Commit 15a5ffe5 authored by anonym's avatar anonym
Browse files

Update changelog for 3.4.

parent c838e02b
tails (3.3.1) UNRELEASED; urgency=medium
tails (3.4) UNRELEASED; urgency=medium
* Dummy entry for next release.
* Security fixes
- Install Linux 4.14.0-2 from sid (Closes: #14976). This enables
the kernel-side mitigations for Meltdown and Spectre.
- Upgrade curl to 7.52.1-5+deb9u3.
- Upgrade enigmail to 2:1.9.9-1~deb9u1.
- Upgrade gimp to 2.8.18-1+deb9u1.
- Upgrade imagemagick to 8:6.9.7.4+dfsg-11+deb9u4.
- Upgrade libav (ffmpeg) to 7:3.2.9-1~deb9u1.
- Upgrade libxcursor to 1:1.1.14-1+deb9u1.
- Upgrade libxml-libxml-perl to 2.0128+dfsg-1+deb9u1.
- Upgrade poppler to 0.48.0-2+deb9u1.
- Upgrade rsync to 3.1.2-1 3.1.2-1+deb9u1.
- Upgrade samba to 2:4.5.12+dfsg-2+deb9u1.
- Upgrade sensible-utils to 0.0.9+deb9u1.
- Upgrade tor to 0.3.1.9-1~d90.stretch+1.
* Minor improvements
- Display TopIcons systray on the left of the system menu. This
fixes #14796 (on Buster, it is displayed in the middle of the
screen, on the left of the clock) and an annoying UX problem we
have on Stretch: OpenPGP applet is in the middle of icons that
share the exact same (modern, GNOME Shell-like) behaviour, which
is disturbing when opening one of the modern menus and moving
the mouse left/right to the others, because in the middle one
icon won't react as expected, and the nice blue bottom border
continuity is broken.
- Use the "intel" X.Org driver for integrated graphics in Intel
i5-7300HQ (Closes: #14990).
- Enable HashKnownHosts in the OpenSSH client (Closes: #14995).
Debian enables HashKnownHosts by default via /etc/ssh/ssh_config
for good reasons, let's not revert to the upstream default.
- Pin the AppArmor feature set to the Stretch's kernel one. Linux
4.14 brings new AppArmor mediation features and the policy
shipped in Stretch may not be ready for it. So let's disable
these new features to avoid breaking stuff: it's too hard to
check if all the policy for apps we ship (and that users install
themselves) has the right rules to cope with these new mediation
features.
* Bugfixes
- Don't delete downloaded debs after install (Closes: #10958).
- Install xul-ext-ublock-origin from sid to make the dashboard
work again(Closes: #14993). Thanks to cacahuatl
<cacahuatl@autistici.org> for the patch!
- Additional software feature: use debconf priority critical to
prevent failure when installing packages otherwise requiring
manual configuration (Closes: #6038)
- Don't include anything under /lib/live/mount/medium/ in the
readahead list (Closes: #14964). This fixes the boot time
regression introduced in Tails 3.3.
* Build system
- Display a more helpful error message when the 'origin' remote
does not point to the official Tails Git repository. This task
calls git_base_branch_head() which relies on the fact 'origin'
points to our official repo.
- Vagrant: never build the wiki early. This has caused several
issues throughout the years, the lastest instance being the
reopening of #14933. (Closes: #14933)
- Install libelf-dev during the time we need it for building DKMS modules.
- Make the DKMS build hook verbose, and display DKMS modules build
logs on failure. This hook is a recurring cause of headaches,
let's simplify debugging.
- Remove obsolete duplicate build of the virtualbox-guest DKMS
module.
-- Tails developers <tails@boum.org> Wed, 15 Nov 2017 13:22:29 +0100
* Test suite
- Log the list of systemd jobs when systemctl is-system-running
fails (Closes: #14772). Listing the units is not enough: in most
cases I've seen, is-system-running returns "starting" which
means the job queue is not empty, and to debug that we need the
list of jobs.
- Only support SikuliX; drop support for Sikuli.
- Disable SPICE clipboard sharing in the guest. It could only mess
things up, and in fact has confused me by suddenly setting my
*host's* clipboard to "ATTACK AT DAWN"... :)
- Decode Base64.decode64 return value appropriately; it returns
strings encoded in ASCII-8bit.
- Don't flood the debug logger with the journal contents.
- Handle case where $vm is undefined during an extremely early
scenario failure.
- Allow more time for 'systemctl is-system-running' to
succeed. (Refs: #14772)
- Make Sikuli attempt to find replacements on FindFailed by
employing fuzz, or "lowering the similarity factor". The
replacements (if found) are saved among the artifacts, and
serves as potential drop-in-replacements for outdated
images. The main use case for this is when the font
configuration in Tails changes, which normally invalidates a
large part of our images given that our default high similarity
factor. We also add the `--fuzzy-image-matching` where the
replacements are used in case of FindFailed, so the tests can
proceed beyond the first FindFailed. The idea is that a full
test suite run will produce replacements for potentially *all*
outdated images.
- Fix our findAny() vs findfailed_hook. For findAny() it might be
expected that some images won't be found, so we shouldn't use
our findfailed_hook, which is about dealing with the situation
where images need to be updated.
- Make sure Pidgin's D-Bus policy changes are applied (Closes:
#15007). Without the HUP there's a race that we sometimes lose.
- Nump the Unsafe Browser's start page image (Closes: #15006).
- Hot-plug a 'pcnet' network device instead of 'virtio' on Sid,
since the latter is not detected on Sid (Closes: #14819).
-- Tails developers <tails@boum.org> Mon, 08 Jan 2018 14:14:05 +0100
tails (3.3) unstable; urgency=medium
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment