changelog 253 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
tails (2.0~beta1) unstable; urgency=medium
2

intrigeri's avatar
intrigeri committed
3
  XXX: see changelog of custom packages
4

intrigeri's avatar
intrigeri committed
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
  * Major new features and changes
    - Upgrade to Debian 8 (Jessie).
    - Migrate to GNOME Shell in Classic mode.
    - Use systemd as PID 1.
    - Remove the Windows camouflage feature: our call for help to port
      it to GNOME Shell (issues in January, 2015) was unsuccessful.

  * Security fixes


  * Bugfixes


  * Minor improvements
    - Convert all our custom initscripts to native systemd units.
    - Use socket activation for CUPS, to save some boot time.
    - Port XXX [check custom packages] to GTK3 / UDisks2 / Python 3 / whatever.
    - Adjust import-translations' post-import step for Tails Installer, to match how its i18n system works nowadays.
    - Set memlockd.service's OOMScoreAdjust to -17.
    - Don't bother creating /var/lib/live in tails-detect-virtualization.
      If it does not exist at this point, we have bigger and more
      noticeable problems.
    - Simplify the virtualization detection & reporting system, and do it
      as a non-root user with systemd-detect-virt rather than virt-what.
    - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
      WhisperBack's logs handling accordingly.
    - Drop tails-save-im-environment.
      It's not been used since we stopped automatically starting the web browser.
    - Add a hook that aborts the build if any *.orig file is found. Such files
      appear mainly when a patch of ours is fuzzy. In most cases they are no big
      deal, but in some cases they end up being taken into account
      and break things.
    - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
    - Install gnome-tweak-tool.
    - Don't bother testing if we're using dependency based boot.
    - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
      This has been fixed in Jessie proper.
    - Don't install ipheth-utils anymore. It seems to be obsolete
      in current desktop environments.
    - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
    - Drop all custom fontconfig configuration, and configure fonts rendering
      via dconf.
    - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
      that was applied upstream.

  * Test suite
    - Adapt to the new desktop environment and applications' look.
    - Adapt new changed nmcli syntax and output.
    - New NetworkManager connection files must be manually loaded in Jessie.
    - Adapt to new pkexec behavior.
    - Use sysctl instead of echo:ing into /proc/sys.
    - Use oom_score_adj instead of the older oom_adj.
    - Adapt everything depending on logs to the use of the Journal.

  * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
    - Free the fixed UIDs/GIDs we need before creating the corresponding users.
    - Disable /etc/network/if-pre-up.d/macchanger (Closes: #8265).
      On Jessie, macchanger ships /etc/network/if-pre-up.d/macchanger, that
      probably conflicts with the way we're spoofing MAC addresses.
    - Replace the real gnome-backgrounds with a fake, equivs generated one
      (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
      which is too fat to ship considering we're not using it.
    - AppArmor: adjust CUPS profile to support our Live system environment
      (Closes: #8261):
      · Mangle lib/live/mount/overlay/... as usual for aufs.
      · Pass the the attach_disconnected flag, that's needed for compatibility
        with PrivateTmp.
    - Make sure we don't ship geoclue* (Closes: #7949).
    - Drop deprecated GDM configuration file.
    - Don't add the Live user to the deprecated 'fuse' group.
    - Drop hidepid mount option for /proc (Closes: #8256). In its current,
      simplistic form it cannot be supported by systemd.
    - Don't manually load acpi-cpufreq at boot time. It fails to load
      whenever no device it supports is present, which makes the
      systemd-modules-load.service fail. These days, the kernel
      should just automatically load such modules when they are needed.
    - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
    - Disable the GDM unit file's Restart=always, that breaks our "emergency
      shutdown on boot medium removal" feature.
    - The kexec-load initscript normally silently exits unless systemd is
      currently running a reboot job. This is not the case when the emergency
      shutdown has been triggered, so we removed this check.
    - Display a slightly darker version of the desktop wallpaper on the screen
      saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
    - Disable software autorun from external media.
    - Disable a few unneeded D-Bus services. Some of these services are
      automatically started (via D-Bus activation) when GNOME Shell tries
      to use them. The only "use" I've seen for them, except eating
      precious RAM, is to display "No appointment today" in the calendar pop-up.
      (Closes: #9037)
    - Prevent NetworkManager services from starting at boot time
      (Closes: #8313). We start them ourselves after changing the MAC address.
    - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
    - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
      places where we configure keyboard layout and input methods: both are now
      configured in the same place in Jessie's GNOME.
    - Migrate panel launchers to the favorite apps list (Closes: #7992).
    - Drop pre-GNOME Shell menu tweaks.
    - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
    - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
      and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
      functionality from the GNOME user menu, and makes Restart and Shutdown
      immediate, without further user interaction. Accordingly remove our custom
      Shutdown Helper panel applet (#8302).
    - Drop GNOME Panel configuration, now deprecated.
    - Disable GNOME Shell's screen lock feature.
      We're not there yet (see #5684).
    - Disable GNOME Shell screen locker's user switch feature.
    - Explicitly install libany-moose-perl (Closes: #8051).
      It's needed by our OpenPGP applet. On Wheezy, this package was pulled
      by some other dependency. This is not the case anymore on Jessie.
    - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
      over this functionality (Closes: #7481).
    - Don't install ntfsprogs: superseded on Jessie.
    - Don't install barry-util: not part of Jessie.
    - Link udev-watchdog dynamically, and lock it plus its dependencies
      in memory.
    - Migrate from gdm-simple-greeter to a custom gdm-tails session
      (Closes: #7599).
    - Install Plymouth via chroot_local-hooks.
      In lb 2.x, the "standard" packages list pulls console-common in,
      which plymouth conflicts with, so we have to deal with that at this stage.
    - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
      (Closes: #7898).
    - Explicitly install syslinux-efi, that we need and is not automatically
      pulled by anything else anymore.
    - Workaround #7248 for GDM: use a solid blue background picture,
      instead of a solid color fill, in the Greeter session.

  * Drop Wheezy-era hacks to make the PulseAudio initscript silent.
    It has never been used in Tails, and has finally been removed on Jessie:
    per-user sessions for everyone.
  * Install gir1.2-gmenu-3.0, needed by the apps-menu GNOME Shell extension (Closes: #8096).
    This works around Debian#765460.
  * Forcibly install xserver-xorg-input-evdev from Jessie, to override our Wheezy-specific package.
  * Open() autotest serial port only if not already open.
    It seems like pySerial nowadays automatically opens the serial port
    upon object initialization. If we try to open it any way, we get an
    "already open" exception.
  * In Jessie, notify-send needs the DBUS_SESSION_BUS_ADDRESS used by the GNOME session.
  * Enable VirtualBox guest additions by default (Closes: #5730)
  * Fix permissions issue at tails-persistence-setup startup (Closes: #8097).
    We got: "Can't locate Moose/Meta/Attribute/Custom/Trait/Counter.pm: Permission
    denied at /usr/share/perl5/Module/Runtime.pm line 317", because "." is in @INC,
    and apparently sudo keeps $PWD unchanged on Jessie.
  * Make removable devices user writable.
    This fixes #8273, but I'm not sure whether it's a proper solution or
    just a workaround.
  * Install gstreamer1.0-libav.
    So e.g. Totem can play h264 encoded videos (like in the automated test
    for Totem).
  * Use wait_*_gnome_window() helpers everywhere applicable for added reliability.
  * Reliably wait for Synaptic's search button to fade in.
    Apparently an earlier simplification of this step removed some
    confusing code that actually made this wait reliable. However, by
    requiring and exact match we achieve the same in a clearer manner.
  * Don't hide the emergency shutdown's stdout.
  * Don't try to switch to tty1 on emergency shutdown.
    It is blocking emergency shutdown from a GNOME session (but not from GDM, for
    some reason)... but manually switching with CTRL-ALT-F1 suddenly unblocks it.
    My *guess* is that logind is trying to do some magics on VT switch, that fails
    since we haven't locked the needed files into memory, and then it blocks chvt
    from returning.
    At least for the time being, let's simplify this part and just stay on the VT
    we're on. We can attempt to make it nicer later on.
  * Don't patch the plymouth initscript anymore.
    It's useless, since the plymouth package now ships native systemd unit files.
    The right way to disable the plymouth splash screen on shutdown would nowadays
    be to remove the plymouth-poweroff.service symlink from
    /lib/systemd/system/poweroff.target.wants/, and same for the reboot, halt, etc.
    targets. However, I can't see it making a difference in my VM (where the screen
    is garbled on regular shutdown anyway), so I'm not touching these bits yet.
    And who knows, on other hardware, the shutdown splash screen might now be
    working, and we could possibly use it to tell the user what's happening in
    a nicer way.
  * Install topIcons GNOME Shell extensions, v25.
    https://extensions.gnome.org/extension/495/topicons/
    Installed from http://94.247.144.115/~git/topicons.git
    This will allow us to workaround the fact that a few of the applets we use
    hijack the notification area, and are therefore basically unusable in
    GNOME Shell.
  * Revert "Add test suite workaround for #8010."
    This reverts commit 5c74a0106308d2968da8093a61852e3604d1937e.
  * Update encryption.feature for Jessie.
    Beyond updating images for GNOME Shell we also remove some bad uses of
    wait_*_gnome_window(), since they were previously added in situation
    where traditional (2.x) GNOME windows were used, not Header Bars.
  * Test for rebooting state using systemctl, instead of the obsolete $RUNLEVEL (Closes: #8306)
  * Really disable Debian's kexec initscript.
  * Make the tails-kexec service "start" on boot.
    Otherwise, systemd won't want to stop it. Makes sense, actually.
    This start operation is a no-op.
  * Loosen a bit the AppArmor service's dependencies.
    It currently blocks the boot for 10 seconds, since it's run early, but after
    $remote_fs.
    Let's start it with the default dependencies, that is as part of what's the
    equivalent of runlevel 2 in systemd context. This way, it can be started in
    parallel with other services.
    Note that this works because we don't confine with AppArmor services that are
    run before login, except cupd.service, for which this commit adds a dependency
    on apparmor.service.
  * Set group ownership to floppy only when devices are added.
  * Only make floppy own devices that we support installing Tails to.
    Tails Installer requires raw block device access to such devices,
    which is why we have this workaround in the first place.
  * Fix a race between reboot/halt and the remote shell.
    When e.g. `halt` is called with `execute` we wait for the remote shell
    to respond, which it won't if the remote shell is killed fast
    enough. This seems to be the case sometimes in Jessie (thanks to the
    use of systemd) so let's use `spawn` instead.
  * On MAC spoofing failure, disable NM services in addition to stopping then.
    ... and actually stop all of them.
  * Fix the time sync notification, in the same way as tails-notify-user was fixed already.
  * Switch to the first console as a first step when stopping the GDM service.
    In my libvirt/KVM/Spice environment, this makes the shutdown and reboot process
    display the messages we want.
  * Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
  * Remove chroot hook that deals with the GDM background: the file we're removing doesn't exist anymore.
  * Don't install gnome-panel nor gnome-menus.
    They're not needed in GNOME Shell anymore. We still get them by way of the
    dependency from the GNOME Flashback stack (used in the Greeter), and they
    will go away whenever the Greeter runs in GNOME Shell.
  * Drop manual dependency on gir1.2-gmenu-3.0.
    Debian#765460 has been fixed.
  * Also blacklist the (dkms compiled) wl module for MAC spoofing purposes.
  * Revert "Don't try to install WhisperBack: it's not installable on Jessie (see #7755)."
    This reverts commit bfc373a1d989cf3d33879502ec586a0d96623b15.
  * Revert "Drop patch against the WhisperBack .desktop file, that we can't ship currently."
    This reverts commit 29e6e436829587b6fd5057317e2d9d4ea0a75032.
  * Update whisperback configuration for python3.
    This will-fix #8723.
  * Always show the Universal Access menu icon in the GNOME panel.
  * Stop using /usr/bin/gnome-session-fallback as the default X session manager.
    We're now using GNOME Classic.
  * Update automated test suite image for Jessie.
  * Clone the host CPU for the test suite guests (Will-fix: #8778).
  * Drop patch against /etc/default/macchanger: the default settings are now what we need.
  * Fix typo.
  * Set ibus engines list ordering consistent, and the same we've on Wheezy now.

  * Always fetch tails-greeter from the feature-jessie APT suite.
    Otherwise, each time a new Greeter is imported into the devel APT suite,
    our Tails/Jessie ISOs can't boot successfully.
  * Adjust liferea.desktop patch for Jessie.
  * Forcibly install Tor from o=TorProject,n=jessie.
    We don't want our custom, seccomp-enabled Wheezy specific package in
    Tails/Jessie ISO images: the Jessie packages have seccomp enabled already.
  * Ensure the major KMS modules are included in the initramfs.
    The goal is to have a more seamless transition from initial kernel modesetting
    to X.Org when booting, and same on the way back on shutdown. It also will be
    needed to get a nicer, Tails-specific boot splash. Moreover, as seen in the
    bugfix/sdmem_on_intel_gpu branch (of the old Git repo), this can help for proper
    graphics hardware reinitialization post-kexec.
    We include:
     * bochs, cirrus and qxl because they can be useful in virtual machines;
     * i915, nouveau and radeon are they are the best maintained ones these days,
       and cover the vast majority of hardware that is able to run Tails/Jessie
       properly.
  * Revert "Switch to the first console as a first step when stopping the GDM service."
    This reverts commit e297e6388f300d15efa8330069eb61118a7fbd50.
    That was a nice addition, but it currently fully breaks the shutdown process,
    and hence our "erase memory on shutdown" feature (except for the emergency
    shutdown that is not affected): in non-quiet and nosplash mode, I've seen
    a message similar to "a stop job for gdm.service is running", and this stop job
    can't be anything else than the `/bin/chvt 1' we've added.
    So let's drop this call, and see what happens.
  * Fix memory erasure on shutdown: migrate tails-kexec from an initscript to a shutdown script.
    See `/lib/systemd/system-shutdown/` facility, documented in
    `systemd-kexec.service(8)`. This way, we're certain that this script will be run
    at exactly the right time, without bothering about services ordering anymore.
  * Get rid of useless function and re-indent.
  * Make our shutdown-helper Shell extension call `poweroff' instead of `halt'.
    The latter is _not_ supported to actually turn off the system.
    It was a SysV init bug that it did, which is fixed under systemd.
  * Mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services.
    This prevents it from occupying the active TTY with an (empty) splash screen
    on shutdown/reboot, which hides the messages we want to show to the user
    in /lib/systemd/system-shutdown/tails-kexec.
    I've tried to actually use plymouth to display these messages, but I failed.
    Anyway, now the messages are the only one displayed, and the scary long list of
    "shutting down $service" messages is hidden, which is a pretty good UX
    improvement already.
    Closes: #9032
  * Mask plymouth-{halt,kexec,poweroff,reboot,shutdown} services.
    We can't simply mask them via symlinks to /dev/null in chroot_local-includes/,
    as we did previously in commit:21d6144917e8086f2229cc5bf1c3f22bbe86b050: we
    install plymouth via a chroot hook, and it reinstalls its unit files even if
    they were previously masked.
    So, we have to mask them later on via another chroot hook.
  * Start adjusting waiting for notification facilities for Jessie.
    It makes no sense to wait for gnome-panel on Jessie: we're not running
    it anymore. Also, GNOME Shell is now providing the notification daemon
    facility, so we don't need to wait for notification-daemon.
    Will-fix: #8685 (Well, not really: as said there, this might not be robust
    enough: best would be to check if the DBus service is ready instead.)
  * Configure the console codeset to support more languages.
    Tails Greeter has been doing that forever in its PostLogin.default. Given the
    configuration we set there has always been the same, and cannot be configured
    via the Greeter, better do that at ISO build time.
  * Stop setting LANG=C in ~/.xsessionrc.
    This is not needed anymore with Tails Greeter 0.8.8+jessie2.
    This reverts commit 371a7ef73af364ca37c3ff1c433f6ae9a6ace057.
  * Make tails-restricted-network-detector use systemd's journal instead of syslog.
    This was the last blocker for #8320. It also opens the possibility to run this
    script as a non-root user.
  * Wait for ibus-daemon instead of nm-applet, to judge whether we can send notifications.
    We should not be running nm-applet on GNOME Shell, since this functionality is
    nowadays taken over by GNOME Shell itself. And notifications are also handled by
    GNOME Shell, so let's instead wait for a process that's started by GNOME Shell,
    assuming that if it's ready enough to start long-lived child processes,
    hopefully it's ready to receive and enqueue/display notifications.
    Will-fix: #8685

  * Firewall: white-list access to the accessibility daemon.
    Closes: #8075

  * Make Desktop::Notify support "hints" and notification actions.
    Will-fix: #7989 (just a first step)
  * Adapt tails-virt-notify-user to use a notification action instead of a hyperlink.
    Will-fix: #7989 (yet another step)
  * Make the "virtual machine detected" warning transient.
    This one doesn't feel worth eating 20MB of RAM forever in case the user
    doesn't dismiss it. See previous commit for the gory details.
  * Adapt tails-security-check to use a notification action instead of a hyperlink.
    Will-fix: #7989 (yet another step)
  * Use apt(8) instead of apt-get(8) in the automated test suite.
    That's what we should recommend users on Jessie, so let's test that.
  * Point to the relevant page of our design doc in each systemd services' Documentation= field.
  * Always fetch tails-{perl5lib,persistence-setup} from the feature-jessie APT suite.
    Otherwise, each time these packages are updated in the devel APT suite,
    our Tails/Jessie ISOs have broken functionality.
  * Don't install udisks anymore: all our custom software has been (tentatively) ported to UDisks 2.
  * Get rid of the tails-restricted-network-detector's wrapper.
  * Turn the htpdate SysV initscript into a native systemd service.
  * Port the automated test suite to UDisks v2.
  * Automated test suite: don't hide the cursor after openinng the GNOME apps menu.
    On Jessie, apparently it triggers super-weird effects, like Pidgin
    is automatically started.
  * Update images for the automated test suite.
  * Add ldlinux.c32 to the list of bootloader files that are expected to be modified when we run syslinux.
    Will-fix: #9053
  * De-install gcc-4.9 at the end of the ISO build process.
  * Adjust test suite: the sticky bit is not set of the device file on Jessie anymore.
    This basically reverts commit:fc5e73b, that was introduced when we migrated
    from Squeeze to Wheezy.
  * Start the main NetworkManager service in a blocking way.
    We stopped blocking in commit:c5304a8 to reduce login latency.
    But now, sometimes the NM icon isn't displayed in the GNOME Shell bar,
    presumably because GNOME Shell starts before NM is ready.
    So let's try to find a middle-ground.
  * De-install gcc-4.8-base at the end of the ISO build process.
    It's not needed in Jessie anymore: gcc-4.9-base is now the one we cannot
    remove.
  * Port one last (?) bit of the automated test suite to UDisks v2.
  * Adapt Tails-specific udev rules to UDisks 2 (Closes: #9054).
  * Fix typo.
  * Adjust one more call to check_part_integrity.
  * Rename arguments for better clarity, and to leave room for adding more.
  * Automatic test suite: check that the system partition is an ESP.
  * Update a couple more test suite images for Jessie.
  * Make sure we install a Tails Installer that's compatible with Jessie.
  * Install our custom syslinux package.
    Will-fix: #9044
  * Install our custom isolinux package as well.
    Will-fix: #9044
  * Install libnet-dbus-perl (1.1.0-1) from experimental.
    It supersedes our previous, custom 1.0.0-2+tails1 package, and contains
    essentially the same code.

  * Revert "Wrap syndaemon to always use -t (Will-fix: #9011)."
    This reverts commit 430709a8efad146d30980a2e3377a4e00be3e995.
    This was a Wheezy-specific workaround.

  * Convert a few X session startup programs to `systemd --user' units.
    This is merely preparatory work that lays down some foundations.
    For now, we're using two targets:
     * basic.target sets up things that should be done as early as possible, don't
       need access to X, notifications, nor D-Bus ; it is automatically started by
       `systemd --user' when the logind session is created. Note that this happens
       after persistence has been set up, when the GDM autologin is triggered, and
       before /etc/gdm3/Xsession is run:
       - tails-add-GNOME-bookmarks.service
       - tails-create-tor-browser-directories.service
     * desktop.target: we're starting it via xdg/autostart during the GNOME session
       startup. There are a few units wanted by this target so far:
       - tails-configure-keyboard.service
       - tails-virt-notify-user: ideally, this should have something like
         After=notifications-ready.target (and then, most other things that
         wait for GNOME Shell to be ready to handle notifications could do the
         same instead of grep'ing the process list).
       - tails-warn-about-disabled-persistence.service
       - tails-upgrade-frontend.service: the idea is to later use systemd units
         ordering to make it run at a time that increases chances for the system
         having enough free memory; e.g. as soon as possible once the session is
         ready, Tor has bootstrapped, and some other memory-hungry programs we run
         at session startup time have completed.
       - tails-security-check.service: similarly, the idea is that we could get
         rid of the wrapper — that merely waits for Tor to have finished
         bootstrapping — given another systemd unit.
    Most of these units exit early unless they're run by the `amnesia' user.
    Otherwise they break e.g. Tails Greeter startup, and probably worse.
    Also note that the units that may take ages to complete have Type=simple.
    With Type=oneshot, systemd would wait for them to complete before running any
    follow-up units, and before considering the target they're part of has been
    reached. Two of our units can take minutes to complete, so the desktop.target
    startup would fail. Now, using Type=simple has one drawback: it makes it harder
    to order other units relatively to tails-security-check-wrapper's and
    tails-upgrade-frontend-wrapper's completion. This doesn't feel too bothering,
    though: it's more likely that we want to configure these units to start after
    others, than the opposite.
    Also, when the GNOME session is initialized, we import the relevant D-Bus, X11
    and locales variables into systemd --user's environment, so that our units can
    use them. We do that immediately before starting desktop.target.
  * Don't start tails-restricted-network-detector.service unless MAC spoofing is enabled.
    Previously, this check was done in PostLogin.default. Let's import it here
    so that the unit file becomes the canonical place that describes this service,
    including whether it should start or not.
  * Migrate tails-unblock-network to a systemd service, that handles starting NetworkManager.
    In the current state of things, this change merely speeds up login a bit since
    this allows us to start this service in a non-blocking way in Tails Greeter,
    without losing the ability to retrieve its status and output later.
    That's the first step towards Will-fix: #8327.
    Also, we move the "start NetworkManager as soon as the network is unblocked"
    logic to tails-unblock-network.service.
    Previously, /usr/local/sbin/tails-unblock-network (started by
    tails-unblock-network.service) would manually start NetworkManager services.
    This feels ugly, since it encodes systemd unit ordering in /usr/local/sbin/,
    while it really belongs to the unit files themselves.
    So, we use:
     * Requires= to trigger the startup of the NM services;
     * Before= to ensure that said startup only happens once the network
       has been unblocked.
    Note that tails-unblock-network.service is *not* WantedBy multi-user.target.
    Otherwise, it would try to start on boot before the user has had the chance to
    opt-out from MAC spoofing. And then it would fail, since its EnvironmentFile
    (/var/lib/gdm3/tails.physical_security) does not exist yet.
  * Drop notification for not-migrated-yet persistence configuration.
    That migration happened in Tails 0.21, released on 2013-10-29.
  * Port tails-warn-about-disabled-persistence to notification actions.
    Will-fix: #7989 (yet another part thereof)
  * Add a unit file whose completion indicates that Tor has bootstrapped.
    We'll then be able to use this, with systemd units ordering, to get rid
    of some of the while/sleep loops we have elsewhere.
  * Create a tails-wait-until-tor-has-bootstrapped.service in the systemd user instance.
    The systemd user and system instances don't share units. Thus, the dependency
    we have from the security check and upgrader user services on
    tails-wait-until-tor-has-bootstrapped had no effect.
    So, we have the *system* tails-wait-until-tor-has-bootstrapped.service create
    a file upon completion -- and the identically named *user* unit file wait for
    that file to appear.
  * Have the security check and the upgrader wait for Tor having bootstrapped with systemd unit files ordering.
    Two less ugly while/sleep loops, two.
  * Get rid of tails-security-check's wrapper.
    Its only purpose was to wait for Tor to have bootstrapped, which is now done via
    systemd unit file ordering.
  * tor-browser, 60-tor-ready.sh: use systemctl to determine if Tor has bootstrapped already.
    Note that `systemctl is-active' returns false for a service that's in
    "activating" state. The thing is, tails-wait-until-tor-has-bootstrapped.service
    *is* in "activating" state until Tor has bootstrapped. So, we explicitly check
    for its state to be "inactive" (meaning it has completed, and Tor has
    bootstrapped).
  * Don't allow tails-upgrade-frontend to run tor-has-bootstrapped with sudo.
    It doesn't need it anymore, now that systemd only starts it once Tor
    has bootstrapped.
  * Don't allow the amnesia user to run tor-has-bootstrapped with sudo.
    It doesn't need it anymore, now that all of its use cases for that
    have been moved to systemd-based implementations.
  * Import a version of htpdate that works on Debian Jessie.
    Taken at commit 966c5d16847f5446d5eec14ce33e61f05e6f0bda.
  * Harden system-wide systemd unit files.
  * 60-tor-ready.sh: sleep for a shorter time between checking if Tor has bootstrapped.
    This is now done via systemctl, and doesn't require grep'ing logs everytime,
    so let's decrease the time until the user is made aware that Tor is ready.
  * Move tails-unblock-network steps to the unit file.
    This will provide better facilities for debugging, e.g. which exact step
    currently fails the first time it's run.
  * Reorder and tidy unit file a bit.
  * Make sure the blacklist has disappeared from the filesystem before triggering udev events.
    There's apparently a race condition somewhere. We've already seen cases when
    a file we've just deleted was still visible to some other process for a short
    amount of time, so let's try to be on the safe side.
  * Disable hardening of tails-unblock-network.service.
  * Mimic systemd-udev-trigger.service when triggering udev events.
    The default setting for `udevadm trigger' is --type=devices.
    That's why systemd-udev-trigger.service runs it twice, once
    with --type=subsystems, and then with --type=devices.
    Given the racy behaviour I'm seeing in tails-unblock-network.service,
    it seems worth doing exactly the same thing as systemd-udev-trigger does.
  * Reword comment a bit.
  * Don't start waiting on Tor bootstrap before having logged in.
    Otherwise, it makes the systemd user instance timeout when starting
    its default.target.
  * Have udevadm settle between triggering events for subsystems and for devices.
  * Disable udev's 75-persistent-net-generator.rules.
    This should help preventing races between MAC spoofing and interface naming.
  * Fix shell syntax.
  * Reformat.
  * Move udevadm stuff to PostLogin/Default.
    Apparently, udevadm calls are not always honored when they're started from
    tails-unblock-network.service, possibly because we started it in a non-blocking
    way.
  * Import network unblocking steps + NM startup back into /usr/local/sbin/tails-unblock-network.
    We've previously moved the udevadm mangling out of
    tails-unblock-network.service, but the NM startup handling was left in there.
    So, NM could possibly start before the MAC address has been spoofed, which we
    need to avoid.
    Another option would have been to add all of this to PostLogin, but it has so
    little to do with the Greeter's job that I felt it would be nicer to have
    PostLogin simply run a script that does all the work, so that most of it is
    self-contained in our main Git repo. For the same reason, this commit also
    imports the restricted network detector startup in the very same script.
  * Convert the remote shell to Python 3.
    This will be needed in order to use the systemd daemon readiness protocol
    (aka. sd_notify).
  * Turn the remote shell into a systemd native service.
    And while I'm it, make it use the sd_notify facility instead of a state file.
    Closes: #9057
  * Remove obsolete dconf key and the corresponding test.
    Screenshots are now handled by GNOME Shell.
  * Adjust automated tests to match where screenshots are saved nowadays.
  * Test suite: use a slightly cheaper way to test if Tor is working.
    The grep'ing and grepping etc. is now done in a systemd unit file, so we just
    have to wait for it to complete. That's what tor-has-bootstrapped now does,
    let's use it.
  * Install python-nautilus, that enables MAT's context menu item in Nautilus.
    Will-fix: #9151
  * Set feature/jessie as the base branch.
  * Configure GDM with a snippet file instead of patching greeter.dconf-defaults.

  * Test that all system services have started.
    Will-fix: #8262

  * Add the feature-7756-reintroduce-whisperback APT overlay.
    Refs: #7756
  * Install libnet-dbus-perl from testing, that has the right version now, while it has been removed from experimental.

  * Use correct GNOME application menu path for Seahorse.
    It has moved in Debian Jessie.
  * Fix various test suite images in Jessie.

  * Remove explicit Jessie APT sources: we got them automatically since we're building Jessie.
  * Add Debian testing APT sources.
    For some reason, merging devel into feature/jessie did not bring them in heree.
  * Prefer libnet-dbus-perl from jessie-backports.
    The version from testing doesn't install on Jessie anymore. I've uploaded it to
    jessie-backports. Until it passes the NEW queue, I've uploaded it to our own
    feature-jessie, but getting our APT pinning ready to use the official backport
    should be harmless anyway.

  * Bump memory needed for building Tails/Jessie.

  * Remove jessie-updates APT source: it's already included in our Jessie builds.

  * Remove unnecessary introduced by conflict resolution.
    They do not break anything, but shouldn't be there.

  * Explicitly disable systemd-networkd, to prevent any risk of DNS leaks it might cause.

  * Update encryption.feature for Jessie.
    Will-fix: #9046
  * Bump timeouts.
    Will-fix: #9046
  * Bump a few more timeouts which can be hit when the cpu is pegged
  * Add function for determining the center of a region
  * Add a context menu helper function
  * "Select all" and "copy" text using the context menu.
    Will-fix: #9046
  * Paste into a new Gedit tab with the buttons and context menu.
    Will-fix: #9046
  * Select the encryption key using fewer keystrokes.
    Will-fix: #9046

  * Install python-dbus{,-dev} from Jessie, instead of our own patched one.
    We don't need our patch anymore, see #9177.
  * Add feature-8980-gtk3-installer APT overlay.
  * Update one more test suite image for Jessie.
  * APT prefs: allow the GTK3 version of Tails Installer to be taken into account.
  * WIP: update test suite images for the GTK3 Tails Installer.
  * Test suite: simplify the "too small device" test.
    Instead of grep'ing the log, just test that no device is found if it's too
    small, but one is found if it's big enough.
  * Allow the amnesia user, when active, to open non-system devices for writing with udisks2.
    This is roughly udisks2's equivalent of having direct write access to raw block
    storage devices. Tails Installer (ported to Jessie) uses this functionality
    (with call_open_for_restore_sync) so that most operations can be done non-Tails
    systems without special privileges on the target block device.
  * Enable jessie-backports APT source.
    We're trying to fetch some packages from there, and if it's not enabled,
    well, we won't ever get them.
  * Fix syntax of libnet-dbus-perl's APT pinning.
  * Test suite: update a few images for Jessie.
  * Test suite: don't wait for window title while we're waiting for its content already.
    I've found wait_for_gnome_window to be fragile in this scenario (especially
    combined with #9692), and we don't really need it here.
  * Update polkit rules wrt. the porting of t-p-s to udisks2.
    Will-fix: #9270
  * Really allow the t-p-s user to modify system devices without requiring authentication.
    Without this, the operator of the current session (that is, the amnesia user)
    is asked to authenticate: polkit somewhat considers that this person controls
    the client, even if run as a different user, which kinda makes sense.
    Will-fix: #9270
  * Test suite: update one more image for Jessie.
  * Test suite: update one more image for Jessie.
  * Test suite: don't wait for `poweroff' to return.
    There's no guarantee that the remote shell will still be alive to give
    us the return code etc. at this point.
  * live-persist: stop overriding live-boot's functions, we now have a recent enough blkid.
  * live-persist: remove now unused dbus_udisks_get_attribute().
  * Test suite: update a bunch of images + one step definition wrt. the port of Tails Installer to GTK3.
  * Test suite: update more images for Jessie.
  * Test suite: update more images for Jessie.
  * Test suite: more updates for the Tails Installer port to GTK3.
  * Test suite: update one more image for Jessie.
  * Test suite: update one more image for Jessie.
  * Test suite: update for GTK3 file chooser.
  * Test suite: update another image for Jessie.
  * Test suite: update another image for Jessie.
  * Test suite: bump timeout, on Jessie this is slower.
    At least the torsocks warnings displayed on the terminal take a while
    to be displayed.
  * Adjust sdmem initramfs bits for Jessie.
    Directly call poweroff instead of halt -p. Also, don't pass -n to poweroff and
    reboot, it's not supported anymore.
  * Test suite: update a bunch of images for Jessie, and adjust the Gobby scenario's flow.
  * Test suite: bump video memory allocated to the system under test.
    GNOME Shell crashes on the "old pentium without the PAE extension".
    Without this change, I see out of video memory errors in the logs.
    With this change, GNOME Shell still crashes, but at least it's not
    because of a lack of video memory.
  * Test suite: when configuring the CPU to lack PAE support, use a CPU that doesn't make GNOME Shell crash.
    See #8778 for details about how Mesa's CPU features detection is buggy.
  * Test suite: adjust free(1) output parsing for Jessie.
  * Disable hwclock-save.service, to avoid sync'ing the system clock to the hardware clock on shutdown.
    Closes: #9363
  * Test suite: update images to make some of torified_browsing.feature pass.
  * Test suite: update images to make tor_bridges.feature pass.
  * Use "mask" instead of "disable" for disabling hwclock-save.service.
    It's more reliable, as it has less chances to be reverted by some upgrade.
  * Explicitly disable timesyncd: we have our own time synchronization mechanism.
    It's not enabled by default in Jessie, but it will be in Stretch, so let's be
    explicit about it.
  * tails-unblock-network: add some logging to help debugging race conditions.
  * tails-unblock-network: sleep a bit after unblocking network devices, and before triggering udev events.
    That's ugly but I wasn't able to find anything better. We'll see if it fixes
    the problem everywhere, or if it merely makes it less frequent..
    Closes: #9012
  * Test suite: update another image for Jessie.
  * Replace patch against NetworkManager.conf with drop-in files.
  * Replace resolvconf with simpler NetworkManager and dhclient configuration.
    Refs: #7708
  * Test suite: run ping as root.
    For some reason, on Jessie, running ping as a regular users results in "ping:
    icmp open socket: Operation not permitted", with exit code == 2. But as root, it
    "works" and the firewall blocks the packets. This is rather an improvement than
    a problem (stuff is blocked earlier, which is cheaper), so let's just deal with
    it in the test suite only, by running ping as root: the main purpose here is to
    test the firewall.
    This change also affects the netcat command used to open TCP and UDP
    connections, for code simplicity's sake. Here again, the goal is to test
    the firewall.

  * Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts with 'systemctl disable'.
    Closes: #9881
  * Pass --yes to apt-get when installing imagemagick.
    Otherwise, the Jessie build is asking a question interactively.
  * Refresh apparmor-adjust-pidgin-profile.diff and apparmor-adjust-totem-profile.diff: otherwise they leave .orig files around, that apparmor_parser fails to load.
  * apparmor-adjust-cupsd-profile.diff: adjust to parse fine on current Jessie.
    Closes: #9963
    More specifically:
    a) avoid "conflicting x modifiers" for /usr/bin/hpijs, by modifying the
       /usr/bin/* rule to not match it;
    b) add missing backends to the list of confined ones, and:
       asked how we can better maintain this list :
       https://lists.ubuntu.com/archives/apparmor/2015-August/008463.html
    c) to avoid "conflicting x modifiers", replaced glob that matches
       all remaining backends by a hard-coded list of third-party ones
       we ship;
    d) Added a note to the RM role duties to sanity check these two lists.
    Also, add the attach_disconnected flag to the third_party local profile in
    there, as was done in sid already, and is needed for it to work under systemd
    (this patch already did that for /usr/sbin/cupsd).
  * Replace patches that wrapped apps with torsocks with dynamic patching with a hook.
    This should avoid the need to maintain these patches and avoid them becoming
    fuzzy, especially when migrating to new versions of Debian.
  * Don't try to include .xession-errors in WhisperBack bug reports.
    This file isn't created/filled anymore on Jessie. The logs now live in
    the journal.
    Refs: #9966

  [ Alan ]
  * Update configuration file for whisperback 1.7.0
  * Implement Tor stream isolation for WhisperBack.
    Will-fix: #9412
  * Don't wrap WhisperBack with torsocks.
    It never worked under jessie and is not necessary now that WhisperBack supports
    SOCKS proxies.
    Will-fix: #9412

  * Stop installing system-config-printer.
    It's been there since the first commit, mostly because back in the
    years, it was the only decent CUPS GUI available; nowadays, GNOME's one
    is good enough; we explicitly document that one should use the latter
    anyway, and as shown by #8443, even us are sometimes confused by (or
    reporting confusing information about) the fact that we ship 2 GUIs for
    the same task.
    Besides, on Jessie system-config-printer adds "an unclear and useless
    Sundry category in Applications menu".
    Note that typing in the sudoer password is still required to manage
    printers, but that's not a Jessie regression and it's tracked by
    Closes: #8505
  * Allow the amnesia user, when active, to use all CUPS actions needed by the GNOME printing setup dialog.
    These rules override those shipped by cups-pk-helper 0.2.5-2+b1 in
    /usr/share/polkit-1/actions/org.opensuse.cupspkhelper.mechanism.policy
    Closes: #8443
  * apparmor-adjust-cupsd-profile.diff: drop explicit support of /lib/live/mount/overlay.
    This is now globally handled with aliases.
  * apparmor-adjust-cupsd-profile.diff: fix access to aufs whiteouts for /etc/cups, /var/{cache,log,spool}/cups.
    Closes: #10210
  * tails-virt-notify-user: notify the user if running in a non-free vm.
    Thanks to Austin English <austinenglish@gmail.com> for the patch.
    Sorry, my `git am' does not want to hear about this patch,
    so I'm applying it by hand.
    Closes: #5315

  * Upgrade to experimental Tor 0.2.7 packages.
    Note that this introduces a regression as-is, since we lose
    the patch for https://bugs.torproject.org/15482. That's tracked by
    Refs: #10194
  * Fix is_persistent?() helper due to findmnt changes in Jessie.
    In jessie, findmnt correctly notices that / is an aufs mounts. Hence
    let's assume that we're not using read-only persistence (which uses
    aufs) in which case aufs => no persistence.
  * Rework how we measure pattern coverage.
    The approaches we used before just seems incorrect in multiple ways:
    * vm.overcommit_memory = 2 seems to make OOM killing happen way too
      early, around when 15% or RAM is still free, no matter the value of
      vm.overcommit_ratio and the various *reserved settings.
    * Using the ratio of a ration for the {min,max}_coverage calculations
      were just weird and a sign of incremental bandaid-like fixes.
    Now we do what we intended more explicitly, that is: measure the
    pattern coverage in the free RAM at the time we start filling it. We
    also have to reserve some RAM for the kernel (so it doesn't freeze
    when approaching full RAM) and admin processes like the remote shell
    (so it doesn't get unresponsive), and we exclude this from the free
    RAM in the calculations for a much more accurate result than before.
    Note that we may end up having a bit more than 100% pattern
    coverage. While that may seem strange it may just indicate that some
    unrelated RAM was freed after we noted the amount of free RAM right
    before we started filling it.
    Will-fix: #9705
  * Use blkid instead of parted to determine the filesystem type.
    In Jessie, "parted print NUMBER" doesn't work, and then blkid seems
    like a cleaner approach (bonus: the name blkid uses for swap is
    cleaner too).
  * Simplify by removing the wait_for_gnome*() helpers.
    They don't work well and do not seem needed. Also, it's used in only
    two places, and add to that that GNOME seems to be moving away from
    having the type of title bar we're looking for.
  * Start each fillram instance with the correct oom_score_adj.
    ... by starting them in sub shell with the desired oom_score_adj. The
    way we did it before left a window where they inherit the remote
    shell's oom_score_adj, which is the absolute opposite of the range,
    meaning that everything else will be prioritized.
  * Remove the check for the sound icon in the systray.
    Will-fix: #10493

  * Also wrap Seahorse with torsocks when it is started as a D-Bus service.
    It's started this way e.g. with "Password and keys" from the Activities Overview
    and applications menu.
    Closes: #9792

  * Decide memory wiping waiting time on configured RAM.
    ... instead of detected RAM. This should only make us wait longer,
    since detected RAM <= configured RAM, so it's safe but potentially an
    increase in runtime.
    We actually do this since we often want to run these modified steps
    when the remote shell is not available any more, since Tails is
    shutting down.
  * Add missing chomp().
  * Use --kiosk mode instead of --fullscreen in virt-viewer.
    The only effect will be that the tiny border of the in-viewer menu is
    removed (which *potentially* could be in the way some time) since
    --kiosk implies --fullscreen.
  * Restore AppArmor confinement of Tor by renaming the AppArmor profile.
    Jessie's systemd has no AppArmor support, so Tor 0.2.7.x backport for Jessie's
    systemd unit files don't load the profile. We've ensure that on Stretch
    everything will work just as we need, but for Jessie we need this kludge:
    simply rename the system_tor profile so that it's used automatically, without
    having to explicitly assign it to the service.
    Closes: #10528
  * Unmute and sanitize ALSA mixer levels at boot time.
    This essentially reverts ALSA state handling to pre-Jessie.
    For Stretch we might need something better, but it's simple enough that
    we could easily turn the relevant bits of the legacy initscript into
    a systemd unit file if needed.
    Closes: #7591
  * Mask the ALSA state store/restore systemd services.
    These are "static" so can't be enabled/disabled.

  * Turn htpdate.service into Type=oneshot.
    I want to use time-sync.target (see systemd.special(7)), so that we can
    order stuff after it.
    But with Type=simple, we can't tell when htpdate is done, so we can't
    specify that time-sync.target has not been reached until then. So let's
    use Type=oneshot. But then, 20-time.sh would block until htpdate is
    done, which is not what we want; this is solved by using --no-block when
    restarting the service there.
  * Explicitly declare htpdate.service as being needed for time-sync.target.
    This ensures that "services where correct time is essential should be
    ordered after this unit" (as long as such services have themselves
    declared the right dependencies). We don't ship any such services
    currently, so this is rather pedantic a commit.
    Note: in our case, we don't want the Tor service to wait for
    time-sync.target, since we still use the Tor consensus for time
    sync' purposes.
  * Explicitly use tor@default.service when it's the one we mean.
    Tor 0.2.7.x packaging now uses a template systemd unit file,
    and the instance we use is called tor@default.service.

  * Remove scenario.
    In Jessie, org.gnome.gnome-screenshot.auto-save-directory is empty
    since the default is sensible, ~/Pictures. To save the removed
    scenario we'd have to set it explicitly, which seems stupid. Besides,
    the 'A screenshot is taken when the PRINTSCREEN key is pressed'
    scenario is already testing that GNOME Screenshot saves into this
    directory, which is enough.
  * Adapt Gnome notification handling for Debian Jessie.
    When waiting for specific notifications we'll completely depend on
    robust_notification_wait() from now on *and* it will leave other
    notifications unlike the old version.
    Will-fix: #8782
  * Migrate to robust_notification_wait() and update some related images for Jessie.

  * Introduce a dedicated systemd target for "Tor has bootstrapped" state.
    ... and move tails-wait-until-tor-has-bootstrapped.service from
    default.target to it. The main effect is that anything that wants to
    start after graphical.target or multi-user.target does not have to wait
    for Tor to have bootstrapped (which could very well never happen, e.g.
    when working offline) anymore.
    Will-fix: #9393

  * Install tails-installer instead of liveusb-creator.
    Refs: #8561

  * Draft a test to ensure that we can use a NetworkManager connection stored in persistence.
    Will-fix: #7966
  * Revert "Lower required free (non-buffer/cache) memory for Tails Upgrader."
    This reverts commit 01c88c1b5f13ea02437c2f547fad0dd61946abdc.
    Refs: #8263
    Since then, we've bumped the memory requirements (both in our
    documentation and on the test suite's "hardware") to 2 GB, so the
    original reason for this change has gone away => let's go back to
    a value that was tested and confirmed to work (as in: allow upgrading
    a running Tails) on Wheezy, instead of a value that was tested on
    Jessie, but only for checking for available upgrades.
    The follow-ups will be:
     * the cool ideas posted on
       https://labs.riseup.net/code/issues/8263#note-1 will become a new,
       dedicated ticket (that has no reason to block the Tails 2.0 release);
     * #8083 and #7986 will tell us if the value this commit reverts to
       is OK.
  * Upgrader wrapper: make the check for free memory smarter.
    Quoting anonym (#8263#note-1):
    In our Live system context, where a lot of stuff is in tmpfs:es, looking
    at the values of free or /proc/meminfo alone isn't accurate for
    determining how much memory "really" is free, since the tmpfs usage is
    included in the buffers. Hence, MemFree is the lower (and safe) bound of
    how much "really" free memory we have, and MemFree + Buffers + Cache is
    the upper (and unsafe) bound. The true value should be (at least closer
    to) MemFree + Buffers + Cache - (sum of usage by tmpfs:es). We should
    check once against that value instead.
    The 300 MB magic number (minimum "real memory" available) was found
    after bisecting with an ISO built from current feature/jessie:
     * with 278000 kB of "real memory" available, Tails Upgrader could
       successfully tell me that no upgrade was available (which is indeed
       the case), or that I should manually upgrade (after tweaking
       /etc/os-release; because I started from DVD);
     * with 255000 kB of "real memory" available, the check for upgrades
       failed and the desktop session froze;
    => so 300x1024 kB should give us a small safety margin.
    For the record, a VM with 1GB of RAM allocated (891 MB visible due to
    the QXL video adapter stealing some) on current feature/jessie has
    336MB (137MB free + 39MB buffers + 212MB cache - 52MB tmpfs) of "real
    memory" available once Tor is ready and Tor Browser is started, so in
    practice any system that's beefy enough to use Tails 2.0 can check
    for upgrades.
    Closes: #10540, #8263
  * Drop notification when persistence settings were disabled due to wrong access rights.
    No need to run this script at login time on every Tails two years later.
  * Drop obsolete comment.
  * Fix link to documentation.
  * tails-security-check: use a dialog box instead of desktop notifications.
    It's important enough to be worth being noisy about, and providing
    clickable links (which we can't easily do with desktop notifications
    these days).
    Refs: #7989
  * tails-security-check: remove obsolete code.
    We've stopped using this "version file" a while ago.
  * tails-virt-notify-user: don't leave the process around until Tor Browser is closed.
  * MAC spoofing failure notification: remove the link to the documentation.
    It was broken on Tails/Wheezy already (the link to the doc is not
    visible, and one of the two possible links was broken anyway), so this
    is not a regression brought by porting to Jessie. And on Jessie, due to
    bug #7989 these links would not work as-is anyway. It's unclear how this
    would be best solved; #10559 has been created to sum up the problem and
    track future improvements.
    Refs: #7989, #10559
  * Remove the restricted network detector.
    As explained on https://labs.riseup.net/code/issues/8328#note-5, it's
    been broken for 16 months, it is still broken after the partial fix that
    went in Tails 1.6, and the logic on which the detector is based cannot
    work anymore. Reintroducing and porting this feature is now tracked
    on #10560.
    Closes: #8328
    Refs: #10560
  * Don't try to disable lvm2 initscripts anymore.
    It was disabled in amnesia 0.3 because "it slows-down too much the boot
    in certain circumstances". I can't confirm that with current hardware on
    feature/jessie: the output of `systemd-analyze critical-chain' does not
    include anything LVM-related, and in `systemd-analyze blame' everything
    LVM-related takes 400ms or less on one of my systems, and 100ms or less
    on another.
    On Jessie, lvm2 initscripts have been split into numerous systemd units,
    so it might help avoid unconditionally blocking boot.
    Note that the way we did in this this chroot_local-hooks has no effect
    on Jessie.

  * Fix ssh.feature vs Jessie.
  * Fix "all notifications have disappeared" when there's none.
    Apparently findAll() throws an exception when it doesn't find
    anything, as opposed to an empty Java iterator, which was what I
    assumed.
  * Update a few test suite images.

  * Remove kiosk mode support.
    It was a partial, never completed attempt. We don't ship such things in
    Tails anymore these days.
  * Test suite: use the Journal instead of the deprecated /var/log/syslog to extract debugging information about restart-tor.
  * Test suite: use the Journal instead of the deprecated /var/log/syslog to extract information about packets dropped by the firewall.
  * Test suite: use a stricter regexp when extracting logs for dropped packets.
    Thanks to journalctl's --output=cat option, we can trivially look at the
    logged message itself, without any metadata around.
  * clock_gettime_monotonic: use Perl's own function to get the integer part, instead of forking out to sed.
  * Don't tell the user that "Tor is ready" before htpdate is done.
    There are two possible problems with using Tor before the time is
    correct enough:
    1. We want all Tails users to have very similar clocks, as part of the
       protection against fingerprinting Tails tries to provide;
    2. Accessing hidden services can be problematic when one's clock is not
       correct; hence the notification we display about
       time synchronization.
    Closes: #7721
    Refs: #7438

  * Remove the restricted network detector from POTFILES.in.

  * Upgrade the topIcons GNOME Shell extension to version 28.

  [ Alan ]
  * Restore the logo in about tails dialog.
    The logo was taken from the documentation but isn't included there anymore.

  * Change --type option to --spawn in vm-execute helper script.
  * Install xsel.
    We will need it installed in Tails for manipulating the clipboard in
    the automated test suite.
  * Add method used to set the Xorg clipboard.
  * Work around issue with lost key presses in the browser.
    When entering an address like"http(s)" we sometime end up with
    "htp(s)", so either the second or third character is lost. My guess is
    the second; once the first character is entered, the Tor Browser
    immediately starts showing the list of suggestions, and it seems if
    the second character is timed at some particular point when this list
    is being shown, it's lost.
    This is worked around by just pasting the whole address in one go, via
    the clipboard.
    Will-fix: #10467
  * Update the rest of torified_browsing.feature's images.
    ... for Debian Jessie. Now all scenarios except 'Importing an OpenPGP
    key from a website' passes, due to
    Refs: #10571

  * tails-unblock-network: trace commands so that they end up in the Journal.
    This should help debugging e.g. #9012.
  * Manually wrap text in the Unsafe Browser startup warning dialog.
    Jessie's zenity does not wrap it itself.
    Same in sid with 3.18.1.1-1 by the way.
  * Manually associate application/pgp-keys with Seahorse's "Import Key" application.
    Closes: #10571
    I can't reproduce this in my Tor Browser on current sid, so I don't see
    where I could report it. Hence added a "XXX: Stretch" so that we check
    if we can remove it next time we upgrade to a new Debian release.

  * Refactor GNOME/X env exporting to Tails' shell library.
  * Grab the rest of the variables from gnome-shell's environment.
    The static guess for DISPLAY *could* be wrong, and the how we relied
    on a shell blog for XAUTHORITY could results in problems if there's a
    leftover database from a previous session for some reason. Besides,
    the new approach feels more consistent.
  * Include the GNOME/X environment in the remote shell.
    And kill the (inferior) code about DISPLAY and XAUTHORITY since
    they're set by export_gnome_env() into the environment.
  * Disable screen blanking in the automated test suite.
    In the automated test suite we sometimes need to wait long enough so
    screen blanking activates, which can mess with Sikuli wait():ing for
    some image. This is the case in e.g. the 'Install packages using
    Synaptic' scenario, in which the APT update can take >5 minutes.
    Will-fix: #10403
  * Don't use static DISPLAY.
  * Remove useless code.
    We only intend to run these script from environments where XAUTHORITY
    is set. Also, there is no ~/.Xauthority.

 -- Tails developers <tails@boum.org>  Thu, 19 Nov 2015 16:01:19 +0000
1019

anonym's avatar
anonym committed
1020
1021
1022
1023
1024
1025
tails (1.8) UNRELEASED; urgency=medium

  * Dummy entry.

 -- anonym <anonym@riseup.net>  Wed, 18 Nov 2015 20:22:23 +0100

anonym's avatar
anonym committed
1026
tails (1.7) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
1027

anonym's avatar
anonym committed
1028
  * Major new features and changes
anonym's avatar
anonym committed
1029
    - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
anonym's avatar
anonym committed
1030
1031
1032
    - Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
sajolida's avatar
sajolida committed
1033
      improvements via the Torbirdy add-on, and complete persistence
anonym's avatar
anonym committed
1034
1035
1036
1037
1038
1039
1040
1041
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Tails in a future
      release. (Closes: #6151, #9498, #10285)
    - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
sajolida's avatar
sajolida committed
1042
      enabled similar (but inferior) functionality for *all*
anonym's avatar
anonym committed
1043
1044
1045
1046
1047
1048
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)
    - Add an option to Tails Greeter which disables networking
      completely. This is useful when intending to use Tails for
      offline work only. (Closes: #6811)
bertagaz's avatar
bertagaz committed
1049

anonym's avatar
anonym committed
1050
1051
  * Security fixes
    - Fix CVE-2015-7665, which could lead to a network interface's IP
elouann's avatar
elouann committed
1052
      address being exposed through wget. (Closes: #10364)
anonym's avatar
anonym committed
1053
1054
1055
1056
    - Prevent a symlink attack on ~/.xsession-errors via
      tails-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)
anonym's avatar
anonym committed
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
    - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
    - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
    - Upgrade unzip to 6.0-8+deb7u4.

  * Bugfixes
    - Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)
    - Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)
anonym's avatar
anonym committed
1070
1071

  * Minor improvements
anonym's avatar
anonym committed
1072
1073
    - Rework the wordings of the various installation and upgrade
      options available in Tails installer in Wheezy. (Closes: #9672)
anonym's avatar
anonym committed
1074
1075
1076
1077
1078
    - Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)
    - Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.
    - Update the Tails signing key. (Closes: #10012)
anonym's avatar
anonym committed
1079
1080
1081
1082
1083
1084
    - Update the Tails APT repo signing key. (Closes: #10419)
    - Install the nmh package. (Closes: #10457)
    - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.
anonym's avatar
anonym committed
1085
1086
1087

  * Test suite
    - Add initial automated tests for Icedove. (Closes: #10332)
elouann's avatar
elouann committed
1088
    - Add automated tests of the MAC spoofing feature. (Closes: #6302)
anonym's avatar
anonym committed
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
    - Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)
    - Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)
    - Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)
    - Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:
      #10219)
    - Extract TBB languages from the Tails source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)
anonym's avatar
anonym committed
1107
1108
    - Automatically test that tails-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.
anonym's avatar
anonym committed
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
    - Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)
    - Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via `--out`. (Closes: #10342)
    - Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)
    - Add more automatic tests for I2P. (Closes: #6406)
    - Bump the Tor circuit retry count to 10. (Closes: #10375)
    - Clean up dependencies: (Closes: #10208)
      * libxslt1-dev
      * radvd
      * x11-apps
anonym's avatar
anonym committed
1124

anonym's avatar
anonym committed
1125
 -- Tails developers <tails@boum.org>  Tue, 03 Nov 2015 01:09:41 +0100
bertagaz's avatar
bertagaz committed
1126

anonym's avatar
anonym committed
1127
tails (1.6) unstable; urgency=medium
anonym's avatar
anonym committed
1128

anonym's avatar
anonym committed
1129
1130
1131
  * Security fixes
    - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
1132
    - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
anonym's avatar
anonym committed
1133
1134
    - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
    - Upgrade libslp1 to 1.2.1-9+deb7u1.
1135
    - Upgrade ssl-cert to 1.0.32+deb7u1.
anonym's avatar
anonym committed
1136

anonym's avatar
anonym committed
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
  * Bugfixes
    - Fix a corner case for the MAC spoofing panic mode. If panic mode
      failed to disable the specific device that couldn't be spoofed
      (by unloading the module) we disable networking. Previously we
      only stopped NetworkManager. The problem is that NM isn't even
      started at this time, but will specifically be started when
      we're done with MAC spoofing. Therefore, let's completely
      disable NetworkManager so it cannot possibly be
      started. (Closes: #10160)
    - Avoid use of uninitialized value in restricted-network-detector.
      If NetworkManager decides that a wireless connection has timed
      out before "supplicant connection state" has occued, our idea of
      the state is `undef`, so it cannot be used in a string
      comparison. Hence, let's initialize the state to the empty
      string instead of `undef`. Also fix the state
      recording. Apparently NetworkManager can say a few different
      things when it logs the device state transitions. (Closes:
      #7689)

  * Minor improvements
    - Remove workaround for localizing search engine plugins. The
      workaround has recently become unnecessary, possibly due to the
      changes made for the seach bar after the Tor Browser was rebased
      on Firefox 38esr. (Closes: #9146)
    - Refer to the I2P Browser in the I2P notifications. Instead of
      some obscure links that won't work in the Tor Browser, where
      users likely will try them, and which I believe will open them
      by default. (Closes: #10182)
    - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
      enforce mode. (Closes: #9830)

  * Test suite
    - Test that udev-watchdog is monitoring the correct device when
      booted from USB. (Closes: #9890)
    - Remove unused 'gksu' step. This causes a false-positive to be
      found for #5330. (Closes: #9877)
    - Make --capture capture individual videos for failed scenarios
      only, and --capture-all to capture videos for all scenarios.
      (Closes: #10148)
anonym's avatar
anonym committed
1176
    - Use the more efficient x264 encoding when capturing videos using
anonym's avatar
anonym committed
1177
      the --capture* options. (Closes: #10001)
anonym's avatar
anonym committed
1178
    - Make --old-iso default to --iso if omitted. Using the same ISO
anonym's avatar
anonym committed
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
      for the USB upgrade tests most often still does what we want,
      e.g. test that the current version of Tails being tested has a
      working Tails installer. Hence this seems like a reasonable
      default. (Closes: #10147)
    - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
      throw a new dedicated FindAnyFailed exception if these fail
      instead. Rjb::throw doesn't block Ruby's execution until the
      Java exception has been received by Ruby, so strange things can
      happen and we must avoid it. (Closes: #9633)
    - Fix the Download Management page in our browsers. Without the
      browser.download.panel.shown pref set, the progress being made
      will not update until after the browser has been restarted.
      (Closes: #8159)
    - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
      that deals with debugging instead of printing it to STDERR via
      the `--debug` option (which now has been removed). This gives us
      the full flexibility of Cucumber's formatter system, e.g. one
      easy-to-read formatter can print to the terminal, while we get
      the full debug log printed to a file. (Closes: #9491)
    - Import logging module in otr-bot.py. Our otr-bot.py does not use
      logging but the jabberbot library makes logging calls, causing a
      one-off message “No handlers could be found for logger
      "jabberbot"” to be printed to the console. This commit
      effectively prevents logging/outputting anything to the terminal
      which is at a level lower than CRITICAL. (Closes: 9375)
    - Force new Tor circuit and reload web site on browser
      timeouts. (Closes: #10116)
    - Focus Pidgin's buddy list before trying to access the tools
      menu. (Closes: #10217)
    - Optimize IRC test using waitAny. If connecting to IRC fails,
      such as when OFTC is blocking Tor, waiting 60 seconds to connect
      while a a Reconnect button is visible is sub-optimal. It would
      be better to try forcing a new Tor circuit and clicking the
      reconnect button. (Closes: #9653)
    - Wait for (and focus if necessary) Pidgin's Certificate windows.
      (Closes: #10222)

 -- Tails developers <tails@boum.org>  Sun, 20 Sep 2015 17:47:26 +0000
anonym's avatar
anonym committed
1217

anonym's avatar
anonym committed
1218
tails (1.5.1) unstable; urgency=medium
anonym's avatar
anonym committed
1219

anonym's avatar
anonym committed
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
  * Security fixes
    - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
    - Upgrade libnss3 to 2:3.14.5-1+deb7u5.

  * Bugfixes
    - Refresh Tor Browser AppArmor profile patch. The old one doesn't
      apply on top of testing's torbrowser-launcher anymore.

  * Build system
    - Make sure Jenkins creates new jobs to build the testing branch
      after freezes. (Closes: #9925)
anonym's avatar
anonym committed
1232

anonym's avatar
anonym committed
1233
 -- Tails developers <tails@boum.org>  Fri, 28 Aug 2015 01:52:14 +0200
anonym's avatar
anonym committed
1234

anonym's avatar
anonym committed
1235
tails (1.5) unstable; urgency=medium
anonym's avatar
anonym committed
1236

intrigeri's avatar
intrigeri committed
1237
1238
1239
  * Major new features and changes
    - Move LAN web browsing from Tor Browser to the Unsafe Browser,
      and forbid access to the LAN from the former. (Closes: #7976)
1240
1241
    - Install a 32-bit GRUB EFI boot loader. This at least works
      on some Intel Baytrail systems. (Closes: #8471)
anonym's avatar
anonym committed
1242

intrigeri's avatar
intrigeri committed
1243
  * Security fixes
anonym's avatar
anonym committed
1244
    - Upgrade Tor Browser to 5.0, and integrate it:
1245
1246
1247
      · Disable Tiles in all browsers' new tab page.
      · Don't use geo-specific search engine prefs in our browsers.
      · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
anonym's avatar
anonym committed
1248
        Marketplace), and the "Share this page" button in the Tool bar.
anonym's avatar
anonym committed
1249
1250
1251
      · Generate localized Wikipedia search engine plugin icons so the
        English and localized versions can be distinguished in the new
        search bar. (Closes: #9955)
intrigeri's avatar
intrigeri committed
1252
    - Fix panic mode on MAC spoofing failure. (Closes: #9531)
intrigeri's avatar
intrigeri committed
1253
1254
1255
1256
    - Deny Tor Browser access to global tmp directories with AppArmor,
      and give it its own $TMPDIR. (Closes: #9558)
    - Tails Installer: don't use a predictable file name for the subprocess
      error log. (Closes: #9349)
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
    - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
      which is too wide-open.
    - Use aliases so that our AppArmor policy applies to
      /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
      it applies to /. And accordingly:
      · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
      · Install rsyslog from wheezy-backports, since the version from Wheezy
        conflicts with AppArmor 2.9.
      · Stop installing systemd for now: the migration work is being done in
        the feature/jessie branch, and it conflicts with rsyslog from
        wheezy-backports.
      · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
      · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
      · Take into account aufs whiteouts in the system_tor profile.
      · Adjust the Vidalia profile to take into account Live-specific paths.
1272
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
intrigeri's avatar
intrigeri committed
1273
1274
1275
1276
1277
1278
1279
1280
1281
    - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    - Upgrade libexpat1 to 2.1.0-1+deb7u2.
    - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  * Bugfixes
1282
    - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
intrigeri's avatar
intrigeri committed
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295

  * Minor improvements
    - Tails Installer: let the user know when it has rejected a candidate
      destination device because it is too small. (Closes: #9130)
    - Tails Installer: prevent users from trying to "upgrade" a device
      that contains no Tails, or that was not installed with Tails Installer.
      (Closes: #5623)
    - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
      support for the OTRv3 protocol and for multiple concurrent connections
      to the same account. (Closes: #9513)
    - Skip warning dialog when starting Tor Browser while being offline,
      in case it is already running. Thanks to Austin English for the patch!
      (Closes: #7525)
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
    - Install the apparmor-profiles package (Closes: #9539), but don't ship
      a bunch of AppArmor profiles we don't use, to avoid increasing
      boot time. (Closes: #9757)
    - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
      of patching /etc/apparmor.d/tunables/home.
    - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
      is actually used as the read-write branch of the root filesystem's union
      mount, is visible. As a consequence:
      · One can now inspect how much space is used, at a given time, in the
        read-write branch of the root filesystem's union mount.
      · We can make sure our AppArmor policy works fine when that filesystem
anonym's avatar
anonym committed
1307
        is visible, which is safer in case e.g. live-boot's behavior changes
1308
1309
        under our feet in the future... or in case these "hidden" files are
        actually accessible somehow already.
intrigeri's avatar
intrigeri committed
1310
1311
1312
1313
1314

  * Build system
    - Add our jenkins-tools repository as a Git submodule, and replace
      check_po.sh with a symlink pointing to the same script in that submodule.
      Adjust the automated test suite accordingly. (Closes: #9567)
anonym's avatar
anonym committed
1315
1316
1317
    - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
      particular the inclusion of the Tor Browser 5.0 series has recently
      increased the amount of space needed to build Tails. (Closes: #9901)
intrigeri's avatar
intrigeri committed
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347

  * Test suite
    - Test that the Tor Browser cannot access LAN resources.
    - Test that the Unsafe Browser can access the LAN.
    - Installer: test new behavior when trying to upgrade an empty device, and
      when attempting to upgrade a non-Tails FAT partition on GPT; also, take
      into account that all unsupported upgrade scenarios now trigger
      the same behavior.
    - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
      on failure. (Closes: #9518, #9709)
    - run_test_suite: remove control chars from log file even when cucumber
      exits with non-zero. (Closes: #9376)
    - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
    - Use custom exception when 'execute_successfully' fails.
    - Retry looking up whois info on transient failure. (Closes: #9668)
    - Retry wget on transient failure. (Closes: #9715)
    - Test that Tor Browser cannot access files in /tmp.
    - Allow running the test suite without ntp installed. There are other means
      to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
      (Closes: #9651)
    - Bump timeout in the Totem feature.
    - Grep memory dump using the --text option. This is necessary with recent
      versions of grep, such as the one in current Debian sid, otherwise it
      will count only one occurrence of the pattern we're looking for.
      (Closes: #9759)
    - Include execute_successfully's error in the exception, instead
      of writing it to stdout via puts. (Closes: #9795)
    - Test that udev-watchdog is actually monitoring the correct device.
      (Closes: #5560)
    - IUK: workaround weird Archive::Tar behaviour on current sid.
1348
1349
1350
1351
1352
1353
1354
1355
    - Test the SocksPort:s given in torrc in the Unsafe Browser.
      This way we don't get any sneaky errors in case we change them and
      forget to update this test.
    - Directly verify AppArmor blocking of the Tor Browser by looking in
      the audit log: Firefox 38 does no longer provide any graphical feedback
      when the kernel blocks its access to files the user wants to access.
    - Update browser-related automated test suite images, and workaround
      weirdness introduced by the new Tor Browser fonts.
1356
1357
1358
    - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
      via alternate, live-boot generated paths.
    - Adjust tests to cope with our new AppArmor aliases.
anonym's avatar
anonym committed
1359
    - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
intrigeri's avatar
intrigeri committed
1360

anonym's avatar
anonym committed
1361
 -- Tails developers <tails@boum.org>  Mon, 10 Aug 2015 19:12:58 +0200
anonym's avatar
anonym committed
1362

intrigeri's avatar
intrigeri committed
1363
tails (1.4.1) unstable; urgency=medium
1364

intrigeri's avatar
intrigeri committed
1365
1366
1367
1368
1369
1370
1371
1372
1373
  * Security fixes
    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
      isolation bugfix. (Closes: #9560)
    - AppArmor: deny Tor Browser access to the list of recently used files.
      (Closes: #9126)
    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
    - Upgrade Linux to 3.16.7-ckt11-1.
    - Upgrade CUPS to 1.5.3-5+deb7u6.
1374
    - Upgrade FUSE to 2.9.0-2+deb7u2.
intrigeri's avatar
intrigeri committed
1375
1376
1377
    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
1378

intrigeri's avatar
intrigeri committed
1379
1380
1381
1382
  * Bugfixes
    - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
    - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
      (Closes: #9416)
1383
    - Partially fix the truncated notifications issue. (#7249)
intrigeri's avatar
intrigeri committed
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397

  * Minor improvements
    - Disable the hwclock.sh initscript at reboot/shutdown time.
      This is an additional safety measure to ensure that the hardware clock
      is not modified. (Closes: #9364)
    - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
      (Closes: #9417)
    - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
      profile shipped with torbrowser-launcher 0.2.0-1.
    - Add the jessie/updates APT repo and set appropriate pinning.
    - Upgrade Electrum to 1.9.8-4~bpo70+1.
    - Upgrade kernel firmware packages to 0.44.

  * Build system
1398
    - Install the Linux kernel from Debian Jessie. (Closes: #9341)
intrigeri's avatar
intrigeri committed
1399
1400
1401
1402
1403
1404
    - Remove files that are not under version control when building in Jenkins.
      (Closes: #9406)
    - Don't modify files in the source tree before having possibly merged
      the base branch into it. (Closes: #9406)
    - Make it so eatmydata is actually used during a greater part of the build
      process. This includes using eatmydata from wheezy-backports.
1405
      (Closes: #9419, #9523)
intrigeri's avatar
intrigeri committed
1406
1407
1408
1409
1410
1411
1412
1413
    - release script: adjust to support current Debian sid.

  * Test suite
    - Test the system clock sanity check we do at boot. (Closes: #9377)
    - Remove the impossible "Clock way in the past" scenarios.
      Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
      these scenarios cannot happen, and since we test that it works they
      can be safely removed.
intrigeri's avatar
intrigeri committed
1414
    - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
intrigeri's avatar
intrigeri committed
1415
    - Pidgin: retry looking for the roadmap URL in the topic.
1416
    - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
intrigeri's avatar
intrigeri committed
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
      (Closes: #9317)
    - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
    - Check that notification-daemon is running when looking for notifications
      fails. (Closes: #9332)
    - Allow using the cucumber formatters however we want. (Closes: #9424)
    - Enable Spice in the guest, and blacklist the psmouse kernel module,
      to help with lost mouse events. (Closes: #9425)
    - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
    - Test that Seahorse is configured to use the correct keyserver.
      (Closes: #9339)
    - Always export TMPDIR back to the test suite's shell environment.
      (Closes: #9479)
    - Make OpenPGP tests more reliable:
      · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
      · Retry accessing menus in Seahorse on failure. (Closes: #9344)
    - Focus the Pidgin conversation window before any attempt to interact
      with it. (Closes: #9317)
    - Use convertkey from the (backported to Jessie) Debian package,
      instead of our own copy of that script. (Closes: #9066)
    - Make the memory erasure tests more robust (Closes: #9329):
      · Bump /proc/sys/vm/min_free_kbytes when running fillram.
      · Actually set oom_adj for the remote shell when running fillram.
      · Try to be more sure that we OOM kill fillram.
      · Run fillram as non-root.
    - Only try to build the storage pool if TailsToasterStorage isn't found.
      (Closes: #9568)

 -- Tails developers <tails@boum.org>  Sun, 28 Jun 2015 19:46:25 +0200
1445

anonym's avatar
anonym committed
1446
tails (1.4) unstable; urgency=medium
1447

anonym's avatar
anonym committed
1448
  * Major new features
anonym's avatar
anonym committed
1449
1450
1451
1452
1453
1454
    - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
      introduces many major new features for usability, security and
      privacy. Unfortunately its per-tab circuit view did not make it
      into Tails yet since it requires exposing more Tor state to the
      user running the Tor Browser than we are currently comfortable
      with. (Closes: #9031, #9369)
anonym's avatar
anonym committed
1455
1456
1457
1458
1459
1460
    - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
      bundled with the Tor Browser, we patch it so that circuits used
      for SOCKSAuth streams have their lifetime increased indefinitely
      while in active use. This currently only affects the Tor Browser
      in Tails, and should improve the experience on certain web sites
      that otherwise would switch language or log you out every ten
anonym's avatar
anonym committed
1461
      minutes or so when Tor switches circuit. (Closes: #7934)
1462

anonym's avatar
anonym committed
1463
  * Security fixes
anonym's avatar
anonym committed
1464
1465
1466
1467
1468
1469
1470
    - tor-browser wrapper script: avoid offering avenues to arbitrary
      code execution to e.g. an exploited Pidgin. AppArmor Ux rules
      don't sanitize $PATH, which can lead to an exploited application
      (that's allowed to run this script unconfined, e.g. Pidgin)
      having this script run arbitrary code, violating that
      application's confinement. Let's prevent that by setting PATH to
      a list of directories where only root can write. (Closes: #9370)
anonym's avatar
anonym committed
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
    - Upgrade Linux to 3.16.7-ckt9-3.
    - Upgrade curl to 7.26.0-1+wheezy13.
    - Upgrade dpkg to 1.16.16.
    - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
    - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
    - Upgrade openldap to 2.4.31-2.
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
    - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
    - Upgrade libtasn1-3 to 2.13-2+deb7u2.
    - Upgrade libx11 to 2:1.5.0-1+deb7u2.
    - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
    - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
    - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
    - Upgrade ppp to 2.4.5-5.1+deb7u2.

  * Bugfixes
1487
1488
    - Disable security warnings when connecting to POP3 and IMAP ports.
      (Closes: #9327)
1489
1490
    - Make the Windows 8 browser theme compatible with the Unsafe and I2P
      browsers. (Closes: #9138)
anonym's avatar
anonym committed
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
    - Hide Torbutton's "Tor Network Settings..." context menu entry.
      (Closes: #7647)
    - Upgrade the syslinux packages to support booting Tails on
      Chromebook C720-2800. (Closes: #9044)
    - Enable localization in Tails Upgrader. (Closes: #9190)
    - Make sure the system clock isn't before the build date during
      early boot. Our live-config hook that imports our signing keys
      depend on that the system clock isn't before the date when the
      keys where created. (Closes: #9149)
    - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
      us from getting GNOME's default keyserver in addition to our
      own. (Closes: #9233)
1503
1504
    - Prevent Firefox from crashing when Orca is enabled: grant
      it access to assistive technologies in its Apparmor
anonym's avatar
anonym committed
1505
      profile. (Closes: #9261)
1506
1507
1508
1509
    - Add Jessie APT source. (Closes: #9278)
    - Fix set_simple_config_key(). If the key already existed in the
      config file before the call, all other lines would be removed
      due to the sed option -n and p combo. (Closes: #9122)
anonym's avatar
anonym committed
1510
1511
1512
    - Remove illegal instance of local outside of function definition.
      Together with `set -e` that error has prevented this script from
      restarting Vidalia, like it should. (Closes: #9328)
anonym's avatar
anonym committed
1513
1514
1515
1516
1517
1518

  * Minor improvements
    - Upgrade I2P to 0.9.19-3~deb7u+1.
    - Install Tor Browser's bundled Torbutton instead of custom .deb.
      As of Torbutton 1.9.1.0 everything we need has been upstreamed.
    - Install Tor Browser's bundled Tor Launcher instead of our
1519
      in-tree version. With Tor 0.2.6.x our custom patches for the
anonym's avatar
anonym committed
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
      ClientTransportPlugin hacks are not needed any more. (Closes:
      #7283)
    - Don't install msmtp and mutt. (Closes: #8727)
    - Install fonts-linuxlibertine for improved Vietnamese support in
      LibreOffice. (Closes: #8996)
    - Remove obsoletete #i2p-help IRC channel from the Pidgin
      configuration (Closes: #9137)
    - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
      Bliminse for the patch. (Closes: #9069).
    - Install printer-driver-gutenprint to support more printer
      models. (Closes: #8994).
1531
    - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
anonym's avatar
anonym committed
1532
1533
1534
    - Hide the Tor logo in Tor Launcher. (Closes: #8696)
    - Remove useless log() instance in tails-unblock-network. (Closes:
      #9034)
anonym's avatar
anonym committed
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
    - Install cdrdao: this enables Brasero to burn combined data/audio
      CDs and to do byte-to-byte disc copy.
    - Hide access to the Add-ons manager in the Unsafe Browser. It's
      currently broken (#9307) but we any way do not want users to
      install add-ons in the Unsafe Browser. (Closes: #9305)
    - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
      The default value of this option activates warnings on ports
      23,109,110,143. This commit disables the warnings for POP3 and
      IMAP as these could be equally used in encrypted StartTLS
      connections. (Closes: #9327)
    - Completely rework how we localize our browser by generating our
      branding add-on, and search plugins programatically. This
      improves the localization for the ar, es, fa, ko, nl, pl, ru,
      tr, vi and zh_CN locales by localizing the Startpage and
      Disconnect.me search plugins. Following Tor Browser 4.5's recent
      switch, we now use Disconnect.me as the default search
      engine. (Closes: #9309)
    * Actively set Google as the Unsafe Browser's default search
      engine.
intrigeri's avatar
intrigeri committed
1554

anonym's avatar
anonym committed
1555
1556
1557
1558
1559
1560
  * Build system
    - Encode in Git which APT suites to include when building Tails.
      (Closes: #8654)
    - Clean up the list of packages we install. (Closes: #6073)
    - Run auto/{build,clean,config} under `set -x' for improved
      debugging.
anonym's avatar
anonym committed
1561
1562
    - Zero-pad our ISO images so their size is divisible by 2048.
      The data part of an ISO image's sectors is 2048 bytes, which
anonym's avatar
anonym committed
1563
      implies that ISO images should always have a size divisible
anonym's avatar
anonym committed
1564
      by 2048. Some applications, e.g. VirtualBox, use this as a sanity
anonym's avatar
anonym committed
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
      check, treating ISO images for which this isn't true as garbage.
      Our isohybrid post-processing does not ensure this,
      however. Also Output ISO size before/after isohybrid'ing and
      truncate'ing it. This will help detect if/when truncate is
      needed at all, so that we can report back to syslinux
      maintainers more useful information. (Closes: #8891)
    - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
      goal here is to avoid Tor Browser tarballs being deleted by
      apt-cacher-ng's daily expiration cronjob: they're not listed in
      any APT repo's index file, so acng will be quite eager to clean
      them up.
1576

anonym's avatar
anonym committed
1577
1578
1579
1580
1581
  * Test suite
    - Bring dependency checks up-to-date (Closes: #8988).
    - Adapt test suite to be run on Debian Jessie, which includes
      removing various Wheezy-specific workarounds, adding a few
      specific to Jessie, migrating from ffmpeg to libav, and
1582
      more. (Closes: #8165)
anonym's avatar
anonym committed
1583
1584
    - Test that MAT can see that a PDF is dirty (Closes: #9136).
    - Allow throwing Timeout::Error in try_for() blocks, as well as
1585
1586
1587
      nested try_for() (Closes: #9189, #9290).
    - Read test suite configuration files from the features/config/local.d
      directory. (Closes: #9220)
anonym's avatar
anonym committed
1588
1589
1590
1591
1592
1593
1594
1595
    - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
      zombie processes from appearing. (Closes: #9139)
    - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
      it to properly clean up. (Closes: #8707)
    - Split SSH & SFTP configs in the test suite. (Closes: #9257)
    - Improve how we start subprocesses in the test suite, mostly by
      bypassing the shell for greater security and robustness (Closes:
      #9253)
anonym's avatar
anonym committed
1596
    - Add Electrum test feature. (Closes #8963)
anonym's avatar
anonym committed
1597
    - Test that Tails Installer detects when USB devices are
anonym's avatar
anonym committed
1598
1599
1600
1601
1602
      removed. (Closes: #9131)
    - Test Tails Installer with devices which are too small. (Closes:
      #9129)
    - Test that the Report an Error launcher works in German. (Closes:
      #9143)
anonym's avatar
anonym committed
1603
1604
1605
1606
    - Verify that no extensions are installed in the Unsafe Browser
      using about:support instead of about:addons, which is broken
      (#9307). (Closes: #9306)
    - Retry GNOME application menu actions when they glitch. The
anonym's avatar
anonym committed
1607
1608
1609
1610
1611
      GNOME application menus seem to have issues with clicks or
      hovering actions not registering, and hence sometimes submenus
      are not opened when they should, and sometimes clicks on the
      final application shortcut are lost. There seems to be a
      correlation between this and CPU load on the host running the
anonym's avatar
anonym committed
1612
1613
      test suite. We workaround this by simply re-trying the last
      action when it seems to fail. (Closes: #8928)
anonym's avatar
anonym committed
1614
1615
    - Work around Seahorse GUI glitchiness (Closes: #9343):
      * When Seahorse appears to be frozen--apparently due to network
anonym's avatar
anonym committed
1616
1617
        issues--it can often be worked around by refreshing the screen
        or activating a new window.
anonym's avatar
anonym committed
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
      * Open Seahorse's preferences dialog using the mouse.
      * Access menu entries with the mouse.
    - Wait for systray icons to finish loading before interacting with
      the systray. (Closes: #9258)
    - Test suite configuration: generalize local.d support to *.d. We
      now load features/config/*.d/*.yml.
    - Use code blocks in "After Scenario" hooks. This is much simpler
      to use (and more readable!) compared to hooking functions and
      arguments like we used to do.
    - Create filesystem share sources in the temporary directory and
      make them world-readable. (Closes: #8950)
1629

anonym's avatar
anonym committed
1630
 -- Tails developers <tails@boum.org>  Mon, 11 May 2015 16:45:04 +0200
1631

anonym's avatar
anonym committed
1632
tails (1.3.2) unstable; urgency=medium
1633

anonym's avatar
anonym committed
1634
1635
  * Security fixes
    - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR.
anonym's avatar
anonym committed
1636
    - Upgrade OpenSSL to 1.0.1e-2+deb7u16.
anonym's avatar
anonym committed
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651

  * Bugfixes
    - Make Florence usable with touchpads by forcing syndaemon to
      always use the `-t` option, which only disables tapping and
      scrolling and not mouse movements (Closes: #9011).
    - Make tails-spoof-mac log the correct macchanger exit code on
      failure (Closes: #8687).
    - Tails Installer:
      · Ignore devices with less than 3.5 GB of storage since they
        do not fit a Tails installation (Closes: #6538).
      · Remove devices from the device list as they are unplugged
        (Closes: #8691).

  * Minor improvements
    - Install obfs4proxy 0.0.4-1~tpo1, which adds support for
intrigeri's avatar
intrigeri committed
1652
      client-mode ScrambleSuit.
anonym's avatar
anonym committed
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
    - Don't start Vidalia if Windows Camouflage is enabled. (Closes:
      #7400)
    - I2P Browser:
      · Remove "Add-ons" from the Tools menu, and hide "Keyboard
        Shortcuts" and "Take a Tour" since they point to resources on
        the open Internet (Closes: #7970).
      · Hide TorButton button from the customize toolbar options, and
        remove configs whose only purpose was to make Torbutton "green"
        (Closes: #8893).

  * Test suite
    - New tests:
      · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server"
        (Closes: #6308).
      · Verify that Tails' Tor binary has the expected Tor authorities
        hard coded (Closes: #8960).
    - Improvements:
      · Programmatically determine the supported languages when testing
        the Unsafe Browser (Closes: #8918).
      · Rename --temp-dir to --tmpdir and make it behave more like
        mktemp, and honour TMPDIR if set in the environment. (Closes:
        #8709).
    - Bugfixes:
      · Make --temp-dir (now --tmpdir) actually work.
1677

anonym's avatar
anonym committed
1678
 -- Tails developers <tails@boum.org>  Mon, 30 Mar 2015 16:54:20 +0200
1679

intrigeri's avatar
intrigeri committed
1680
tails (1.3.1) unstable; urgency=medium
1681

intrigeri's avatar
intrigeri committed
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
  * Security fixes
    - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses:
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
    - Upgrade Linux to 3.16.7-ckt7-1.
    - Upgrade libxfont to 1:1.4.5-5.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u15.
    - Upgrade tcpdump to 4.3.0-1+deb7u2.
    - Upgrade bsdtar to 3.0.4-3+wheezy1.
    - Upgrade CUPS to 1.5.3-5+deb7u5.
    - Upgrade file and libmagic to 5.11-2+deb7u8.
    - Upgrade GnuPG to 1.4.12-7+deb7u7.
    - Upgrade libarchive to 3.0.4-3+wheezy1.
    - Upgrade libav to 6:0.8.17-1.
    - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1.
    - Upgrade libgcrypt11 1.5.0-5+deb7u3.
    - Upgrade libgnutls26 to 2.12.20-8+deb7u3.
    - Upgrade libgtk2-perl to 2:1.244-1+deb7u1.
    - Upgrade ICU to 4.8.1.1-12+deb7u2.
    - Upgrade NSS to 2:3.14.5-1+deb7u4.
    - Upgrade libssh2 to 1.4.2-1.1+deb7u1.
1703

intrigeri's avatar
intrigeri committed
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
  * Bugfixes
    - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include:
      · Directory authority changes.
      · Fix assertion errors that may trigger under high DNS load.
      · No longer break on HUP with seccomp2 enabled.
      · and more - please consult the upstream changelog.
    - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly
      (Closes: #8964, #6985). Changes include:
      · Ask about bridges before proxy in wizard.
      · Hide logo if TOR_HIDE_BROWSER_LOGO set.
      · Remove firewall prompt from wizard.
      · Feedback when “Copy Tor Log” is clicked.
      · Improve behavior if tor exits.
      · Add option to hide TBB's logo
      · Change "Tor Browser Bundle" to "Tor Browser"
      · Update translations from Transifex.
intrigeri's avatar
intrigeri committed
1720
    - Fix the Tor Launcher killer. (Closes: #9067)
1721
1722
    - Allow Seahorse to communicate with keyservers when run from Tails
      OpenPGP Applet. (Closes: #6394)
1723
1724
    - SSH client: don't proxy connections to 172.17.* to 172.31.*.
      (Closes: #6558)
intrigeri's avatar
intrigeri committed
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
    - Repair config/chroot_local-packages feature, that was broken in Tails 1.3
      by 19-install-tor-browser-AppArmor-profile. (Closes: #8910)
    - language_statistics.sh: count original words instead of translated words.
      Otherwise we get >100% translation if translated strings are longer than
      original strings. (Closes: #9016)

  * Minor improvements
    - Only ship the new Tails signing key, and have Tails Upgrader stop trusting
      the old one. Update the documentation and test suite accordingly.
      (Closes: #8735, #8736, #8882, #8769, #8951)
1735
1736
1737
1738
1739
    - Polish and harden a bit the WhisperBack configuration (Closes: #8991):
      · Only allow the `amnesia' user to run tails-debugging info as root
        with no arguments.
      · Fix spelling and grammar mistakes, improve phrasing a bit.
      · Quote variables consistently.
intrigeri's avatar
intrigeri committed
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773

  * Test suite
    - New tests:
      · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user
        chatroom. (Closes: #8002)
      · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001)
      · Check that Pidgin only responds to the expected CTCP requests.
        (Closes: #8966)
      · Fetching keys using Seahorse started via the OpenPGP Applet.
      · Sync'ing keys using Seahorse.
    - Bugfixes:
      · Fix a race condition between the remote shell's and Tails Greeter's
        startup, by making sure the remote shell is ready before we start
        GDM. (Closes: #8941)
      · Kill virt-viewer properly. (Closes: #9070)
      · Make sure the display is stopped on destroy_and_undefine().
        Where we had it earlier, it could be skipped if anything else in the
        block threw an exception.
      · Fix wrong use of "$@". (Closes: #9071)
      · Enable the pipefail option in run_test_suite.
      · Improve the GNOME screenshot test's robustness. (Closes: #8952)
    - Refactoring:
      · turn the focus_pidgin_window() helper into a more generic
        VM.focus_xorg_window() one.
      · Reorganize the Display class.
      · Use clearer method to check process status in the Display class.
    - New developer-oriented features:
      · Add a --log-to-file option to run_test_suite. (Closes: #8894)
      · Add helpers for generating random strings.
      · Make it possible to hook arbitrary calls on scenario end. This is useful
        for dynamically adding cleanup functions, instead of having
        to explicitly deal with them in some After hook.

 -- Tails developers <tails@boum.org>  Mon, 23 Mar 2015 12:34:56 +0000
1774

Tails developers's avatar
Tails developers committed
1775
tails (1.3) unstable; urgency=medium
1776

1777
  * Major new features
Tails developers's avatar
Tails developers committed
1778
1779
1780
1781
1782
    - Produce the Tails image in hybrid mode (again) so that the same
      image can be installed both on DVD *and* "hard disks" like USB
      storage and similar. (Closes: #8510)
    - Confine the Tor Browser using AppArmor. (Closes: #5525)
    - Install the Electrum bitcoin client from wheezy-backports, and
1783
1784
      add a persistence preset for the Live user's bitcoin wallet. If
      electrum is started without the persistence preset enabled, a
Tails developers's avatar
Tails developers committed
1785
      warning is shown. (Closes: #6739)
1786

Tails developers's avatar
Tails developers committed
1787
1788
1789
1790
  * Security fixes
    - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr)
      (Closes: #8938).

1791
1792
1793
1794
1795
1796
  * Bugfixes
    - Have tor_bootstrap_progress echo 0 if no matching log line is
      found. (Closes: #8257)
    - Always pass arguments through wrappers (connect-socks, totem,
      wget, whois) with "$@". $* doesn't handle arguments with
      e.g. embedded spaces correctly. (Closes: #8603, #8830)
1797
    - Upgrade Linux to 3.16.7-ckt4-3.
1798
1799

  * Minor improvements
Tails developers's avatar
Tails developers committed
1800
1801
1802
    - Install a custom-built Tor package with Seccomp enabled;
      enable the Seccomp sandbox when no pluggable transport is used.
      (Closes: #8174)
1803
    - Install obfs4proxy instead of obfsproxy, which adds support for
Tails developers's avatar
Tails developers committed
1804
      the obfs4 Tor pluggable transport. (Closes: #7980)
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
    - Install GnuPG v2 and associated tools from wheezy-backports,
      primarily for its improved support for OpenPGP smartcards. It
      lives side-by-side with GnuPG v1, which still is the
      default. (Closes: #6241)
    - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
      #7999)
    - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
    - Install keyringer from Debian Jessie. (Closes: #7752)
    - Install pulseaudio-utils.
    - Remove all traces of Polipo: we don't use it anymore. This
      closes #5379 and #6115 because:
      * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
      * Wrap wget with torsocks. (Closes: #6623)
      * Wrap Totem to torify it with torsocks. (Closes: #8219)
      * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
        (Closes: #8680)
    - Use torsocks for whois and Gobby, instead of torify.
Tails developers's avatar
Tails developers committed
1822
    - Upgrade I2P to 0.9.18-1~deb7u+1.
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
    - Refactor the Unsafe and I2P browser code into a common shell
      library. A lot of duplicated code is now shared, and the code
      has been cleaned up and made more reliable. Several
      optimizations of memory usage and startup time were also
      implemented. (Closes: #7951)
    - Invert Exit and About in gpgApplet context menu. This is a
      short-term workaround for making it harder to exit the
      application by mistake (e.g. a double right-click). (Closes:
      #7450)
    - Implement new touchpad settings. This enables tap-to-click,
      2-fingers scrolling, and disable while typing. We don't enable
      reverse scrolling nor horizontal scrolling. (Closes: #7779)
    - Include the mount(8) output and live-additional-software.conf in
      WhisperBack bug reports (Closes: #8719, #8491).
    - Reduce brightness and saturation of background color. (Closes:
      #7963)
    - Have ALSA output sound via PulseAudio by default. This gives us
      centralized sound volume controls, and... allows to easily, and
      automatically, test that audio output works from Tor Browser,
      thanks to the PulseAudio integration into the GNOME sound
      control center.
    - Import the new Tails signing key, which we will use for Tails
      1.3.1, and have Tails Upgrader trust both it and the "old"
      (current) Tails signing key. (Closes: #8732)
    - tails-security-check: error out when passed an invalid CA file.
      Unfortunately, the underlying HTTPS stack we use here fails open
      in those case, so we have to check it ourselves. Currently, we
      check that the file exists, is readable, is a plain file and is
      not empty. Also support specifying the CA file via an
      environment variable. This will ease development and bug-fixing
      quite a bit.
    - Fix racy code in Tails Installer that sometimes made the
1855
      automated test suite stall for scenarios installing Tails
1856
      to USB disks. (Closes: #6092)
1857
    - Make it possible to use Tails Upgrader to upgrade a Tails
1858
1859
1860
1861
1862
1863
1864
1865
      installation that has cruft files on the system partition.
      (Closes: #7678)

  * Build system
    - Install syslinux-utils from our builder-wheezy APT repository in
      Vagrant. We need version 6.03~pre20 to make the Tails ISO image
      in hybrid mode
    - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
1866
    - Revert "Workaround build failure in lb_source, after creating
1867
1868
1869
1870
1871
1872
1873
1874
1875
      the ISO." This is not needed anymore given the move to the Tor
      SOCKS proxy. (Closes: #5307)
    - Remove the bootstrap stage usage option and disable all
      live-build caching in Vagrant. It introduces complexity and
      potential for strange build inconsistencies for a meager
      reduction in build time. (Closes: #8725)
    - Hardcode the mirrors used at build and boot time in auto/config.
      Our stuff will be more consistent, easier to reproduce, and our
      QA process will be more reliable if we all use the same mirrors
1876
      at build time as the ones we configure in the ISO. E.g. we won't
1877
1878
1879
1880
      have issues such as #8715 again. (Closes: #8726)
    - Don't attempt to retrieve source packages from local-packages so
      local packages can be installed via
      config/chroot_local-packages. (Closes: #8756)
Tails developers's avatar
Tails developers committed
1881
1882
    - Use our own Tor Browser archive when building an ISO. (Closes:
      #8125)
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920

  * Test suite
    - Use libguestfs instead of parted when creating partitions and
      filsystems, and to check that only the expected files
      persist. We also switch to qcow2 as the default disk image
      format everywhere to reduce disk usage, enable us to use
      snapshots that includes the disks (in the future), and to use
      the same steps for creating disks in all tests. (Closes: #8673)
    - Automatically test that Tails ignores persistence volumes stored
      on non-removable media, and doesn't enable swaps. (Closes:
      #7822)
    - Actually make sure that Tails can boot from live systems stored
      on a hard drive. Running the 'I start Tails from DVD ...' step
      will override the earlier 'the computer is set to boot from ide
      drive "live_hd"' step, so let's make the "from DVD" part
      optional; it will be the default any way.
    - Make it possible to use an old iso with different persistence
      presets. (Closes: #8091)
    - Hide the cursor between steps when navigating the GNOME
      applications menu. This makes it a bit more robust, again:
      sometimes the cursor is partially hiding the menu entry we're
      looking for, hence preventing Sikuli from finding it (in
      particular when it's "Accessories", since we've just clicked on
      "Applications" which is nearby). (Closes: #8875)
    - Ensure that the test will fail if "apt-get X" commands fail.
    - Test 'Tor is ready' notification in a separate scenario. (Closes:
      #8714)
    - Add automated tests for torified wget and whois. This should
      help us identify future regressions such as #8603 in their
      torifying wrappers.
    - Add automated test for opening an URL from Pidgin.
    - And add automated tests for the Tor Browser's AppArmor
      sandboxing.
    - Test that "Report an Error Launcher" opens the support
      documentation.
    - Test that the Unsafe Browser:
      * starts in various locales.
      * complains when DNS isn't configured.
1921
      * tears down its chroot on shutdown.
1922
1923
1924
1925
1926
1927
      * runs as the correct user.
      * has no plugins or add-ons installed.
      * has no unexpected bookmarks.
      * has no proxy configured.
    - Bump the "I2P router console is ready" timeout in its test to
      deal with slow Internet connections.
Tails developers's avatar
Tails developers committed
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
    - Make the automatic tests of gpgApplet more robust by relying
      more on graphical elements instead of keyboard shortcuts and
      static sleep():s. (Closes: #5632)
    - Make sure that enough disk space is available when creating
      virtual storage media. (Closes: #8907)
    - Test that the Unsafe Browser doesn't generate any non-user
      initiated traffic, and in particular that it doesn't check for
      upgrades, which is a regression test for #8694. (Closes: #8702)
    - Various robustness improvements to the Synaptic tests. (Closes:
      #8742)
    - Automatically test Git. (Closes: #6307)
    - Automatically test GNOME Screenshot, which is a regression test
      for #8087. (Closes: #8688)
    - Fix a quoting issue with `tails_persistence_enabled?`. (Closes:
      #8919)
    - Introduce an improved configuration system that also can store
      local secrets, like user credentials needed for some
      tests. (Closes: #6301, #8188)
    - Actually verify that we successfully set the time in our time
      syncing tests. (Closes: #5836)
    - Automatically test Tor. This includes normal functionality and
      the use pluggable transports, that our Tor enforcement is
      effective (e.g. only the Tor network or configured bridges are
      contacted) and that our stream isolation configuration is
      working. (Closes: #5644, #6305, #7821)
1953

Tails developers's avatar
Tails developers committed
1954
 -- Tails developers <tails@boum.org>  Mon, 23 Feb 2015 17:14:00 +0100
1955

Tails developers's avatar
Tails developers committed
1956
tails (1.2.3) unstable; urgency=medium
1957

Tails developers's avatar
Tails developers committed
1958
  * Security fixes
1959
1960
1961
    - Upgrade Linux to 3.16.7-ckt2-1.
    - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr)
      (Closes: #8700).
Tails developers's avatar
Tails developers committed
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
    - Fail safe by entering panic mode if macchanger exits with an
      error, since in this situation we have to treat the
      driver/device state as undefined. Also, we previously just
      exited the script in this case, not triggering the panic mode
      and potentially leaking the real MAC address (Closes: #8571).
    - Disable upgrade checking in the Unsafe Browser. Until now the
      Unsafe Browser has checked for upgrades of the Tor Browser in
      the clear (Closes: #8694).

  * Bugfixes
1972
    - Fix startup of the Unsafe Browser in some locales (Closes: #8693).
Tails developers's avatar
Tails developers committed
1973
1974
1975
1976
1977
1978
1979
1980
1981
    - Wait for notification-daemon to run before showing the MAC
      spoofing panic mode notifications. Without this, the "Network
      card disabled" notification is sometimes lost when MAC spoofing
      fails. Unfortunately this only improves the situation, but
      doesn't fix it completely (see #8685).
    - Log that we're going to stop NetworkManager before trying to do
      it in the MAC spoofing scripts. Without this we wouldn't get the
      log message in case stopping NetworkManager fails (thanks to
      `set -e`).
1982
    - Set GNOME Screenshot preferences to save the screenshots in
Tails developers's avatar
Tails developers committed
1983
      /home/amnesia (Closes: #8087).
1984
1985
    - Do not suspend to RAM when closing the lid on battery power
      (Closes: #8071).
Tails developers's avatar
Tails developers committed
1986
1987
1988
1989
1990
    - Properly update the Tails Installer's status when plugging in a
      USB drive after it has started (Closes: #8353).
    - Make rsync compare file contents by using --checksum for more
      reliable generation of the squashfs filesystem in
      IUKs. Previously it used the default, which is checking
1991
1992
1993
      timestamps and file size, but that doesn't play well with the
      Tor browser files, that have a fixed mtime, which could result
      in updated files not ending up in the IUK.
Tails developers's avatar
Tails developers committed
1994
1995

  * Minor improvements
1996
1997
    - Finish migrating tails-security-check's and tails-iuk's pinning
      to our website's new X.509 certificate authority (Closes: #8404).
Tails developers's avatar
Tails developers committed
1998
1999

  * Build system
2000
    - Update to Vagrant build box tails-builder-20141201. The only
Tails developers's avatar
Tails developers committed
2001
2002
2003
2004
      change is the removal of a reference to an ISO image which
      doesn't exist (except on the system that generated the build
      box) which causes an error for some users (Closes: #7644).
    - Generate the list of packages used during build, after building
2005
2006
2007
      with Jenkins (Closes: #8518). This allows tracking their status
      on the Debian reproducible build front:
      https://reproducible.debian.net/index_pkg_sets.html#tails
Tails developers's avatar
Tails developers committed
2008
2009

  * Automated test suite
2010
    - Check PO files with i18nspector (Closes: #8359).
Tails developers's avatar
Tails developers committed
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
    - Fix the expected image of a check.tp.o failure. Previously we
      looked for the "Sorry. You are not using Tor." text, but it
      seems it recently changed enough for Sikuli to not find it. To
      prevent future errors of the same kind we'll look for the
      crossed-over onion icon instead (Closes: #8533).
    - Bump timeout when waiting for Tor to re-bootstrap. We have a
      dreaded issue with timeouts that are multiple of 2 minutes, and
      then Tor succeeds soon after, so in order to allow for this
      timeout to be reached twice, and then possibly succeed, let's
      use N*2 minutes + 30 seconds, with N=2.
2021

Tails developers's avatar
Tails developers committed
2022
 -- Tails developers <tails@boum.org>  Wed, 14 Jan 2015 16:12:26 +0100
2023

Tails developers's avatar
Tails developers committed
2024
tails (1.2.2) unstable; urgency=medium
2025

Tails developers's avatar
Tails developers committed
2026
2027
  * Bugfixes
    - Create a CA bundle for Tails Upgrader at ISO build time, and
2028
      patch Tails Upgrader to use it. Specifically this will make it
Tails developers's avatar
Tails developers committed
2029
2030
2031
      possible to check for Tails upgrades after our website changes
      certificate around the 2014 to 2015 transition (Partially fixes
      #8404).
2032

Tails developers's avatar
Tails developers committed
2033
 -- Tails developers <tails@boum.org>  Mon, 15 Dec 2014 10:05:17 +0100
2034

Tails developers's avatar
Tails developers committed
2035
tails (1.2.1) unstable; urgency=low
2036

Tails developers's avatar
Tails developers committed
2037
2038
2039
  * Security fixes
    - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1.
    - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr).
2040

Tails developers's avatar
Tails developers committed
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
  * Bugfixes
    - Install syslinux-utils, to get isohybrid back (Closes: #8155).
    - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which
      includes a patch that restores mouse scrolling in KVM/Spice
      (Closes: 7426).
    - Set Torbutton logging preferences to the defaults (Closes:
      #8160). With the default settings, no site-specific information is
      logged.
    - Use the correct stack of rootfs:s for the chroot browsers (Closes:
      #8152, #8158). After installing incremental upgrades Tails' root
      filesystem consists of a stack squashfs:s, not only
      filesystem.squashfs. When not stacking them correct we may end up
      using the Tor Browser (Firefox) from an older version of Tails, or
      with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to
      1.2, when we migrated from Iceweasel to the Tor Browser. Based on
      a patch contributed by sanic.
    - Use the Tor Browser for MIME type that GNOME associates with
      Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX
      etc. should be possible again.
    - Update patch to include all Intel CPU microcodes (Closes: #8189).
    - AppArmor: allow Pidgin to run Tor Browser unconfined, with
      scrubbed environment (Closes: #8186). Links opened in Pidgin are
      now handled by the Tor Browser.
    - Install all localized Iceweasel search plugins (Closes: #8139).
    - When generating the boot profile, ignore directories in
      process_IN_ACCESS as well (Closes: #7925). This allows ut to
      update the squashfs-ordering again in Tails 1.2.1.
    - gpgApplet: Don't pass already encoded data to GTK2 (Closes:
      #7968). It's now possible to clearsign text including non-ASCII
      characters.
    - Do not run the PulseAudio initscript, neither at startup nor
      shutdown (Closes: #8082).

  * Minor improvements
    - Upgrade I2P to 0.9.17-1~deb7u+1.
    - Make GnuPG configuration closer to the best practices one
      (Closes: #7512).
    - Have GnuPG directly use the Tor SOCKS port (Closes: #7416).
    - Remove TrueCrypt support and documentat how to open TrueCrypt
      volumes using cryptsetup (Closes: #5373).
    - Install hopenpgp-tools from Debian Jessie.

  * Build system
    - Add gettext >= 0.18.3 as a Tails build dependency. We need it for
      xgettext JavaScript support in feature/jessie.

  * Automated test suite
    - Don't click to open a sub-menu in the GNOME applications menu
      (Closes: #8140).
    - When testing the Windows camouflage, look for individual systray
      applets, to avoid relying on their ordering (Closes: #8059).
    - Focus the Pidgin Buddy List before looking for something
      happening in it (Closes: #8161).
    - Remove workaround for showing the TBB's menu bar (Closes #8028).

 -- Tails developers <tails@boum.org>  Tue, 02 Dec 2014 11:34:03 +0100
2097