changelog 467 KB
Newer Older
anonym's avatar
anonym committed
1
2
3
4
5
6
tails (4.11.1) UNRELEASED; urgency=medium

  * Dummy entry for next release.

 -- anonym <anonym@riseup.net>  Tue, 22 Sep 2020 15:23:20 +0200

anonym's avatar
anonym committed
7
tails (4.11) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
8

anonym's avatar
anonym committed
9
10
  * Security fixes
    - Upgrade Linux kernel to 5.7.0-3 at 5.7.17-1 (#17895).
anonym's avatar
anonym committed
11
    - Upgrade Tor Browser to 10.0 (#17933).
anonym's avatar
anonym committed
12
13
14
15
16
    - Upgrade Thunderbird to 68.12.0-1~deb10u1.
    - Upgrade xorg-server to 1.20.4-1+deb10u1.
    - Upgrade openexr to 2.2.1-4.1+deb10u1.
    - Upgrade bind9 to 9.11.5.P4+dfsg-5.1+deb10u2.
    - Upgrade ghostscript to 9.27~dfsg-2+deb10u4.
anonym's avatar
anonym committed
17
    - Upgrade libzmq5 to 4.3.1-4+deb10u2.
anonym's avatar
anonym committed
18
19
20
21

  * Minor improvements and updates
    - Upgrade Electrum to 4.0.2-2.

anonym's avatar
anonym committed
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
  * Tor Browser 10.0 (tails/tails!189)

    Commits:
      - Tor Browser: patch in prefs changes introduced in 10.0-build3.
      - Test suite: make scenario titles consistently not end with period
      - Unsafe Browser: adjust disabling add-ons to Tor Browser 10
      - Unsafe Browser: add missing escaping
      - Upgrade Tor Browser to 10.0-build2 (refs: #17933).
      - Rename, refactor, reorganize.
      - Tor Browser: use new trick to avoid mandatory extension signing.
      - Upgrade Tor Browser to 10.0a7.

  * Test suite: use versioned python2 interpreter for otr-bot.py (tails/tails!186)

    Commits:
      - Test suite: use versioned python2 interpreter for otr-bot.py

  * Test suite: switch to virtio transport for the remote shell (tails/tails!185)

    Closes issues:
      - Improve the remote shell's performance by switching to a virtio channel
        (tails/tails#11888)

    Commits:
      - Test suite: make SocketReadTimeout inherit from RuntimeError
      - Lint.
      - Test suite: use factorized way to get and update the domain's XML definition
      - Fix Layout/EmptyLineAfterGuardClause Rubocop regression
      - Fix Style/StringLiterals Rubocop regression
      - Fix Naming/HeredocDelimiterNaming Rubocop regression
      - Rubocop: fix a Security/JSONLoad regression
      - tails-autotest-remote-shell: lint
      - tails-autotest-remote-shell: remove unused import
      - Remote shell: improve warning.
      - Test suite: log whenever remote_shell_is_up?() returns false.
      - Remote shell: use timed read() for virtio channel.
      - Remote shell: switch from serial to virtio transport (refs: #11888).

  * Release process: generate UDFs to non-final releases from any supported
    previous version (tails/tails!178)

    Closes issues:
      - UDF generation is broken for release candidates (tails/tails#17921)

    Commits:
      - Don't generate UDFs on the stable channel to point to a release candidate
      - Release process: generate UDFs to non-final releases from any supported
        previous version

  * Don't override Debian's system-wide Thunderbird configuration (tails/tails!177)

    Commits:
      - Adding comment explaining extensions.update.enabled Thunderbird pref (Refs:
        #16021)
      - Removing network.protocol-handler.app.http[s] Thunderbird preferences (Refs:
        #16021)
      - Removing intl.locale.requested Thunderbird preference (Refs: #16021)
      - Changing header in Thunderbird's prefs file indicating they are Tails' prefs
        (Refs: #16021)
      - aa_tails.js: Removing repeated thunderbird preferences
      - Moving local included thunderbird config to not overwrite debian default (Will-
        fix: #16021)

  * Clarify phrasing of KeePassXC database renaming dialog (tails/tails!175)

    Commits:
      - Explicit (#17286)
      - Explain that the change came from KeePassXC (#17286)

  * Test Thunderbird with local email server on Jenkins (tails/tails!172)

    Closes issues:
      - Checking credentials in Thunderbird autoconfig wizard sometimes fails in the
        test suite (tails/tails#11890)
      - Run our own email (IMAP/POP3/SMTP) server for automated tests run on lizard
        (tails/tails#12277)

    Commits:
      - Test suite: fix Rubocop offenses
      - Lint.
      - Test suite: add debug logging so we can tell whether we're installing the
        hosts' email server's snakeoil certificate
      - Test suite: add missing newline.
      - Test suite: set promiscuous trust for the certificate we import.
      - Test suite: import isotesters' snakoil SSL cert into Thunderbird.
      - Test suite: complete the switch from Icedove to Thunderbird namespace in
        configuration (refs: #12277)

  * Chutney docs and logging (tails/tails!167)

    Commits:
      - Test suite: improve logging message for initial Chutney cleanup.
      - Test suite: also log when Chutney is up and running.
      - Test suite: make Chutney logging visible without debug formatter.
      - Test suite: document our usage of Chutney (refs: #17801).

  * Install python3-trezor from buster-backports (tails/tails!165)

    Commits:
      - Install trezor packages from buster-backports

anonym's avatar
anonym committed
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
  * Fix “return to Greeter when clicking the Start Tails button” on Intel+AMD dual-
    GPU systems (tails/tails!163)

    Commits:
      - tails-unblock-network: skip most graphics-related devices when triggering udev

  * Round the download size in "Upgrade available" dialog (tails/tails!162)

    Commits:
      - Rounds the size of numbers displayed in stderr if is not possible to do an
        incremental upgrade because there is no free memory or disk space available
      - Round the download size in Upgrade available IUK dialog

  * Save KeePassXC database in persistent directory (tails/tails!161)

    Commits:
      - Adjust end-user documentation for new default KeePassXC database filename
      - Open Passwords.kdbx by default (#17286)
      - Install KeePassXC 2.5.4 from buster-backports (#17286)

anonym's avatar
anonym committed
143
144
145
146
147
148
149
150
151
  * Support audio on recent Intel platforms: Comet Lake, Whiskey Lake, etc.
    (tails/tails!157)

    Commits:
      - auto/build: enable the pipefail option
      - Add Intel SOF Firmware and Topology binaries as a submodule and install them
      - build-tails: give our build scripts access to submodules' refs
      - Make code fail hard if it becomes obsolete

anonym's avatar
anonym committed
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
  * "Synchronizing the system's clock" notification: hidden  onion services
    (tails/tails!156)

    Commits:
      - update hidden to onion services
        (https://gitlab.tails.boum.org/tails/tails/-/issues/15354)

  * Drop obsolete workaround for python3-qdarkstyle, fixing devel FTBFS
    (tails/tails!154)

    Commits:
      - Drop now unneeded APT pinning on helpdev and python3-qdarkstyle
      - Revert "Avoid installing python3-qdarkstyle by default"

  * Build the changelog from GitLab MRs rather than from Git commits
    (tails/tails!153)

    Commits:
      - generate-changelog: only list merged MRs
      - Changelog generation: support preparing a non-final (alpha, beta, RC) release
      - Update comment
      - Release process: update obsolete reference to Stretch
      - Release process: use HTTPS URIs
      - Remove obsolete "release" script
      - RM doc: drop obsolete process hack around painful changelog generation
      - Release process and release notes checklist: switch to automated changelog
        generation
      - changelog.jinja2: add newlines for nicer formatting if rendered as Markdown
      - generate-changelog: skip merge commits
      - Add PoC script that generates a changelog from GitLab MRs

  * Include "initially installed Tails version" info in WhisperBack reports
    (tails/tails!152)

    Commits:
      - Include "initially installed Tails version" in WhisperBack reports
      - Reorder debugging info: keep persistence-related info together

anonym's avatar
anonym committed
190
191
192
193
194
195
196
197
  * try_for() timeout is not honored (tails/tails!151)

    Closes issues:
      - Test suite: try_for timeout is not honored (tails/tails#17822)

    Commits:
      - Revert "Revert "Test suite: revert exception handling change in try_for""

anonym's avatar
anonym committed
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
  * Enable persistence for all Greeter settings (tails/tails!149)

    Commits:
      - Test suite: make sure Greeter settings are default when they should.
      - Test suite: add scenario testing persistent Greeter options (refs: #17136).
      - Test suite: support entering sudo/persistent password in German.
      - Test suite: simplify.
      - Test suite: refactor.
      - Test suite: restore $language after reboot during the same scenario.
      - Test suite: consistently wait for notifications after logging in.
      - Greeter: Explain in a comment why we need this ugly workaround
      - Greeter: expand persistence support to all settings.

  * Tor browser 10.0.x based on ESR78 (tails/tails!148)

    Commits:
      - Automate Tor Browser import branch name generation.
      - Tor Browser: disable update checks via Enterprise Policy mechanism.
      - Revert "Tor Browser: disable the update check with a hack."
      - Upgrade Tor Browser to 10.0a6.
      - Tor Browser: disable the update check with a hack.
      - Test Suite: bump image.
      - Test Suite: bump UnsafeBrowserStartPage.fa.png.
      - Unsafe Browser: enable userChrome.css.
      - Unsafe Browser: Fix pref  user_pref error.
      - Tor Browser: drop userChrome.css.
      - Unsafe Browsesr: make DNS resolution work.
      - Revert "Tor Browser: remove leftover .orig."
      - Revert "Tor Browser: delete all Namecoin stuff."
      - Revert "Tor Browser: temporarily disable all non-en_US locales."
      - Tor Browser: refresh extension hacks patches.
      - Upgrade Tor Browser to 10.0a5-build2.
      - Move variables.
      - Don't ignore grep failure.
      - Tor Browser: delete all Namecoin stuff.
      - Tor Browser: use the bundled libstdc++.so.6.
      - Tor Browser: remove leftover .orig.
      - Tor Browser: temporarily disable all non-en_US locales.
      - Upgrade Tor Browser to 10.x nightly build as of 2020-08-13.
      - Tor Browser: naming scheme for nightly builds has changed.

  * Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings
    (tails/tails!147)

    Commits:
      - Hide broken "Turn on Wi-Fi Hotspot" feature in GNOME Wi-Fi settings (#17887)

  * Upgrade Linux to 5.7.17-1, adjust for updated Electrum dependencies, support
    older TREZOR firmware (tails/tails!142)

    Commits:
      - Avoid installing python3-qdarkstyle by default
      - Install python3-hid, to support the HID version of TREZOR
      - Install python3-qdarkstyle from Bullseye: Electrum now depends on it (#17904)
      - Upgrade Linux to 5.7.0-3, currently at version 5.7.17-1 (#17895)
      - Revert "Install python3-cryptography, otherwise Electrum 4.0.2-0.1 won't start"
      - Install python3-construct from buster-backports: python3-trezor needs it
        (#17904)

  * Fix sorting Intel GPUs last in the "Error starting GDM" message
    (tails/tails!141)

    Closes issues:
      - Multiple GPUs are not sorted in the intended order in the "Error starting GDM"
        message (tails/tails#17903)

    Commits:
      - Fix sorting Intel GPUs last in the "Error starting GDM" message (#17903)

  * Include information about the contents of the system partition in WhisperBack
    reports (tails/tails!140)

    Commits:
      - tails-debugging-info: include information about the contents of the system
        partition
      - tails-debugging-info: add support for commands that need to go through a shell
intrigeri's avatar
intrigeri committed
274

anonym's avatar
anonym committed
275
 -- Tails developers <tails@boum.org>  Mon, 21 Sep 2020 12:03:51 +0200
intrigeri's avatar
intrigeri committed
276

anonym's avatar
anonym committed
277
tails (4.10) unstable; urgency=medium
278

anonym's avatar
anonym committed
279
280
281
282
283
284
  * Security fixes
    - Upgrade Tor Browser to 9.5.4-build1 (Closes: #17885).
    - Upgrade Linux kernel to 5.7.0-2 at 5.7.10-1 (Closes: #17841,
      #17834).

  * Bugfixes
sajolida's avatar
sajolida committed
285
    - Make iPhone Tethering work by adding udev rule to disable MAC
anonym's avatar
anonym committed
286
287
288
289
290
291
292
293
294
295
      spoofing for it (Closes: #17820).
    - Remove broken Thunderbird protocol selection. This code has been
      a no-op in practice since at least Tails 4.0.  We've decided to
      reject #17276 and investigate what the biggest problems are for
      email in Tails with slow/shitty Internet connections:
      default'ing to IMAP may, or may not, be part of these
      problems (Closes #17276).

  * Minor improvements and updates
    - Upgrade to Tor 0.4.3.6 (Closes: #17835).
anonym's avatar
anonym committed
296
    - Upgrade to Electrum 4.0.2 (Closes: #17828).
anonym's avatar
anonym committed
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
    - Hide Thunderbird welcome message: it is not relevant in the
      context of Tails.  For example, it feels weird that we would
      encourage users to donate to Thunderbird about as loudly as we
      encourage them to donate to Tails.  Besides, the default message
      is retrieved from the web when Thunderbird starts.  We don't
      need this extra network activity.
    - import-translations: use *_release branches instead of
      *_completed branches. The new *_release branches contain exactly
      what we want, i.e. all reviewed translations from
      Transifex. While the *_completed branches only contain PO files
      for languages that are fully translated (Closes: #16774).

  * Build system
    - Upgrade snapshot of the Debian archive to 2020081601, including
      the 10.5 point release of Debian Buster (Closes: #17790).
    - On Bullseye and newer: use custom, fake, unversioned python
      packages. The unversioned python packages are not shipped in
      Bullseye/sid anymore, and even old versions are not installable
      anymore (Closes: #17858).
    - Import vagrant-libvirt's create_box.sh script. It's not included
      in vagrant-libvirt 0.1.2-1 anymore (Closes: #17872).

  * Test suite
    - Improve robustness for scenario "The Additional Software dpkg
      hook notices when persistence is locked down while installing a
      package".
    - Improve robustness for scenario "Use GNOME Disks to unlock a USB
      drive that has a basic VeraCrypt volume with a keyfile".
    - Improve robustness of cloning a Git repository.
    - Don't hammer resources of the system under test while
      installing/removing packages. I see every such dpkg|grep call
      takes about 0.3 seconds on lizard, i.e. 30% of the 1 second
      default delay between checks, which I suspect is enough to slow
      down the package installation/removal we're exercising.
    - Update expected title of the GitLab page we use
    - Rubocop: target Ruby 2.5 (Buster).
333

anonym's avatar
anonym committed
334
 -- Tails developers <tails@boum.org>  Mon, 24 Aug 2020 13:28:43 +0200
335

336
tails (4.9) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
337

338
339
  * Security fixes
    - Upgrade Tor Browser to 9.5.3-build1 (Closes: #17827).
340
    - Upgrade Thunderbird to 1:68.10.0-1~deb10u1 (DSA-4718).
341
    - Upgrade Linux to 5.7.0-1 at 5.7.6-1 (Closes: #17786).
342
343
344
    - Upgrade Evolution Data Server to 3.30.5-1+deb10u1 (DSA-4725).
    - Upgrade FFmpeg to 7:4.1.6-1~deb10u1 (DSA-4722).
    - Upgrade ImageMagick to 8:6.9.10.23+dfsg-2.1+deb10u1 (DSA-4712).
345
346
    - Upgrade NSS to 2:3.42.1-1+deb10u3 (DSA-4726).
    - Upgrade OpenMPT to 2:3.42.1-1+deb10u3 (DSA-4729).
347
    - Upgrade WebKitGTK to 2.28.3-2~deb10u1 (DSA-4724).
intrigeri's avatar
intrigeri committed
348

349
350
351
352
353
354
355
356
  * Bugfixes
    - Fix quoting issue triggering problems with some administration
      passwords (Closes: #17792).
    - Fix toram boot option by not starting the tails-shutdown-on-media-removal
      service unit in that case (Closes: #17800).
    - Fix keyboard setting handling in the greeter (Closes: #17794).
    - Make sure log messages can be displayed by Plymouth, which has strict
      limits, and improve parsing in tails-gdm-error-message (Closes: #17533).
357
    - Upgrade firmware-linux and firmware-nonfree to 20200421-1.
358
359
360
361
362
363

  * Minor improvements and updates
    - Ensure MAC spoofing messages are translated (Closes: #17783).
    - Improve failure handling for MAC spoofing (Closes: #17784).
    - Trigger MAC spoofing "panic" mode when the debug=test_mac_spoof_panic boot
      option is set.
364
    - Upgrade VirtualBox guest modules to 6.1.12-dfsg-5.
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383

  * Build system
    - Automate post-release GitLab updates, using gitlab-triage (Closes: #17589).
    - Fix a lot of possible problems spotted by ShellCheck, thanks to Paul Wise.
    - Stop installing custom firmware: firmware-realtek 20200421-1 includes it
      (See: #17786, #17323).
    - Update Thunderbird patches (Closes: #6156, #17808).
    - Bump snapshot of the Debian archive to 2020071801 (Closes: #17786).

  * Test suite
    - Add shell-special chars to passwords (See: #17792).
    - Always test the Unsafe Browser in Farsi.
    - Fix support for symlinks (Closes: #17547).
    - Update persistence-setup test suite for a new preset in Welcome Screen
      settings.
    - Drop Thunderbird POP3 test.
    - Make the "the Tor Browser has started" step stricter.
    - Improve error output when the Unsafe Browser fails to start in some locale.

384
 -- Tails developers <tails@boum.org>  Mon, 27 Jul 2020 09:03:10 +0200
intrigeri's avatar
intrigeri committed
385

anonym's avatar
anonym committed
386
tails (4.8) unstable; urgency=medium
387

anonym's avatar
anonym committed
388
389
390
391
392
393
  * Major changes
    - Welcome Screen: after a large refactoring we now can persist
      settings (See: #17136)! Currently it is limited to the newly
      added option that controls whether the Unsafe Browser is allowed
      to start (#17085). In the next major release we'll support all
      options.
394

anonym's avatar
anonym committed
395
396
397
398
399
400
401
402
403
404
405
406
  * Security fixes
    - Allow to disable the Unsafe Browser in the Welcome Screen
      (Closes: #17085). The Unsafe Browser can be used by exploits to
      deanonymize the Tails user (for details, see: #15635).
    - Upgrade Tor Browser to 9.5.1-build2 (Closes: 17782).
    - Thunderbird:
      * Upgrade to Thunderbird 68.9.0 (DSA-4702).
      * Disable unsafe MX automatic configuration method (Closes:
        #17277).
      * Disable unsafe MS Exchange automatic configuration method
        (Closes: #17654).
    - Upgrade Linux kernel to linux-image-5.6.0-2 at 5.6.14-2 (Closes:
407
      #17611, #17620).
anonym's avatar
anonym committed
408
409
    - Upgrade gnutls28-based packages to 3.6.7-4+deb10u4 (DSA-4697).
    - Upgrade intel-microcode to 3.20200609.2~deb10u1 (DSA-4701).
410

anonym's avatar
anonym committed
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
  * Bugfixes
    - Trigger emergency shutdown on resume when the boot device was
      removed while suspended (Closes: #16787).
    - Thunderbird: make searching in messages (Find bar and Find in
      This Message) work again (Closes: #17328).
    - Ensure Mac Spoofing Panic messages will be correctly displayed
      (Closes: #17779). udev may close child processes when a process
      associated with a rule (/etc/udev/rules) terminates so we wait
      for those processes before exiting.
    - Wrap `seahorse-tool --import` so it is handled by `gpg --import`
      (Closes: #17183). This makes importing binary keys via GNOME
      Files integration possible again.

  * Minor improvements and updates
    - Upgrade to tor 0.4.3.5-1 (Closes: #17741).
    - Upgrade LibreOffice to 1:6.1.5-3+deb10u6.
    - Upgrade VirtualBox guest modules to 6.1.10-dfsg-1.
    - Append Unsafe Browser setting to WhisperBack debug info.

  * Build system
    - Upgrade snapshot of the Debian archive to 2020061003, including
      the 10.4 point release of Debian Buster (Closes: #17620).
    - Tor Browser AppArmor profile: update patch to apply on top of
      0.3.2-11 (Closes: #17612)
    - Thunderbird AppArmor profile: update patch to apply on top of
      68.9.0 (Closes: #17769).

  * Test suite
    - Establish a coding standards baseline on our Ruby code base
      using Rubocop (Closes: #17646). This *MASSIVE* change includes
      mainly stylistic fixes and linting but also a few bug fixes,
      some dead code removal and code simplifications/refactorings,
      spelling fixes, improved gherkin and even removal the of
      a few duplicated tests and merging of very similar tests.
    - Improve robustness of navigating the GRUB menu in UEFI mode, and
      consequently drop the @fragile tag on the UEFI boot scenario
      (Closes: #13459).
    - Allow configuring the number of vCPUs given to TailsToaster.
      Based on work done by kytv (♥) on #6729. On powerful hardware
      with many CPUs, Tails boots much faster with >2 vCPUs given to
      TailsToaster.
    - Disable desktop size and clipboard interference between the host
      system and the system under test when using --view.
    - Ensure we run post_snapshot_restore_hook every time it's needed.
    - Fix running with XDG_SESSION_TYPE unset (Closes: #17596).
    - Always test the localized start up page of the Unsafe Browser.
    - Add --keep-chutney option to keep Chutney data, but no
      snapshots, between runs.
    - Revert "Test suite: disable tests about notifications in case of
      MAC spoofing failure (refs: #10774)"
    - Verify that the Unsafe Browser is disabled by default.
    - Test suite: fix --image-bumping-mode.

anonym's avatar
anonym committed
464
 -- Tails developers <tails@boum.org>  Mon, 29 Jun 2020 16:02:18 +0200
465

466
tails (4.7) unstable; urgency=medium
467

468
469
  * Security fixes
    - Upgrade Tor Browser to 9.5-build2 (Closes: #17710).
470
471
472
473
    - Upgrade APT to 1.8.2.1 (DSA-4685).
    - Upgrade BIND to 1:9.11.5.P4+dfsg-5.1+deb10u1 (DSA-4689).
    - Upgrade WebKitGTK to 2.28.2-2~deb10u1 (DSA-4681).
    - Upgrade Thunderbird to 1:68.8.0-1~deb10u1 (DSA-4683).
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506

  * Bugfixes
    - Improve Additional Software reliability (Closes: #17278): disable
      periodic APT operations entirely, adjust timeouts, force data
      synchronization, preserve file ownership.
    - Make memory erasure feature compatible with overlayfs (Closes: #15146).
    - Adjust various documentation for the new GitLab-based hosting.

  * Minor improvements and updates
    - Fix title of unlock-veracrypt-volume error dialog in case of incorrect
      password (Closes: #17668).
    - Clean up confusing torrc (Closes: #17706).

  * Build system
    - IUK creation: don't use extreme compression options for the outer
      SquashFS container refs.
    - IUK creation: add support for building several IUKs in parallel locally
      (Closes: #17657).
    - IUK verification: add support for fetching IUKs built in parallel on
      Jenkins (Closes: #17658).
    - Release process: generate UDFs on the alpha channel for previous
      non-final releases (Closes: #17614).
    - Remove aufs-based IUK generation code and doc (Closes: #17489).

  * Test suite
    - Adjust for augmented timeouts in Additional Software.
    - Adjust locale lookup to check several directories.
    - Speed up 'I fill a ... MiB file' step by 1000%.
    - Keep latest test suite screenshot (Closes: #17621).
    - Fix test suite breaking when the user connects to the VM via virt-viewer
      (Closes: #17623).
    - Adjust reference images and titles following the migration to GitLab
      (Closes: #17718, 17719).
507

508
 -- Tails developers <tails@boum.org>  Mon, 01 Jun 2020 18:31:41 +0200
509

510
tails (4.6) unstable; urgency=medium
511

512
  * Security fixes
513
514
515
516
    - Upgrade Tor Browser to 9.0.10-build2 (Closes: #17660).
    - Upgrade Thunderbird to 1:68.7.0-1~deb10u1 (MFSA-2020-14, DSA-4656).
    - Upgrade Git to 1:2.11.0-3+deb9u3 (DSA-4657, DSA-4659).
    - Upgrade Node.js to 10.19.0~dfsg1-1 (DSA-4669).
Cyril 'kibi' Brulebois's avatar
Cyril 'kibi' Brulebois committed
517
    - Upgrade OpenLDAP to 2.4.47+dfsg-3+deb10u2 (DSA-4666).
518
519
520
    - Upgrade OpenSSL to 1.1.1d-0+deb10u3 (DSA-4661).
    - Upgrade ReportLab to 3.5.13-1+deb10u1 (DSA-4663).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u3 (DSA-4658).
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544

  * Bugfixes
    - Switch Japanese input method from Anthy to Mozc (Closes: #16719).
    - Install the libu2f-udev package, for U2F device support.
    - Update our list of 'Favorites' applications (Closes: #16990).

  * Build system
    - lint_po: support locales with "@" in their name, such as ru@petr1708
      (Closes: #17554).
    - perl5lib: declare missing test dependencies (Closes: #17591).
    - iuk: declare missing test dependencies (Closes: #17592).
    - Upgrade to po4a 0.55 for Tails images and Vagrant box (Closes: #17005).

  * Test suite
    - Print disk usage information when the test suite fails with “No
      space left” errors.
    - Ensure no zombie processes are left around, by cleaning subprocesses
      correctly (Closes: #17551).
    - Prevent webrick from becoming a zombie process.
    - Avoid test suite getting stuck due to a zero timeout.
    - Fix obsoletion warnings (Closes: #17552).
    - Add root check and --allow-non-root option (Closes: #17613). Let's
      make it clear running the test suite requires root privileges in
      the general case.
545

546
 -- Tails developers <tails@boum.org>  Mon, 04 May 2020 18:43:38 +0200
547

548
tails (4.5) unstable; urgency=medium
549

550
551
552
553
  * Security fixes
    - Upgrade Tor Browser to 9.0.9-build1 (Closes: #17594).
    - Upgrade BlueZ to 5.50-1.2~deb10u1 (DSA-4647).
    - Upgrade GnuTLS to 3.6.7-4+deb10u3 (DSA-4652).
554

555
 -- Tails developers <tails@boum.org>  Mon, 06 Apr 2020 21:51:05 +0200
556

557
tails (4.5~rc1) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
558

559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
  * Major changes
    - Migrate from aufs to overlayfs (Closes: #8415). This change touches
      many components which won't all be listed individually, but some
      highlights are listed below:
      ⋅ Adjust the build system to stop building the aufs kernel module.
      ⋅ Switch the kernel command line from union=aufs to union=overlayfs.
      ⋅ Adjust AppArmor profiles (Closes: #9045, #12112).
      . Adapt chroot-browsers (Closes: #12105).
      ⋅ Drop the aufs Git submodule.
      ⋅ Make memory erasure feature compatible with overlayfs
        (Closes: #15146).
      ⋅ Make Upgrader support and also generate overlayfs-based IUKs by
       default (Closes: #9373).
    - Use GRUB with Secure Boot support for x86_64 (Closes: #6560, #15806).
      This is also a large change, touching many components:
      ⋅ Install grub from bullseye.
      ⋅ Introduce a custom grub configuration file.
      ⋅ Use a custom background image.
      ⋅ Mimick Debian Installer's efi-image build script to handle all
        details in binary local hooks.
      ⋅ Add SYSLINUX in the syslinux bootloader menu, to make it easier to
        troubleshoot GRUB vs. syslinux issues (Closes: #17538).
      ⋅ Upgrader: Adjust to also handle files in EFI/debian when dealing
        with file removals.
      ⋅ Adjust test suite.
    - Migrate test suite from Sikuli to a combination of OpenCV (image
      matching), xdotool (mouse interaction), plus libvirt's send-key
      (keyboard interaction) (Closes: #15460). This is another major
      changes, allowing the test suite to run on Buster-based systems,
      touching various areas of the test suite, among which:
      ⋅ Add workaround for the Greeter when restoring snapshot.
      ⋅ Fix dependencies for Buster.
      ⋅ Replace some Sikuli-based options with some OpenCV-based ones
        (e.g. --retry-find → --image-bumping-mode).
      ⋅ Handle non-English keyboards.
      ⋅ Fix --capture on Buster and above.
      ⋅ Deal with Buster having migrated from avconv to ffmpeg.
intrigeri's avatar
intrigeri committed
596

597
598
599
  * Security fixes
    - Upgrade ICU to 63.1-6+deb10u1 (DSA-4646).

600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
  * Minor improvements and updates
    - Refactor tails-documentation (Closes: #16903).

  * Build system
    - Freeze APT snapshots for 4.5~rc1.
    - Rakefile: always disable website caching when building from a tag
      (Closes: #17513).
    - Rakefile: fix recommended permissions (libvirt needs +r to share the
      source tree with the Vagrant box).
    - Import persistence-setup.git from its own repository into tails.git
      (Closes: #17526, #6487).
    - IUK: ensure rsync runtime dependency is installed.

  * Test suite
    - Adjust for the aufs → overlayfs migration (Closes: #12106, #17440,
      #17451).
    - run_test_suite: don't print usage on error.
    - run_test_suite: --view/--vnc-server-only are only supported on x11.
    - Optimize checking if file is empty.
    - Speed up some test failures to avoid resource starvation.
    - Check for tcplay dependency.
    - Increase chances chutney starts after unclean shutdown.
    - Make chutney log what it is doing.
    - Make opening Thunderbird's Extensions tab more robust.

625
 -- Tails developers <tails@boum.org>  Thu, 26 Mar 2020 22:51:35 +0100
intrigeri's avatar
intrigeri committed
626

627
tails (4.4.1) unstable; urgency=medium
628

629
630
631
  * Security fixes
    - Upgrade Tor Browser to 9.0.7-build1 (Closes: #17539).
    - Upgrade tor to 0.4.2.7 (Closes: #17531).
632
633
    - Upgrade Thunderbird to 1:68.6.0-1~deb10u1 (MFSA-2020-10, DSA-4642).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u2 (DSA-4641).
634
635
636

  * Build system
    - lint_po: avoid race conditions when checking PO files (Closes: #17359).
637

638
 -- Tails developers <tails@boum.org>  Sun, 22 Mar 2020 20:27:47 +0100
639

640
tails (4.4) unstable; urgency=medium
anonym's avatar
anonym committed
641

642
  * Security fixes
643
    - Upgrade Tor Browser to 9.0.6-build2 (MFSA-2020-09).
644
645
    - Upgrade Linux kernel to linux-image-5.4.0-4, currently at 5.4.19-1
      (Closes: #17477).
646
    - Upgrade Thunderbird to 68.5.0-1~deb10u1 (MFSA-2020-07, Closes: #17481).
647
648
649
650
651
    - Upgrade cURL to 7.64.0-4+deb10u1 (DSA-4633).
    - Upgrade evince to 3.30.2-3+deb10u1 (DSA-4624).
    - Upgrade Pillow to 5.4.1-2+deb10u1 (DSA-4631).
    - Upgrade ppp to 2.4.7-2+4.1+deb10u1 (DSA-4632).
    - Upgrade WebKitGTK to 2.26.4-1~deb10u1 (DSA-4627).
652
653
654
655
656
657
658

  * Bugfixes
    - Fix missing firmware for RTL8822BE/RTL8822CE (See: #17323). Use the
      tails-workarounds provided firmwares until the firmware-realtek
      package is updated with the patch by Sjoerd Simons (Debian#935969).
      Note: This might not be sufficient to support those cards.

659
660
661
662
  * Minor improvements and updates
    - Upgrade dogtail to 0.9.11-6.
    - Upgrade virtualbox to 6.1.4-dfsg-1.

663
664
665
666
667
668
669
670
671
672
673
674
  * Build system
    - Vagrant build box: disable mitigation features for CPU
      vulnerabilities (Closes: #17386). Given the kind of things we do in
      our Vagrant build box, it seems very unlikely that vulnerabilities
      such as Spectre and Meltdown can be exploited in there.  Let's
      reclaim some of the performance cost of the corresponding mitigation
      features.
    - Enable website caching by default, with a way option to disable it
      (Closes: #17439).
    - Key the website cache on debian/changelog too (Closes: #17511).
    - Update APT snapshot of the Debian archive to 2020030101.
    - Add support for the tails-workarounds submodule.
anonym's avatar
anonym committed
675

676
 -- Tails developers <tails@boum.org>  Wed, 11 Mar 2020 10:59:10 +0100
anonym's avatar
anonym committed
677

anonym's avatar
anonym committed
678
tails (4.3) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
679

anonym's avatar
anonym committed
680
681
682
683
684
  * Security fixes
    - Upgrade Tor Browser to 9.0.5-build2 (Closes: #17469).
    - Update Linux kernel to linux-image-5.4.0-3-amd64, currently at
      5.4.13-1 (Closes: #17443).
    - Upgrade Thunderbird to 1:68.4.1-1~deb10u1
685
    - Upgrade WebKitGTK to 2.26.3-1~deb10u1 (DSA-4610).
intrigeri's avatar
intrigeri committed
686

anonym's avatar
anonym committed
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
  * Bugfixes
    - live-persist: don't backup empty configuration files (Closes:
      #17112). In some cases, the previous code would overwrite a
      non-empty backup file with an empty one, making it harder to
      recover from the already painful #10976.
    - create-usb-image-from-iso: Run syslinux within proper chroot
      (Closes: #17179). Previously we ran syslinux from the host,
      which can lead to bugs if its versions differs from the one
      inside the chroot (which is what Tails will use later). Thanks
      to Johan Blåbäck for the patch!
    - Tails Upgrader: Fix progress bar not pulsating and hide useless
      OK button (Closes: #16603).

  * Minor improvements and updates
    - Upgrade tor to 0.4.2.6 (Closes: #17059).
    - Install the trezor package, which adds a command-line (only)
      tool for managing Trezor devices (Closes: #17463). Thanks to
      Pavol Rusnak for the patch!
    - As a consequence of the Linux kernel upgrade we also:
      * Upgrade aufs to 5.4.3 20200127.
      * Install VirtualBox guest tools and kernel modules from sid.

  * Build system
    - Upgrade snapshot of the Debian archive to 2020020302, including
      the 10.3 point release of Debian Buster (Closes: #17458).
    - Add opt-in caching of the wiki (Closes: #15342).
    - Use mksquashfs' -no-exports option even when the fastcomp build
      option is set. "fastcomp" is supposed to only tweak SquashFS
      compression settings, but so far it was also disabling the
      -no-exports option that we set for our release builds.
    - Drop a bunch of packages installed for ikiwiki for various
      (obsoloete) resons:
      * libfile-chdir-perl, libyaml-perl and libxml-simple-perl which
        was needed back when we built our own ikiwiki from Git…  a
        looong time ago.
      * libtext-multimarkdown-perl used multimarkdown ikiwiki which
        its doubtful we ever will use.
      * libhtml-scrubber-perl, libhtml-template-perl,
        libhtml-parser-perl, libyaml-libyaml-perl and liburi-perl
        which are already installed as ikiwiki dependencies.
    - Install libimage-magick-perl instead of the perlmagick
      transitional package.
    - Don't install obsolete dependencies whois and eatmydata.
    - Consistently validate individual build options as we parse them.
      This is consistent with how we handled "fastcomp" already. Only
      compatibility checks between multiple build options really need
      to happen later, once we've parsed all build options.
    - Remove 5 years old transition code
    - Fully provision the Vagrant box every time it starts, and
      partially re-provision it for every build.
    - Behave correctly when disabling a previously set "offline" or
      "vmproxy+extproxy" build option.  Previously, setting one of
      these build options *once* would taint the Vagrant box forever
      with the resulting apt-cacher-ng configuration.
    - Shrink the apt-cacher-ng cache after a successful build too
      (Closes: #17288).
    - Set up infrastructure to retrieve log file from the VM even on
      build failure (Closes: #7749).
    - Always build from a fresh Git clone.
    - Set the permissions that Vagrant needs inside the source tree
      (Closes: #11411, #16607, #17289).

  * Test suite
    - Remove Seahorse key synchronization scenarios. These 2 scenarios
      never pass due to #17169, so currently:
      * They don't teach us anything new → no benefit.
      * Every time a developer looks at test suite results,
        they need to filter out this known problem, which takes time
        and trains us to ignore problems.

anonym's avatar
anonym committed
757
 -- Tails developers <tails@boum.org>  Mon, 10 Feb 2020 14:08:59 +0100
intrigeri's avatar
intrigeri committed
758

intrigeri's avatar
intrigeri committed
759
tails (4.2.2) unstable; urgency=medium
760

761
762
763
764
  * Major changes
    - Upgrade Tor Browser to 9.0.4-build1 (MFSA-2020-03)

  * Bugfixes
intrigeri's avatar
intrigeri committed
765
766
767
768
    - Avoid the Upgrader proposing to upgrade to the version
      that's already running (Closes: #17425)
    - Avoid 2 minutes delay while rebooting after applying an automatic
      upgrade (Closes: #17026)
769
    - Make Thunderbird support TLS 1.3 (Closes: #17333)
770

intrigeri's avatar
intrigeri committed
771
772
773
774
775
  * Build system
    - IUK generation: don't make all files in the SquashFS diff
      owned by root, otherwise an upgraded system cannot start
      (Closes: #17422)

intrigeri's avatar
intrigeri committed
776
 -- Tails developers <tails@boum.org>  Mon, 13 Jan 2020 09:21:51 +0000
anonym's avatar
anonym committed
777

intrigeri's avatar
intrigeri committed
778
tails (4.2) unstable; urgency=medium
779

intrigeri's avatar
intrigeri committed
780
781
782
783
784
785
786
787
  * Major changes
    - Switch to a redesigned upgrade system (Closes: #15281), which:
      - removes the need for manual upgrades caused by lack of disk space
        on the Tails device
      - uses less RAM
    - Bump snapshot of the Debian archive to 2019122802

  * Security fixes
788
    - Upgrade Tor Browser to 9.0.3 (Closes: #17402)
intrigeri's avatar
intrigeri committed
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
    - Upgrade Linux to 5.3.15-1 (Closes: #17332)
      and upgrade the aufs module to 5.3-20191223
    - Upgrade Thunderbird to 1:68.3.0-2~deb10u1
    - Upgrade libsasl2 to 2.1.27+dfsg-1+deb10u1
    - Upgrade python3-ecdsa to 0.13-3+deb10u1

  * Bugfixes
    - KeePassXC:
      - Open ~/Persistent/keepassx.kdbx by default again (Closes: #17212)
      - Open the database specified by the user on the command-line, if any
      - Fix database renaming prompt
    - Upgrader:
      - Ensure debugging info lands in the Journal before we refer to it
      - Catch more download errors
    - Upgrade amd64-microcode to 3.20191218.1, which removes firmware
      updates that cause issues

  * Minor improvements and updates
    - Add metadata analysis tools used by SecureDrop (Closes: #17178)
    - Refresh the signing key before checking for available upgrades
      (Closes: #15279)
    - Port the Upgrader and perl5lib to a set of dependencies that are
      faster and have a lower memory footprint (Closes: #17152)
    - Ensure IUKs don't include files of our website if their content
      has not changed (refs: #15290)
    - Zero heap memory at allocation time and at free time (Closes: #17236)

  * Build system
    - Import the Upgrader and perl5lib codebases into tails.git
      (part of #7036)
    - lint_po: ignore pre-existing rply cache file that can cause
      trouble if it's corrupted (Closes: #17359)
    - Move generate-languages-list to auto/scripts
    - import-translations: work around the lack of usable branches
      in Tor's translation.git (Closes: #17279)
    - Build released IUKs on Jenkins and verify that they match
      those built locally by the Release Manager (Closes: #15287)
826
827
    - Don't download every localized Tor Browser tarball: instead,
      use the new tarball that includes every langpacks (Closes: #17400)
intrigeri's avatar
intrigeri committed
828
829
830
831
832
833
834
835
836
837
838

  * Test suite
    - Adapt for the "one single SquashFS diff" upgrade scheme
    - Chutney: update to upstream 33cbff7fc73aa51a785197c5f4afa5a91d81de9c
      (Closes: #16792)
    - Fix tagging of Chutney exit relays and bridge authorities
    - Tag Chutney clients as such
    - Wait for all Chutney nodes to have bootstrapped before assuming
      the simulated Tor network is ready
    - Don't try to save tor control sockets as artifacts
    - Add a crude script to generate IUKs for our test suite
839

intrigeri's avatar
intrigeri committed
840
 -- Tails developers <tails@boum.org>  Mon, 06 Jan 2020 16:25:22 +0000
841

842
tails (4.1.1) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
843

844
845
846
847
848
849
  * Bugfixes
    - Drop all network drivers from the initramfs to shrink its size
      drastically. Going over the 32 MiB mark might be the reason why so
      many Apple machines can't boot 4.1 while they could boot 4.0
      (Closes: #17320).
    - Only allow up to (but excluding) 32 MiB for initramfs accordingly.
intrigeri's avatar
intrigeri committed
850

851
852
853
854
  * Minor improvements and updates
    - Fix escape sequence in tails-gdm-failed-to-start.service, to avoid a
      warning message (Closes: #17166).

855
 -- Tails developers <tails@boum.org>  Sun, 15 Dec 2019 23:51:25 +0100
anonym's avatar
anonym committed
856

857
tails (4.1) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
858

859
  * Major changes
860
861
    - Upgrade Tor Browser to 9.0.2-build2, based on Firefox ESR 68.3
      (MFSA-2019-37).
862
863
    - Upgrade Thunderbird to 68.2.2 (Closes: #16771, #17220, #17222, #17267).
    - Upgrade Enigmail to 2:2.1.3+ds1-4~deb10u2 accordingly.
864
865
866
867

  * Security fixes
    - Upgrade Linux to 5.3.9-2 from sid (Closes: #17124).
    - Disable unprivileged userfaultfd syscall (Closes: #17196).
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
    - Upgrade file to 1:5.35-4+deb10u1 (DSA-4550-1).
    - Upgrade FriBidi to 1.0.5-3.1+deb10u1 (DSA-4561-1).
    - Upgrade Ghostscript to 9.27~dfsg-2+deb10u3 (DSA-4569-1)
    - Upgrade Intel microcode to 3.20191112.1~deb10u1 (DSA-4565-1,
      CVE-2019-0117).
    - Upgrade libarchive to 3.3.3-4+deb10u1 (DSA-4557-1).
    - Upgrade libvpx to 1.7.0-3+deb10u1 (DSA-4578-1).
    - Upgrade libxslt to 1.1.32-2.2~deb10u1 (CVE-2019-18197).
    - Upgrade ncurses to 6.1+20181013-2+deb10u2 (CVE-2019-17594,
      CVE-2019-17595).
    - Upgrade Python 2.7 to 2.7.16-2+deb10u1 (CVE-2018-20852,
      CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-9740,
      CVE-2019-9947).
    - Upgrade Qt to 5.11.3+dfsg1-1+deb10u1 (DSA-4556-1).
    - Upgrade tcpdump to 4.9.3-1~deb10u1 (DSA-4547-1).
    - Upgrade WebKitGTK to 2.26.2-1~deb10+1 (DSA-4558-1, DSA-4563-1).
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907

  * Bugfixes
    - Remove TorBirdy (Closes: #17219, #17269).
    - Use keys.openpgp.org's Onion service as the default keyserver
      (Closes: #12689, #14770).
    - Fix ordering of GTK bookmarks setup vs. Tor Browser directories
      creation (Closes: #17206).
    - Bring back the "Show Passphrase" button in the Greeter
      (Closes: #17177).
    - Bring back "Open in Terminal" entry in the GNOME Files context menu
      (Closes: #17186).
    - Revert "Browsers: disable the Quantum Bar." (Closes: #17143).
    - Revert "Hide all Tor connection-related settings in
      about:preferences in all browsers" (Closes: #17214).
    - Wait until Tor has bootstrapped before we try to upgrade Additional
      Software (Closes: #17203).
    - Fix the "GDM failed to start" splash screen functionality
      (Closes: #17200).

  * Minor improvements and updates
    - htpdate: stop sending User-Agent that fakes Tor Browser
      (Closes: #12023).
    - HTP: replace encrypted.google.com with www.google.com.
    - Remove signal handler from Greeter UI file (Closes: #17240).
908
909
910
    - Upgrade AMD microcode to 3.20191021.1.
    - Upgrade fonts-noto-cjk to 1:20170601+repack1-3+deb10u1
      (Debian#907999).
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948

  * Build system
    - Update Vagrant box to Buster (Closes: #16868).
    - Adjust to timedatectl's output on Buster.
    - Adjust to Buster's debootstrap.
    - Vagrant: ensure the chroot has a /proc filesystem while running
      postinstall.sh
    - Vagrant: install po4a from Stretch in the basebox.
    - build-tails: wait for NTP to be disabled before setting the desired
      date.
    - Bump APT snapshot of the Debian archive to 2019111801, including the
      10.2 point release of Buster (Closes: #17124, #17021).
    - Install virtualbox 6.0.12-dfsg-1 from our custom APT repository
      (Closes: #17161).

  * Test suite
    - Ensure we don't break tests by opening the Applications menu in
      post_vm_start_hook (Closes: #17164).
    - Improve GnuPG testing (Closes: #12689):
      · Switch to using sajolida's key.
      · Start adjusting for keys.openpgp.org.
      · Make the "GnuPG's dirmngr uses the configured keyserver" step
        actually test what it is meant to.
      · Make error strings better reflect what failure they are about.
      · Ensure dirmngr uses IPv4 since our CI runs on an IPv4-only
        infrastructure.
    - Ensure dirmngr picks up the changes we make to its configuration.
    - Switch backend keyservers (Closes: #14770).
    - Don't leave redir(1) processes behind (Closes: #14948).
    - Update image for Buster (Closes: #14770).
    - Update fragility status of Seahorse scenarios.
    - Avoid multiple instances of tcpdump writing to the same file,
      resulting in an unparsable network capture (Closes: #17102).
    - Update for Thunderbird 68 (Closes: #17269).

  * Documentation:
    - Remove or adapt mentions to Tails Installer as only installation
      method (Closes: #17204).
949
    - Add a warning about which Tails to run rsync from (Closes: #17197).
intrigeri's avatar
intrigeri committed
950

951
 -- Tails developers <tails@boum.org>  Mon, 02 Dec 2019 22:23:35 +0100
intrigeri's avatar
intrigeri committed
952

intrigeri's avatar
intrigeri committed
953
tails (4.0) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
954

intrigeri's avatar
intrigeri committed
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
  * Major changes
    - Upgrade Tor Browser to 9.0-build2, based on Firefox ESR 68.2.

  * Security fixes
    - Upgrade IBus to 1.5.19-4+deb10u1.0tails1 (Closes: #17144)
    - Upgrade sudo to 1.8.27-1+deb10u1

  * Bugfixes
    - Fix regressions brought by the integration of Tor Browser 9.0:
      · Fix non-English spellchecking (Closes: #17150)
      · Unsafe Browser: don't enable private browsing mode, don't display
        Tor Browser icons, hide the new "New identity" toolbar button
        (Closes: #17142)
      · Hide all Tor connection-related settings in about:preferences
        (Closes: #17157)
    - Fix Stealth Onion services in OnionShare (Closes: #17162)
    - Upgrade OpenSSL to 1.1.1d-0+deb10u2

  * Minor improvements and updates
    - Don't include the locales package (Closes: #17132)
    - Update htpdate's User-Agent to match Tor Browser 9.0's

  * Test suite
    - Only partially fill memory for userspace processes (Closes: #17104)
    - Drop the "Unsafe Browser has no proxy configured" step, that's hard
      to update and adds little value
    - Various updates for Tor Browser 9.0 final
    - Make the "SSH is using the default SocksPort" scenario more robust
      (Closes: #17163)
intrigeri's avatar
intrigeri committed
984

intrigeri's avatar
intrigeri committed
985
 -- Tails developers <tails@boum.org>  Mon, 21 Oct 2019 10:24:56 +0000
intrigeri's avatar
intrigeri committed
986

intrigeri's avatar
intrigeri committed
987
tails (4.0~rc1) unstable; urgency=medium
988

intrigeri's avatar
intrigeri committed
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
  * Major changes
    - Update Tor Browser to 9.0a7, based on Firefox ESR 68 (#16356).
    - Include a working version of Electrum: 3.3.8-0.1 (Closes: #16421).
      Accordingly:
      · Remove the obsolete "coin_chooser: Privacy" option (Closes: #15483).
      · Disable the update check (Closes: #15483).
    - Curate the list of languages in Tails Greeter (Closes: #16095).
      Only include languages which meet one of these conditions:
      · Have a PO file in tails.git (i.e. have at least one translated
        and reviewed string)
      · Are on our list of tier-1 supported languages.
    - Update Linux to 5.3.2-1~exp1 from Debian experimental (Closes: #17117).
    - Bump APT snapshots of the 'debian' and 'torproject' archives
      to 2019100904. This includes the update to the Buster 10.1
      point-release.

  * Security fixes
    - Drop NoScript customization that makes our web fingerprint diverge
      from Tor Browser's (related to #5362).
    - Enable Buster security APT sources (Closes: #17119).
    - Upgrade CUPS to 2.2.10-6+deb10u1 (CVE-2019-8696, CVE-2019-8675,
      and more security fixes).
    - Update GnuPG to 2.2.12-1+deb10u1, which mitigates the certificates
      flooding attack.
    - Update e2fsprogs to 1.44.5-1+deb10u2 (DSA-4535-1).
    - Update ghostscript to 9.27~dfsg-2+deb10u2 (DSA-4518-1, DSA-4499-1).
    - Update WebKitGTK to 2.24.4-1~deb10u1 (DSA-4515-1).
    - Update Pango to 1.42.4-7~deb10u1 (DSA-4496-1).
    - Update ffmpeg to 7:4.1.4-1~deb10u1 (DSA-4502-1).
    - Update expat to 2.2.6-2+deb10u1 (DSA-4530-1).
    - Update GLib to 2.58.3-2+deb10u1 (CVE-2019-13012).
    - Update libmariadb3 to 1:10.3.17-0+deb10u1 (various vulnerabilities).
    - Update NSS to 2:3.42.1-1+deb10u1 (CVE-2019-11719, CVE-2019-11727,
      CVE-2019-11729).
    - Update LibreOffice to 1:6.1.5-3+deb10u4 (DSA-4519-1, DSA-4501-1,
      DSA-4483-1, and CVE-2019-9848).
    - Update Samba to 2:4.9.5+dfsg-5+deb10u1 (DSA-4513-1).
    - Update OpenSSL to 1.1.1d-0+deb10u1 (DSA-4539-1).
    - Update libxslt to 1.1.32-2.1~deb10u1 (CVE-2019-11068, CVE-2019-13117,
      CVE-2019-13118).
    - Update zeromq3 to 4.3.1-4+deb10u1 (DSA-4477-1).
    - Update patch to 2.7.6-3+deb10u1 (DSA-4489-1).
    - Update Thunderbird to 1:60.9.0-1~deb10u1 (DSA-4523-1, DSA-4482-1).
    - Update wpasupplicant to 2:2.7+git20190128+0c1e29f-6+deb10u1 (DSA-4538-1).

  * Bugfixes
    - Ensure that tor-has-bootstrapped systemd units are stopped
      if tor@default.service stops; replace the tor-has-bootstrapped
      script with a tor_has_bootstrapped() function that checks the status
      of tails-tor-has-bootstrapped.target (Closes: #16664).
    - Fix MIME info data build reproducibility (Closes: #17023).
    - Fix missing GNOME bookmarks, by adding them earlier in the session
      login process (Closes: #17030).
    - Increase left dock width in GIMP's sessionrc (Closes: #16807).
    - Use hardware defaults for the touchpad click method (Closes: #17045).
    - Fix image thumbnails in GNOME Files (Closes: #17062).
    - Use the "intel" X.Org driver for Intel Iris Plus Graphics 640
      (Closes: #17060).
    - Fix sdhci-pci support.
    - Honor the "Formats" settings chosen in the Greeter (Closes: #16806).
    - Fix administration password not being applied in some cases
      (Closes: #13447).
    - Fix Greeter settings being applied when clicking "Cancel"
      (Closes: #17087).
    - Fix bridge information not always shown when the user selects
      bridge mode in the Greeter.
    - Fix path in whisperback's debugging info (Closes: #17109).
    - Fix Tor Browser functionality that was broken when it was started
      by clicking a link in Thunderbird (Closes: #17105).
    - Fix WhisperBack that was broken due to an expired X.509 certificate:
      stop using TLS (we already have end-to-end encryption via OpenPGP,
      plus end-to-end encryption and remote peer authentication via
      Tor hidden services). Also, switch to a v3 Onion service (Closes #17110).
    - Install Stretch's po4a (0.47-2) from our custom APT repository:
      the upgrade to Buster's version will need more work and coordination
      (Closes: #17127).
    - Fix hiding of the Add-ons manager in the Unsafe Browser hamburger menu.
      Regression introduced when we upgraded to Tor Browser based on Firefox
      ESR 60.
    - Mention USB images as a valid installation technique when trying
      to create a persistent volume on a device that can't have one
      (Closes: #17025).

  * Minor improvements and updates
    - Add iPhone USB tethering support (Closes: #16180).
    - Install Enigmail from Buster (Closes: #16978).
    - Disable GDM debug logs (Closes: #17011).
    - Hide less common keyboard layouts in the Greeter (Closes: #17084).
    - Major refactoring and cleanup of Tails Greeter (Closes: #17098).
    - Use a localized page for the Greeter help window, if available
      (Closes: #17101).
    - Separate Chinese into simplified and traditional scripts
      in the Greeter (Closes: #16094).
    - Allow the user to show the passphrase they're typing when creating
      a new persistent volume (Closes: #15102).
    - When saving persistence.conf or its backup, also run sync(1)
      on its parent directory (might help fix #10976).
    - Improve Tails Installer wording (Closes: #15564).
    - Update tor to 0.4.1.6-1~d10.buster+1.
    - Update VirtualBox guest drivers and tools to 6.0.12-dfsg-1.

  * Build system
    - SquashFS sort file: remove more noise.
    - Improve lint_po's UX (refs: #16864).
    - Import our pythonlib, previously included as a submodule (Closes: #16935).
    - Use a consistent, standard Python packages directory (Closes: #17082).

  * Test suite
    - Make various steps more robust:
      · "all notifications are disappeared" (Closes: #17012)
      · "Additional Software is correctly configured for package"
      · "I unlock and mount this VeraCrypt file container
        with Unlock VeraCrypt Volumes"
      · "I open the Unsafe Browser proxy settings dialog"
      · starting apps via the GNOME Activities Overview (Closes: #13469)
      · "I start the Tor Browser in offline mode"
    - Handle Guestfs::Error exceptions.
    - Provide guidance to fix problematic situation.
    - Update various reference images for Buster.
    - Don't attempt to find fuzzy matches with Sikuli unless fuzzy image
      matching is enabled (Closes: #17029).
    - Dogtail'ify all interactions with gedit (Closes: #17028).
    - New test: ensure that no experimental APT suite is enabled
      for deb.torproject.org (Closes: #16931).
    - Remove dead IRC-related code and dependencies.
    - Take into account that Evince and Tor Browser's print-to-file dialogs
      are rendered in a subtly different manner.
    - Drop fragile tag for actual Tails bugs (#17007).
    - Drop compatibility code for Cucumber < 2.4.0 (Closes: #17083).
    - Fix regression in the Persistent browser bookmarks scenario
      (Closes: #17125).
1120

intrigeri's avatar
intrigeri committed
1121
 -- Tails developers <tails@boum.org>  Thu, 10 Oct 2019 11:23:53 +0000
1122

intrigeri's avatar
intrigeri committed
1123
tails (4.0~beta2) unstable; urgency=medium
1124

intrigeri's avatar
intrigeri committed
1125
  * All changes included in Tails 3.16, see the corresponding changelog entry.
1126

intrigeri's avatar
intrigeri committed
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
  * Major changes
    - Upgrade tor to 0.4.1.5 (Closes: #16986).

  * Security fixes
    - Upgrade the Linux kernel to 5.2.0-2 (Closes: #16942).
      This mitigates the Spectre v1 swapgs vulnerability (CVE-2019-1125).
      Accordingly, aufs to aufs5.2 20190805.
    - Install enigmail from Bullseye (Closes: #16738).
      This fixes CVE-2019-12269.

  * Bugfixes
    - tails-unblock-network: only sleep until all-net-blacklist.conf is gone,
      instead of unconditionally delaying the login process for 5 seconds
      (Closes: #16805).
    - Terminate GDM's GNOME session after the amnesia user logs in,
      to free 200-300 MiB of memory (Closes: #12092).
      Temporarily enable GDM debug logs so we get enough information to fix
      any issue this might cause.
    - Make our KeePassXC wrapper translatable (Closes: #16952).
    - Adjust boot-time backports APT pinning for Buster.
    - Ensure we don't install unwanted packages even if they become
      "Priority: standard" again (Closes: #16949).
    - Move some GNOME apps to different menu categories (Closes: #16981).
    - Update HTP pools: replace boum.org (invalid certificate) with puscii.nl,
      replace www.myspace.com with myspace.com (the former redirects to
      the latter).
    - AppArmor: allow OnionShare to open URLs with Tor Browser (Closes: #16914).
    - Make file transfers with Spice reliable.

  * Minor improvements and updates
    - Greeter: improve formatting of printed exceptions.
    - Use the same icon for Tails Documentation in the Applications menu
      as on te Desktop (Closes: #16800).
    - Drop migration path from GnuPG persistent configuration created
      in the Tails 2.x era.
    - Remove various hacks that we don't need on Buster anymore.
    - Stop installing libcaribou-gtk3-module (Closes: #16757).
    - Stop installing python-cairo: mat2 does not use it anymore.
    - tails-unblock-network: have udev reload the databases it uses.
      This should avoid our fix for #16805 introducing regressions.

  * Build system
    - Bump APT snapshot of the 'debian' and 'torproject' archives
      to 2019090202.
    - Import the Greeter codebase into tails.git (Closes: #16912).
    - Explicitly install gnome-shell to make the set of installed packages
      more deterministic (related to #16947).
    - Don't try to follow symlinks when normalizing timestamps on source files.
    - Add missing "set -u" to build-time hook.
    - Use consistent method to extract translatable strings from Glade files.
    - Create gdm-tails related files from the original GNOME files
      (Closes: #12551).
    - Stop installing libimage-exiftool-perl explicitly: mat2 depends on it
      already.
    - Rakefile: disable compression when retrieving artifacts via scp.
      This makes this build step faster on systems that have SSH compression
      enabled by default.
    - import-translations: use tails-misc_release for tails.git's PO files
      (i.e. the Tails part of #16774).
    - Use squashfs-tools from sid (Closes: #16637).
    - Lower VM_MEMORY_BASE to 1536M.
    - Remove unneeded package cleanup (Closes: #16950).

  * Test suite
    - New scenario: installing with GNOME Disks from a USB image
      (Closes: #16004).
    - New scenarios: VeraCrypt PIM support (Closes: #15946).
    - Revert timeout bump that's not needed anymore.
    - Add a showing method on Dogtail objects.
    - VeraCrypt: ensure the temporary keyfile file is not garbage collected
      while we still need it.
    - Remote shell: print traceback to stderr so we can see it.
    - Install Dogtail from Bullseye and run it with Python 3 (Closes: #16976).
      This gives us UTF-8 support. Accordingly, drop anonym's "showingOnly"
      patch that was merged upstream, and port some test suite code to Dogtail,
      which we could not do before it got UTF-8 support.
    - Dogtail'ify some steps.
    - Make "^the Tor Browser shows the "([^"]+)" error$" step more robust
      (Closes: #11592.
    - Make the "the support documentation page opens in Tor Browser" step more
      robust (Closes: #15321)
    - Remove a bunch of obsolete @fragile tags, update the reasons why
      the remaining ones are fragile, and add some missing @fragile tags.
    - Drop useless code based on wrong assumptions (refs: #13470).
    - Make the "I set an administration password" step more robust.

intrigeri's avatar
intrigeri committed
1213
 -- Tails developers <tails@boum.org>  Mon, 02 Sep 2019 19:55:24 +0000
1214

anonym's avatar
anonym committed
1215
tails (4.0~beta1) unstable; urgency=medium
anonym's avatar
anonym committed
1216
1217
1218
1219
1220

  * Major changes
    - Upgrade to a snapshot of Debian 10 (Buster) from 2018-08-06.

  * Removed features
sajolida's avatar
sajolida committed
1221
    - Remove scribus completely (refs: 16290).
anonym's avatar
anonym committed
1222
1223
1224
    - Remove LibreOffice Math (#16911).

  * Bugfixes
anonym's avatar
anonym committed
1225
1226
1227
    - Fix Electrum wrapper's persistence check (Closes: #16821).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Hide the security level button in the unsafe browser (Closes:
anonym's avatar
anonym committed
1228
1229
      #16735).
    - Only hide unlocked TailsData partitions from the boot device
anonym's avatar
anonym committed
1230
      (Closes: #16789).
anonym's avatar
anonym committed
1231
1232

  * Minor improvements and updates
anonym's avatar
anonym committed
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
    - Remove KeePassX and replace it with KeePassXC (Closes:
      #15297). As KeePassX was used around for a longer time, we don't
      need automatic upgrading cappability from old KeePass file
      format (Tails 2 times). The user can still import those old
      files, if they want to access it.
    - Ship a pre-compiled AppArmor policy to make boot faster (Closes:
      #16138).
    - Change the splash screen for Tails 4.0 (#16837). Add SVG source
      while we're at it!
    - Remove our predefined bookmarks and ship default upstream Tor
      Browser bookmarks instead (Closes: #15895).
    - Install bolt for improved Thunderbolt support (Closes: #5463).
    - Don't display the Home launcher on the desktop (Closes: #16799).
      Since the switch to the desktop-icons GNOME Shell extension, the
      nicer XDG-blah name ("Home" in English, translated in many
      languages) is not used to label this launcher anymore: instead,
      the name of the directory is displayed, in this case: "amnesia",
      which makes no sense to our users. Our other options to fix that
      are more costly and we've decided a while ago, when I proposed
      to remove the desktop icons, to keep them until they were too
      expensive to support. So this one goes: we have the Places menu
      already.
    - Add Files to favorite apps (Closes: #16799). This gives another
      entry point to the home folder, which partially mitigates any UX
      regression that might be caused by the previous changelog entry.
anonym's avatar
anonym committed
1258
1259
    - Explicitly install imagemagick. We ship it on purpose (see
      [[contribute/meetings/201707]]).
anonym's avatar
anonym committed
1260
1261
1262
1263
1264
1265
1266
    - MAT:
      * Drop obsolete optional MAT dependencies it isn't using any
        more.
      * Stop explicitly installing MAT dependencies. The package
        depends on those so we don't need to pull them ourselves.
    - Move translations from root-terminal.desktop.in into own PO
      files (Closes: #15335).
anonym's avatar
anonym committed
1267
1268
1269
    - Drop obsolete live-boot patch: the bug it workarounds only
      happens with CONFIG_AUFS_DEBUG enabled. We disable
      CONFIG_AUFS_DEBUG in config/chroot_local-hooks/13-aufs and the
anonym's avatar
anonym committed
1270
      Debian package did it as well (Refs: Debian#886329).
anonym's avatar
anonym committed
1271
    - Rename /usr/share/amnesia to /usr/share/tails.
anonym's avatar
anonym committed
1272
1273
    - Drop APT pinning for non-existing live.debian.net, that we
      haven't used since 2010.
anonym's avatar
anonym committed
1274
    - Don't install the cryptsetup initramfs integration and startup
anonym's avatar
anonym committed
1275
      scripts (Closes: #16264). We probably only need the binaries.
anonym's avatar
anonym committed
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
      Not installing the initramfs integration will get rid of some
      noise
    - Don't install full-blown cryptsetup, take 2 (refs: #15690). We've
      stopped installing it (#16264) but this branch independently
      reintroduced it.
    - Disable live-tools.service (Closes: #16324). This service is only
      useful to display the "Please remove the live-medium, close the
      tray (if any) and press ENTER to continue:" prompt on shutdown,
      that we don't want to display in Tails: shutdown and memory
      erasure should not require a confirmation once the user has
      triggered it. In Stretch this code was broken and we were
      relying on this. But the Buster upgrade of this code has
      repaired it, so I sometimes see that prompt. This might also
      explain some issues such as #16312.
    - AppArmor: allow cups-brf, driverless, and gutenprint53+usb
anonym's avatar
anonym committed
1291
1292
1293
1294
1295
1296
1297
1298
1299
      printer backends (Closes: #15030). Technically, cups-brf and
      driverless are not third-party and should be confined more
      strictly with "ixr", under the cupsd profile. But I don't know
      how to to test these backends and confining them more strictly
      may break them.  Anyway, that's an upstream matter: the purpose
      of our Tails-specific patch is to replace the third party
      backends /usr/lib/cups/backend/* catch all rule, that doesn't
      work for us, and not to keep the list of backends which come
      with CUPS up-to-date.
anonym's avatar
anonym committed
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
    - Make export_gnome_env() exit early if gnome-shell isn't running.
      Without this e.g. the automated test suite, which will call
      export_gnome_env() before gnome-shell is running, will have its
      journal polluted with errors about this. This is not the first
      time I see this and get worried and waste minutes investigating,
      so let's just fix it.

  * Build system
    - Bump VM_MEMORY_BASE to 2048M. With the previous 1024M setting,
      the squashfs preparation gets OOM-killed.
anonym's avatar
anonym committed
1310
    - Limit the memory used by mksquashfs to 512M (Closes: #16177). By
anonym's avatar
anonym committed
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
      default mksquashfs will use 25% of the physical memory. So when
      we use the "ram" build option, build in a VM with 13GB of RAM,
      of which up to 12G is supposed to be used by the build tmpfs,
      mksquashfs will try using 13/4 = 3.25G of memory. And then it
      will get reaped by the OOM killer more or less occasionally
      depending on how much space is really used in the build tmpfs
      and how much memory the rest of the system is using. So let's
      limit the memory used by mksquashfs to 50% of the memory we
      allocate to the build VM, excluding the part of it that we
      expect tmpfs data to fill. In passing, the fact mksquashfs does
      not get killed every time suggests that our current
      BUILD_SPACE_REQUIREMENT value exceeds the real needs of a build:
      a value around 10 or 11G should be enough. But that will be for
      another commit.
anonym's avatar
anonym committed
1325
1326
    - Use xz with default settings to compress non-release SquashFS
      (refs: #16177). squashfs-tools 1:4.3-11, used to build
anonym's avatar
anonym committed
1327
1328
1329
1330
1331
1332
1333
1334
1335
      feature/buster, does not consistently honor the value passed to
      -mem: the xz compressor does but at least the gzip and lzo ones
      don't. This makes the build often fail because mksquashfs gets
      reaped by the OOM-killer. Our only other option is currently to
      bump the build VM memory a lot, which is going to be painful on
      developers' systems and might not be an option on Jenkins. So
      let's fall back to xz with default settings (not the crazy slow
      but efficient we use at release time) when building non-release
      images.
anonym's avatar
anonym committed
1336
1337
    - Rename the "gzipcomp" build option to "fastcomp". What matters
      in the "user" interface is not the exact algorithm that's used,
anonym's avatar
anonym committed
1338
1339
1340
1341
1342
1343
      it's the fact it's supposed to be faster than the compression
      settings we use to build releases. We may have to changes these
      fast(er) settings occasionally, possibly to use a non-gzip
      algorithm. So let's keep supporting "gzipcomp" for backward
      compatibility but stop documenting it. Instead, support and
      document "fastcomp".
anonym's avatar
anonym committed
1344
1345
1346
    - Add the vmproxy+extproxy build option. When enabled, use the
      vmproxy but configure it to in turn use the exproxy set via the
      http_proxy environment variable.
anonym's avatar
anonym committed
1347
1348
1349
    - Support the case when we don't ship a custom AppArmor feature
      set. Let's keep this sanity check for the times when we do ship
      a custom feature set, but building an ISO without a custom one
anonym's avatar
anonym committed
1350
      should remain supported. (Closes: #15149)
anonym's avatar
anonym committed
1351
1352
1353
1354
1355
    - Don't remove packages whose deinstallation removes most of the
      system; don't explicitly remove packages that are taken care of
      by "apt-get autoremove" already. On Buster, removing dpkg-dev
      or make deinstalls python3, gnome-shell and more.
    - Install all "Priority: standard" packages via an explicit
anonym's avatar
anonym committed
1356
      packages list instead of via --tasks (Closes: #15690). This will
anonym's avatar
anonym committed
1357
1358
1359
1360
      make it easier to remove some of these packages from the list of
      those that should be installed in the first place, as opposed to
      letting them be installed by tasksel only to uninstall them
      later. I've seeded tails-000-standard.list with the output of:
anonym's avatar
anonym committed
1361
      tasksel --task-packages standard | sort … run on a clean Buster
anonym's avatar
anonym committed
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
      system. Also:
       * live-build forcibly translates --packages-lists="standard"
         into "tasksel install standard", so to make this change
         effective we also need to switch to "--packages-lists
         minimal" or "--packages-lists none". The former has
         problematic side-effects so let's use the latter.
       * Add to tails-common.list some of the packages that were
         previously installed automatically, e.g. via live-build's
         lists/standard → lists/minimal.

  * Test suite
    - Tons of tiny updates for the Stretch → Buster transition, mainly
      updated reference images, but also a few other trivial changes
      (e.g. close with Alt+F4 instead of menu, or vice versa) due to
      changes in applications.
anonym's avatar
anonym committed
1377
    - Drop test case about migrating from a Jessie-area persistent
anonym's avatar
anonym committed
1378
1379
1380
1381
      volume. If our code happens to support Tails 2.x → 4.x upgrades
      without going through 3.x, fine. But let's not spend cycles in
      our CI to guarantee this.
    - Revert "Test suite: add backward compatibility with redir <
anonym's avatar
anonym committed
1382
1383
1384
1385
      3.0." We don't support running the test suite on Jessie anymore.
    - Adjust dhclient listening address for Buster.
    - Bump timeout for poweroff from 3 to 10 minutes (Refs: #16312).
    - Adjust dogtail patterns for gobby test (Closes: #16335). With the
anonym's avatar
anonym committed
1386
1387
1388
      gobby upgrade from 0.5.0 to 0.6.0 pre-series, the case changed a
      little for a menu item and the window it leads to.
    - Update key shortcut to close seahorse's Preferences window
anonym's avatar
anonym committed
1389
1390
1391
1392
1393
1394
      (Closes: #16341). The Close button is gone from the
      Preferences window in the buster version of the seahorse
      package, making it impossible to close that window. Switch to
      sending ESC instead of Alt-C.
    - Update MAT test case for MAT2 (Closes: #16623).
    - Add debug logging for when we call Sikuli. When following a
anonym's avatar
anonym committed
1395
1396
1397
      (debug) log live (through `--format debug`) I find this change
      useful to know what is going on *right now* since Sikuli only
      reports what it has done after it is done.
anonym's avatar
anonym committed
1398
    - Be more careful when finding ASP notifications. For some reason
anonym's avatar
anonym committed
1399
      both the label and button has a "weird" invisible (despite
anonym's avatar
anonym committed
1400
      `showingOnly`) twin located just below the Applications
anonym's avatar
anonym committed
1401
1402
1403
      menu. So let's make some extra effort to actually find the real
      notification, and then look for the label and button among its
      children.
anonym's avatar
anonym committed
1404
    - Remove obsolete method. Display::take_screenshot() hasn't
anonym's avatar
anonym committed
1405
      existed for years.
anonym's avatar
anonym committed
1406
    - Remove workaround "Desktop icons are sometimes not shown" (Refs:
anonym's avatar
anonym committed
1407
      #13461)
anonym's avatar
anonym committed
1408
    - Wait longer between search steps in the GNOME Overview. On
anonym's avatar
anonym committed
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
      jenkins.lizard  which was under high load at that time  I've
      seen failures while starting GNOME Terminal from the Overview,
      where:
       - The debug log claims we did type "c", waited 1 second, then
         typed "ommandline", then slept another 1 second, then pressed
         Enter. I.e. just as the code says.
       - The video shows that GNOME Shell did pick up "c", which
         selected the first search result ("Configure Persistent
         Volume"), but then there's no trace of typing "ommandline".
         So I suspect that "ommandline" was lost because GNOME Shell
         was still busy, somehow. Let's sleep a bit longer before
         these steps, to give GNOME Shell a better chance to recover
         and notice keyboard input.
anonym's avatar
anonym committed
1422
1423
1424
    - Log exceptions thrown in generated (i.e. snapshot) steps (Refs:
      #16747). Hopefully this will help us track down these elusive
      exceptions.
anonym's avatar
anonym committed
1425
1426
    - Extend waiting time for additional software to be installed.
    - Sometimes we need more more time to load a page over tor.
anonym's avatar
anonym committed
1427
1428
1429
1430
1431
    - Remove useless TailsUpgraderApplyingUpgrade.png. The "progress
      prompt" it was used for just flashes by and can easily be
      missed. There is no reason at all to wait for it since the only
      two final outcomes are success or failure, which we already look
      for.
anonym's avatar
anonym committed
1432
1433
1434
1435
    - debug_log() when we save/restore snapshots. These actions can
      take a long time (especially saving snapshots on a system under
      load) and can make it appear like if the test suite has gotten
      stuck for those following the debug log.
anonym's avatar
anonym committed
1436
1437
    - Don't rely on mtimes from Debian packages we download, to
      indicate which one has the biggest version (Closes: #16819).
anonym's avatar
anonym committed
1438
1439
1440
1441
      These mtimes are copied from the HTTP server where APT downloads
      packages from, which contradicts our assumption that the newest
      file must be the one with the biggest version. Instead we use ls
      to sort by version number, to pick the biggest version.
anonym's avatar
anonym committed
1442
1443
1444
    - Only send TAB every second to get the syslinux kernel
      command-line (Closes: #16820). Our syslinux has a timeout of 5s so
      sending TAB every second should be enough to guarantee we do
anonym's avatar
anonym committed
1445
      open the kernel command line. As anonym reported, "the spammer
anonym's avatar
anonym committed
1446
1447
1448
1449
      makes the splash show for significantly longer: I've seen >10x,
      so the boot splash never managed to appear, which is worrying".
    - Drop workaround to make the TAB spammer compatible with the UEFI
      firmware (Closes: #16820). As reported by anonym on #16820, and
anonym's avatar
anonym committed
1450
1451
1452
1453
      confirmed by my testing, pressing TAB doesn't seem to open the
      UEFI configuration, so the very reason why we had this
      workaround is gone.

anonym's avatar
anonym committed
1454
1455
1456
  * Adjustments for Debian 10 (Buster) with no or very little user-visible impact
    - Adjust APT sources and pinning for Buster.
    - Refresh and unfuzzy patches for Buster.
anonym's avatar
anonym committed
1457
    - Pass --ellipsize to zenity (refs: #16286). This fixes dialog
anonym's avatar
anonym committed
1458
      width and height on Buster.
anonym's avatar
anonym committed
1459
    - Update expected /etc/passwd and /etc/group for Buster.
anonym's avatar
anonym committed
1460
1461
1462
1463
    - Display TopIcons systray on the left of the system menu (Refs:
      #14796).
    - Remove apparmor-adjust-freedesktop-abstraction.diff patch,
      merged upstream in apparmor. The
anonym's avatar
anonym committed
1464
1465
      9d8b6f4dbd8a04470490ae2bfd52044906abd7f6 commit (first appeared
      upstream in apparmor v2.13.1) implements this change in a
anonym's avatar
anonym committed
1466
      generic way.
anonym's avatar
anonym committed
1467
1468
    - Adjust hook to the fact the Dovecot AppArmor profiles are not
      shipped in /etc anymore.
anonym's avatar
anonym committed
1469
1470
1471
    - Import iuk.git's feature/buster branch at commit 919335e
      (Closes: #16286).
    - Enable desktop-icons gnome-shell extension (Closes: #16283).
anonym's avatar
anonym committed
1472
    - Add autostart script to have gnome-shell trust desktop icons
anonym's avatar
anonym committed
1473
      (Closes: #16283). Various conditions must be met for gnome-shell
anonym's avatar
anonym committed
1474
1475
1476
      to make desktop icons launchable, including file
      permissions. But the GIO metadata::trusted setting is also
      needed, and can apparently only be set from an opened session,
anonym's avatar
anonym committed
1477
      so let's set the right things with an autostart script.
anonym's avatar
anonym committed
1478
1479
1480
1481
    - Drop code that sets the cursor to "WATCH" (hourglass) after
      logging in (Closes: #16305) This fixes "GDM's GNOME Shell floods
      the Journal with XFIXES/cursor issues on Buster" by importing
      the relevant bits of greeter:feature/buster's commit abad17b6.
anonym's avatar
anonym committed
1482
1483
1484
1485
    - Remove 8 development packages that are not part of Tails 3.11 so
      we probably don't need to ship them in Tails 4.0 either (Closes:
      #16272).
    - Completely get rid of Qt4 (Closes: #15182).
anonym's avatar
anonym committed
1486
1487
    - SSH client: remove obsolete CompressionLevel setting (Closes:
      #16320).
anonym's avatar
anonym committed
1488
1489
1490
    - Removing /usr/share/live/config/xserver-xorg/intel.ids (Closes:
      #14991). Let's hope the graphics hardware issues we fixed via
      that file is fixed no.
anonym's avatar
anonym committed
1491
    - Adjust Onion Grater and AppArmor configuration for OnionShare
anonym's avatar
anonym committed
1492
1493
1494
      1.3 (Closes: #16306).
    - Have OnionShare 1.3 connect to the system Tor via Onion Grater
      for the control port (Closes: #16306). By default, OnionShare
anonym's avatar
anonym committed
1495
1496
      1.3 will start its own tor process, which can't possibly work on
      Tails.
anonym's avatar
anonym committed
1497
    - Don't install binutils-* (Closes: #16272). It wasn't in Tails 3.x
anonym's avatar
anonym committed
1498
1499
      and we have no reason to ship it in 4.0.
    - Install mat2 instead of the transitional mat package.
anonym's avatar
anonym committed
1500
    - Don't suspend automatically (Closes: #16624)
anonym's avatar
anonym committed
1501
    - tails-additional-software: Adjust arguments to
anonym's avatar
anonym committed
1502
      tails-persistence-setup (Closes: #16622). It seems like the perl
anonym's avatar
anonym committed
1503
1504
1505
      library which previously nicely handled the tps command-line
      arguments now doesn't support taking dashes instead of
      underscores anymore.
anonym's avatar
anonym committed
1506
    - Start tails-unblock-network in a blocking way (Closes: #16620)
anonym's avatar
anonym committed
1507
1508
1509
1510
      This reverts commit 59e99c51f15ab9e756e287acb03b4d3a91ca1dd2 in
      greeter.git. NetworkManager starting at the same time as GNOME
      Shell makes things racy: the Wi-Fi password prompt is sometimes
      not displayed (unreproduce on Debian Buster Live).
anonym's avatar
anonym committed
1511
1512
    - Patch ibus to fix an issue that prevented the on-screen keyboard
      from displaying in Tails Greeter (Closes: #16291).
anonym's avatar
anonym committed
1513
1514
1515
    - oniongrater: give onioncircuits empty STATUS_SERVER events.
      Connection to STATUS_SERVER events is required by stem 1.7
      connect() function, but we actually don't need them, so let's
anonym's avatar
anonym committed
1516
1517
1518
1519
      suppress them (Closes: #16626).
    - Fix GNOME bookmarks file for Buster (Closes: #16629).
    - Build VeraCrypt packages with our patches applied for Buster
      (Closes: #16634).
anonym's avatar
anonym committed
1520
    - Avoid new "render" group stealing a GID we have already
anonym's avatar
anonym committed
1521
      statically allocated to another group (Closes: #16649) With the
anonym's avatar
anonym committed
1522
1523
1524
1525
1526
1527
      systemd 241-1~bpo9+1 → 241-3~bpo9+1 upgrade, udev.postinst now
      creates a "render" system group, which shifts GIDs and makes our
      devel branch FTBFS.
    - update-acng-config: add support for 4.x and 5.x, drop 2.x. We
      won't build 2.x releases anymore but we'll start building 4.x
      from this branch soon.
anonym's avatar
anonym committed
1528
    - Restore Plymouth theme to "text" (Closes: #16743). The default
anonym's avatar
anonym committed
1529
1530
1531
1532
      theme in Buster ("futureprototype") is Debian-branded and thus
      unsuitable for Tails. Let's revert to the one we use in Tails
      3.x.
    - Stop installing caribou and libcaribou*: they're not used by
anonym's avatar
anonym committed
1533
      GNOME Shell in Buster anymore (Closes: #16628)
anonym's avatar
anonym committed
1534
    - Allow read access to /etc/machine-id in the AppArmor profile for
anonym's avatar
anonym committed
1535
1536
1537
1538
1539
1540
1541
1542
      Thunderbird (Closes: #16756). It breaks access to the D-Bus
      service where the GNOME on-screen keyboard listens on Buster.
    - Fix screen locker not working in Buster (Closes: #16763).
    - Hide lstopo in the Applications menu (Closes: #16797). It's
      pulled as a dependency by aircrack-ng but is probably not useful
      to the vast majority of Tails users.
    - Hide nm-connection-editor in the Applications menu (Closes:
      #16798). We still need the network-manager-gnome package that
anonym's avatar
anonym committed
1543
1544
1545
      installs this .desktop file (for details, see
      commit:40290be3651eaa6f08346231aef80eddd8b33c64), but there's no
      reason to expose it directly to users.
anonym's avatar
anonym committed
1546
1547
1548
1549
1550
1551
1552
    - TorStatus: call our custom destructor to avoid a use-after-free
      crashing GNOME Shell (Closes: #16791). It was ported to an ES6
      class in the process.
    - Copy dmidecode to initramfs (Closes: #16857). On Buster,
      partprobe complains if dmidecode is missing. It's not clear what
      the consequences are, at least it doesn't cause partprobe to
      exit with an error status code - but it's cheap to just copy
anonym's avatar
anonym committed
1553
      dmidecode to the initramfs.
anonym's avatar
anonym committed
1554
    - Adjust path for webext-ublock-origin 1.19.0+dfsg-2 (Closes:
anonym's avatar
anonym committed
1555
1556
      #16858).
    - Update Tor Browser AppArmor profile to take into account new
anonym's avatar
anonym committed
1557
1558
      uBlock installation path (Closes: #16858).
    - Disable the uBlock logger sidebar. This  brings back
anonym's avatar
anonym committed
1559
      the hack we had before we removed it in #16206. Without this,
anonym's avatar
anonym committed
1560
      the uBlock logger sidebar is displayed.
anonym's avatar
anonym committed
1561
1562
1563
1564
1565
1566
1567
1568
1569
    - Reintroduce the same APT pinning as we use in 3.x for uBlock.
      Granted, the version from Buster should probably be sufficient
      right now, but it probably won't be once Tor Browser gets
      updated to a future major Firefox ESR. And in the meantime,
      this pinning discrepancy between devel and feature/buster makes
      it harder to maintain our patch against
      /usr/share/webext/ublock-origin/js/background.js.
    - Drop obsolete libdesktop-notify-perl patches: they were merged
      upstream.
anonym's avatar
anonym committed
1570
    - Use X.Org in amnesia's GNOME session (Closes: #12213). Since a
anonym's avatar
anonym committed
1571
1572
      few months gdm3 defaults to Wayland in Debian testing/sid, just
      like upstream. But we're not ready yet.
anonym's avatar
anonym committed
1573
1574
1575
1576
1577
1578
    - Adjust Greeter's gdm-tails.session for Buster (Closes:
      #12551). This should ultimately be applied in greeter.git, but
      let's deal with it as a patch for now to avoid having to
      maintain two parallel branches of the Greeter.
    - Patch udisks2 and libblockdev and fix Tails Installer to repair
      USB boot on Buster (Closes: #14809).
anonym's avatar
anonym committed
1579
1580
1581
    - Install gnome-user-docs directly instead of the gnome-user-guide
      transitional package.
    - Install the "crypto" libblockdev plugin (Closes: #14816). It's
anonym's avatar
anonym committed
1582
      needed by recent udisks to do crypto operations.
anonym's avatar
anonym committed
1583
    - Use ConditionUser=1000 instead of manually testing the output of
anonym's avatar
anonym committed
1584
      `id -u' in some of our systemd services.
anonym's avatar
anonym committed
1585
1586
1587
1588
1589
1590
1591
    - Have debootstrap install gnupg when setting up the chroot.
      Otherwise the build fails after debootstrap has done its job and
      live-build tries to use apt-key.
    - Don't try to install the obsolete gnome-search-tool package.
      It's been removed from testing/sid by its maintainers:
      https://bugs.debian.org/885975
    - Don't try to retrieve syslinux.exe from the syslinux source
anonym's avatar
anonym committed
1592
1593
1594
1595
1596
      package. Since syslinux 3:6.03+dfsg1-1 this file is (rightfully)
      not included anymore in the Debian source package.  This commit
      is meant to fix the feature/buster ISO build. We of course need
      to find a proper solution, which is what #15178 is about.
    - Drop our pinned AppArmor feature set (Closes: #15149). On current
anonym's avatar
anonym committed
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
      Buster the AppArmor package pins to the Linux 4.14.13-1 feature
      set and I expect it'll keep pinning something that should work
      with the policy shipped in Buster.
    - Drop Stretch-specific workaround. This essentially workarounds
      4f8b50afb10a1ce1faf7645971bc020d2eb5d7dd,
      3e2d8a6a025b86f8191d125783ad507c57171bad and
      d56633a3089e5b177e07c2888442745557772f42.
    - Disable the usr.bin.man AppArmor profile. On Buster it breaks
      apparmor.service due to "profile has merged rule with
      conflicting x modifiers" that's most likely caused by the "/**
anonym's avatar
anonym committed
1607
1608
1609
1610
      mrixwlk" rule vs. our tweaks for aufs support.
    - Import files (from gksu 2.0.2-9+b1) needed for the Root Terminal
      into Git instead of fetching the package and extracting them at
      build time.
anonym's avatar
anonym committed
1611
1612
1613
1614
1615
1616
1617
    - Use orca's current package name instead of pre-Buster
      transitional one.
    - Stop explicitly installing gstreamer1.0-pulseaudio. This was
      needed on Jessie due to Debian#852870 which was fixed in
      Stretch.
    - Drop adwaita-qt4: it was removed from Debian sid and won't be in
      Buster.
anonym's avatar
anonym committed
1618
    - Disable man-db.timer on Buster (Closes: #16631)
1619
1620
    - Fix invalid seq range in update-acng-config so we geberate proper
      rules for Tails 4.x and 5.x.
anonym's avatar
anonym committed
1621

anonym's avatar
anonym committed
1622
 -- Tails developers <tails@boum.org>  Wed, 07 Aug 2019 20:30:15 +0200
anonym's avatar
anonym committed
1623

1624
tails (3.16) unstable; urgency=medium
1625

1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
  * Major changes
    - Upgrade Tor Browser to 8.5.5 (Closes: #16692).

  * Security fixes
    - Install Linux kernel from the Buster security repository (Closes: #16970).
      The new Spectre v1 swapgs variant (CVE-2019-1125), which was fixed
      in sid via 5.2.x, which is a too big change for the Tails 3.16 bugfix
      release. Let's instead track Buster (+ security) for the time being.
    - Upgrade LibreOffice to 1:5.2.7-1+deb9u10 (DSA-4483-1, DSA-4501-1).
    - Upgrade Thunderbird to 60.8 (DSA-4482-1).
    - Upgrade Ghostscript to 9.26a~dfsg-0+deb9u4 (DSA-4499-1).
    - Upgrade Patch to 2.7.5-1+deb9u2 (DSA-4489-1).
    - Upgrade nghttp2 library to 1.18.1-1+deb9u1 (DSA-4511-1).

  * Bugfixes
    - Additional software: Improve/fix support for translations (Closes: #16601).
    - Rework the implementation for hiding TailsData partitions (Closes: #16789).
    - Adjust how tordate determines whether the clock is in a valid range,
      fixing issues with obfs4 (Closes: #16972).

  * Minor improvements and updates
    - Ship default upstream Tor Browser bookmarks, and remove our predefined
      bookmarks (Closes: #15895).
    - Hide the security level button in the unsafe browser (Closes: #16735).
    - Remove pre-generated Pidgin accounts (Closes: #16744).
    - Remove LibreOffice Math (Closes: #16911).
    - Website: Make sandbox page translatable (Closes: #16873).
    - Website: Only scrub HTML on blueprints (Closes: #16901).
    - Website: Point history & diff URLs to Salsa.

  * Build system
    - Bump APT snapshot of the torproject archive to 2019073103, and drop
      tor-experimental-0.4.0.x-stretch reference (Closes: #16883).
    - Bump APT snapshot of the Debian archive to 2019080801 to get fixed
      firmware packages from sid instead of sticking to those from
      stretch-backports (Closes: #16728).
    - Enable the buster APT repository and install some packages from there:
      hunspell-id, hunspell-tr, and fonts-noto-* (See: #16728).
    - Refresh patch for webext-ublock-origin 1.19.0+dfsg-2, and adjust Tor
      Browser AppArmor profile accordingly (Closes: #16858).
    - Refresh Tor Browser AppArmor profile patch for torbrowser-launcher
      0.3.2-1 (Closes: #16941).

  * Test suite
    - Ignore RARP packets, since PacketFu cannot parse them (Closes: #16825).
    - Adjust both locale handling and reference pictures for the Unsafe
      Browser homepage (Closes: #17004).
    - Fix "Watching a WebM video over HTTPS" scenario on Jenkins
      (Closes: #10442).
    - Tag "Watching a WebM video" as fragile.
    - Make @check_tor_leaks more verbose (See: #10442).
    - Remove broken Electrum scenario since Electrum support is currently
      missing (Closes: #16421).
1679

1680
 -- Tails developers <tails@boum.org>  Tue, 03 Sep 2019 20:30:14 +0200
1681

1682
tails (3.15) unstable; urgency=medium
anonym's avatar
anonym committed
1683

1684
1685
1686
  * Major changes
    - Upgrade Tor Browser to 8.5.4 (Closes: #16691).
    - Upgrade Thunderbird to 60.7.2 (Closes: #16834).
anonym's avatar
anonym committed
1687

1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
  * Security fixes
    - Upgrade Expat to 2.2.0-2+deb9u2 (DSA-4472-1).
    - Upgrade OpenSSL 1.0 to 1.0.2s-1~deb9u1 (DSA-4475-1).
    - Upgrade OpenSSL to 1.1.0k-1~deb9u1 (DSA-4475-1).
    - Upgrade Vim to 2:8.0.0197-4+deb9u3 (DSA-4467-1).

  * Bugfixes
    - Recompute CHS values for the hybrid MBR after first-boot
      repartitioning (Closes: #16389). Some legacy BIOS systems won't boot
      otherwise.
    - Strip debug symbols from the aufs kernel module smaller (refs: #16818).
      The primary target was getting the initramfs down under 32MB, hoping
      to repair boot of feature/buster on MacBookPro 8,1. In any cases,
      the user experience should be improved due to a faster boot for
      every user, and a shortened “black screen” duration (between the
      bootloader and the Plymouth splash screen).

  * Minor improvements and updates
    - Make “Unlock VeraCrypt Volumes” show an error message if locking
      fails (Closes: #15794).
    - Add support for booting Tails from a read only sdcard (fromiso),
      through Heads, allowing for measured boot on some tamper-evident
      hardware (https://github.com/osresearch/heads/issues/581).

  * Build system
    - Patch Thunderbird packages from Debian when building Tails images
      (Closes: #6156).
    - Improve tooling to maintain and update PO files (Closes: #15403),
      rewriting some tools and moving code to the jenkins-tools submodule.
    - Implement preliminary steps needed to make the ikiwiki PO plugin
      able to update PO files for languages that are disabled on the
      website (refs: #15355).