).

  * Bugfixes
    - Recompute CHS values for the hybrid MBR after first-boot
      repartitioning (Closes: #16389). Some legacy BIOS systems won't boot
      otherwise.
    - Strip debug symbols from the aufs kernel module smaller (refs: #16818).
      The primary target was getting the initramfs down under 32MB, hoping
      to repair boot of feature/buster on MacBookPro 8,1. In any cases,
      the user experience should be improved due to a faster boot for
      every user, and a shortened “black screen” duration (between the
      bootloader and the Plymouth splash screen).

  * Minor improvements and updates
    - Make “Unlock VeraCrypt Volumes” show an error message if locking
      fails (Closes: #15794).
    - Add support for booting Tails from a read only sdcard (fromiso),
      through Heads, allowing for measured boot on some tamper-evident
      hardware (https://github.com/osresearch/heads/issues/581).

  * Build system
    - Patch Thunderbird packages from Debian when building Tails images
      (Closes: #6156).
    - Improve tooling to maintain and update PO files (Closes: #15403),
      rewriting some tools and moving code to the jenkins-tools submodule.
    - Implement preliminary steps needed to make the ikiwiki PO plugin
      able to update PO files for languages that are disabled on the
      website (refs: #15355).
anonym's avatar
anonym committed
734

735
 -- Tails developers <tails@boum.org>  Tue, 09 Jul 2019 02:50:09 +0200
anonym's avatar
anonym committed
736

anonym's avatar
anonym committed
737
tails (3.14.2) unstable; urgency=medium
anonym's avatar
anonym committed
738

anonym's avatar
anonym committed
739
740
741
742
743
744
  * Security fixes
    - Upgrade Tor Browser to 8.5.3 (Closes: #16835).

  * Bugfixes
    - tails-screen-locker: Don't use dim-label style class
      (Closes: #16802).
anonym's avatar
anonym committed
745

anonym's avatar
anonym committed
746
 -- Tails developers <tails@boum.org>  Sun, 23 Jun 2019 11:52:49 +0200
anonym's avatar
anonym committed
747

anonym's avatar
anonym committed
748
tails (3.14.1) unstable; urgency=medium
749

anonym's avatar
anonym committed
750
751
752
753
754
755
756
757
758
759
760
  * Security fixes
    - Upgrade Tor Browser to 8.5.2-build1 (Closes: #16824).
    - Upgrade Thunderbird to 60.7.0 (Closes: #16742).
    - Upgraded Linux to 4.19.37-4 (Closes: #16823).

  * Bugfixes
    - Only probe for partitions on the boot device when setting up
      TailsData. Without arguments partprobe will scan all devices,
      and if it encounters a device it doesn't support (e.g. fake
      raid-0 arrays) it will return non-zero, thus aborting Tails'
      partitioning script, resulting in an unbootable install
sajolida's avatar
sajolida committed
761
      (Details: #16389).
anonym's avatar
anonym committed
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822

  * Minor improvements and updates
    - Upgrade tor to 0.4.0.5-1~d90.stretch+1, the first stable
      candidate in the 0.4.0.x series (Closes: #16687).
    - Completely disable IPv6 except for the loopback interface. We
      attempt to completely block it on the netfilter level but we
      have seen ICMPv6 "leaks" any way (related to Router
      Solicitation, see: #16148) so let's just disable it. We keep
      enabled on the loopback interface since some services depends on
      ::1 being up.
    - create-usb-image-from-iso: Use syslinux from chroot. We used the
      syslinux from the vagrant box before, which caused issues with
      when building Tails/Buster with a Stretch vagrant box and then
      cloning the image via Tails Installer with syslinux from Buster
      (Closes: #16748).
    - Set Tor Browser's homepage to https://tails.boum.org/home/testing/
      if building anything but a stable release. This page explains the
      dangers of using a non-stable release. (Closes: #12003)

  * Build system
    - auto/{build,config}:
      * consistently use fatal() to error out, and prefix its message
        with "E: " to help distinguish them from the noise produced by
        tools we call etc.
      * Similarly, also prefix informational message with "I: ".
      * drop support for GnuPG 1.x.
      * clone more build output to the log file.
      * Drop obsolete check for syslinux version. This version
        requirement is satisfied by Jessie and it is doubtful Tails
        would build in anything older.
      * auto/build: drop a few checks for conditions that are already
        satisfied in the supported build environments.
    - Revert "Build system: try to be smart again by fetching only the
      refs we need." This optimization overrides the trick we have on
      Jenkins (set_origin_base_branch_head in
      https://git.tails.boum.org/jenkins-jobs/tree/macros/builders.yaml),
      that ensures that a reproducibly_build_Tails_ISO_* job builds
      from the commit used by the first build. (Closes: #16730)

  * Test suite
    - Fix mistake with execute() vs spawn() when starting the upgrader.
    - Don't filter during pcap capture, instead let's just apply the
      same filtering when we are inspecting the pcap files. This way
      any pcap file saved on failure will include the full capture,
      and not just the packets sent by the system under testing, which
      sometimes makes it hard to understand what is going on.
    - Also include the content of /var/log/tor/log in $scenario.tor
      when tor failed to bootstrap (refs: #16793)
    - Don't flood the debug logger with tor@default's journal
      contents.
    - Power off system under testing after scenario. Until now we have
      relied on either one of the generated "snapshot restore" steps
      or the "[Given] a computer" step to implicitly stop the old VM
      when we move on to a new scenario. That meant the old VM was
      still running during the new scenarios @Before@ hooks. If the
      new scenario is tagged @check_tor_leaks that means we start its
      sniffer while the old VM is still running, possibly sending
      packets that then affect the new scenario. That would explain
      some myserious "Unexpected connections were made" failures we
      have seen (Closes: #11521).
    - Only accept IP(v6)/ARP during DHCP check.
823

anonym's avatar
anonym committed
824
 -- Tails developers <tails@boum.org>  Wed, 19 Jun 2019 15:29:07 +0200
825

826
tails (3.14) unstable; urgency=medium
anonym's avatar
anonym committed
827

828
829
830
831
832
833
  * Security fixes
    - Upgrade Linux to 4.19.0-5 from sid (Closes: #16708).
    - Enable all available mitigations for the Microarchitectural Data
      Sampling (MDS) attacks and disable SMT on vulnerable CPUs
      (Closes: #16720).
    - Upgrade Tor Browser to 8.5 (Closes: #16337, #16706).
anonym's avatar
anonym committed
834

835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
  * Bugfixes
    - Install Electrum 3.2.3-1 from our custom APT repository (Closes: #16708).
      The version in sid now displays a warning and exits, while 3.2.3-1 is
      still usable, in the rare cases when it manages to connect to the
      network, despite being affected by problematic phishing attacks which
      will only be solved once the package in Debian is updated to a newer
      upstream version.

  * Build system
    - Bump APT snapshot of the 'debian' archive to 2019051601, needed for
      the MDS mitigations.
    - Don't install the firmware-linux and firmware-linux-nonfree
      metapackages, as packages they pulled are already listed explicitly
      and one might run into version-related issues (Closes: #16708).

  * Minor improvements and updates
    - Remove some packages from the Tails image as their use is not
      widespread while consuming space for everyone. They can still be
      installed and upgraded through Additional Software (Closes: #15291).
      This includes: monkeysphere and msva-perl, gobby, hopenpgp-tools,
      keyringer, libgfshare-bin, monkeysign, paperkey, pitivi,
      pdf-redact-tools, pwgen, traverso, and ssss.
    - Fix missing translations in the Greeter (Closes: #13438).
    - Fix missing newline in unlock-veracrypt-volumes (Closes: #16696).
    - Port fillram to Python 3 (Closes: #15845).
    - Enable localization for new locales introduced in Tor Browser 8.5
      (Closes: #16637).
    - Re-introduce TopIcons GNOME Shell extension (Closes: #16709).
    - Improve internationalization of the Unlock VeraCrypt Volumes
      component (Closes: #16602).

  * Test suite
     - Make tails-security-check's SOCKS port test work when there's a live
       security advisory (Closes: #16701).
     - Make terminology more consistent.
anonym's avatar
anonym committed
870

871
 -- Tails developers <tails@boum.org>  Mon, 20 May 2019 18:52:04 +0200
anonym's avatar
anonym committed
872

intrigeri's avatar
intrigeri committed
873
tails (3.13.2) unstable; urgency=medium
874

875
  * Major changes
intrigeri's avatar
intrigeri committed
876
    - Replace all locale-specific fonts and standard X.Org fonts with
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
      the Noto fonts collection (Closes: #9956).
    - Install localization support packages for all tier-1 supported languages,
      and only those (Closes: #15807). Current tier-1 supported languages are:
      Arabic, German, English, Spanish, Farsi, French, Italian, Portuguese
      (Brazil), Russian, Turkish, Simplified Chinese, Hindi, Indonesian.
    - Disable the TopIcons GNOME Shell extension (Closes: #16608).
      This extension causes crashes (#11188), does not work on Wayland
      (#8309, #12213) so long-term, we need to remove it anyway.
      In order to learn how much our users rely on this extension and
      on OpenPGP Applet, let's disable this extension for one Tails release.
      While TopIcons is disabled (by default):
      · Users can still use OpenPGP Applet via the system tray in the bottom
        left corner of the desktop.
      · Users who do need TopIcons for other reasons can enable it again
        with 1 command line.
892

893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
  * Security fixes
    - Upgrade Tor Browser to 8.0.9 (Closes: #16694).
    - Upgrade to Debian Stretch 9.9 (Closes: #16670).
    - Upgrade Thunderbird to 60.6.1 (Closes: #16641).

  * Bugfixes
    - Fix Thunderbird account setup wizard (Closes: #16573).
    - Display poweroff and reboot buttons even when locked (Closes: #15640).
    - Disable emergency shutdown during suspend (Closes: #11729).
    - Provide feedback while starting Onion Circuits (Closes: #16350).
    - Associate .key files with Seahorse (Closes: #15213).
      This partially fixes importing OpenPGP keys from GNOME Files.
    - Don't show spurious notification about "TailsData" while setting
      up a persistent volume (Closes: #16632).

  * Minor improvements and updates
    - Add a suspend button to status-menu-helper (Closes: #14556).
    - status-menu-helper: clean up and refactor.
    - Drop CSS hacks for the uBlock log window (Closes: #16206).
    - Polish 04-change-gids-and-uids code style (Closes: #16322).
    - Create persistence.conf backup in a more robust manner (Closes: #16568).
    - Make the WhisperBack .desktop file translatable in Transifex
      (Closes: #6486).

  * Build system
    - Don't fail the build if Tor Browser supports new locales that we don't ship
      a spellchecking dictionary for (#15807).
    - Fix apt-cacher-ng cache shrinking (Closes: #16020).
    - Remove obsolete usr.bin.onioncircuits AppArmor profile (Closes: #12170).
      All Tails current branches now install onioncircuits 0.6-0.0tails1,
      which ships a more current AppArmor profile than the one we
      have in our own Git tree.
    - Install Electrum from sid (Closes: #16642).
    - Avoid new "render" group stealing a GID we have already statically
      allocated to another group (Closes: #16649).

  * Test suite
    - Disable tests about notifications in case of MAC spoofing failure:
      we have a well-known bug here and these tests do nothing but confirm
      it again and again, which brings no value and has a cost (#10774).
    - Clarify what WebM scenarios are fragile (#10442).
    - Avoid zombies by waiting for killed child processes to exit (#14948).

intrigeri's avatar
intrigeri committed
936
 -- Tails developers <tails@boum.org>  Sun, 05 May 2019 19:32:22 +0000
937

intrigeri's avatar
intrigeri committed
938
tails (3.13.1) unstable; urgency=medium
anonym's avatar
anonym committed
939

intrigeri's avatar
intrigeri committed
940
  * Security fixes
intrigeri's avatar
intrigeri committed
941
    - Upgrade Tor Browser to 8.0.8 (Closes: #16606, MFSA-2019-10).
intrigeri's avatar
intrigeri committed
942
    - Upgrade NTFS-3G to 1:2016.2.22AR.1+dfsg-1+deb9u1 (DSA-4413-1).
anonym's avatar
anonym committed
943

intrigeri's avatar
intrigeri committed
944
 -- Tails developers <tails@boum.org>  Fri, 22 Mar 2019 20:54:03 +0000
anonym's avatar
anonym committed
945

946
tails (3.13) unstable; urgency=medium
947

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
948
949
950
951
  * Major changes
    - Upgrade Linux to 4.19.28-1 (Closes: #16390, #16469, #16552).
    - Upgrade Tor Browser to 8.0.7 (Closes: #16559).
    - Upgrade Thunderbird to 65.1.0 (Closes: #16422).
952

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
953
954
955
956
957
  * Security fixes
    - Upgrade LDB to 2:1.1.27-1+deb9u1 (DSA-4397-1).
    - Upgrade OpenJPEG to 2.1.2-1.1+deb9u3 (DSA-4405-1).
    - Upgrade OpenSSL 1.0 to 1.0.2r-1~deb9u1 (DSA-4400-1).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u6 (DSA-4387-2).
958

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
959
960
961
962
963
964
965
966
967
968
969
970
971
  * Bugfixes
    - Upgrade tor to 0.3.5.8-1~d90.stretch+1 (Closes: #16348).
    - Ensure Additional Software doesn't try to download packages that are
      in persistent cache (Closes: #15957).
    - Improve chances of recovering a lost persistence configuration
      (Closes: #10976).
    - Tor Launcher: add langpacks to enable localization again
      (Closes: #16338).
    - Migrate away from buggy Chinese input method: switch from ibus-pinyin
      to ibus-libpinyin + ibus-chewing (Closes: #11292).
    - Fix crash in Whisperback when additional persistent APT repositories
      are configured (Closes: #16563).
    - Give visual feedback while starting Whisperback (Closes: #16333).
972

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
973
974
975
976
977
978
979
980
981
982
983
  * Minor improvements and updates
    - Add feedback when opening VeraCrypt Mounter (Closes: #16334).
    - Improve consistency in Additional Software's accessibility
      (Closes: #16110).
    - Fix missing accessibility support when opening a browser from a
      notification (Closes: #16475).
    - Refresh ublock-origin patch to apply cleanly on top of 1.18.4+dfsg-1
      (Closes: #16451)
    - Upgrade intel-microcode to 3.20180807a.2~deb9u1.
      Fixes CVE-2018-3615, CVE-2018-3620, CVE-2018-3646, CVE-2018-3639,
      CVE-2018-3640, CVE-2017-5753, CVE-2017-5754.
984

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
985
986
987
988
989
990
991
992
993
994
  * Build system
    - Lower memory requirements when building Tails by limiting the memory
      used by mksquashfs to 512M (Closes: #16177).
    - Remove obsolete check on Thunderbird addons (Closes: #16045).
    - Update Tails' APT GnuPG key expiration (Closes: #16420).
    - Optimize Git operations (share resources, fetch only the needed
      objects).
    - Clone submodules from the host's local repositories (Closes: #16476).
    - Drop useless manual initramfs update (Closes: #16452).
    - Add a sanity check on the size of the initramfs (Closes: #16452).
995

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
996
997
998
999
1000
1001
  * Test suite
    - Add automated tests for Additional Software GUI (Closes: #14576,
      #14596).
    - Add automated tests on the backup persistence configuration
      (Closes: #16461).
    - Adjust test for Thunderbird 60.5.1 (Closes: #16555).
1002

1003
 -- Tails developers <tails@boum.org>  Mon, 18 Mar 2019 23:40:50 +0100
1004

1005
tails (3.12.1) unstable; urgency=medium
anonym's avatar
anonym committed
1006

1007
  * Security fixes
1008
    - Upgrade Tor Browser to 8.0.6 (MFSA-2019-05; Closes: #16437).
1009
1010
1011
1012
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u5 (DSA-4381).
    - Upgrade cURL to 7.52.1-5+deb9u9 (DSA-4386).
    - Upgrade Qt 5 to 5.7.1+dfsg-3+deb9u1 (DSA-4374).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u5 (DSA-4387).
anonym's avatar
anonym committed
1013

1014
 -- Tails developers <tails@boum.org>  Tue, 12 Feb 2019 21:25:14 +0100
anonym's avatar
anonym committed
1015

anonym's avatar
anonym committed
1016
tails (3.12) unstable; urgency=medium
anonym's avatar
anonym committed
1017

1018
1019
1020
1021
1022
  * Major changes
    - Make the USB image the main supported way to install Tails (refs: #15292).
      On first boot, grow the system partition to a size that's a factor
      of the size of the boot medium and randomize GUIDs (Closes: #15319).
    - Upgrade Linux to 4.19, version 4.19.13-1 (Closes: #16073, #16224).
intrigeri's avatar
intrigeri committed
1023
1024
1025
      Fixes CVE-2018-19985, CVE-2018-19406, CVE-2018-16862, CVE-2018-18397,
      CVE-2018-18397, CVE-2018-18397, CVE-2018-18397, CVE-2018-19824,
      CVE-2018-14625.
1026
1027
1028
1029
    - Remove Liferea (Closes: #11082, #15776).
    - Upgrade to the Debian Stretch 9.6 point-release.

  * Security fixes
1030
    - Upgrade Tor Browser to 8.0.5 (MFSA-2019-02; Closes: #16388).
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
    - Upgrade Thunderbird to 60.4.0 (DSA-4362-1; Closes: #16261).
    - Upgrade OpenSSL to 1.0.2q-1~deb9u1 (DSA-4355-1).
    - Upgrade libarchive to 3.2.2-2+deb9u1 (DSA-4360-1).
    - Upgrade GnuTLS to 3.5.8-5+deb9u4 (CVE-2018-10844, CVE-2018-10845).
    - Upgrade libgd3 to 2.2.4-2+deb9u3 (CVE-2018-1000222, CVE-2018-5711).
    - Upgrade libmspack to 0.5-1+deb9u3 (CVE-2018-18584, CVE-2018-18585).
    - Upgrade libopenmpt to 0.2.7386~beta20.3-3+deb9u3 (CVE-2018-10017).
    - Upgrade libx11 to 2:1.6.4-3+deb9u1 (CVE-2018-14598, CVE-2018-14599,
      CVE-2018-14600).
    - Upgrade libxcursor to 1:1.1.14-1+deb9u2 (CVE-2015-9262).
anonym's avatar
anonym committed
1041
    - Upgrade NetworkManager to 1.6.2-3+deb9u2+0.tails1 (CVE-2018-15688).
1042
1043
    - Upgrade wpa to 2:2.4-1+deb9u2 (CVE-2018-14526).
    - Upgrade zeromq3 to 4.2.1-4+deb9u1 (CVE-2019-6250).
1044
1045
    - Upgrade APT to 1.4.9 (DSA-4371-1).
    - Upgrade GhostScript to 9.26a~dfsg-0+deb9u1 (DSA-4372-1).
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074

  * Bugfixes
    - Fix Totem's access to the Internet when it's started from the Applications
      menu.
    - Rename HTP pools to avoid confusion (Closes: #15428).
    - Fix memory erasure on shutdown with systemd v239+, by mounting
      a dedicated tmpfs on /run/initramfs instead of trying to remount /run
      with the "exec" option (Closes: #16097).
    - Make the KeePassX wrapper dialog translatable.
    - Fix detection of first Thunderbird run.

  * Minor improvements and updates
    - Upgrade tor to 0.3.4.9-1~d90.stretch+1.
    - Upgrade Mesa to 18.2.6-1~bpo9+1, libdrm to 2.4.95-1~bpo9+1,
      and libglvnd to 1.1.0-1~bpo9+1.
    - Upgrade firmware-linux and firmware-nonfree to 20190114-1.
    - Upgrade amd64-microcode to 3.20181128.1.
    - Upgrade intel-microcode to 3.20180807a.2~bpo9+1.
    - Remove the boot readahead feature (Closes: #15915).
      In most supported use cases, it did not improve boot time anymore,
      or even increases it.
    - Require TLS 1.2 in our Upgrader and tails-security-check (Closes: 11815).
    - Enable O_CREAT restriction in /tmp directories for FIFOs and regular
      files (Closes: #16072).
    - Upgrade systemd to 240-4~bpo9+0tails1 (Closes: #16352).
      Fixes CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866.
    - Upgrade Enigmail to 2.0.8-5~deb9u1 (Closes: #15657).
    - Upgrade Torbirdy to 0.2.6-1~bpo9+1 (Closes: #15661).
    - Modify Torbirdy configuration in a way that's easier to maintain.
intrigeri's avatar
intrigeri committed
1075
1076
    - Tell the user they need to use sudo when they attempt to use su
      (Closes: #15583).
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103

  * Build system
    - Make the build of the USB image reproducible (Closes: #15985).
    - Allow specifying which set of APT snapshots shall be used during
      the build, with the APT_SNAPSHOTS_SERIALS build option (Closes: #15107).
    - Fix more GIDs and display more information when changing UIDs or GIDs
      fails (Closes: #16036).
    - Remove obsolete patches, refresh remaining ones to apply on top
      of currently installed packages version.
    - Disable irrelevant recurring jobs in Vagrant build box (refs: #16177)
      that increase the chance of FTBFS due to mksquashfs being reaped
      by the OOM killer.
    - Adjust for recent GnuPG error'ing out when it has no controlling terminal.

  * Test suite
    - Adjust test suite for USB image:
      - Add tests that exercise behavior on first boot from a device
        installed using the USB image (Closes: #16003).
      - Drop tests for use cases we don't support anymore with the introduction
        of the USB image (refs: #16004).
      - Adjust remaining tests to focus on main supported use cases,
        i.e. Tails installed from a USB image (refs: #16004.
    - In scenarios where we simulate MAC spoofing failure, test safety-critical
      properties even if the desktop notification is buggy (refs: #10774).
    - Update expected title for our Redmine (Closes: #16237).
    - Update expected image for OpenPGP key search.

anonym's avatar
anonym committed
1104
 -- Tails developers <tails@boum.org>  Mon, 28 Jan 2019 13:26:26 +0100
1105

1106
tails (3.11) unstable; urgency=medium
1107

1108
1109
1110
1111
1112
1113
1114
1115
  * Security fixes
    - Upgrade Tor Browser to 8.0.4-build2 (Closes: #16193).
    - Upgrade Thunderbird to 60.3.0-1~deb9u1.0tails1 (Closes: #16118).
    - Thunderbird: unconditionally disable Autocrypt, as it is not safe in
      its current state (See: #15923, Closes: #16186).
    - Upgrade Linux to 4.18.20 and aufs to 4.18.11+-20181119
      (Closes: #16145).
    - Upgrade cURL to 7.52.1-5+deb9u8 (DSA-4331).
1116
    - Upgrade Ghostscript to 9.26~dfsg-0+deb9u1 (DSA-4336, DSA-4346).
1117
1118
1119
1120
1121
1122
1123
    - Upgrade Perl to 5.24.1-3+deb9u5 (DSA-4347).
    - Upgrade Policykit to 0.105-18+deb9u1 (DSA-4350).
    - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u4 (DSA-4345).
    - Upgrade OpenSSL to 1.1.0j-1~deb9u1 (DSA-4348).
    - Upgrade libtiff to 4.0.8-2+deb9u4 (DSA-4349).

  * Bugfixes
1124
1125
1126
1127
1128
1129
1130
    - Tails Upgrader:
      · Improve support for incremental upgrades to avoid issues with
        partially applied upgrades (Closes: #14754).
      · Add a prompt after the IUK has been downloaded so the user can
        control when the network will be disabled; previously this was
        done without users having a say, possibly leading to confusion and
        lost work (Closes: #15282).
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
    - Thunderbird: always set locale according to environment (Closes: #16113).

  * Minor improvements and updates
    - Remove packages which were needed for getTorBrowserUserAgent
      (Closes: #16024).
    - Fix persistence configuration window opening on full screen
      (Closes: #15894).
    - Time sync: don't temporarily increase tor's log level when using
      bridges/PTs (Closes: #15743).
    - Warn about non-free software depending on the host operating system
      and/or virtualization stack (Closes: #16195).

  * Build system
    - Create USB image after building the ISO, and include it in build
      artifacts (Closes: #15984, #15985, #15990).
    - Release process: adapt to IDF v2 (Closes: #16171).

  * Test suite
    - Add new Using "VeraCrypt encrypted volumes" feature, with scenarios
      split into two parts: "Unlock VeraCrypt Volumes" and "GNOME Disks"
      (Closes: #14469, #14471, #15238, #15239).
    - Reintroduce "Clock is one day in the future in bridge mode" test
      (Closes: #15743).
    - Make starting apps via GNOME Activities Overview more robust
      (Closes: #13469).
    - Check for "Upgrading the system" and adjust to "Upgrade successfully
      downloaded" new UI (See: #14754, #15282).
1158

1159
 -- Tails developers <tails@boum.org>  Mon, 10 Dec 2018 20:37:06 +0100
1160

1161
tails (3.10.1) unstable; urgency=medium
1162

Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
1163
  * Declare that Enigmail is compatible with Thunderbird 60.*.
1164

1165
 -- Tails developers <tails@boum.org>  Tue, 23 Oct 2018 01:30:00 +0200
1166

1167
tails (3.10) unstable; urgency=medium
anonym's avatar
anonym committed
1168

1169
1170
1171
1172
1173
  * Security fixes
    - Harden sudo config to avoid potential future privilege escalation
      (Closes: #15829).
    - Upgrade Linux to 4.18 and aufs to 4.18-20181008 (Closes: #15936).
    - Upgrade the snapshot of the Debian archive to 2018100901 accordingly.
1174
    - Upgrade Tor Browser to 8.0.3-build1 (Closes: #16067).
1175
    - Upgrade Thunderbird to 60.2.1 (Closes: #16037).
1176
1177
1178
1179
1180
1181
1182
1183

  * Bugfixes
    - Fix installation of mesa/stretch-backports by installing libwayland*
      from stretch-backports (Closes: #15846).
    - Tor Browser AppArmor profile patch: update to apply cleanly on top
      of torbrowser-launcher 0.2.9-5.
    - Additional Software: fix issues spotted during the code review
      (Closes: #15838).
1184
1185
    - Additional Software: make sure to offer persistence only for newly
      installed packages, avoiding inconsistency (Closes: #15983).
1186
1187
1188
1189
1190
1191
1192
    - Improve button labels in confirmation dialogs of the Tails installer
      (Closes: #11501).
    - Hardcode User Agent in htpdate.user-agent (Closes: #15912), as the
      Tor Browser doesn't expose it anymore.
    - Fix encoding-related crashes in Tails Installer (Closes: #15166).
    - Set the Firefox preferences to spoof English, to avoid leaking
      information about locale settings (Closes: #16029).
1193
1194
1195
1196
    - VeraCrypt: Hide PIM entries in GNOME Shell and Disks, since a newer
      cryptsetup would be needed (Closes: #16031).
    - VeraCrypt: Fix support for multiple encryption, by iterating over
      all children in the device-mapper tree (Closes: #15967).
1197
1198
1199
    - Update translations.

  * Minor improvements and updates
1200
1201
    - Add dmsetup and losetup output in WhisperBack reports to help debug
      VeraCrypt-related issues (Closes: #15966).
1202
1203
1204
1205
1206
    - Let AppArmor allow access to /usr/local/share/mime, reducing noise
      in logs due to many DENIED entries (Closes: #15965).
    - Use proper stem.connection module in onion-grater instead of trying
      to read the auth cookie manually: that's fragile and breaks some use
      cases (e.g. custom auth cookie).
1207
    - Unlock VeraCrypt Volumes: Improve internationalization support.
1208
1209
1210
1211
1212
1213

  * Test suite
    - Ensure the test suite doesn't break when changing the headline of
      /home (Closes: #12156).
    - Update test suite for updated button labels in confirmation dialogs
      of the Tails installer (Closes: #11501).
anonym's avatar
anonym committed
1214

1215
 -- Tails developers <tails@boum.org>  Tue, 23 Oct 2018 01:30:00 +0200
anonym's avatar
anonym committed
1216

anonym's avatar
anonym committed
1217
tails (3.9.1) unstable; urgency=medium
1218

1219
1220
  * Security fixes
    - Upgrade Tor Browser to 8.0.2, based on Firefox 60.2.1 (Closes: #16017).
anonym's avatar
anonym committed
1221
1222
    - Upgrade Thunderbird to 60.0-3~deb9u1.0tails2 (Closes: #15959). Also
      imported the same security fixes that caused Tor Browser 8.0.2.
1223
1224
1225
1226
1227
1228
1229
1230
1231
    - Upgrade curl to 7.52.1-5+deb9u7 (DSA-4286).
    - Upgrade Ghostscript to 9.20~dfsg-3.2+deb9u5 (DSA-4294).
    - Upgrade libarchive-zip-perl to 1.59-1+deb9u1 (DSA-4300).
    - Upgrade libkpathsea6 to 2016.20160513.41080.dfsg-2+deb9u1 (DSA-4299).
    - Upgrade LittleCMS 2, aka. liblcms2-2, to 2.8-4+deb9u1 (DSA-4284).
    - Upgrade Python 2.7 to 2.7.13-2+deb9u3 (DSA-4306).
    - Upgrade Python 3.5 to 3.5.3-1+deb9u1 (DSA-4307).

  * Bugfixes
anonym's avatar
anonym committed
1232
1233
1234
    - Make Thunderbird translated in non-English locales via
      intl.locale.requested, which works correctly since 60.0-3
      (Closes: #15942).
1235
1236
1237
    - Totem: backport AppArmor profile fix to allow opening the help
      (Closes: #15841)
    - Remove mutt, that was accidentally installed in 3.9 (Closes: #15904).
sajolida's avatar
sajolida committed
1238
    - Fix VeraCrypt volumes not being opened in GNOME Files (Closes: #15954).
1239
1240
1241
1242
1243
1244
1245
    - Fix displaying the "General" section in the Tor Browser preferences
      (Closes: #15917).
    - Fix APT pinning at Tails runtime for our custom APT repository
      and for Debian backports (Closes: #15837, #15973).

  * Minor improvements and updates
    - Upgrade tor to 0.3.4.8-1~d90.stretch+1 (Closes: #15889).
1246

anonym's avatar
anonym committed
1247
 -- Tails developers <tails@boum.org>  Wed, 03 Oct 2018 12:12:33 +0200
1248

intrigeri's avatar
intrigeri committed
1249
tails (3.9) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
1250

intrigeri's avatar
intrigeri committed
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
  * Major changes
    - Upgrade Tor Browser to 8.0 (Closes: #15803, #15907).
      Notable user-visible changes and relevant details:
      · Adjust to the fact Tor Browser 8.0a10 replaces firefox with a wrapper.
      · Don't use the bundled copy of libstdc++.so.6, ours is recent enough.
      · Drop obsolete Torbutton prefs (Closes: #15706).
      · Switch back to 128px icons (Closes: #15081).
      · AppArmor profile: take into account new Firefox binary path.
    - Upgrade Thunderbird to 60.0 (Closes: #15792).
      Notable user-visible changes and relevant details:
      · AppArmor profile: patch to avoid conflicting x modifiers for ps(1).
    - Upgrade tor to 0.3.4.7-rc (Closes: #15772).

  * Security fixes
    - Upgrade Linux to 4.17.17-1 and intel-microcode to 3.20180807a.1
      This fixes CVE-2018-3620 aka. Foreshadow aka. L1 Terminal Fault
      (Closes: #15796).
    - Upgrade OpenSSH to 1:7.4p1-10+deb9u4 (DSA-4280).

  * Bugfixes
    - Fix Totem on Intel graphics cards by inlining the backported mesa
      and dri-enumerate abstractions into its AppArmor profile: they are needed
      with recent Mesa and libdrm (Closes: #15821). Regression introduced
      in 3.9~rc1.
    - Fix unlocking "hidden" TrueCrypt/VeraCrypt volumes via GNOME Shell
      (Closes: #15843).
    - Fix confusing error message when unlocking TrueCrypt/VeraCrypt volumes
      (Closes: #15733).
    - Revert to Stretch's X.Org nouveau video driver (Closes: #15833).
      It seems that the regression brought by the upgraded one
      is worse than the improvements reported after our call for testing.
      Regression introduced in 3.9~rc1.
    - Use the intel X.Org driver for Intel Corporation UHD Graphics 620.
    - Fix regressions introduced in 3.9~rc1 in/by Additional Software Packages:
      · Don't break new empty persistence configuration files creation when
        permissions are incorrect (Closes: #15802).
      · Fix UX when the user has specified a distribution or version
        for a given package in their live-additional-software.conf
        (Closes: #15822).
      · Don't show installation notifications on upgrade (Closes: #15879).
    - Make more Additional Software Packages strings translatable in the
      configuration dialog and PolicyKit messages.

  * Minor improvements and updates
    - Upgrade firmware-nonfree to 20180825-1.
    - Update the deb.torproject.org APT repository signing key.
    - Unlock VeraCrypt Volumes: add disclaimer (Closes: #15849).

  * Test suite
    - Update Thunderbird test suite for 60.0 (Closes: #15791).
    - Fix various robustness issues.
    - Make the Chutney nodes use a higher V3AuthVotingInterval to make client
      bootstrap more robust (Closes: #15799).
    - Update the Tor Launcher binary path.
    - Adjust to the fact "New Circuit for this Site" is now in the site
      information and not under the Torbutton anymore.
    - Delete unused images.
intrigeri's avatar
intrigeri committed
1308

intrigeri's avatar
intrigeri committed
1309
 -- Tails developers <tails@boum.org>  Tue, 04 Sep 2018 12:15:43 +0000
intrigeri's avatar
intrigeri committed
1310

intrigeri's avatar
intrigeri committed
1311
tails (3.9~rc1) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
1312

intrigeri's avatar
intrigeri committed
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
  * Major changes
    - Integrate the Additional Software Packages feature into the desktop
      and revamp the interface of "Configure Persistent Volume".
    - Support TrueCrypt/VeraCrypt encrypted volumes on the desktop.
    - Upgrade Tor Browser to 8.0a9, based on Firefox 60 ESR (Closes: #15023).
      Notable user-visible changes and relevant details:
      · Drop search engine customization and stick to Tor Browser's defaults.
      · Upgrade uBlock Origin to its WebExtension version and now rely
        on the filter lists shipped in the Debian package.
      · Tweak the number of web content processes to work better with 2 GiB
        of RAM (Closes: #15716).
      · Revamp how we're handling our custom prefs, drop obsolete ones,
        reduce our delta with pristine Tor Browser.
    - Upgrade Thunderbird to 60.0b10 (Closes: #15091). Notable details:
      · Install Torbirdy 0.2.5 from stretch-backports and drop our patches
        that were merged upstream.
      · Enable the optional part of the fixes for EFAIL (Closes: #15602).
    - Upgrade Linux to 4.17 (Closes: #15763).
    - Upgrade tor to 0.3.4.6-rc (Closes: #15770).
    - Upgrade to Debian Stretch 9.5.
bertagaz's avatar
bertagaz committed
1333

intrigeri's avatar
intrigeri committed
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
  * Security fixes
    - Upgrade CUPS to 2.2.1-8+deb9u2 (DSA-4243).
    - Upgrade Exiv2 to 0.25-3.1+deb9u1 (DSA-4238).
    - Upgrade FUSE to 2.9.7-1+deb9u1 (DSA-4257).
    - Upgrade GDM to 3.22.3-3+deb9u2 (DSA-4270).
    - Upgrade libsoup to 2.56.0-2+deb9u2 (DSA-4241).
    - Upgrade Imagemagick to 8:6.9.7.4+dfsg-11+deb9u5 (DSA-4245).
    - Upgrade ffmpeg to 7:3.2.12-1~deb9u1 (DSA-4258, DSA-4249).
    - Upgrade libmspack to 0.5-1+deb9u2 (DSA-4260).
    - Upgrade Samba to 2:4.5.12+dfsg-2+deb9u3 (DSA-4271).
    - Upgrade the Apache XML Security for C++ library to 1.7.3-4+deb9u1
      (DSA-4265).

  * Bugfixes
    - Don't display the Enigmail configuration wizard in every Tails session
      (Closes: #15693, #15746). Fix against Tails 3.8.
    - Make the torstatus GNOME Shell extension actually translatable
      (Closes: #15715). Fix against the first Tails release that included
      this extension.
    - Drop Icedove → Thunderbird migration code which started causing trouble.
    - Tails Installer:
      · Link to upgrade documentation when upgrading (Closes: #7904).
      · Show the reinstall option only when the device is big enough to make
        a full reinstallation (Closes: #14810).
      · Make the main window fit in a 600px-high screen (Closes: #14849).
      · Show the correct device size in the reinstall confirmation dialog
        (Closes: #15590).
    - Tails Greeter: don't display file:/// URLs to users (Closes: #15582).

  * Minor improvements and updates
    - Install Mesa and libdrm* from stretch-backports and upgrade the Nouveau
      X.Org video driver to 1.0.15. This improves support for some graphics
      cards such as NVIDIA Pascal series (Closes: #14910)
    - htpdate: improve diagnostics output when the date header can't be fetched.
    - Onion Grater: support named AppArmor profiles.
    - Update Onion Grater's config for new Tor Browser AppArmor profile name.
    - Enable e10s in the Unsafe Browser.
    - Delete all search plugins for the Unsafe Browser (Closes: #15708).
    - Display a deprecation warning when starting Liferea (#11082).
    - Upgrade VirtualBox guest modules to 5.2.16-dfsg-3~bpo9+2.
    - Use Tor Browser for browsing the documentation even when offline
      (Closes: #15720).
    - Provide feedback while Tor Browser, "Tails documentation"
      or "Report an error" are starting (Closes: #15101).
    - WhisperBack: remove the right pane (Closes: #7180).
    - tails-debugging-info: return machine-readable, structured data.
      Adjust WhisperBack accordingly (Closes: #8514). This paves the way
      towards more usable bug reports (#8722).
    - Port lots of our Perl code to more lightweight libraries.
1383
1384
      This decreases the amount of memory used by the persistence
      configuration interface.
intrigeri's avatar
intrigeri committed
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
    - Do not hide applications that require an admin password (Closes: #11013).
    - Try unlocking every persistent volume when multiple ones are
      available (Closes: #15653).
    - Upgrade Electrum to 3.1.3-1~bpo9+1.
    - Upgrade most firmware to 20180518-1.
    - Upgrade Intel microcode to 3.20180703.2~bpo9+1.
    - Upgrade AMD microcode to 3.20180524.1.

  * Build system
    - Drop AppArmor feature set pinning: this is now done in Debian Stretch
      (Closes: #15341).
    - Remove the now unused deb.torproject.org sid APT source (Closes: #15638).
    - Install OnionShare from our custom APT repo instead of from sid.
      We've mistakenly tracked sid for a while and it has become a problem,
      so stick to the version that works for us until Tails 4.0.
    - Fix building the ISO on zfs by dropping the cache=none setting for
      vmproxy's storage (Closes: #14404).
    - Update the Vagrant basebox for any change under vagrant/.
      Previously, some relevant changes were not effective until something under
      vagrant/definitions/tails-builder/ was changed.
    - Make intltool ignore .py files: `intltool-update --maintain` seems to be
      buggy with .py files.
    - Refresh our CUPS AppArmor profile patch to apply on 2.2.1-8+deb9u2.
    - Make it more obvious that the .orig file check is fatal (Closes: #15727).
    - Delete baseboxes once they're 6 months old instead of 4.
      This is more in line with the delay between our major releases these days.
    - Rename /usr/share/amnesia to /usr/share/tails. It was about time.
    - Abort the build if /etc/{passwd,group} has changed (Closes: #15419).
      Such changes can break Tails after an automatic upgrade was applied
      so let's detect it ASAP. Consequently, ensure a few GIDs — that wanted
      to play musical chairs — are the same as in Tails 3.8 (Closes: #15695).
1416
1417
    - Don't fail the build if the APT lists don't include any package
      whose name matches ^geoclue.
intrigeri's avatar
intrigeri committed
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447

  * Test suite
    - Adjust to the new tails-persistence-setup API.
    - Update the Tor Browser's AppArmor profile name.
    - Re-enable the "I can print the current page []" test.
    - Update tests wrt. the fact tails-upgrade-frontend-wrapper was ported
      to Python (Closes: #15379).
    - Make a test more robust by waiting for the page to have loaded.
    - Adjust to the fact the WhisperBack debugging info is now configured
      in a machine-readable file.
    - Remove test for tails-debugging-info, that has been a no-op for a while.
    - Adjust for Tor Browser 8.
    - Make the "I open the address" step more robust and accordingly
      stop marking the tests that use it in the Unsafe Browser
      as fragile (refs: #14771).
    - De-duplicate a number of images of standard GTK+ 3 widgets.
    - Make the audio and WebM tests more robust.
    - Make the "I start the Tor Browser in offline mode" step more robust.
    - Make the "AppArmor has (not )? denied" step more robust.
    - Don't try and use XVFB_PID if it's not set (Closes: #15730).
    - Adjust Pidgin test to use a certificate that's still in Debian
      (Closes: #15762).
    - Use a hopefully more reliable public GnuPG key and make tests
      more robust against new subkeys being added (Closes: #15771).
    - Stop hard-coding the list of RTL Tor Browser locales.
    - Fix the "Unsafe Browser can be used in all languages supported in Tails"
      test for locales that have a translated homepage (Closes: #11711).
    - Take into account that apt(8) won't return when run in the remote shell
      with the ASP hooks enabled.

intrigeri's avatar
intrigeri committed
1448
 -- Tails developers <tails@boum.org>  Thu, 16 Aug 2018 18:37:47 +0000
intrigeri's avatar
intrigeri committed
1449

intrigeri's avatar
intrigeri committed
1450
tails (3.8) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
1451

intrigeri's avatar
intrigeri committed
1452
  * Security fixes
intrigeri's avatar
intrigeri committed
1453
    - Upgrade Tor Browser to 7.5.6 (MFSA 2018-17; Closes: #15683).
intrigeri's avatar
intrigeri committed
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
    - Upgrade Enigmail to 2.0.7 (partly fixes #15602 aka. EFAIL).
    - Upgrade libgcrypt to 1.7.6-2+deb9u3 (DSA-4231-1).
    - Upgrade perl to 5.24.1-3+deb9u4 (DSA-4226-1).

  * Bugfixes
    - Thunderbird: fix importing public OpenPGP keys from email attachments
      (Closes: #15610).
    - Make the Unsafe Browser home page translatable again (Closes: #15461).

  * Minor improvements
    - Don't display the "Know your rights" message on Thunderbird first run.
    - Move Thunderbird's default userChrome.css to /etc/thunderbird, just like
      we do for Tor Browser, for easier upgrade handling.
intrigeri's avatar
intrigeri committed
1467

intrigeri's avatar
intrigeri committed
1468
 -- Tails developers <tails@boum.org>  Mon, 25 Jun 2018 09:59:22 +0000
intrigeri's avatar
intrigeri committed
1469

intrigeri's avatar
intrigeri committed
1470
tails (3.7.1) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
1471

intrigeri's avatar
intrigeri committed
1472
  * Security fixes
intrigeri's avatar
intrigeri committed
1473
    - Upgrade Tor Browser to 7.5.5 (MFSA 2018-14; closes: #15643).
intrigeri's avatar
intrigeri committed
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
    - Upgrade Thunderbird to 52.8.0 (DSA-4209-1; Closes: #15607).
      - Partially fixes EFAIL.
      - Fixes importing OpenPGP keys from keyservers with Enigmail.
      - Accordingly refresh our Thunderbird AppArmor profile patch.
    - Upgrade cURL to 7.52.1-5+deb9u6 (DSA-4202-1).
    - Upgrade GnuPG (modern) 2.1.18-8~deb9u2 (DSA-4222-1).
    - Upgrade GnuPG (legacy) to 1.4.21-4+deb9u1 (DSA-4223-1).
    - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4212-1).
    - Upgrade PackageKit to 1.1.5-2+deb9u1 (DSA-4207-1).
    - Upgrade procps to 2:3.3.12-3+deb9u1 (DSA-4208-1).
    - Upgrade wavpack to 5.0.0-2+deb9u2 (DSA-4197-1).
    - Upgrade wget to 1.18-5+deb9u2 (DSA-4195-1).
    - Upgrade xdg-utils to 1.1.1-1+deb9u1 (DSA-4211-1).

  * Bugfixes
    - Fix setting a screen locker password with non-ASCII characters
      (Closes: #15636).
    - WhisperBack:
      - Rename the WhisperBack launcher to "WhisperBack Error Reporting"
        so that users have a better chance to understand what it does
        (Closes: #6432)
      - Ensure debugging info in Whisperback reports don't contain email
        signature markers so that email clients forward it in full
        (Closes: #15468).
      - Wrap text written by the user to 70 chars (Closes: #11689).

  * Minor improvements
    - The "Tails documentation" desktop launcher now opens /doc instead of
      the aging /getting_started that confused people during user testing
      (Closes: #15575).

  * Test suite
    - Update to match "Tails documentation" behaviour change.
bertagaz's avatar
bertagaz committed
1507

intrigeri's avatar
intrigeri committed
1508
 -- Tails developers <tails@boum.org>  Sat, 09 Jun 2018 19:53:51 +0000
bertagaz's avatar
bertagaz committed
1509

bertagaz's avatar
bertagaz committed
1510
tails (3.7) unstable; urgency=medium
anonym's avatar
anonym committed
1511

bertagaz's avatar
bertagaz committed
1512
  * Security fixes
bertagaz's avatar
bertagaz committed
1513
    - Upgrade Tor Browser to 7.5.4 (MFSA 2018-12, Closes: #15588).
bertagaz's avatar
bertagaz committed
1514
1515
1516
1517
1518
1519
1520
1521
1522
    - Upgrade OpenSSL to 1.1.0f-3+deb9u2 (DSA-4157).
    - Upgrade Perl to 5.24.1-3+deb9u3 (DSA-4172).
    - Upgrade Libre Office to 1:5.2.7-1+deb9u4 (DSA-4178).
    - Upgrade libmad to 0.15.1b-8+deb9u1 (DSA-4192).

  * Bugfixes
    - Enable the removal of OpenPGP keyblock in Whisperback (closes: #7797).
    - Show the logo in Whisperback's About menu (closes: #13198).
    - Use the same font in all the Whisperback report (Closes: #11272).
1523
    - Update tails-bugs@tails.boum OpenPGP key (Closes: #15534).
bertagaz's avatar
bertagaz committed
1524
1525
1526
1527

  * Minor improvements
    - Stop installing python-qt4 and python-trezor (Closes: #15391).
    - Make WhisperBack easier to find in the GNOME Overview (Closes: #13299).
anonym's avatar
anonym committed
1528

bertagaz's avatar
bertagaz committed
1529
 -- Tails developers <tails@boum.org>  Tue, 08 May 2018 01:47:22 +0200
anonym's avatar
anonym committed
1530

anonym's avatar
anonym committed
1531
tails (3.6.2) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
1532

anonym's avatar
anonym committed
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562