changelog 197 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
tails (1.8.1) unstable; urgency=medium
2

intrigeri's avatar
intrigeri committed
3
4
5
6
7
8
9
  * Security fixes
    - Upgrade Tor Browser to 5.0.6.
    - XXX: packages (Linux?)

  * Bugfixes
    - Fix time synchronization in bridge mode by refreshing our patch
      against Tor's AppArmor profile.
10

intrigeri's avatar
intrigeri committed
11
 -- Tails developers <tails@boum.org>  Fri, 18 Dec 2015 19:05:18 +0000
12

anonym's avatar
anonym committed
13
tails (1.8) unstable; urgency=medium
anonym's avatar
anonym committed
14

anonym's avatar
anonym committed
15
16
  * Security fixes
    - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
sajolida's avatar
sajolida committed
17
    - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
18
19
20
21
22
23
24
25
26
27
28
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
    - Upgrade wpasupplicant to 1.0-3+deb7u3.
    - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
    - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
    - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
    - Upgrade dpkg to 1.16.17.
    - Upgrade gnutls26 to 2.12.20-8+deb7u4.
    - Upgrade Icedove to 1:38.0.1-1~deb7u1.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u18.
anonym's avatar
anonym committed
29

anonym's avatar
anonym committed
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
  * Bugfixes
    - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
      should work again. Note that the documentation has not been
      adapted to the slight changes in the Electrum account setup
      wizard yet.

  * Minor improvements
    - Upgrade I2P to 0.9.23-2~deb7u+1.
    - Rebase our patch against the Tor Browser AppArmor profile on top
      of the one shipped in torbrowser-launcher 0.2.1-2.
    - Warn if the claws-mail persistence is enabled and contains a
      Claws Mail configuration when starting icedove. (Closes: #10458)
    - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
      #10739)
    - Remove the Claws Mail persistence feature from the Persistence
      Assistant. (Closes: #10742)

  * Build system
    - Simplify ISO image naming rules by using the base rule we use
      for Jenkins all the time, except when building from a tag
      (i.e. building a release).  (Closes: #10349)

  * Test suite
    - Lower the waiting time for USB installation in the test suite.
      So far we were waiting up to one hour, which is just the same as
      our Jenkins inactivity timeout, so in practice when Tails
      Installer fails and displays an error message, instead of
      reporting that the job failed (which is the point of the
      exercise) we abort the job due to this timeout which
      communicates less clearly that there's probably a bug. (Closes:
      #10718)
    - Remove the check for the sound icon in the systray in the
      Windows Camouflage tests. (Closes: #10493)
    - Retry running whois when "LIMIT EXCEEDED" is in its output for
      increased robustness. (Closes: #10523)
    - Make Seahorse tests more robust. (Closes: #9095, #10501)
    - Make the handling of Pidgin's account manager more robust.
      (Closes: #10506)

 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2015 23:07:19 +0100
anonym's avatar
anonym committed
70

anonym's avatar
anonym committed
71
tails (1.7) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
72

anonym's avatar
anonym committed
73
  * Major new features and changes
anonym's avatar
anonym committed
74
    - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
anonym's avatar
anonym committed
75
76
77
    - Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
sajolida's avatar
sajolida committed
78
      improvements via the Torbirdy add-on, and complete persistence
anonym's avatar
anonym committed
79
80
81
82
83
84
85
86
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Tails in a future
      release. (Closes: #6151, #9498, #10285)
    - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
sajolida's avatar
sajolida committed
87
      enabled similar (but inferior) functionality for *all*
anonym's avatar
anonym committed
88
89
90
91
92
93
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)
    - Add an option to Tails Greeter which disables networking
      completely. This is useful when intending to use Tails for
      offline work only. (Closes: #6811)
bertagaz's avatar
bertagaz committed
94

anonym's avatar
anonym committed
95
96
  * Security fixes
    - Fix CVE-2015-7665, which could lead to a network interface's IP
elouann's avatar
elouann committed
97
      address being exposed through wget. (Closes: #10364)
anonym's avatar
anonym committed
98
99
100
101
    - Prevent a symlink attack on ~/.xsession-errors via
      tails-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)
anonym's avatar
anonym committed
102
103
104
105
106
107
108
109
110
111
112
113
114
    - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
    - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
    - Upgrade unzip to 6.0-8+deb7u4.

  * Bugfixes
    - Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)
    - Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)
anonym's avatar
anonym committed
115
116

  * Minor improvements
anonym's avatar
anonym committed
117
118
    - Rework the wordings of the various installation and upgrade
      options available in Tails installer in Wheezy. (Closes: #9672)
anonym's avatar
anonym committed
119
120
121
122
123
    - Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)
    - Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.
    - Update the Tails signing key. (Closes: #10012)
anonym's avatar
anonym committed
124
125
126
127
128
129
    - Update the Tails APT repo signing key. (Closes: #10419)
    - Install the nmh package. (Closes: #10457)
    - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.
anonym's avatar
anonym committed
130
131
132

  * Test suite
    - Add initial automated tests for Icedove. (Closes: #10332)
elouann's avatar
elouann committed
133
    - Add automated tests of the MAC spoofing feature. (Closes: #6302)
anonym's avatar
anonym committed
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
    - Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)
    - Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)
    - Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)
    - Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:
      #10219)
    - Extract TBB languages from the Tails source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)
anonym's avatar
anonym committed
152
153
    - Automatically test that tails-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.
anonym's avatar
anonym committed
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
    - Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)
    - Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via `--out`. (Closes: #10342)
    - Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)
    - Add more automatic tests for I2P. (Closes: #6406)
    - Bump the Tor circuit retry count to 10. (Closes: #10375)
    - Clean up dependencies: (Closes: #10208)
      * libxslt1-dev
      * radvd
      * x11-apps
anonym's avatar
anonym committed
169

anonym's avatar
anonym committed
170
 -- Tails developers <tails@boum.org>  Tue, 03 Nov 2015 01:09:41 +0100
bertagaz's avatar
bertagaz committed
171

anonym's avatar
anonym committed
172
tails (1.6) unstable; urgency=medium
anonym's avatar
anonym committed
173

anonym's avatar
anonym committed
174
175
176
  * Security fixes
    - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
177
    - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
anonym's avatar
anonym committed
178
179
    - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
    - Upgrade libslp1 to 1.2.1-9+deb7u1.
180
    - Upgrade ssl-cert to 1.0.32+deb7u1.
anonym's avatar
anonym committed
181

anonym's avatar
anonym committed
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
  * Bugfixes
    - Fix a corner case for the MAC spoofing panic mode. If panic mode
      failed to disable the specific device that couldn't be spoofed
      (by unloading the module) we disable networking. Previously we
      only stopped NetworkManager. The problem is that NM isn't even
      started at this time, but will specifically be started when
      we're done with MAC spoofing. Therefore, let's completely
      disable NetworkManager so it cannot possibly be
      started. (Closes: #10160)
    - Avoid use of uninitialized value in restricted-network-detector.
      If NetworkManager decides that a wireless connection has timed
      out before "supplicant connection state" has occued, our idea of
      the state is `undef`, so it cannot be used in a string
      comparison. Hence, let's initialize the state to the empty
      string instead of `undef`. Also fix the state
      recording. Apparently NetworkManager can say a few different
      things when it logs the device state transitions. (Closes:
      #7689)

  * Minor improvements
    - Remove workaround for localizing search engine plugins. The
      workaround has recently become unnecessary, possibly due to the
      changes made for the seach bar after the Tor Browser was rebased
      on Firefox 38esr. (Closes: #9146)
    - Refer to the I2P Browser in the I2P notifications. Instead of
      some obscure links that won't work in the Tor Browser, where
      users likely will try them, and which I believe will open them
      by default. (Closes: #10182)
    - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
      enforce mode. (Closes: #9830)

  * Test suite
    - Test that udev-watchdog is monitoring the correct device when
      booted from USB. (Closes: #9890)
    - Remove unused 'gksu' step. This causes a false-positive to be
      found for #5330. (Closes: #9877)
    - Make --capture capture individual videos for failed scenarios
      only, and --capture-all to capture videos for all scenarios.
      (Closes: #10148)
anonym's avatar
anonym committed
221
    - Use the more efficient x264 encoding when capturing videos using
anonym's avatar
anonym committed
222
      the --capture* options. (Closes: #10001)
anonym's avatar
anonym committed
223
    - Make --old-iso default to --iso if omitted. Using the same ISO
anonym's avatar
anonym committed
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
      for the USB upgrade tests most often still does what we want,
      e.g. test that the current version of Tails being tested has a
      working Tails installer. Hence this seems like a reasonable
      default. (Closes: #10147)
    - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
      throw a new dedicated FindAnyFailed exception if these fail
      instead. Rjb::throw doesn't block Ruby's execution until the
      Java exception has been received by Ruby, so strange things can
      happen and we must avoid it. (Closes: #9633)
    - Fix the Download Management page in our browsers. Without the
      browser.download.panel.shown pref set, the progress being made
      will not update until after the browser has been restarted.
      (Closes: #8159)
    - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
      that deals with debugging instead of printing it to STDERR via
      the `--debug` option (which now has been removed). This gives us
      the full flexibility of Cucumber's formatter system, e.g. one
      easy-to-read formatter can print to the terminal, while we get
      the full debug log printed to a file. (Closes: #9491)
    - Import logging module in otr-bot.py. Our otr-bot.py does not use
      logging but the jabberbot library makes logging calls, causing a
      one-off message No handlers could be found for logger
      "jabberbot" to be printed to the console. This commit
      effectively prevents logging/outputting anything to the terminal
      which is at a level lower than CRITICAL. (Closes: 9375)
    - Force new Tor circuit and reload web site on browser
      timeouts. (Closes: #10116)
    - Focus Pidgin's buddy list before trying to access the tools
      menu. (Closes: #10217)
    - Optimize IRC test using waitAny. If connecting to IRC fails,
      such as when OFTC is blocking Tor, waiting 60 seconds to connect
      while a a Reconnect button is visible is sub-optimal. It would
      be better to try forcing a new Tor circuit and clicking the
      reconnect button. (Closes: #9653)
    - Wait for (and focus if necessary) Pidgin's Certificate windows.
      (Closes: #10222)

 -- Tails developers <tails@boum.org>  Sun, 20 Sep 2015 17:47:26 +0000
anonym's avatar
anonym committed
262

anonym's avatar
anonym committed
263
tails (1.5.1) unstable; urgency=medium
anonym's avatar
anonym committed
264

anonym's avatar
anonym committed
265
266
267
268
269
270
271
272
273
274
275
276
  * Security fixes
    - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
    - Upgrade libnss3 to 2:3.14.5-1+deb7u5.

  * Bugfixes
    - Refresh Tor Browser AppArmor profile patch. The old one doesn't
      apply on top of testing's torbrowser-launcher anymore.

  * Build system
    - Make sure Jenkins creates new jobs to build the testing branch
      after freezes. (Closes: #9925)
anonym's avatar
anonym committed
277

anonym's avatar
anonym committed
278
 -- Tails developers <tails@boum.org>  Fri, 28 Aug 2015 01:52:14 +0200
anonym's avatar
anonym committed
279

anonym's avatar
anonym committed
280
tails (1.5) unstable; urgency=medium
anonym's avatar
anonym committed
281

intrigeri's avatar
intrigeri committed
282
283
284
  * Major new features and changes
    - Move LAN web browsing from Tor Browser to the Unsafe Browser,
      and forbid access to the LAN from the former. (Closes: #7976)
285
286
    - Install a 32-bit GRUB EFI boot loader. This at least works
      on some Intel Baytrail systems. (Closes: #8471)
anonym's avatar
anonym committed
287

intrigeri's avatar
intrigeri committed
288
  * Security fixes
anonym's avatar
anonym committed
289
    - Upgrade Tor Browser to 5.0, and integrate it:
290
291
292
      · Disable Tiles in all browsers' new tab page.
      · Don't use geo-specific search engine prefs in our browsers.
      · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
anonym's avatar
anonym committed
293
        Marketplace), and the "Share this page" button in the Tool bar.
anonym's avatar
anonym committed
294
295
296
      · Generate localized Wikipedia search engine plugin icons so the
        English and localized versions can be distinguished in the new
        search bar. (Closes: #9955)
intrigeri's avatar
intrigeri committed
297
    - Fix panic mode on MAC spoofing failure. (Closes: #9531)
intrigeri's avatar
intrigeri committed
298
299
300
301
    - Deny Tor Browser access to global tmp directories with AppArmor,
      and give it its own $TMPDIR. (Closes: #9558)
    - Tails Installer: don't use a predictable file name for the subprocess
      error log. (Closes: #9349)
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
    - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
      which is too wide-open.
    - Use aliases so that our AppArmor policy applies to
      /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
      it applies to /. And accordingly:
      · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
      · Install rsyslog from wheezy-backports, since the version from Wheezy
        conflicts with AppArmor 2.9.
      · Stop installing systemd for now: the migration work is being done in
        the feature/jessie branch, and it conflicts with rsyslog from
        wheezy-backports.
      · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
      · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
      · Take into account aufs whiteouts in the system_tor profile.
      · Adjust the Vidalia profile to take into account Live-specific paths.
317
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
intrigeri's avatar
intrigeri committed
318
319
320
321
322
323
324
325
326
    - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    - Upgrade libexpat1 to 2.1.0-1+deb7u2.
    - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  * Bugfixes
327
    - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
intrigeri's avatar
intrigeri committed
328
329
330
331
332
333
334
335
336
337
338
339
340

  * Minor improvements
    - Tails Installer: let the user know when it has rejected a candidate
      destination device because it is too small. (Closes: #9130)
    - Tails Installer: prevent users from trying to "upgrade" a device
      that contains no Tails, or that was not installed with Tails Installer.
      (Closes: #5623)
    - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
      support for the OTRv3 protocol and for multiple concurrent connections
      to the same account. (Closes: #9513)
    - Skip warning dialog when starting Tor Browser while being offline,
      in case it is already running. Thanks to Austin English for the patch!
      (Closes: #7525)
341
342
343
344
345
346
347
348
349
350
351
    - Install the apparmor-profiles package (Closes: #9539), but don't ship
      a bunch of AppArmor profiles we don't use, to avoid increasing
      boot time. (Closes: #9757)
    - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
      of patching /etc/apparmor.d/tunables/home.
    - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
      is actually used as the read-write branch of the root filesystem's union
      mount, is visible. As a consequence:
      · One can now inspect how much space is used, at a given time, in the
        read-write branch of the root filesystem's union mount.
      · We can make sure our AppArmor policy works fine when that filesystem
anonym's avatar
anonym committed
352
        is visible, which is safer in case e.g. live-boot's behavior changes
353
354
        under our feet in the future... or in case these "hidden" files are
        actually accessible somehow already.
intrigeri's avatar
intrigeri committed
355
356
357
358
359

  * Build system
    - Add our jenkins-tools repository as a Git submodule, and replace
      check_po.sh with a symlink pointing to the same script in that submodule.
      Adjust the automated test suite accordingly. (Closes: #9567)
anonym's avatar
anonym committed
360
361
362
    - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
      particular the inclusion of the Tor Browser 5.0 series has recently
      increased the amount of space needed to build Tails. (Closes: #9901)
intrigeri's avatar
intrigeri committed
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392

  * Test suite
    - Test that the Tor Browser cannot access LAN resources.
    - Test that the Unsafe Browser can access the LAN.
    - Installer: test new behavior when trying to upgrade an empty device, and
      when attempting to upgrade a non-Tails FAT partition on GPT; also, take
      into account that all unsupported upgrade scenarios now trigger
      the same behavior.
    - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
      on failure. (Closes: #9518, #9709)
    - run_test_suite: remove control chars from log file even when cucumber
      exits with non-zero. (Closes: #9376)
    - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
    - Use custom exception when 'execute_successfully' fails.
    - Retry looking up whois info on transient failure. (Closes: #9668)
    - Retry wget on transient failure. (Closes: #9715)
    - Test that Tor Browser cannot access files in /tmp.
    - Allow running the test suite without ntp installed. There are other means
      to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
      (Closes: #9651)
    - Bump timeout in the Totem feature.
    - Grep memory dump using the --text option. This is necessary with recent
      versions of grep, such as the one in current Debian sid, otherwise it
      will count only one occurrence of the pattern we're looking for.
      (Closes: #9759)
    - Include execute_successfully's error in the exception, instead
      of writing it to stdout via puts. (Closes: #9795)
    - Test that udev-watchdog is actually monitoring the correct device.
      (Closes: #5560)
    - IUK: workaround weird Archive::Tar behaviour on current sid.
393
394
395
396
397
398
399
400
    - Test the SocksPort:s given in torrc in the Unsafe Browser.
      This way we don't get any sneaky errors in case we change them and
      forget to update this test.
    - Directly verify AppArmor blocking of the Tor Browser by looking in
      the audit log: Firefox 38 does no longer provide any graphical feedback
      when the kernel blocks its access to files the user wants to access.
    - Update browser-related automated test suite images, and workaround
      weirdness introduced by the new Tor Browser fonts.
401
402
403
    - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
      via alternate, live-boot generated paths.
    - Adjust tests to cope with our new AppArmor aliases.
anonym's avatar
anonym committed
404
    - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
intrigeri's avatar
intrigeri committed
405

anonym's avatar
anonym committed
406
 -- Tails developers <tails@boum.org>  Mon, 10 Aug 2015 19:12:58 +0200
anonym's avatar
anonym committed
407

intrigeri's avatar
intrigeri committed
408
tails (1.4.1) unstable; urgency=medium
409

intrigeri's avatar
intrigeri committed
410
411
412
413
414
415
416
417
418
  * Security fixes
    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
      isolation bugfix. (Closes: #9560)
    - AppArmor: deny Tor Browser access to the list of recently used files.
      (Closes: #9126)
    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
    - Upgrade Linux to 3.16.7-ckt11-1.
    - Upgrade CUPS to 1.5.3-5+deb7u6.
419
    - Upgrade FUSE to 2.9.0-2+deb7u2.
intrigeri's avatar
intrigeri committed
420
421
422
    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
423

intrigeri's avatar
intrigeri committed
424
425
426
427
  * Bugfixes
    - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
    - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
      (Closes: #9416)
428
    - Partially fix the truncated notifications issue. (#7249)
intrigeri's avatar
intrigeri committed
429
430
431
432
433
434
435
436
437
438
439
440
441
442

  * Minor improvements
    - Disable the hwclock.sh initscript at reboot/shutdown time.
      This is an additional safety measure to ensure that the hardware clock
      is not modified. (Closes: #9364)
    - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
      (Closes: #9417)
    - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
      profile shipped with torbrowser-launcher 0.2.0-1.
    - Add the jessie/updates APT repo and set appropriate pinning.
    - Upgrade Electrum to 1.9.8-4~bpo70+1.
    - Upgrade kernel firmware packages to 0.44.

  * Build system
443
    - Install the Linux kernel from Debian Jessie. (Closes: #9341)
intrigeri's avatar
intrigeri committed
444
445
446
447
448
449
    - Remove files that are not under version control when building in Jenkins.
      (Closes: #9406)
    - Don't modify files in the source tree before having possibly merged
      the base branch into it. (Closes: #9406)
    - Make it so eatmydata is actually used during a greater part of the build
      process. This includes using eatmydata from wheezy-backports.
450
      (Closes: #9419, #9523)
intrigeri's avatar
intrigeri committed
451
452
453
454
455
456
457
458
    - release script: adjust to support current Debian sid.

  * Test suite
    - Test the system clock sanity check we do at boot. (Closes: #9377)
    - Remove the impossible "Clock way in the past" scenarios.
      Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
      these scenarios cannot happen, and since we test that it works they
      can be safely removed.
intrigeri's avatar
intrigeri committed
459
    - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
intrigeri's avatar
intrigeri committed
460
    - Pidgin: retry looking for the roadmap URL in the topic.
461
    - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
intrigeri's avatar
intrigeri committed
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
      (Closes: #9317)
    - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
    - Check that notification-daemon is running when looking for notifications
      fails. (Closes: #9332)
    - Allow using the cucumber formatters however we want. (Closes: #9424)
    - Enable Spice in the guest, and blacklist the psmouse kernel module,
      to help with lost mouse events. (Closes: #9425)
    - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
    - Test that Seahorse is configured to use the correct keyserver.
      (Closes: #9339)
    - Always export TMPDIR back to the test suite's shell environment.
      (Closes: #9479)
    - Make OpenPGP tests more reliable:
      · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
      · Retry accessing menus in Seahorse on failure. (Closes: #9344)
    - Focus the Pidgin conversation window before any attempt to interact
      with it. (Closes: #9317)
    - Use convertkey from the (backported to Jessie) Debian package,
      instead of our own copy of that script. (Closes: #9066)
    - Make the memory erasure tests more robust (Closes: #9329):
      · Bump /proc/sys/vm/min_free_kbytes when running fillram.
      · Actually set oom_adj for the remote shell when running fillram.
      · Try to be more sure that we OOM kill fillram.
      · Run fillram as non-root.
    - Only try to build the storage pool if TailsToasterStorage isn't found.
      (Closes: #9568)

 -- Tails developers <tails@boum.org>  Sun, 28 Jun 2015 19:46:25 +0200
490

anonym's avatar
anonym committed
491
tails (1.4) unstable; urgency=medium
492

anonym's avatar
anonym committed
493
  * Major new features
anonym's avatar
anonym committed
494
495
496
497
498
499
    - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
      introduces many major new features for usability, security and
      privacy. Unfortunately its per-tab circuit view did not make it
      into Tails yet since it requires exposing more Tor state to the
      user running the Tor Browser than we are currently comfortable
      with. (Closes: #9031, #9369)
anonym's avatar
anonym committed
500
501
502
503
504
505
    - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
      bundled with the Tor Browser, we patch it so that circuits used
      for SOCKSAuth streams have their lifetime increased indefinitely
      while in active use. This currently only affects the Tor Browser
      in Tails, and should improve the experience on certain web sites
      that otherwise would switch language or log you out every ten
anonym's avatar
anonym committed
506
      minutes or so when Tor switches circuit. (Closes: #7934)
507

anonym's avatar
anonym committed
508
  * Security fixes
anonym's avatar
anonym committed
509
510
511
512
513
514
515
    - tor-browser wrapper script: avoid offering avenues to arbitrary
      code execution to e.g. an exploited Pidgin. AppArmor Ux rules
      don't sanitize $PATH, which can lead to an exploited application
      (that's allowed to run this script unconfined, e.g. Pidgin)
      having this script run arbitrary code, violating that
      application's confinement. Let's prevent that by setting PATH to
      a list of directories where only root can write. (Closes: #9370)
anonym's avatar
anonym committed
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
    - Upgrade Linux to 3.16.7-ckt9-3.
    - Upgrade curl to 7.26.0-1+wheezy13.
    - Upgrade dpkg to 1.16.16.
    - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
    - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
    - Upgrade openldap to 2.4.31-2.
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
    - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
    - Upgrade libtasn1-3 to 2.13-2+deb7u2.
    - Upgrade libx11 to 2:1.5.0-1+deb7u2.
    - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
    - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
    - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
    - Upgrade ppp to 2.4.5-5.1+deb7u2.

  * Bugfixes
532
533
    - Disable security warnings when connecting to POP3 and IMAP ports.
      (Closes: #9327)
534
535
    - Make the Windows 8 browser theme compatible with the Unsafe and I2P
      browsers. (Closes: #9138)
anonym's avatar
anonym committed
536
537
538
539
540
541
542
543
544
545
546
547
    - Hide Torbutton's "Tor Network Settings..." context menu entry.
      (Closes: #7647)
    - Upgrade the syslinux packages to support booting Tails on
      Chromebook C720-2800. (Closes: #9044)
    - Enable localization in Tails Upgrader. (Closes: #9190)
    - Make sure the system clock isn't before the build date during
      early boot. Our live-config hook that imports our signing keys
      depend on that the system clock isn't before the date when the
      keys where created. (Closes: #9149)
    - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
      us from getting GNOME's default keyserver in addition to our
      own. (Closes: #9233)
548
549
    - Prevent Firefox from crashing when Orca is enabled: grant
      it access to assistive technologies in its Apparmor
anonym's avatar
anonym committed
550
      profile. (Closes: #9261)
551
552
553
554
    - Add Jessie APT source. (Closes: #9278)
    - Fix set_simple_config_key(). If the key already existed in the
      config file before the call, all other lines would be removed
      due to the sed option -n and p combo. (Closes: #9122)
anonym's avatar
anonym committed
555
556
557
    - Remove illegal instance of local outside of function definition.
      Together with `set -e` that error has prevented this script from
      restarting Vidalia, like it should. (Closes: #9328)
anonym's avatar
anonym committed
558
559
560
561
562
563

  * Minor improvements
    - Upgrade I2P to 0.9.19-3~deb7u+1.
    - Install Tor Browser's bundled Torbutton instead of custom .deb.
      As of Torbutton 1.9.1.0 everything we need has been upstreamed.
    - Install Tor Browser's bundled Tor Launcher instead of our
564
      in-tree version. With Tor 0.2.6.x our custom patches for the
anonym's avatar
anonym committed
565
566
567
568
569
570
571
572
573
574
575
      ClientTransportPlugin hacks are not needed any more. (Closes:
      #7283)
    - Don't install msmtp and mutt. (Closes: #8727)
    - Install fonts-linuxlibertine for improved Vietnamese support in
      LibreOffice. (Closes: #8996)
    - Remove obsoletete #i2p-help IRC channel from the Pidgin
      configuration (Closes: #9137)
    - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
      Bliminse for the patch. (Closes: #9069).
    - Install printer-driver-gutenprint to support more printer
      models. (Closes: #8994).
576
    - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
anonym's avatar
anonym committed
577
578
579
    - Hide the Tor logo in Tor Launcher. (Closes: #8696)
    - Remove useless log() instance in tails-unblock-network. (Closes:
      #9034)
anonym's avatar
anonym committed
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
    - Install cdrdao: this enables Brasero to burn combined data/audio
      CDs and to do byte-to-byte disc copy.
    - Hide access to the Add-ons manager in the Unsafe Browser. It's
      currently broken (#9307) but we any way do not want users to
      install add-ons in the Unsafe Browser. (Closes: #9305)
    - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
      The default value of this option activates warnings on ports
      23,109,110,143. This commit disables the warnings for POP3 and
      IMAP as these could be equally used in encrypted StartTLS
      connections. (Closes: #9327)
    - Completely rework how we localize our browser by generating our
      branding add-on, and search plugins programatically. This
      improves the localization for the ar, es, fa, ko, nl, pl, ru,
      tr, vi and zh_CN locales by localizing the Startpage and
      Disconnect.me search plugins. Following Tor Browser 4.5's recent
      switch, we now use Disconnect.me as the default search
      engine. (Closes: #9309)
    * Actively set Google as the Unsafe Browser's default search
      engine.
intrigeri's avatar
intrigeri committed
599

anonym's avatar
anonym committed
600
601
602
603
604
605
  * Build system
    - Encode in Git which APT suites to include when building Tails.
      (Closes: #8654)
    - Clean up the list of packages we install. (Closes: #6073)
    - Run auto/{build,clean,config} under `set -x' for improved
      debugging.
anonym's avatar
anonym committed
606
607
    - Zero-pad our ISO images so their size is divisible by 2048.
      The data part of an ISO image's sectors is 2048 bytes, which
anonym's avatar
anonym committed
608
      implies that ISO images should always have a size divisible
anonym's avatar
anonym committed
609
      by 2048. Some applications, e.g. VirtualBox, use this as a sanity
anonym's avatar
anonym committed
610
611
612
613
614
615
616
617
618
619
620
      check, treating ISO images for which this isn't true as garbage.
      Our isohybrid post-processing does not ensure this,
      however. Also Output ISO size before/after isohybrid'ing and
      truncate'ing it. This will help detect if/when truncate is
      needed at all, so that we can report back to syslinux
      maintainers more useful information. (Closes: #8891)
    - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
      goal here is to avoid Tor Browser tarballs being deleted by
      apt-cacher-ng's daily expiration cronjob: they're not listed in
      any APT repo's index file, so acng will be quite eager to clean
      them up.
621

anonym's avatar
anonym committed
622
623
624
625
626
  * Test suite
    - Bring dependency checks up-to-date (Closes: #8988).
    - Adapt test suite to be run on Debian Jessie, which includes
      removing various Wheezy-specific workarounds, adding a few
      specific to Jessie, migrating from ffmpeg to libav, and
627
      more. (Closes: #8165)
anonym's avatar
anonym committed
628
629
    - Test that MAT can see that a PDF is dirty (Closes: #9136).
    - Allow throwing Timeout::Error in try_for() blocks, as well as
630
631
632
      nested try_for() (Closes: #9189, #9290).
    - Read test suite configuration files from the features/config/local.d
      directory. (Closes: #9220)
anonym's avatar
anonym committed
633
634
635
636
637
638
639
640
    - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
      zombie processes from appearing. (Closes: #9139)
    - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
      it to properly clean up. (Closes: #8707)
    - Split SSH & SFTP configs in the test suite. (Closes: #9257)
    - Improve how we start subprocesses in the test suite, mostly by
      bypassing the shell for greater security and robustness (Closes:
      #9253)
anonym's avatar
anonym committed
641
    - Add Electrum test feature. (Closes #8963)
anonym's avatar
anonym committed
642
    - Test that Tails Installer detects when USB devices are
anonym's avatar
anonym committed
643
644
645
646
647
      removed. (Closes: #9131)
    - Test Tails Installer with devices which are too small. (Closes:
      #9129)
    - Test that the Report an Error launcher works in German. (Closes:
      #9143)
anonym's avatar
anonym committed
648
649
650
651
    - Verify that no extensions are installed in the Unsafe Browser
      using about:support instead of about:addons, which is broken
      (#9307). (Closes: #9306)
    - Retry GNOME application menu actions when they glitch. The
anonym's avatar
anonym committed
652
653
654
655
656
      GNOME application menus seem to have issues with clicks or
      hovering actions not registering, and hence sometimes submenus
      are not opened when they should, and sometimes clicks on the
      final application shortcut are lost. There seems to be a
      correlation between this and CPU load on the host running the
anonym's avatar
anonym committed
657
658
      test suite. We workaround this by simply re-trying the last
      action when it seems to fail. (Closes: #8928)
anonym's avatar
anonym committed
659
660
    - Work around Seahorse GUI glitchiness (Closes: #9343):
      * When Seahorse appears to be frozen--apparently due to network
anonym's avatar
anonym committed
661
662
        issues--it can often be worked around by refreshing the screen
        or activating a new window.
anonym's avatar
anonym committed
663
664
665
666
667
668
669
670
671
672
673
      * Open Seahorse's preferences dialog using the mouse.
      * Access menu entries with the mouse.
    - Wait for systray icons to finish loading before interacting with
      the systray. (Closes: #9258)
    - Test suite configuration: generalize local.d support to *.d. We
      now load features/config/*.d/*.yml.
    - Use code blocks in "After Scenario" hooks. This is much simpler
      to use (and more readable!) compared to hooking functions and
      arguments like we used to do.
    - Create filesystem share sources in the temporary directory and
      make them world-readable. (Closes: #8950)
674

anonym's avatar
anonym committed
675
 -- Tails developers <tails@boum.org>  Mon, 11 May 2015 16:45:04 +0200
676

anonym's avatar
anonym committed
677
tails (1.3.2) unstable; urgency=medium
678

anonym's avatar
anonym committed
679
680
  * Security fixes
    - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR.
anonym's avatar
anonym committed
681
    - Upgrade OpenSSL to 1.0.1e-2+deb7u16.
anonym's avatar
anonym committed
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696

  * Bugfixes
    - Make Florence usable with touchpads by forcing syndaemon to
      always use the `-t` option, which only disables tapping and
      scrolling and not mouse movements (Closes: #9011).
    - Make tails-spoof-mac log the correct macchanger exit code on
      failure (Closes: #8687).
    - Tails Installer:
      · Ignore devices with less than 3.5 GB of storage since they
        do not fit a Tails installation (Closes: #6538).
      · Remove devices from the device list as they are unplugged
        (Closes: #8691).

  * Minor improvements
    - Install obfs4proxy 0.0.4-1~tpo1, which adds support for
intrigeri's avatar
intrigeri committed
697
      client-mode ScrambleSuit.
anonym's avatar
anonym committed
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
    - Don't start Vidalia if Windows Camouflage is enabled. (Closes:
      #7400)
    - I2P Browser:
      · Remove "Add-ons" from the Tools menu, and hide "Keyboard
        Shortcuts" and "Take a Tour" since they point to resources on
        the open Internet (Closes: #7970).
      · Hide TorButton button from the customize toolbar options, and
        remove configs whose only purpose was to make Torbutton "green"
        (Closes: #8893).

  * Test suite
    - New tests:
      · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server"
        (Closes: #6308).
      · Verify that Tails' Tor binary has the expected Tor authorities
        hard coded (Closes: #8960).
    - Improvements:
      · Programmatically determine the supported languages when testing
        the Unsafe Browser (Closes: #8918).
      · Rename --temp-dir to --tmpdir and make it behave more like
        mktemp, and honour TMPDIR if set in the environment. (Closes:
        #8709).
    - Bugfixes:
      · Make --temp-dir (now --tmpdir) actually work.
722

anonym's avatar
anonym committed
723
 -- Tails developers <tails@boum.org>  Mon, 30 Mar 2015 16:54:20 +0200
724

intrigeri's avatar
intrigeri committed
725
tails (1.3.1) unstable; urgency=medium
726

intrigeri's avatar
intrigeri committed
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
  * Security fixes
    - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses:
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
      · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
    - Upgrade Linux to 3.16.7-ckt7-1.
    - Upgrade libxfont to 1:1.4.5-5.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u15.
    - Upgrade tcpdump to 4.3.0-1+deb7u2.
    - Upgrade bsdtar to 3.0.4-3+wheezy1.
    - Upgrade CUPS to 1.5.3-5+deb7u5.
    - Upgrade file and libmagic to 5.11-2+deb7u8.
    - Upgrade GnuPG to 1.4.12-7+deb7u7.
    - Upgrade libarchive to 3.0.4-3+wheezy1.
    - Upgrade libav to 6:0.8.17-1.
    - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1.
    - Upgrade libgcrypt11 1.5.0-5+deb7u3.
    - Upgrade libgnutls26 to 2.12.20-8+deb7u3.
    - Upgrade libgtk2-perl to 2:1.244-1+deb7u1.
    - Upgrade ICU to 4.8.1.1-12+deb7u2.
    - Upgrade NSS to 2:3.14.5-1+deb7u4.
    - Upgrade libssh2 to 1.4.2-1.1+deb7u1.
748

intrigeri's avatar
intrigeri committed
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
  * Bugfixes
    - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include:
      · Directory authority changes.
      · Fix assertion errors that may trigger under high DNS load.
      · No longer break on HUP with seccomp2 enabled.
      · and more - please consult the upstream changelog.
    - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly
      (Closes: #8964, #6985). Changes include:
      · Ask about bridges before proxy in wizard.
      · Hide logo if TOR_HIDE_BROWSER_LOGO set.
      · Remove firewall prompt from wizard.
      · Feedback when “Copy Tor Log” is clicked.
      · Improve behavior if tor exits.
      · Add option to hide TBB's logo
      · Change "Tor Browser Bundle" to "Tor Browser"
      · Update translations from Transifex.
intrigeri's avatar
intrigeri committed
765
    - Fix the Tor Launcher killer. (Closes: #9067)
766
767
    - Allow Seahorse to communicate with keyservers when run from Tails
      OpenPGP Applet. (Closes: #6394)
768
769
    - SSH client: don't proxy connections to 172.17.* to 172.31.*.
      (Closes: #6558)
intrigeri's avatar
intrigeri committed
770
771
772
773
774
775
776
777
778
779
    - Repair config/chroot_local-packages feature, that was broken in Tails 1.3
      by 19-install-tor-browser-AppArmor-profile. (Closes: #8910)
    - language_statistics.sh: count original words instead of translated words.
      Otherwise we get >100% translation if translated strings are longer than
      original strings. (Closes: #9016)

  * Minor improvements
    - Only ship the new Tails signing key, and have Tails Upgrader stop trusting
      the old one. Update the documentation and test suite accordingly.
      (Closes: #8735, #8736, #8882, #8769, #8951)
780
781
782
783
784
    - Polish and harden a bit the WhisperBack configuration (Closes: #8991):
      · Only allow the `amnesia' user to run tails-debugging info as root
        with no arguments.
      · Fix spelling and grammar mistakes, improve phrasing a bit.
      · Quote variables consistently.
intrigeri's avatar
intrigeri committed
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818

  * Test suite
    - New tests:
      · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user
        chatroom. (Closes: #8002)
      · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001)
      · Check that Pidgin only responds to the expected CTCP requests.
        (Closes: #8966)
      · Fetching keys using Seahorse started via the OpenPGP Applet.
      · Sync'ing keys using Seahorse.
    - Bugfixes:
      · Fix a race condition between the remote shell's and Tails Greeter's
        startup, by making sure the remote shell is ready before we start
        GDM. (Closes: #8941)
      · Kill virt-viewer properly. (Closes: #9070)
      · Make sure the display is stopped on destroy_and_undefine().
        Where we had it earlier, it could be skipped if anything else in the
        block threw an exception.
      · Fix wrong use of "$@". (Closes: #9071)
      · Enable the pipefail option in run_test_suite.
      · Improve the GNOME screenshot test's robustness. (Closes: #8952)
    - Refactoring:
      · turn the focus_pidgin_window() helper into a more generic
        VM.focus_xorg_window() one.
      · Reorganize the Display class.
      · Use clearer method to check process status in the Display class.
    - New developer-oriented features:
      · Add a --log-to-file option to run_test_suite. (Closes: #8894)
      · Add helpers for generating random strings.
      · Make it possible to hook arbitrary calls on scenario end. This is useful
        for dynamically adding cleanup functions, instead of having
        to explicitly deal with them in some After hook.

 -- Tails developers <tails@boum.org>  Mon, 23 Mar 2015 12:34:56 +0000
819

Tails developers's avatar
Tails developers committed
820
tails (1.3) unstable; urgency=medium
821

822
  * Major new features
Tails developers's avatar
Tails developers committed
823
824
825
826
827
    - Produce the Tails image in hybrid mode (again) so that the same
      image can be installed both on DVD *and* "hard disks" like USB
      storage and similar. (Closes: #8510)
    - Confine the Tor Browser using AppArmor. (Closes: #5525)
    - Install the Electrum bitcoin client from wheezy-backports, and
828
829
      add a persistence preset for the Live user's bitcoin wallet. If
      electrum is started without the persistence preset enabled, a
Tails developers's avatar
Tails developers committed
830
      warning is shown. (Closes: #6739)
831

Tails developers's avatar
Tails developers committed
832
833
834
835
  * Security fixes
    - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr)
      (Closes: #8938).

836
837
838
839
840
841
  * Bugfixes
    - Have tor_bootstrap_progress echo 0 if no matching log line is
      found. (Closes: #8257)
    - Always pass arguments through wrappers (connect-socks, totem,
      wget, whois) with "$@". $* doesn't handle arguments with
      e.g. embedded spaces correctly. (Closes: #8603, #8830)
842
    - Upgrade Linux to 3.16.7-ckt4-3.
843
844

  * Minor improvements
Tails developers's avatar
Tails developers committed
845
846
847
    - Install a custom-built Tor package with Seccomp enabled;
      enable the Seccomp sandbox when no pluggable transport is used.
      (Closes: #8174)
848
    - Install obfs4proxy instead of obfsproxy, which adds support for
Tails developers's avatar
Tails developers committed
849
      the obfs4 Tor pluggable transport. (Closes: #7980)
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
    - Install GnuPG v2 and associated tools from wheezy-backports,
      primarily for its improved support for OpenPGP smartcards. It
      lives side-by-side with GnuPG v1, which still is the
      default. (Closes: #6241)
    - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
      #7999)
    - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
    - Install keyringer from Debian Jessie. (Closes: #7752)
    - Install pulseaudio-utils.
    - Remove all traces of Polipo: we don't use it anymore. This
      closes #5379 and #6115 because:
      * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
      * Wrap wget with torsocks. (Closes: #6623)
      * Wrap Totem to torify it with torsocks. (Closes: #8219)
      * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
        (Closes: #8680)
    - Use torsocks for whois and Gobby, instead of torify.
Tails developers's avatar
Tails developers committed
867
    - Upgrade I2P to 0.9.18-1~deb7u+1.
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
    - Refactor the Unsafe and I2P browser code into a common shell
      library. A lot of duplicated code is now shared, and the code
      has been cleaned up and made more reliable. Several
      optimizations of memory usage and startup time were also
      implemented. (Closes: #7951)
    - Invert Exit and About in gpgApplet context menu. This is a
      short-term workaround for making it harder to exit the
      application by mistake (e.g. a double right-click). (Closes:
      #7450)
    - Implement new touchpad settings. This enables tap-to-click,
      2-fingers scrolling, and disable while typing. We don't enable
      reverse scrolling nor horizontal scrolling. (Closes: #7779)
    - Include the mount(8) output and live-additional-software.conf in
      WhisperBack bug reports (Closes: #8719, #8491).
    - Reduce brightness and saturation of background color. (Closes:
      #7963)
    - Have ALSA output sound via PulseAudio by default. This gives us
      centralized sound volume controls, and... allows to easily, and
      automatically, test that audio output works from Tor Browser,
      thanks to the PulseAudio integration into the GNOME sound
      control center.
    - Import the new Tails signing key, which we will use for Tails
      1.3.1, and have Tails Upgrader trust both it and the "old"
      (current) Tails signing key. (Closes: #8732)
    - tails-security-check: error out when passed an invalid CA file.
      Unfortunately, the underlying HTTPS stack we use here fails open
      in those case, so we have to check it ourselves. Currently, we
      check that the file exists, is readable, is a plain file and is
      not empty. Also support specifying the CA file via an
      environment variable. This will ease development and bug-fixing
      quite a bit.
    - Fix racy code in Tails Installer that sometimes made the
900
      automated test suite stall for scenarios installing Tails
901
      to USB disks. (Closes: #6092)
902
    - Make it possible to use Tails Upgrader to upgrade a Tails
903
904
905
906
907
908
909
910
      installation that has cruft files on the system partition.
      (Closes: #7678)

  * Build system
    - Install syslinux-utils from our builder-wheezy APT repository in
      Vagrant. We need version 6.03~pre20 to make the Tails ISO image
      in hybrid mode
    - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
911
    - Revert "Workaround build failure in lb_source, after creating
912
913
914
915
916
917
918
919
920
      the ISO." This is not needed anymore given the move to the Tor
      SOCKS proxy. (Closes: #5307)
    - Remove the bootstrap stage usage option and disable all
      live-build caching in Vagrant. It introduces complexity and
      potential for strange build inconsistencies for a meager
      reduction in build time. (Closes: #8725)
    - Hardcode the mirrors used at build and boot time in auto/config.
      Our stuff will be more consistent, easier to reproduce, and our
      QA process will be more reliable if we all use the same mirrors
921
      at build time as the ones we configure in the ISO. E.g. we won't
922
923
924
925
      have issues such as #8715 again. (Closes: #8726)
    - Don't attempt to retrieve source packages from local-packages so
      local packages can be installed via
      config/chroot_local-packages. (Closes: #8756)
Tails developers's avatar
Tails developers committed
926
927
    - Use our own Tor Browser archive when building an ISO. (Closes:
      #8125)
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965

  * Test suite
    - Use libguestfs instead of parted when creating partitions and
      filsystems, and to check that only the expected files
      persist. We also switch to qcow2 as the default disk image
      format everywhere to reduce disk usage, enable us to use
      snapshots that includes the disks (in the future), and to use
      the same steps for creating disks in all tests. (Closes: #8673)
    - Automatically test that Tails ignores persistence volumes stored
      on non-removable media, and doesn't enable swaps. (Closes:
      #7822)
    - Actually make sure that Tails can boot from live systems stored
      on a hard drive. Running the 'I start Tails from DVD ...' step
      will override the earlier 'the computer is set to boot from ide
      drive "live_hd"' step, so let's make the "from DVD" part
      optional; it will be the default any way.
    - Make it possible to use an old iso with different persistence
      presets. (Closes: #8091)
    - Hide the cursor between steps when navigating the GNOME
      applications menu. This makes it a bit more robust, again:
      sometimes the cursor is partially hiding the menu entry we're
      looking for, hence preventing Sikuli from finding it (in
      particular when it's "Accessories", since we've just clicked on
      "Applications" which is nearby). (Closes: #8875)
    - Ensure that the test will fail if "apt-get X" commands fail.
    - Test 'Tor is ready' notification in a separate scenario. (Closes:
      #8714)
    - Add automated tests for torified wget and whois. This should
      help us identify future regressions such as #8603 in their
      torifying wrappers.
    - Add automated test for opening an URL from Pidgin.
    - And add automated tests for the Tor Browser's AppArmor
      sandboxing.
    - Test that "Report an Error Launcher" opens the support
      documentation.
    - Test that the Unsafe Browser:
      * starts in various locales.
      * complains when DNS isn't configured.
966
      * tears down its chroot on shutdown.
967
968
969
970
971
972
      * runs as the correct user.
      * has no plugins or add-ons installed.
      * has no unexpected bookmarks.
      * has no proxy configured.
    - Bump the "I2P router console is ready" timeout in its test to
      deal with slow Internet connections.
Tails developers's avatar
Tails developers committed
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
    - Make the automatic tests of gpgApplet more robust by relying
      more on graphical elements instead of keyboard shortcuts and
      static sleep():s. (Closes: #5632)
    - Make sure that enough disk space is available when creating
      virtual storage media. (Closes: #8907)
    - Test that the Unsafe Browser doesn't generate any non-user
      initiated traffic, and in particular that it doesn't check for
      upgrades, which is a regression test for #8694. (Closes: #8702)
    - Various robustness improvements to the Synaptic tests. (Closes:
      #8742)
    - Automatically test Git. (Closes: #6307)
    - Automatically test GNOME Screenshot, which is a regression test
      for #8087. (Closes: #8688)
    - Fix a quoting issue with `tails_persistence_enabled?`. (Closes:
      #8919)
    - Introduce an improved configuration system that also can store
      local secrets, like user credentials needed for some
      tests. (Closes: #6301, #8188)
    - Actually verify that we successfully set the time in our time
      syncing tests. (Closes: #5836)
    - Automatically test Tor. This includes normal functionality and
      the use pluggable transports, that our Tor enforcement is
      effective (e.g. only the Tor network or configured bridges are
      contacted) and that our stream isolation configuration is
      working. (Closes: #5644, #6305, #7821)
998

Tails developers's avatar
Tails developers committed
999
 -- Tails developers <tails@boum.org>  Mon, 23 Feb 2015 17:14:00 +0100
1000

Tails developers's avatar
Tails developers committed
1001
tails (1.2.3) unstable; urgency=medium
1002

Tails developers's avatar
Tails developers committed
1003
  * Security fixes
1004
1005
1006
    - Upgrade Linux to 3.16.7-ckt2-1.
    - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr)
      (Closes: #8700).
Tails developers's avatar
Tails developers committed
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
    - Fail safe by entering panic mode if macchanger exits with an
      error, since in this situation we have to treat the
      driver/device state as undefined. Also, we previously just
      exited the script in this case, not triggering the panic mode
      and potentially leaking the real MAC address (Closes: #8571).
    - Disable upgrade checking in the Unsafe Browser. Until now the
      Unsafe Browser has checked for upgrades of the Tor Browser in
      the clear (Closes: #8694).

  * Bugfixes
1017
    - Fix startup of the Unsafe Browser in some locales (Closes: #8693).
Tails developers's avatar
Tails developers committed
1018
1019
1020
1021
1022
1023
1024
1025
1026
    - Wait for notification-daemon to run before showing the MAC
      spoofing panic mode notifications. Without this, the "Network
      card disabled" notification is sometimes lost when MAC spoofing
      fails. Unfortunately this only improves the situation, but
      doesn't fix it completely (see #8685).
    - Log that we're going to stop NetworkManager before trying to do
      it in the MAC spoofing scripts. Without this we wouldn't get the
      log message in case stopping NetworkManager fails (thanks to
      `set -e`).
1027
    - Set GNOME Screenshot preferences to save the screenshots in
Tails developers's avatar
Tails developers committed
1028
      /home/amnesia (Closes: #8087).
1029
1030
    - Do not suspend to RAM when closing the lid on battery power
      (Closes: #8071).
Tails developers's avatar
Tails developers committed
1031
1032
1033
1034
1035
    - Properly update the Tails Installer's status when plugging in a
      USB drive after it has started (Closes: #8353).
    - Make rsync compare file contents by using --checksum for more
      reliable generation of the squashfs filesystem in
      IUKs. Previously it used the default, which is checking
1036
1037
1038
      timestamps and file size, but that doesn't play well with the
      Tor browser files, that have a fixed mtime, which could result
      in updated files not ending up in the IUK.
Tails developers's avatar
Tails developers committed
1039
1040

  * Minor improvements
1041
1042
    - Finish migrating tails-security-check's and tails-iuk's pinning
      to our website's new X.509 certificate authority (Closes: #8404).
Tails developers's avatar
Tails developers committed
1043
1044

  * Build system
1045
    - Update to Vagrant build box tails-builder-20141201. The only
Tails developers's avatar
Tails developers committed
1046
1047
1048
1049
      change is the removal of a reference to an ISO image which
      doesn't exist (except on the system that generated the build
      box) which causes an error for some users (Closes: #7644).
    - Generate the list of packages used during build, after building
1050
1051
1052
      with Jenkins (Closes: #8518). This allows tracking their status
      on the Debian reproducible build front:
      https://reproducible.debian.net/index_pkg_sets.html#tails
Tails developers's avatar
Tails developers committed
1053
1054

  * Automated test suite
1055
    - Check PO files with i18nspector (Closes: #8359).
Tails developers's avatar
Tails developers committed
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
    - Fix the expected image of a check.tp.o failure. Previously we
      looked for the "Sorry. You are not using Tor." text, but it
      seems it recently changed enough for Sikuli to not find it. To
      prevent future errors of the same kind we'll look for the
      crossed-over onion icon instead (Closes: #8533).
    - Bump timeout when waiting for Tor to re-bootstrap. We have a
      dreaded issue with timeouts that are multiple of 2 minutes, and
      then Tor succeeds soon after, so in order to allow for this
      timeout to be reached twice, and then possibly succeed, let's
      use N*2 minutes + 30 seconds, with N=2.
1066

Tails developers's avatar
Tails developers committed
1067
 -- Tails developers <tails@boum.org>  Wed, 14 Jan 2015 16:12:26 +0100
1068

Tails developers's avatar
Tails developers committed
1069
tails (1.2.2) unstable; urgency=medium
1070

Tails developers's avatar
Tails developers committed
1071
1072
  * Bugfixes
    - Create a CA bundle for Tails Upgrader at ISO build time, and
1073
      patch Tails Upgrader to use it. Specifically this will make it
Tails developers's avatar
Tails developers committed
1074
1075
1076
      possible to check for Tails upgrades after our website changes
      certificate around the 2014 to 2015 transition (Partially fixes
      #8404).
1077

Tails developers's avatar
Tails developers committed
1078
 -- Tails developers <tails@boum.org>  Mon, 15 Dec 2014 10:05:17 +0100
1079

Tails developers's avatar
Tails developers committed
1080
tails (1.2.1) unstable; urgency=low
1081

Tails developers's avatar
Tails developers committed
1082
1083
1084
  * Security fixes
    - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1.
    - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr).
1085

Tails developers's avatar
Tails developers committed
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
  * Bugfixes
    - Install syslinux-utils, to get isohybrid back (Closes: #8155).
    - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which
      includes a patch that restores mouse scrolling in KVM/Spice
      (Closes: 7426).
    - Set Torbutton logging preferences to the defaults (Closes:
      #8160). With the default settings, no site-specific information is
      logged.
    - Use the correct stack of rootfs:s for the chroot browsers (Closes:
      #8152, #8158). After installing incremental upgrades Tails' root
      filesystem consists of a stack squashfs:s, not only
      filesystem.squashfs. When not stacking them correct we may end up
      using the Tor Browser (Firefox) from an older version of Tails, or
      with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to
      1.2, when we migrated from Iceweasel to the Tor Browser. Based on
      a patch contributed by sanic.
    - Use the Tor Browser for MIME type that GNOME associates with
      Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX
      etc. should be possible again.
    - Update patch to include all Intel CPU microcodes (Closes: #8189).
    - AppArmor: allow Pidgin to run Tor Browser unconfined, with
      scrubbed environment (Closes: #8186). Links opened in Pidgin are
      now handled by the Tor Browser.
    - Install all localized Iceweasel search plugins (Closes: #8139).
    - When generating the boot profile, ignore directories in
      process_IN_ACCESS as well (Closes: #7925). This allows ut to
      update the squashfs-ordering again in Tails 1.2.1.
    - gpgApplet: Don't pass already encoded data to GTK2 (Closes:
      #7968). It's now possible to clearsign text including non-ASCII
      characters.
    - Do not run the PulseAudio initscript, neither at startup nor
      shutdown (Closes: #8082).

  * Minor improvements
    - Upgrade I2P to 0.9.17-1~deb7u+1.
    - Make GnuPG configuration closer to the best practices one
      (Closes: #7512).
    - Have GnuPG directly use the Tor SOCKS port (Closes: #7416).
    - Remove TrueCrypt support and documentat how to open TrueCrypt
      volumes using cryptsetup (Closes: #5373).
    - Install hopenpgp-tools from Debian Jessie.

  * Build system
    - Add gettext >= 0.18.3 as a Tails build dependency. We need it for
      xgettext JavaScript support in feature/jessie.

  * Automated test suite
    - Don't click to open a sub-menu in the GNOME applications menu
      (Closes: #8140).
    - When testing the Windows camouflage, look for individual systray
      applets, to avoid relying on their ordering (Closes: #8059).
    - Focus the Pidgin Buddy List before looking for something
      happening in it (Closes: #8161).
    - Remove workaround for showing the TBB's menu bar (Closes #8028).

 -- Tails developers <tails@boum.org>  Tue, 02 Dec 2014 11:34:03 +0100
1142

Tails developers's avatar
Tails developers committed
1143
tails (1.2) unstable; urgency=medium
Tails developers's avatar
Tails developers committed
1144

1145
1146
  * Major new features
    - Migrate from Iceweasel to the Tor Browser from the Tor Browser
1147
1148
      Bundle 4.0 (based on Firefox 31.2.0esr). This fixes the POODLE
      vulnerability.
1149
1150
1151
1152
1153
      The installation in Tails is made global (multi-profile), uses
      the system-wide Tor instance, disables the Tor Browser updater,
      and keeps the desired deviations previously present in Iceweasel,
      e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
      we run it as a standalone XUL application), among other things.
1154
    - Install AppArmor's userspace tools and apparmor-profiles-extra
1155
1156
1157
1158
      from Wheezy Backports, and enable the AppArmor Linux Security
      Module. This adds Mandatory Access Control for several critical
      applications in Tails, including Tor, Vidalia, Pidgin, Evince
      and Totem.
1159
    - Isolate I2P traffic from the Tor Browser by adding a dedicated
1160
      I2P Browser. It is set up similarly to the Unsafe Browser,
1161
      but further disables features that are irrelevant for I2P, like
1162
      search plugins and the AdBlock Plus addon, while keeping Tor Browser
1163
      security features like the NoScript and Torbutton addons.
1164
    - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
Tails developers's avatar
Tails developers committed
1165

1166
1167
1168
1169
1170
1171
1172
1173
1174
  * Security fixes
    - Disable TCP timestamps (Closes: #6579).

  * Bugfixes
    - Remove expired Pidgin certificates (Closes: #7730).
    - Use sudo instead of gksudo for running tails-upgrade-frontend to
      make stderr more easily accessible (Closes: #7431).
    - Run tails-persistence-setup with sudo instead of gksudo to make
      stderr more easily accessible, and allow the desktop user to
1175
1176
      pass the --verbose parameter (Closes: #7623).
    - Disable CUPS in the Unsafe Browser. This will prevent the
1177
      browser from hanging for several minutes when accidentally
1178
      pressing CTRL+P or trying to go to File -> Print (Closes: #7771).
1179
1180

  * Minor improvements
1181
1182
1183
1184
1185
    - Install Linux 3.16-3 (version 3.16.5-1) from Debian
      unstable (Closes: #7886, #8100).
    - Transition away from TrueCrypt: install cryptsetup and friends
      from wheezy-backports (Closes: #5932), and make it clear that
      TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
1186
1187
1188
1189
1190
1191
1192
1193
1194
    - Install Monkeysign dependencies for qrcodes scanning.
    - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
      the new syslinux-efi package.
    - Upgrade I2P to 0.9.15-1~deb7u+1
    - Enable Wheezy proposed-updates APT repository and setup APT
      pinnings to install packages from it.
    - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
      should make Tor a bit harder to exploit. It is only be enabled
      when when no special Tor configuration is requested in Tails
1195
      Greeter due to incompatibility with pluggable transports.
1196
1197
1198
    - Start I2P automatically when the network connects via a
      NetworkManager hook, and "i2p" is present on the kernel command
      line. The router console is no longer opened automatically, but
1199
1200
      can be accessed through the I2P Browser (Closes: #7732).
    - Simplify the IPv6 ferm rules (Closes: #7668).
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
    - Include persistence.conf in WhisperBack reports (Closes: #7461)
    - Pin packages from testing to 500, so that they can be upgraded.
    - Don't set Torbutton environment vars globally (Closes: #5648).
    - Enable VirtualBox guest additions by default (Closes: #5730). In
      particular this enables VirtualBox's display management service.
    - In the Unsafe Browser, hide option for "Tor Browser Health
      report", and the "Get Addons" section in the Addon manager
      (Closes: #7952).
    - Show Pidgin's formatting toolbar (Closes: #7356). Having the
      formatting toolbar displayed in Pidgin makes the OTR status more
      explicit by displaying it with words.

  * Automated test suite
    - Add --pause-on-fail to ease VM state debugging when tests
      misbehave.
    - Add execute_successfully() and assert_vmcommand_success() for
      added robustness when executing some command in the testing VM.
    - Use Test::Unit::Assertions instead of our home-made assert().
    - Add test for persistent browser bookmarks.
    - Add basic tests for Pidgin, Totem and Evince, including their
      AppArmor enforcement.
    - Factorize some common step pattern into single steps.
    - Factorize running a command in GNOME Terminal.
    - Add common steps to copy a file and test for its existence.
    - Add a wait_and_double_click Sikuli helper method.
    - Add a VM.file_content method, to avoid repeating ourselves, and
      use it whenever easily doable.
    - Drop test that diffs syslinux' exithelp.cfg: we don't ship this
      file anymore.
    - In the Unsafe Browser tests, rely on subtle timing less (Closes:
      #8009).
    - Use the same logic to determine when Tor is working in the test
      suite as in Tails itself. The idea is to avoid spamming the Tor
      control port during bootstrap, since we've seen problems with
      that already.

Tails developers's avatar
Tails developers committed
1237
 -- Tails developers <tails@boum.org>  Wed, 15 Oct 2014 18:34:50 +0200
Tails developers's avatar
Tails developers committed
1238

Tails developers's avatar
Tails developers committed
1239
tails (1.1.2) unstable; urgency=medium
1240

Tails developers's avatar
Tails developers committed
1241
1242
1243
1244
  * Security fixes
    - Upgrade the web browser to 24.8.0esr-0+tails3~bpo70+1
      (fixes Mozilla#1064636).
    - Install Linux 3.16-1 from sid (Closes: #7886).
1245
1246
1247
1248
1249
    - Upgrade file to 5.11-2+deb7u5 (fixes CVE-2014-0207,
      CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479,
      CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 and CVE-2014-3587).
    - Upgrade curl to 7.26.0-1+wheezy10 (fixes CVE-2014-3613 and
      CVE-2014-3620).
1250
1251
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u2
      (fixes CVE-2014-0591).
1252
1253
    - Upgrade gnupg to 1.4.12-7+deb7u6 (fixes CVE-2014-5270).
    - Upgrade apt to 0.9.7.9+deb7u5 (fixes CVE-2014-0487,
1254
1255
      CVE-2014-0488, CVE-2014-0489, CVE-2014-0490, and
      CVE-2014-6273.).
1256
1257
1258
1259
    - Upgrade dbus to 1.6.8-1+deb7u4 (fixes CVE-2014-3635,
      CVE-2014-3636, CVE-2014-3637, CVE-2014-3638 and CVE-2014-3639).
    - Upgrade libav-based pacakges to 6:0.8.16-1 (fixes
      CVE-2013-7020).
1260
    - Upgrade bash to 4.2+dfsg-0.1+deb7u1 (fixes CVE-2014-6271).
1261

Tails developers's avatar
Tails developers committed
1262
 -- Tails developers <tails@boum.org>  Tue, 23 Sep 2014 23:01:40 -0700
1263

Tails developers's avatar
Tails developers committed
1264
tails (1.1.1) unstable; urgency=medium
1265

Tails developers's avatar
Tails developers committed
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
  * Security fixes
    - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
      (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
      Also import the Tor Browser profile at commit
      271b64b889e5c549196c3ee91c888de88148560f from
      ttp/tor-browser-24.8.0esr-3.x-1.
    - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
    - Upgrade I2P to 0.9.14.1-1~deb7u+1.
    - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
      and CVE-2014-4943).
    - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
      CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
    - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
      CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
    - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
      CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
      CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
      CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
      CVE-2014-4345).
    - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
      CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
      CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
      CVE-2013-3674 and CVE-2014-2263.
    - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
    - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
    - Prevent dhclient from sending the hostname over the network
      (Closes: #7688).
    - Override the hostname provided by the DHCP server (Closes: #7769).
    - Add an I2P boot parameter. Without adding "i2p" to the kernel
      command line, I2P will not be accessible for the Live user.
    - Stricter I2P firewall rules:
      * deny I2P from accessing the LAN
      * deny I2P from accessing the loopback device, except for select
        whitelisted services
      * allow I2P access to the Internet
      The ACCEPT rules will only be enabled when the string 'i2p' is
      passed at the boot prompt. The rules which DENY or REJECT
      access for the 'i2psvc' user will always be applied.
    - Disable I2P plugins, since it doesn't make much sense without
      persistence, and should eliminate some attack vectors.
    - Disable I2P's BOB port. No maintained I2P application uses it.
1308

Tails developers's avatar
Tails developers committed
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
  * Bugfixes
    - Fix condition clause in tails-security-check (Closes: #7657).
    - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
    - Prevent Tails Installer from updating the system partition
      properties on MBR partitions (Closes: #7716).

  * Minor improvements
    - Upgrade to Torbutton 1.6.12.1.
    - Install gnome-user-guide (Closes: #7618).
    - Install cups-pk-helper (Closes: #7636).
    - Update the SquashFS sort file.
    - Compress the SquashFS more aggressively (Closes: #7706).
    - I2P: Keep POP3 email on server. The default in the I2P webmail
      app was to keep mail on the server, but that setting was changed
      recently. This configuration setting (susimail.config) will only
      be copied over in I2P 0.9.14 and newer.
    - Add a Close button to the Tails Installer launcher window.

  * Build system
    - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
    - Consistently use the same Debian mirror.
    - Disable runtime APT proxy configuration when using APT in
      binary_local-hooks (Closes: #7691).

  * Automated test suite
    - Automatically test hostname leaks (Closes: #7712).
    - Move autotest live-config hook to be run last. This way we'll
      notice if some earlier live-config hook cancels all hooks by
      running the automated test suite since the remote shell won't be
      running in that case.
    - Test that the I2P boot parameter does what it's supposed to do
      (Closes: #7760).
    - Start applications by using the GNOME Applications menu instead
      of the GNOME Run Dialog (Closes: #5550, #7060).
1343

Tails developers's avatar
Tails developers committed
1344
 -- Tails developers <tails@boum.org>  Sun, 31 Aug 2014 20:49:28 +0000
1345

Tails developers's avatar
Tails developers committed
1346
tails (1.1) unstable; urgency=medium
1347

1348
1349
1350
1351
1352
1353
  * Rebase on Debian Wheezy
    - Upgrade literally thousands of packages.
    - Migrate to GNOME3 fallback mode.
    - Install LibreOffice instead of OpenOffice.
    - Remove custom LSB logging: Wheezy has fancy colored init
      logging.
1354

1355
  * Major new features
1356
    - UEFI boot support.
1357
1358
    - Replace the Windows XP camouflage with an experimental Windows 8
      camouflage.
1359
    - Install Linux 3.14.12-1 from Debian unstable.
1360
1361
1362
    - Bring back VirtualBox guest modules, installed from Wheezy
      backports. Full functionality is only available when using the
      32-bit kernel.
1363

1364
  * Security fixes
1365
    - Fix write access to boot medium via udisks (#6172).
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
    - Don't allow the desktop user to pass arguments to
      tails-upgrade-frontend (Closes: #7410).
    - Make persistent file permissions safer (Closes #7443):
      * Make the content of /etc/skel non-world-readable. Otherwise,
        such files may be copied to /home/amnesia, and in turn to the
        persistent volume, with unsafe permissions. That's no big deal
        in /home/amnesia (that is itself not world-readable), *but*
        the root of the persistent volume has to be world-readable.
      * Have activate_custom_mounts create new directories with safe
        permissions.
      * Set strict permissions on /home/amnesia (Closes: #7463).
      * Fix permissions on persistent directories that were created
        with unsafe permissions (Closes: #7458).
      * Fix files ownership while copying persistence (Closes: #7216).
        The previous instructions to copy the persistent data were
        creating personal files that belong to root. I don't think
        there is a way of preserving the original ownership using
        Nautilus (unless doing a "move" instead of a "copy" but that's
        not what we are trying to do here).
    - Disable FoxyProxy's proxy:// protocol handler (Closes: #7479).
      FoxyProxy adds the proxy:// protocol handler, which can be used
      to configure the proxy via an URI. A malicious web page can
      include (or a malicious exit node can inject) some JavaScript
      code to visit such an URI and disable or otherwise change
      Iceweasel's proxy settings. While using this to disable
      proxying will be dealt with safely by our firewall, this could
      be used to defeat stream isolation, although the user must be
      tricked into accepting the new proxy settings.
1394
1395
1396
1397
1398
1399
1400
    - Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1
      (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
    - Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
    - Upgrade libav-based packages to 0.8.13-1 (fixes CVE-2014-4609).
    - Upgrade to libxml2 2.8.0+dfsg1-7+wheezy1 (fixes CVE-2014-0191).
    - Upgrade to dbus 1.6.8-1+deb7u3 (fixes CVE-2014-3477,
      CVE-2014-3532 and CVE-2014-3533).
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420

  * Bugfixes
    - Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In
      feature/regular-gnupg-agent, we installed the regular GnuPG
      agent so that it is used instead of GNOME keyring's one. This is
      not enough on Wheezy, so let's disable the starting of the "gpg"
      component of GNOME keyring.
    - Make sure /etc/default/locale exists, with a sensible default
      value (Closes: #7333). Before Tails Greeter's PostLogin script
      are run, /etc/default/locale does not exist on Wheezy. Our
      tails-kexec initscript (and quite a few other scripts we run)
      depends on this file to exist. So, let's make sure it exists,
      with a sensible default value.
    - Create the tails-persistence-setup user with the same UID/GID it
      had on Tails/Squeeze. (Closes: #7343) Else, our various checks
      for safe access rights on persistence.conf fail.
    - Revert back to browsing the offline documentation using Iceweasel
      instead of Yelp (Closes: #7390, #7285).
    - Make the new NetworkManager configuration directory persistent,
      when the old one was, but disable the old one (Closes: #7338).
Tails developers's avatar
Tails developers committed
1421
1422
1423
1424
    - Before running tails-upgrade-frontend, chdir to a world-readable
      place (Closes: #7641). In particular, Archive::Tar::Wrapper,
      when called by tails-install-iuk, wants to chdir back to the
      original cwd after it has chdir'd elsewhere to do its job.
1425
1426
1427

  * Minor improvements
    - Install seahorse-nautilus, replacing seahorse-plugins (Closes #5516).
1428
    - Install hledger (custom backport, for now): our accountants need this.