changelog 217 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
tails (2.0~beta1) UNRELEASED; urgency=medium
2

intrigeri's avatar
intrigeri committed
3
  XXX: see changelog of custom packages
4

intrigeri's avatar
intrigeri committed
5
6
7
  * Major new features and changes
    - Upgrade to Debian 8 (Jessie).
    - Migrate to GNOME Shell in Classic mode.
8
    - Use systemd as PID 1, and convert all custom initscripts to systemd units.
intrigeri's avatar
intrigeri committed
9
    - Remove the Windows camouflage feature: our call for help to port
10
      it to GNOME Shell (issued in January, 2015) was unsuccessful.
intrigeri's avatar
intrigeri committed
11
12

  * Security fixes
13
    - Minimally sandbox many services with systemd's namespacing features.
intrigeri's avatar
intrigeri committed
14
15

  * Bugfixes
16
17
18
    - Restore the logo in the "About Tails" dialog.
    - Don't tell the user that "Tor is ready" before htpdate is done
      (Closes: #7721).
19
    - Upgrader wrapper: make the check for free memory more accurate
20
      (Closes: #10540, #8263).
21
22
23
24
25
26
27
    - Allow the desktop user, when active, to configure printers;
      fixes regression introduced in Tails 1.1 (Closes: #8443).
    - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
      and showing errors while we make sure that Tor bootstraps, which could
      take a while.
    - Allow Totem to read DVDs, by installing apparmor-profiles-extra
      from jessie-backports (Closes: #9990).
intrigeri's avatar
intrigeri committed
28
29

  * Minor improvements
30
    - Remove obsolete code from various places.
intrigeri's avatar
intrigeri committed
31
32
    - Use socket activation for CUPS, to save some boot time.
    - Port XXX [check custom packages] to GTK3 / UDisks2 / Python 3 / whatever.
33
    - Don't install UDisks v1.
34
    - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
35
36
    - Adjust import-translations' post-import step for Tails Installer,
      to match how its i18n system works nowadays.
37
    - Set memlockd.service's OOMScoreAdjust to -1000.
intrigeri's avatar
intrigeri committed
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
    - Don't bother creating /var/lib/live in tails-detect-virtualization.
      If it does not exist at this point, we have bigger and more
      noticeable problems.
    - Simplify the virtualization detection & reporting system, and do it
      as a non-root user with systemd-detect-virt rather than virt-what.
    - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
      WhisperBack's logs handling accordingly.
    - Drop tails-save-im-environment.
      It's not been used since we stopped automatically starting the web browser.
    - Add a hook that aborts the build if any *.orig file is found. Such files
      appear mainly when a patch of ours is fuzzy. In most cases they are no big
      deal, but in some cases they end up being taken into account
      and break things.
    - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
    - Install gnome-tweak-tool.
    - Don't bother testing if we're using dependency based boot.
    - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
      This has been fixed in Jessie proper.
    - Don't install ipheth-utils anymore. It seems to be obsolete
      in current desktop environments.
    - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
    - Drop all custom fontconfig configuration, and configure fonts rendering
      via dconf.
    - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
      that was applied upstream.
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
    - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
      it brings new features we need.
    - Have the security check and the upgrader wait for Tor having bootstrapped
      with systemd unit ordering.
    - Get rid of tails-security-check's wrapper.
      Its only purpose was to wait for Tor to have bootstrapped,
      which is now done via systemd.
    - Don't allow the amnesia and tails-upgrade-frontend users to run
      tor-has-bootstrapped as root with sudo. They don't need it anymore,
      thanks to using systemd for starting relevant units only once Tor
      has bootstrapped.
    - Install python-nautilus, that enables MAT's context menu item in Nautilus.
      (Closes: #9151).
    - Configure GDM with a snippet file instead of patching its
      greeter.dconf-defaults.
    - WhisperBack:
      · port to Python 3 and GObject Introspection (Closes: #7755)
      · migrate from the gnutls module to the ssl one
      · use PGP/MIME for better attachments handling
      · migrate from the gnupginterface module to the gnupg one
      · natively support SOCKS ⇒ don't wrap with torsocks anymore
        (Closes: #9412)
      · don't try to include the obsolete .xession-errors in bug reports
        (Closes: #9966)
    - chroot-browser.sh: don't use static DISPLAY.
    - Simplify debugging:
      · don't hide the emergency shutdown's stdout
      · tails-unblock-network: trace commands so that they end up in the Journal
    - Configure the console codeset at ISO build time, instead of setting it
      to a constant via the Greeter's PostLogin.default.
    - Order the AppArmor policy compiling in a way that is less of a blocker
      during boot.
    - Include the major KMS modules in the initramfs. This helps seamless
      transition to X.Org when booting, and back to text mode on shutdown,
      can help for proper graphics hardware reinitialization post-kexec,
      and should improve GNOME Shell support in some virtual machines.
99
100
101
102
103
104
105
106
107
108
109
110
111
    - Always show the Universal Access menu icon in the GNOME panel.
    - Drop notification for not-migrated-yet persistence configuration,
      and persistence settings disabled due to wrong access rights.
      That migration happened more two years ago.
    - Remove the restricted network detector, that has been broken for too long;
      see #10560 for next steps (Closes: #8328).
    - Remove unsupported, never completed kiosk mode support.
    - clock_gettime_monotonic: use Perl's own function to get the integer part,
      instead of forking out to sed.
    - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
      and the implementation are obsolete on Jessie.
    - Lower potential for confusion (#8443), by removing system-config-printer.
      One GUI to configure printers is enough (Closes: #8505).
112
    - Add "set -u" to tails-unblock-network.
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
    - Add a systemd target whose completion indicates that Tor has bootstrapped,
      and use it everywhere sensible (Closes: #9393).
    - Disable udev's 75-persistent-net-generator.rules, to preventing races
      between MAC spoofing and interface naming.
    - Replace patch against NetworkManager.conf with drop-in files.
    - Replace resolvconf with simpler NetworkManager and dhclient configuration.
      (Closes: #7708)
    - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
      with 'systemctl disable' (Closes: #9881).
    - Replace patches that wrapped apps with torsocks with dynamic patching with
      a hook, to ease maintenance. Also, patch D-Bus services as needed
      (Closes: #10603).
    - Notify the user if running Tails inside non-free virtualization software
      that does not try to hide its nature (Closes: #5315).
      Thanks to Austin English <austinenglish@gmail.com> for the patch.
    - Declare htpdate.service as being needed for time-sync.target, to ensure
      that "services where correct time is essential should be ordered after
      this unit".
    - Convert some of the X session startup programs to `systemd --user' units.
intrigeri's avatar
intrigeri committed
132
133
134
135
136
137

  * Test suite
    - Adapt to the new desktop environment and applications' look.
    - Adapt new changed nmcli syntax and output.
    - New NetworkManager connection files must be manually loaded in Jessie.
    - Adapt to new pkexec behavior.
138
    - Adapt to how we now disable networking.
intrigeri's avatar
intrigeri committed
139
140
141
    - Use sysctl instead of echo:ing into /proc/sys.
    - Use oom_score_adj instead of the older oom_adj.
    - Adapt everything depending on logs to the use of the Journal.
142
143
144
145
146
147
148
    - Port to UDisks v2.
    - Check that the system partition is an EFI System Partition.
    - Add ldlinux.c32 to the list of bootloader files that are expected
      to be modified when we run syslinux (Closes: #9053).
    - Use apt(8) instead of apt-get(8).
    - Don't hide the cursor after opening the GNOME apps menu.
    - Convert the remote shell to into a systemd native service and a Python 3,
149
150
      script that uses the sd_notify facility (Closes: #9057). Also, set its
      OOM score adjustment value via its unit file, and not from the test suite.
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
    - Adjust to match where screenshots are saved nowadays.
    - Check that all system units have started (Closes: #8262)
    - Simplify the "too small device" test.
    - Spawn `poweroff' and `halt' in the background, and don't wait for them
      to return: anything else would be racy vs. the remote shell's stopping.
    - Bump video memory allocated to the system under test, to fix out of video
      memory errors.
    - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
      of a Pentium one: the latter makes GNOME Shell crash.
      See #8778 for details about how Mesa's CPU features detection has
      room for improvement.
    - Adjust free(1) output parsing for Jessie.
    - vm-execute: rename --type option to --spawn.
    - Add method to set the X.Org clipboard, and install its dependency
      (xsel) in the ISO.
    - Paste URLs in one go, to work around issue with lost key presses
      in the browser (Closes: #10467).
    - Reliably wait for Synaptic's search button to fade in.
169
170
171
172
173
174
175
176
177
    - Take into account that the sticky bit is not set on block devices
      on Jessie anymore.
    - Ensure that we can use a NetworkManager connection stored in persistence
      (Closes: #7966).
    - Use a stricter regexp when extracting logs for dropped packets.
    - Clone the host CPU for the test suite guests (Closes: #8778).
    - Run ping as root (aufs does not support file capabilities so we don't
      get cap_net_raw+ep, and if built on a filesystem that does support
      file capabilities, then /bin/ping is not setupd root).
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
    - Escape regexp special characters when constructing the firewall log
      parsing regexp, and pass -P to grep, since Ruby uses PCRE.
    - Adjust is_persistent?() helper to findmnt changes in Jessie.
    - Rework in depth how we measure pattern coverage in memory, with more
      reliable Linux OOM and VM settings, fundamental improvements
      in what exactly we measure, and custom OOM adjutments for fillram
      processes (Closes: #9705).
    - Use blkid instead of parted to determine the filesystem type.
    - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
      the tiny border of the in-viewer menu.
    - Remove now redundant desktop screenshot directory scenario.
    - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
    - Disable screen blanking in the automated test suite, which occasionally
      breaks some test cases (Closes: #10403).
    - Move upgrade scenarios to the feature dedicated to them.
    - Don't make libvirt storage volumes executable.
    - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
      as a breakpoint when debugging.
    - Drop non-essential Totem test that is mostly a duplicate, and too painful
      to be worth automating on Jessie.
    - Retry Totem HTTPS test with a new Tor circuit on failure.
    - Replace iptables status regexp-based parser with a new XML-based
      status analyzer: the previous implementation could not be adjusted
      to the new ip6tables' output (Closes: #9704).
    - Don't reboot in one instance when it is not needed.
    - Optimize memory erasure anti-test: block the boot to save CPU on the host.
intrigeri's avatar
intrigeri committed
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226

  * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
    - Free the fixed UIDs/GIDs we need before creating the corresponding users.
    - Replace the real gnome-backgrounds with a fake, equivs generated one
      (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
      which is too fat to ship considering we're not using it.
    - AppArmor: adjust CUPS profile to support our Live system environment
      (Closes: #8261):
      · Mangle lib/live/mount/overlay/... as usual for aufs.
      · Pass the the attach_disconnected flag, that's needed for compatibility
        with PrivateTmp.
    - Make sure we don't ship geoclue* (Closes: #7949).
    - Drop deprecated GDM configuration file.
    - Don't add the Live user to the deprecated 'fuse' group.
    - Drop hidepid mount option for /proc (Closes: #8256). In its current,
      simplistic form it cannot be supported by systemd.
    - Don't manually load acpi-cpufreq at boot time. It fails to load
      whenever no device it supports is present, which makes the
      systemd-modules-load.service fail. These days, the kernel
      should just automatically load such modules when they are needed.
    - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
    - Disable the GDM unit file's Restart=always, that breaks our "emergency
      shutdown on boot medium removal" feature.
227
228
229
230
231
232
233
234
235
236
    - Update the implementation of the memory erasure on shutdown feature:
      · check for rebooting state using systemctl, instead of the obsolete
        $RUNLEVEL (Closes: #8306)
      · the kexec-load initscript normally silently exits unless systemd is
        currently running a reboot job. This is not the case when the emergency
        shutdown has been triggered, so we removed this check
      · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
      - don't (try to) switch to tty1 on emergency shutdown: it apparently
        requires data that we haven't locked into memory, and then it blocks
        the whole emergency shutdown process
intrigeri's avatar
intrigeri committed
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
    - Display a slightly darker version of the desktop wallpaper on the screen
      saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
    - Disable software autorun from external media.
    - Disable a few unneeded D-Bus services. Some of these services are
      automatically started (via D-Bus activation) when GNOME Shell tries
      to use them. The only "use" I've seen for them, except eating
      precious RAM, is to display "No appointment today" in the calendar pop-up.
      (Closes: #9037)
    - Prevent NetworkManager services from starting at boot time
      (Closes: #8313). We start them ourselves after changing the MAC address.
    - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
    - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
      places where we configure keyboard layout and input methods: both are now
      configured in the same place in Jessie's GNOME.
    - Migrate panel launchers to the favorite apps list (Closes: #7992).
    - Drop pre-GNOME Shell menu tweaks.
    - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
    - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
      and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
      functionality from the GNOME user menu, and makes Restart and Shutdown
      immediate, without further user interaction. Accordingly remove our custom
      Shutdown Helper panel applet (#8302).
    - Drop GNOME Panel configuration, now deprecated.
    - Disable GNOME Shell's screen lock feature.
      We're not there yet (see #5684).
    - Disable GNOME Shell screen locker's user switch feature.
    - Explicitly install libany-moose-perl (Closes: #8051).
      It's needed by our OpenPGP applet. On Wheezy, this package was pulled
      by some other dependency. This is not the case anymore on Jessie.
    - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
      over this functionality (Closes: #7481).
    - Don't install ntfsprogs: superseded on Jessie.
    - Don't install barry-util: not part of Jessie.
    - Link udev-watchdog dynamically, and lock it plus its dependencies
      in memory.
    - Migrate from gdm-simple-greeter to a custom gdm-tails session
      (Closes: #7599).
274
275
276
277
278
279
280
281
282
    - Update Plymouth installation and configuration:
      · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
        packages list pulls console-common in, which plymouth now conflicts with
      · don't patch the plymouth initscript anymore, that was superseded
        by native systemd unit files
      · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
        to prevent them from occupying the active TTY with an (empty) splash
        screen on shutdown/reboot, that would hide the messages we want to show
        to the user via tails-kexec (Closes: #9032)
intrigeri's avatar
intrigeri committed
283
284
285
286
287
288
    - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
      (Closes: #7898).
    - Explicitly install syslinux-efi, that we need and is not automatically
      pulled by anything else anymore.
    - Workaround #7248 for GDM: use a solid blue background picture,
      instead of a solid color fill, in the Greeter session.
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
    - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
    - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
    - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
    - Remove obsolete dconf screenshot settings and the corresponding test.
    - Drop our patched python-dbus{,-dev} package (Closes: #9177).
    - live-persist: stop overriding live-boot's functions, we now have
      a recent enough blkid.
    - Adjust sdmem initramfs bits for Jessie:
      · Directly call poweroff instead of halt -p.
      · Don't pass -n to poweroff and reboot, it's not supported anymore.
    - Wrap text in the Unsafe Browser startup warning dialog
      (Jessie's zenity does not wrap it itself).
    - Associate application/pgp-keys with Seahorse's "Import Key" application
      (Closes: #10571).
    - Install topIcons GNOME Shell extension (v28), to work around the fact
      that a few of the applets we use hijack the notification area.
    - "cd /" to fix permissions issue at tails-persistence-setup startup
      (Closes: #8097).
    - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
    - Adjust APT sources configuration:
      · remove explicit jessie and jessie-updates sources:
        automatically added by live-build
      · add Debian testing
      · add jessie-backports
    - Firewall: white-list access to the accessibility daemon (Closes: #8075).
    - Adjust to changed desktop notification behavior and supported feature set
      (Closes: #7989):
      · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
        to notify-send
      · update waiting for a notification handler: gnome-panel and nm-applet
        are obsolete, GNOME Shell is now providing this facility, so instead
        wait for a process that starts once GNOME Shell is ready, namely
        ibus-daemon (Closes: #8685)
      · port tails-warn-about-disabled-persistence and tails-virt-notify-user
        to notification actions (instead of hyperlinks), and make the latter
        transient; to this end, add support to Desktop::Notify for "hints"
        and notification actions
      · tails-security-check: use a dialog box instead of desktop notifications
      · MAC spoofing failure notification: remove the link to the documentation;
        it was broken on Tails/Wheezy already, see #10559 for next steps
329
330
331
332
333
334
335
336
337
338
339
    - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
      whenever the Greeter does not pull them in anymore.
    - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
    - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
      ourselves for seccomp support anymore.
    - Wrap Seahorse with torsocks when it is started as a D-Bus service too
      (Closes: #9792).
    - Rename the AppArmor profile for Tor, so it applies to the system-wide
      Tor service we run (Closes: #10528).
    - Essentially revert ALSA state handling to how it was pre-Jessie, so that
      mixer levels are unmuted and sanitized at boot time (Closes: #7591).
intrigeri's avatar
intrigeri committed
340
    - Pass --yes to apt-get when installing imagemagick.
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
    - Make removable devices, that we support installing Tails to, user writable:
      Tails Installer requires raw block device access to such devices
      (Closes: #8273). Similarly, allow the amnesia user, when active, to open
      non-system devices for writing with udisks2. This is roughly udisks2's
      equivalent of having direct write access to raw block storage devices.
      Here too, Tails Installer uses this functionality.
    - Disable networkd to prevent any risk of DNS leaks it might cause; and
      disable timesyncd, as we have our own time synchronization mechanism.
      They are not enabled by default in Jessie, but may be in Stretch,
      so let's be explicit about it.
    - Mask hwclock-save.service, to avoid sync'ing the system clock
      to the hardware clock on shutdown (Closes: #9363).
    - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
      (Closes: #9963)
    - Explicitly use tor@default.service when it's the one we mean.
    - Refactor GNOME/X env exporting to Tails' shell library, and grab
      more of useful bits of the desktop session environment.
      Then, use the result in the test suite's remote shell.
    - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
      automatically (Closes: #10609).
    - Have systemd hardening let Tor modify its configuration (needed by Tor
      Launcher), and start obfs4proy (Closes: #10696, #10724).
363

intrigeri's avatar
intrigeri committed
364
 -- Tails developers <tails@boum.org>  Thu, 19 Nov 2015 16:01:19 +0000
365

anonym's avatar
anonym committed
366
tails (1.8) unstable; urgency=medium
anonym's avatar
anonym committed
367

anonym's avatar
anonym committed
368
369
  * Security fixes
    - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
sajolida's avatar
sajolida committed
370
    - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
371
372
373
374
375
376
377
378
379
380
381
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
    - Upgrade wpasupplicant to 1.0-3+deb7u3.
    - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
    - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
    - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
    - Upgrade dpkg to 1.16.17.
    - Upgrade gnutls26 to 2.12.20-8+deb7u4.
    - Upgrade Icedove to 1:38.0.1-1~deb7u1.
    - Upgrade OpenSSL to 1.0.1e-2+deb7u18.
anonym's avatar
anonym committed
382

anonym's avatar
anonym committed
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
  * Bugfixes
    - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
      should work again. Note that the documentation has not been
      adapted to the slight changes in the Electrum account setup
      wizard yet.

  * Minor improvements
    - Upgrade I2P to 0.9.23-2~deb7u+1.
    - Rebase our patch against the Tor Browser AppArmor profile on top
      of the one shipped in torbrowser-launcher 0.2.1-2.
    - Warn if the claws-mail persistence is enabled and contains a
      Claws Mail configuration when starting icedove. (Closes: #10458)
    - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
      #10739)
    - Remove the Claws Mail persistence feature from the Persistence
      Assistant. (Closes: #10742)

  * Build system
    - Simplify ISO image naming rules by using the base rule we use
      for Jenkins all the time, except when building from a tag
      (i.e. building a release).  (Closes: #10349)

  * Test suite
    - Lower the waiting time for USB installation in the test suite.
      So far we were waiting up to one hour, which is just the same as
      our Jenkins inactivity timeout, so in practice when Tails
      Installer fails and displays an error message, instead of
      reporting that the job failed (which is the point of the
      exercise) we abort the job due to this timeout which
      communicates less clearly that there's probably a bug. (Closes:
      #10718)
    - Remove the check for the sound icon in the systray in the
      Windows Camouflage tests. (Closes: #10493)
    - Retry running whois when "LIMIT EXCEEDED" is in its output for
      increased robustness. (Closes: #10523)
    - Make Seahorse tests more robust. (Closes: #9095, #10501)
    - Make the handling of Pidgin's account manager more robust.
      (Closes: #10506)
anonym's avatar
anonym committed
421

anonym's avatar
anonym committed
422
 -- Tails developers <tails@boum.org>  Mon, 14 Dec 2015 23:07:19 +0100
anonym's avatar
anonym committed
423

anonym's avatar
anonym committed
424
tails (1.7) unstable; urgency=medium
bertagaz's avatar
bertagaz committed
425

anonym's avatar
anonym committed
426
  * Major new features and changes
anonym's avatar
anonym committed
427
    - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
anonym's avatar
anonym committed
428
429
430
    - Add a technology preview of the Icedove Email client (a
      rebranded version of Mozilla Thunderbird), including OpenPGP
      support via the Enigmail add-on, general security and anonymity
sajolida's avatar
sajolida committed
431
      improvements via the Torbirdy add-on, and complete persistence
anonym's avatar
anonym committed
432
433
434
435
436
437
438
439
      support (which will be enabled automatically if you already have
      Claws Mail persistence enabled). Icedove will replace Claws Mail
      as the supported email client in Tails in a future
      release. (Closes: #6151, #9498, #10285)
    - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
      improvement of this new Tor major release, the new
      KeepAliveIsolateSOCKSAuth option allows us to drop the
      bug15482.patch patch (taken from the Tor Browse bundle) that
sajolida's avatar
sajolida committed
440
      enabled similar (but inferior) functionality for *all*
anonym's avatar
anonym committed
441
442
443
444
445
446
      SocksPort:s -- now the same circuit is only kept alive for
      extended periods for the SocksPort used by the Tor
      Browser. (Closes: #10194, #10308)
    - Add an option to Tails Greeter which disables networking
      completely. This is useful when intending to use Tails for
      offline work only. (Closes: #6811)
bertagaz's avatar
bertagaz committed
447

anonym's avatar
anonym committed
448
449
  * Security fixes
    - Fix CVE-2015-7665, which could lead to a network interface's IP
elouann's avatar
elouann committed
450
      address being exposed through wget. (Closes: #10364)
anonym's avatar
anonym committed
451
452
453
454
    - Prevent a symlink attack on ~/.xsession-errors via
      tails-debugging-info which could be used by the amnesia user to
      read the contents of any file, no matter the
      permissions. (Closes: #10333)
anonym's avatar
anonym committed
455
456
457
458
459
460
461
462
463
464
465
466
467
    - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
    - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
    - Upgrade unzip to 6.0-8+deb7u4.

  * Bugfixes
    - Add a temporary workaround for an issue in our code which checks
      whether i2p has bootstrapped, which (due to some recent change
      in either I2P or Java) could make it appear it had finished
      prematurely. (Closes: #10185)
    - Fix a logical bug in the persistence preset migration code while
      real-only persistence is enabled. (Closes: #10431)
anonym's avatar
anonym committed
468
469

  * Minor improvements
anonym's avatar
anonym committed
470
471
    - Rework the wordings of the various installation and upgrade
      options available in Tails installer in Wheezy. (Closes: #9672)
anonym's avatar
anonym committed
472
473
474
475
476
    - Restart Tor if bootstrapping stalls for too long when not using
      pluggable transports. (Closes: #9516)
    - Install firmware-amd-graphics, and firmware-misc-nonfree instead
      of firmware-ralink-nonfree, both from Debian Sid.
    - Update the Tails signing key. (Closes: #10012)
anonym's avatar
anonym committed
477
478
479
480
481
482
    - Update the Tails APT repo signing key. (Closes: #10419)
    - Install the nmh package. (Closes: #10457)
    - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
      process, and pass the "sync" option when remounting the system
      partition as read-write. This might help with some issues we've
      seen, such as #10239, and possibly for #8449 as well.
anonym's avatar
anonym committed
483
484
485

  * Test suite
    - Add initial automated tests for Icedove. (Closes: #10332)
elouann's avatar
elouann committed
486
    - Add automated tests of the MAC spoofing feature. (Closes: #6302)
anonym's avatar
anonym committed
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
    - Drop the concept of "background snapshots" and introduce a general
      system for generating snapshots that can be shared between
      features. This removes all silly hacks we previously used to
      "skip" steps, and greatly improves performance and reliability
      of the whole test suite. (Closes: #6094, #8008)
    - Flush to the log file in debug_log() so the debugging info can
      be viewed in real time when monitoring the debug log
      file. (Closes: #10323)
    - Force UTF-8 locale in automated test suite. Ruby will default to
      the system locale, and if it is non-UTF-8, some String-methods
      will fail when operating on non-ASCII strings. (Closes: #10359)
    - Escape regexp used to match nick in CTCP replies. Our Pidgin
      nick's have a 10% chance to include a ^, which will break that
      regexp. We need to escape all characters in the nick. (Closes:
      #10219)
    - Extract TBB languages from the Tails source code. This will
      ensure that valid locales are tested. As an added bonus, the
      code is greatly simplified. (Closes: #9897)
anonym's avatar
anonym committed
505
506
    - Automatically test that tails-debugging-info is not susceptible
      to the type of symlink attacks fixed by #10333.
anonym's avatar
anonym committed
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
    - Save all test suite artifacts in a dedicated directory with more
      useful infromation encoded in the path. This makes it easier to
      see which artifacts belongs to which failed scenario and which
      run. (Closes: #10151)
    - Log all useful information via Cucumber's formatters instead of
      printing to stderr, which is not included when logging to file
      via `--out`. (Closes: #10342)
    - Continue running the automated test suite's vnc server even if
      the client disconnects. (Closes: #10345)
    - Add more automatic tests for I2P. (Closes: #6406)
    - Bump the Tor circuit retry count to 10. (Closes: #10375)
    - Clean up dependencies: (Closes: #10208)
      * libxslt1-dev
      * radvd
      * x11-apps
anonym's avatar
anonym committed
522

anonym's avatar
anonym committed
523
 -- Tails developers <tails@boum.org>  Tue, 03 Nov 2015 01:09:41 +0100
bertagaz's avatar
bertagaz committed
524

anonym's avatar
anonym committed
525
tails (1.6) unstable; urgency=medium
anonym's avatar
anonym committed
526

anonym's avatar
anonym committed
527
528
529
  * Security fixes
    - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
    - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
530
    - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
anonym's avatar
anonym committed
531
532
    - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
    - Upgrade libslp1 to 1.2.1-9+deb7u1.
533
    - Upgrade ssl-cert to 1.0.32+deb7u1.
anonym's avatar
anonym committed
534

anonym's avatar
anonym committed
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
  * Bugfixes
    - Fix a corner case for the MAC spoofing panic mode. If panic mode
      failed to disable the specific device that couldn't be spoofed
      (by unloading the module) we disable networking. Previously we
      only stopped NetworkManager. The problem is that NM isn't even
      started at this time, but will specifically be started when
      we're done with MAC spoofing. Therefore, let's completely
      disable NetworkManager so it cannot possibly be
      started. (Closes: #10160)
    - Avoid use of uninitialized value in restricted-network-detector.
      If NetworkManager decides that a wireless connection has timed
      out before "supplicant connection state" has occued, our idea of
      the state is `undef`, so it cannot be used in a string
      comparison. Hence, let's initialize the state to the empty
      string instead of `undef`. Also fix the state
      recording. Apparently NetworkManager can say a few different
      things when it logs the device state transitions. (Closes:
      #7689)

  * Minor improvements
    - Remove workaround for localizing search engine plugins. The
      workaround has recently become unnecessary, possibly due to the
      changes made for the seach bar after the Tor Browser was rebased
      on Firefox 38esr. (Closes: #9146)
    - Refer to the I2P Browser in the I2P notifications. Instead of
      some obscure links that won't work in the Tor Browser, where
      users likely will try them, and which I believe will open them
      by default. (Closes: #10182)
    - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
      enforce mode. (Closes: #9830)

  * Test suite
    - Test that udev-watchdog is monitoring the correct device when
      booted from USB. (Closes: #9890)
    - Remove unused 'gksu' step. This causes a false-positive to be
      found for #5330. (Closes: #9877)
    - Make --capture capture individual videos for failed scenarios
      only, and --capture-all to capture videos for all scenarios.
      (Closes: #10148)
anonym's avatar
anonym committed
574
    - Use the more efficient x264 encoding when capturing videos using
anonym's avatar
anonym committed
575
      the --capture* options. (Closes: #10001)
anonym's avatar
anonym committed
576
    - Make --old-iso default to --iso if omitted. Using the same ISO
anonym's avatar
anonym committed
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
      for the USB upgrade tests most often still does what we want,
      e.g. test that the current version of Tails being tested has a
      working Tails installer. Hence this seems like a reasonable
      default. (Closes: #10147)
    - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
      throw a new dedicated FindAnyFailed exception if these fail
      instead. Rjb::throw doesn't block Ruby's execution until the
      Java exception has been received by Ruby, so strange things can
      happen and we must avoid it. (Closes: #9633)
    - Fix the Download Management page in our browsers. Without the
      browser.download.panel.shown pref set, the progress being made
      will not update until after the browser has been restarted.
      (Closes: #8159)
    - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
      that deals with debugging instead of printing it to STDERR via
      the `--debug` option (which now has been removed). This gives us
      the full flexibility of Cucumber's formatter system, e.g. one
      easy-to-read formatter can print to the terminal, while we get
      the full debug log printed to a file. (Closes: #9491)
    - Import logging module in otr-bot.py. Our otr-bot.py does not use
      logging but the jabberbot library makes logging calls, causing a
      one-off message No handlers could be found for logger
      "jabberbot" to be printed to the console. This commit
      effectively prevents logging/outputting anything to the terminal
      which is at a level lower than CRITICAL. (Closes: 9375)
    - Force new Tor circuit and reload web site on browser
      timeouts. (Closes: #10116)
    - Focus Pidgin's buddy list before trying to access the tools
      menu. (Closes: #10217)
    - Optimize IRC test using waitAny. If connecting to IRC fails,
      such as when OFTC is blocking Tor, waiting 60 seconds to connect
      while a a Reconnect button is visible is sub-optimal. It would
      be better to try forcing a new Tor circuit and clicking the
      reconnect button. (Closes: #9653)
    - Wait for (and focus if necessary) Pidgin's Certificate windows.
      (Closes: #10222)

 -- Tails developers <tails@boum.org>  Sun, 20 Sep 2015 17:47:26 +0000
anonym's avatar
anonym committed
615

anonym's avatar
anonym committed
616
tails (1.5.1) unstable; urgency=medium
anonym's avatar
anonym committed
617

anonym's avatar
anonym committed
618
619
620
621
622
623
624
625
626
627
628
629
  * Security fixes
    - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
    - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
    - Upgrade libnss3 to 2:3.14.5-1+deb7u5.

  * Bugfixes
    - Refresh Tor Browser AppArmor profile patch. The old one doesn't
      apply on top of testing's torbrowser-launcher anymore.

  * Build system
    - Make sure Jenkins creates new jobs to build the testing branch
      after freezes. (Closes: #9925)
anonym's avatar
anonym committed
630

anonym's avatar
anonym committed
631
 -- Tails developers <tails@boum.org>  Fri, 28 Aug 2015 01:52:14 +0200
anonym's avatar
anonym committed
632

anonym's avatar
anonym committed
633
tails (1.5) unstable; urgency=medium
anonym's avatar
anonym committed
634

intrigeri's avatar
intrigeri committed
635
636
637
  * Major new features and changes
    - Move LAN web browsing from Tor Browser to the Unsafe Browser,
      and forbid access to the LAN from the former. (Closes: #7976)
638
639
    - Install a 32-bit GRUB EFI boot loader. This at least works
      on some Intel Baytrail systems. (Closes: #8471)
anonym's avatar
anonym committed
640

intrigeri's avatar
intrigeri committed
641
  * Security fixes
anonym's avatar
anonym committed
642
    - Upgrade Tor Browser to 5.0, and integrate it:
643
644
645
      · Disable Tiles in all browsers' new tab page.
      · Don't use geo-specific search engine prefs in our browsers.
      · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
anonym's avatar
anonym committed
646
        Marketplace), and the "Share this page" button in the Tool bar.
anonym's avatar
anonym committed
647
648
649
      · Generate localized Wikipedia search engine plugin icons so the
        English and localized versions can be distinguished in the new
        search bar. (Closes: #9955)
intrigeri's avatar
intrigeri committed
650
    - Fix panic mode on MAC spoofing failure. (Closes: #9531)
intrigeri's avatar
intrigeri committed
651
652
653
654
    - Deny Tor Browser access to global tmp directories with AppArmor,
      and give it its own $TMPDIR. (Closes: #9558)
    - Tails Installer: don't use a predictable file name for the subprocess
      error log. (Closes: #9349)
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
    - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
      which is too wide-open.
    - Use aliases so that our AppArmor policy applies to
      /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
      it applies to /. And accordingly:
      · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
      · Install rsyslog from wheezy-backports, since the version from Wheezy
        conflicts with AppArmor 2.9.
      · Stop installing systemd for now: the migration work is being done in
        the feature/jessie branch, and it conflicts with rsyslog from
        wheezy-backports.
      · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
      · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
      · Take into account aufs whiteouts in the system_tor profile.
      · Adjust the Vidalia profile to take into account Live-specific paths.
670
    - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
intrigeri's avatar
intrigeri committed
671
672
673
674
675
676
677
678
679
    - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    - Upgrade libexpat1 to 2.1.0-1+deb7u2.
    - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  * Bugfixes
680
    - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
intrigeri's avatar
intrigeri committed
681
682
683
684
685
686
687
688
689
690
691
692
693

  * Minor improvements
    - Tails Installer: let the user know when it has rejected a candidate
      destination device because it is too small. (Closes: #9130)
    - Tails Installer: prevent users from trying to "upgrade" a device
      that contains no Tails, or that was not installed with Tails Installer.
      (Closes: #5623)
    - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
      support for the OTRv3 protocol and for multiple concurrent connections
      to the same account. (Closes: #9513)
    - Skip warning dialog when starting Tor Browser while being offline,
      in case it is already running. Thanks to Austin English for the patch!
      (Closes: #7525)
694
695
696
697
698
699
700
701
702
703
704
    - Install the apparmor-profiles package (Closes: #9539), but don't ship
      a bunch of AppArmor profiles we don't use, to avoid increasing
      boot time. (Closes: #9757)
    - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
      of patching /etc/apparmor.d/tunables/home.
    - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
      is actually used as the read-write branch of the root filesystem's union
      mount, is visible. As a consequence:
      · One can now inspect how much space is used, at a given time, in the
        read-write branch of the root filesystem's union mount.
      · We can make sure our AppArmor policy works fine when that filesystem
anonym's avatar
anonym committed
705
        is visible, which is safer in case e.g. live-boot's behavior changes
706
707
        under our feet in the future... or in case these "hidden" files are
        actually accessible somehow already.
intrigeri's avatar
intrigeri committed
708
709
710
711
712

  * Build system
    - Add our jenkins-tools repository as a Git submodule, and replace
      check_po.sh with a symlink pointing to the same script in that submodule.
      Adjust the automated test suite accordingly. (Closes: #9567)
anonym's avatar
anonym committed
713
714
715
    - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
      particular the inclusion of the Tor Browser 5.0 series has recently
      increased the amount of space needed to build Tails. (Closes: #9901)
intrigeri's avatar
intrigeri committed
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745

  * Test suite
    - Test that the Tor Browser cannot access LAN resources.
    - Test that the Unsafe Browser can access the LAN.
    - Installer: test new behavior when trying to upgrade an empty device, and
      when attempting to upgrade a non-Tails FAT partition on GPT; also, take
      into account that all unsupported upgrade scenarios now trigger
      the same behavior.
    - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
      on failure. (Closes: #9518, #9709)
    - run_test_suite: remove control chars from log file even when cucumber
      exits with non-zero. (Closes: #9376)
    - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
    - Use custom exception when 'execute_successfully' fails.
    - Retry looking up whois info on transient failure. (Closes: #9668)
    - Retry wget on transient failure. (Closes: #9715)
    - Test that Tor Browser cannot access files in /tmp.
    - Allow running the test suite without ntp installed. There are other means
      to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
      (Closes: #9651)
    - Bump timeout in the Totem feature.
    - Grep memory dump using the --text option. This is necessary with recent
      versions of grep, such as the one in current Debian sid, otherwise it
      will count only one occurrence of the pattern we're looking for.
      (Closes: #9759)
    - Include execute_successfully's error in the exception, instead
      of writing it to stdout via puts. (Closes: #9795)
    - Test that udev-watchdog is actually monitoring the correct device.
      (Closes: #5560)
    - IUK: workaround weird Archive::Tar behaviour on current sid.
746
747
748
749
750
751
752
753
    - Test the SocksPort:s given in torrc in the Unsafe Browser.
      This way we don't get any sneaky errors in case we change them and
      forget to update this test.
    - Directly verify AppArmor blocking of the Tor Browser by looking in
      the audit log: Firefox 38 does no longer provide any graphical feedback
      when the kernel blocks its access to files the user wants to access.
    - Update browser-related automated test suite images, and workaround
      weirdness introduced by the new Tor Browser fonts.
754
755
756
    - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
      via alternate, live-boot generated paths.
    - Adjust tests to cope with our new AppArmor aliases.
anonym's avatar
anonym committed
757
    - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
intrigeri's avatar
intrigeri committed
758

anonym's avatar
anonym committed
759
 -- Tails developers <tails@boum.org>  Mon, 10 Aug 2015 19:12:58 +0200
anonym's avatar
anonym committed
760

intrigeri's avatar
intrigeri committed
761
tails (1.4.1) unstable; urgency=medium
762

intrigeri's avatar
intrigeri committed
763
764
765
766
767
768
769
770
771
  * Security fixes
    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
      isolation bugfix. (Closes: #9560)
    - AppArmor: deny Tor Browser access to the list of recently used files.
      (Closes: #9126)
    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
    - Upgrade Linux to 3.16.7-ckt11-1.
    - Upgrade CUPS to 1.5.3-5+deb7u6.
772
    - Upgrade FUSE to 2.9.0-2+deb7u2.
intrigeri's avatar
intrigeri committed
773
774
775
    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
776

intrigeri's avatar
intrigeri committed
777
778
779
780
  * Bugfixes
    - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
    - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
      (Closes: #9416)
781
    - Partially fix the truncated notifications issue. (#7249)
intrigeri's avatar
intrigeri committed
782
783
784
785
786
787
788
789
790
791
792
793
794
795

  * Minor improvements
    - Disable the hwclock.sh initscript at reboot/shutdown time.
      This is an additional safety measure to ensure that the hardware clock
      is not modified. (Closes: #9364)
    - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
      (Closes: #9417)
    - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
      profile shipped with torbrowser-launcher 0.2.0-1.
    - Add the jessie/updates APT repo and set appropriate pinning.
    - Upgrade Electrum to 1.9.8-4~bpo70+1.
    - Upgrade kernel firmware packages to 0.44.

  * Build system
796
    - Install the Linux kernel from Debian Jessie. (Closes: #9341)
intrigeri's avatar
intrigeri committed
797
798
799
800
801
802
    - Remove files that are not under version control when building in Jenkins.
      (Closes: #9406)
    - Don't modify files in the source tree before having possibly merged
      the base branch into it. (Closes: #9406)
    - Make it so eatmydata is actually used during a greater part of the build
      process. This includes using eatmydata from wheezy-backports.
803
      (Closes: #9419, #9523)
intrigeri's avatar
intrigeri committed
804
805
806
807
808
809
810
811
    - release script: adjust to support current Debian sid.

  * Test suite
    - Test the system clock sanity check we do at boot. (Closes: #9377)
    - Remove the impossible "Clock way in the past" scenarios.
      Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
      these scenarios cannot happen, and since we test that it works they
      can be safely removed.
intrigeri's avatar
intrigeri committed
812
    - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
intrigeri's avatar
intrigeri committed
813
    - Pidgin: retry looking for the roadmap URL in the topic.
814
    - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
intrigeri's avatar
intrigeri committed
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
      (Closes: #9317)
    - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
    - Check that notification-daemon is running when looking for notifications
      fails. (Closes: #9332)
    - Allow using the cucumber formatters however we want. (Closes: #9424)
    - Enable Spice in the guest, and blacklist the psmouse kernel module,
      to help with lost mouse events. (Closes: #9425)
    - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
    - Test that Seahorse is configured to use the correct keyserver.
      (Closes: #9339)
    - Always export TMPDIR back to the test suite's shell environment.
      (Closes: #9479)
    - Make OpenPGP tests more reliable:
      · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
      · Retry accessing menus in Seahorse on failure. (Closes: #9344)
    - Focus the Pidgin conversation window before any attempt to interact
      with it. (Closes: #9317)
    - Use convertkey from the (backported to Jessie) Debian package,
      instead of our own copy of that script. (Closes: #9066)
    - Make the memory erasure tests more robust (Closes: #9329):
      · Bump /proc/sys/vm/min_free_kbytes when running fillram.
      · Actually set oom_adj for the remote shell when running fillram.
      · Try to be more sure that we OOM kill fillram.
      · Run fillram as non-root.
    - Only try to build the storage pool if TailsToasterStorage isn't found.
      (Closes: #9568)

 -- Tails developers <tails@boum.org>  Sun, 28 Jun 2015 19:46:25 +0200
843

anonym's avatar
anonym committed
844
tails (1.4) unstable; urgency=medium
845

anonym's avatar
anonym committed
846
  * Major new features
anonym's avatar
anonym committed
847
848
849
850
851
852
    - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
      introduces many major new features for usability, security and
      privacy. Unfortunately its per-tab circuit view did not make it
      into Tails yet since it requires exposing more Tor state to the
      user running the Tor Browser than we are currently comfortable
      with. (Closes: #9031, #9369)
anonym's avatar
anonym committed
853
854
855
856
857
858
    - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
      bundled with the Tor Browser, we patch it so that circuits used
      for SOCKSAuth streams have their lifetime increased indefinitely
      while in active use. This currently only affects the Tor Browser
      in Tails, and should improve the experience on certain web sites
      that otherwise would switch language or log you out every ten
anonym's avatar
anonym committed
859
      minutes or so when Tor switches circuit. (Closes: #7934)
860

anonym's avatar
anonym committed
861
  * Security fixes
anonym's avatar
anonym committed
862
863
864
865
866
867
868
    - tor-browser wrapper script: avoid offering avenues to arbitrary
      code execution to e.g. an exploited Pidgin. AppArmor Ux rules
      don't sanitize $PATH, which can lead to an exploited application
      (that's allowed to run this script unconfined, e.g. Pidgin)
      having this script run arbitrary code, violating that
      application's confinement. Let's prevent that by setting PATH to
      a list of directories where only root can write. (Closes: #9370)
anonym's avatar
anonym committed
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
    - Upgrade Linux to 3.16.7-ckt9-3.
    - Upgrade curl to 7.26.0-1+wheezy13.
    - Upgrade dpkg to 1.16.16.
    - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
    - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
    - Upgrade openldap to 2.4.31-2.
    - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
    - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
    - Upgrade libtasn1-3 to 2.13-2+deb7u2.
    - Upgrade libx11 to 2:1.5.0-1+deb7u2.
    - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
    - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
    - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
    - Upgrade ppp to 2.4.5-5.1+deb7u2.

  * Bugfixes
885
886
    - Disable security warnings when connecting to POP3 and IMAP ports.
      (Closes: #9327)
887
888
    - Make the Windows 8 browser theme compatible with the Unsafe and I2P
      browsers. (Closes: #9138)
anonym's avatar
anonym committed
889
890
891
892
893
894
895
896
897
898
899
900
    - Hide Torbutton's "Tor Network Settings..." context menu entry.
      (Closes: #7647)
    - Upgrade the syslinux packages to support booting Tails on
      Chromebook C720-2800. (Closes: #9044)
    - Enable localization in Tails Upgrader. (Closes: #9190)
    - Make sure the system clock isn't before the build date during
      early boot. Our live-config hook that imports our signing keys
      depend on that the system clock isn't before the date when the
      keys where created. (Closes: #9149)
    - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
      us from getting GNOME's default keyserver in addition to our
      own. (Closes: #9233)
901
902
    - Prevent Firefox from crashing when Orca is enabled: grant
      it access to assistive technologies in its Apparmor
anonym's avatar
anonym committed
903
      profile. (Closes: #9261)
904
905
906
907
    - Add Jessie APT source. (Closes: #9278)
    - Fix set_simple_config_key(). If the key already existed in the
      config file before the call, all other lines would be removed
      due to the sed option -n and p combo. (Closes: #9122)
anonym's avatar
anonym committed
908
909
910
    - Remove illegal instance of local outside of function definition.
      Together with `set -e` that error has prevented this script from
      restarting Vidalia, like it should. (Closes: #9328)
anonym's avatar
anonym committed
911
912
913
914
915
916

  * Minor improvements
    - Upgrade I2P to 0.9.19-3~deb7u+1.
    - Install Tor Browser's bundled Torbutton instead of custom .deb.
      As of Torbutton 1.9.1.0 everything we need has been upstreamed.
    - Install Tor Browser's bundled Tor Launcher instead of our
917
      in-tree version. With Tor 0.2.6.x our custom patches for the
anonym's avatar
anonym committed
918
919
920
921
922
923
924
925
926
927
928
      ClientTransportPlugin hacks are not needed any more. (Closes:
      #7283)
    - Don't install msmtp and mutt. (Closes: #8727)
    - Install fonts-linuxlibertine for improved Vietnamese support in
      LibreOffice. (Closes: #8996)
    - Remove obsoletete #i2p-help IRC channel from the Pidgin
      configuration (Closes: #9137)
    - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
      Bliminse for the patch. (Closes: #9069).
    - Install printer-driver-gutenprint to support more printer
      models. (Closes: #8994).
929
    - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
anonym's avatar
anonym committed
930
931
932
    - Hide the Tor logo in Tor Launcher. (Closes: #8696)
    - Remove useless log() instance in tails-unblock-network. (Closes:
      #9034)
anonym's avatar
anonym committed
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
    - Install cdrdao: this enables Brasero to burn combined data/audio
      CDs and to do byte-to-byte disc copy.
    - Hide access to the Add-ons manager in the Unsafe Browser. It's
      currently broken (#9307) but we any way do not want users to
      install add-ons in the Unsafe Browser. (Closes: #9305)
    - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
      The default value of this option activates warnings on ports
      23,109,110,143. This commit disables the warnings for POP3 and
      IMAP as these could be equally used in encrypted StartTLS
      connections. (Closes: #9327)
    - Completely rework how we localize our browser by generating our
      branding add-on, and search plugins programatically. This
      improves the localization for the ar, es, fa, ko, nl, pl, ru,
      tr, vi and zh_CN locales by localizing the Startpage and
      Disconnect.me search plugins. Following Tor Browser 4.5's recent
      switch, we now use Disconnect.me as the default search
      engine. (Closes: #9309)
    * Actively set Google as the Unsafe Browser's default search
      engine.
intrigeri's avatar
intrigeri committed
952

anonym's avatar
anonym committed
953
954
955
956
957
958
  * Build system
    - Encode in Git which APT suites to include when building Tails.
      (Closes: #8654)
    - Clean up the list of packages we install. (Closes: #6073)
    - Run auto/{build,clean,config} under `set -x' for improved
      debugging.
anonym's avatar
anonym committed
959
960
    - Zero-pad our ISO images so their size is divisible by 2048.
      The data part of an ISO image's sectors is 2048 bytes, which
anonym's avatar
anonym committed
961
      implies that ISO images should always have a size divisible
anonym's avatar
anonym committed
962
      by 2048. Some applications, e.g. VirtualBox, use this as a sanity
anonym's avatar
anonym committed
963
964
965
966
967
968
969
970
971
972
973
      check, treating ISO images for which this isn't true as garbage.
      Our isohybrid post-processing does not ensure this,
      however. Also Output ISO size before/after isohybrid'ing and
      truncate'ing it. This will help detect if/when truncate is
      needed at all, so that we can report back to syslinux
      maintainers more useful information. (Closes: #8891)
    - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
      goal here is to avoid Tor Browser tarballs being deleted by
      apt-cacher-ng's daily expiration cronjob: they're not listed in
      any APT repo's index file, so acng will be quite eager to clean
      them up.
974

anonym's avatar
anonym committed
975
976
977
978
979
  * Test suite
    - Bring dependency checks up-to-date (Closes: #8988).
    - Adapt test suite to be run on Debian Jessie, which includes
      removing various Wheezy-specific workarounds, adding a few
      specific to Jessie, migrating from ffmpeg to libav, and
980
      more. (Closes: #8165)
anonym's avatar
anonym committed
981
982
    - Test that MAT can see that a PDF is dirty (Closes: #9136).
    - Allow throwing Timeout::Error in try_for() blocks, as well as
983
984
985
      nested try_for() (Closes: #9189, #9290).
    - Read test suite configuration files from the features/config/local.d
      directory. (Closes: #9220)
anonym's avatar
anonym committed
986
987
988
989
990
991
992
993
    - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
      zombie processes from appearing. (Closes: #9139)
    - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
      it to properly clean up. (Closes: #8707)
    - Split SSH & SFTP configs in the test suite. (Closes: #9257)
    - Improve how we start subprocesses in the test suite, mostly by
      bypassing the shell for greater security and robustness (Closes:
      #9253)
anonym's avatar
anonym committed
994
    - Add Electrum test feature. (Closes #8963)
anonym's avatar
anonym committed
995
    - Test that Tails Installer detects when USB devices are
anonym's avatar
anonym committed
996
997
998
999
1000
      removed. (Closes: #9131)
    - Test Tails Installer with devices which are too small. (Closes:
      #9129)
    - Test that the Report an Error launcher works in German. (Closes:
      #9143)
For faster browsing, not all history is shown. View entire blame