changelog 647 KB
Newer Older
intrigeri's avatar
intrigeri committed
1
2
3
4
5
6
tails (5.4) UNRELEASED; urgency=medium

  * Dummy entry for next release.

 -- intrigeri <intrigeri@debian.org>  Tue, 02 Aug 2022 13:53:51 +0000

intrigeri's avatar
intrigeri committed
7
tails (5.3.1) unstable; urgency=medium
boyska's avatar
boyska committed
8

intrigeri's avatar
intrigeri committed
9
10
  * Upgrade Linux to 5.10.127-2 (DSA-5191)
  * Upgrade Thunderbird to 91.12.0 (DSA-5195)
boyska's avatar
boyska committed
11

intrigeri's avatar
intrigeri committed
12
 -- Tails developers <tails@boum.org>  Mon, 01 Aug 2022 23:19:49 +0000
boyska's avatar
boyska committed
13

boyska's avatar
boyska committed
14
tails (5.3) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
15

boyska's avatar
boyska committed
16
17
  * Upgrade to Tor Browser 11.5.1, bring back uBlock, and fix the Unsafe Browser's
    window title (tails/tails!894)
intrigeri's avatar
intrigeri committed
18

boyska's avatar
boyska committed
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
    Closes issues:
      - uBlock is not enabled in Tor Browser (tails/tails#19059)
      - Upgrade to Tor Browser based on ESR 91.12 (tails/tails#19058)
      - Window title of Unsafe Browser reads "Tor Browser" (tails/tails#18603)

    Commits:
      - Tor Browser: use the system's libstdc++.so.6 like upstream would on a Bullseye
        system
      - update-acng-config: get ready for 6.x
      - Remove hack that's not needed on Bullseye anymore
      - Update comments
      - Make cp behavior deterministic
      - htpdate pool 2: replace fragile thepiratebay.org with www.gnome.org
      - Bring back code needed to install uBlock
      - Create directory before copying into it
      - Browsers: also pass --name to Firefox
      - Reformat code: make room for more options and nicer Git diffs
      - Unsafe Browser: also set brandProductName to "Unsafe Browser", for consistency
      - Unsafe Browser: set the branding in the file that's actually used in current
        Tor Browser
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5.1-build1

  * Test suite: misc. improvements (tails/tails!892)

    Closes issues:
      - Test suite sometimes fails to find a picture (e.g. TailsGreeterLoginButton.png)
        while it's present on screen (tails/tails#19044)

    Commits:
      - Test suite: also display stdout on vmcommand failure
      - Test suite: bump timeout
      - Test suite: fix typo in comment
      - Welcome Screen: remove unused import
      - Test suite: point to relevant issue
      - Test suite: wait more for some images
      - Test suite: have Screen#find wait longer
      - Test suite: add debug logging to investigate #19044
      - Test suite: fix variable name
      - Test suite: give some time to the persistence passphrase widget to get focus
      - Use named constants instead of magic numbers
      - Don't catch unrelated IndexError exceptions
      - Lint
      - Remove unused import
      - Test suite: fix, improve, and update comments
      - Test suite: set the time in the guest using timedatectl
      - Make host_to_guest_time_sync raise an exception on failure
      - Lint

  * Upgrade to Debian Bullseye 11.4, Linux 5.10.127, and Network Manager 1.30.6
    (tails/tails!891)

    Closes issues:
      - Upgrade to Debian Bullseye 11.4 (tails/tails#19046)

    Commits:
      - Refresh patch
      - Update Vagrant box to Debian Bullseye 11.4
      - Enable the 19046-bullseye-11.4-force-all-tests APT overlay (refs: #19046).
      - Upgrade to Linux 5.10.0-16 (currently at 5.10.127-1)
      - Upgrade to Debian Bullseye 11.4

  * Upgrade mat2 to 0.12.1-2+deb11u1
intrigeri's avatar
intrigeri committed
82

boyska's avatar
boyska committed
83
84
 -- Tails developers <tails@boum.org>  Mon, 25 Jul 2022 13:45:07 +0200

intrigeri's avatar
intrigeri committed
85
tails (5.2) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
86

intrigeri's avatar
intrigeri committed
87
  * Upgrade Thunderbird to 91.11.0
intrigeri's avatar
intrigeri committed
88

intrigeri's avatar
intrigeri committed
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
  * Upgrade Tor Browser to 11.5 (tails/tails!889)

    Closes issues:
      - Upgrade to Tor Browser based on Firefox 91.11 (tails/tails#19029)

    Commits:
      - more bumping tor browser
      - bump torbrowser images
      - autobump
      - manual bump TorBrowserOverviewIcon.png
      - some more image bumping
      - l10n screenshot updated
      - bump duckduckgo prompt image
      - adapt tor browser screenshot
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.5
      - Revert "NIGHTLY ONLY! REMOVE ME!"
      - clean nightly dirt
      - install langpacks for nightlies, too (if possible)
      - NIGHTLY ONLY! REMOVE ME!
      - Revert "disable OnionAliases for Unsafe Browser"
      - use new TBB setting to disable onionrewrites altogether
      - take tbb 11.5 from nightlies
      - disable OnionAliases for Unsafe Browser
      - Upgrade Tor Browser to 11.5a13-build2

  * Adapt release process to new Tor blog platform (tails/tails!887)

    Closes issues:
      - Change release process details for blog.torproject.org (tails/tails#18963)

    Commits:
      - Be explicit
      - Release process: suggest publishing a Tor blog even for bugfix releases
      - Release process: improve Tor blog post instructions
      - generate-Tor-blog-post: use actual template and also generate the Lektor header
      - generate-Tor-blog-post: refactor (extract code to function)
      - generate-Tor-blog-post: remove inline images too
      - Release process: adapt the Tor blog post process to Lektor
      - generate-Tor-blog-post: fix ikiwiki command

  * GitLab CI: clean up and refactor https-get-expired jobs (tails/tails!884)

    Commits:
      - GitLab CI: force running jobs when updating .gitlab-ci.yml
      - GitLab CI: factorize
      - GitLab CI: install golang in the same way we do during a Tails build
      - GitLab CI: remove duplicate call to "apt-get update"
      - GitLab CI: drop obsolete pinning to Buster

  * Git: ignore the early_patch= (aka. --early-patch) hook (tails/tails!882)

    Commits:
      - Git: ignore the early_patch= (aka. --early-patch) hook

  * Resolve "IUK test suite: features/frontend is broken (tails-transform-mirror-
    url fails)" (tails/tails!880)

    Closes issues:
      - IUK test suite: features/frontend is broken (tails-transform-mirror-url fails)
        (tails/tails#18661)

    Commits:
      - IUk test suite: Set Torsocks to allow outbound connections to the loopback
        interface
      - IUK test suite: Add test file
      - IUK test suite: disable certificate verification

  * Test suite: fix copying a new directory with late patch (tails/tails!877)

    Commits:
      - Test suite: fix copying a new directory with late patch

  * Resolve "Test "The included APT repository keys are up-to-date" does not check
    subkeys" (tails/tails!876)

    Closes issues:
      - Test "The included APT repository keys are up-to-date" does not check subkeys
        (tails/tails#19047)

    Commits:
      - check we have at least one *relevant* subkey
      - gpg checks deeper: both master keys and subkeys
      - consistent naming
      - Revert "Revert "check APT subkeys, too""

  * Test suite: misc bugfixes (tails/tails!872)

    Commits:
      - Test suite: also set the guest's time when connected to the LAN but not to Tor
      - Test suite: move sleep where it was supposed to be

  * workaround persistent Tor bridges bug (tails/tails!870)

    Closes issues:
      - Tor Bridges persistence sometimes fails to save bridges during initial setup on
        Bullseye, at least in our test suite (tails/tails#18926)

    Commits:
      - workaround for bug only present in test suite

  * check APT subkeys, too (tails/tails!869)

    Closes issues:
      - Test "The included APT repository keys are up-to-date" does not check subkeys
        (tails/tails#19047)

    Commits:
      - check APT subkeys, too

  * Set Samba workgroup used by GTK applications to "localhost" (tails/tails!865)

    Closes issues:
      - Several applications ask Tor to resolve the "workgroup" hostname
        (tails/tails#19030)

    Commits:
      - Set Samba workgroup used by GTK applications to "localhost"

intrigeri's avatar
intrigeri committed
208
 -- Tails developers <tails@boum.org>  Mon, 11 Jul 2022 08:13:08 +0000
intrigeri's avatar
intrigeri committed
209

intrigeri's avatar
intrigeri committed
210
tails (5.1.1) unstable; urgency=medium
intrigeri's avatar
intrigeri committed
211

intrigeri's avatar
intrigeri committed
212
  * Upgrade Linux to 5.10.120-1 and tor to 0.4.7.8 (tails/tails!863)
intrigeri's avatar
intrigeri committed
213

intrigeri's avatar
intrigeri committed
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
    Closes issues:
      - Upgrade to tor 0.4.7.8 (tails/tails#19035)
      - Upgrade Linux to 5.10.120-1 (tails/tails#19036)

    Commits:
      - Upgrade Linux kernel packages to 5.10.0-15 (currently at version 5.10.120-1)
      - Upgrade to tor 0.4.7.8

  * Upgrade to Thunderbird 91.10.0

  * Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
    (tails/tails!864)

    Closes issues:
      - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header
        (tails/tails#19020)

    Commits:
      - Fix htpdate pool: https://www.mozilla.org returns incorrects Date header

  * Test suite: update the set of @fragile tags (tails/tails!862)

    Closes issues:
      - "Persistent browser bookmarks" is fragile (tails/tails#11585)
      - "The persistent Tor Browser directory is usable" test suite scenario is fragile
        (tails/tails#15336)
      - The "is properly stream isolated" test suite mechanism is fragile
        (tails/tails#17013)
      - Step "a screenshot is saved to the live user's Pictures directory" is fragile
        (tails/tails#13458)
      - "I can view and print a PDF file" scenarios are fragile (tails/tails#10994)
      - Memory erasure on boot medium removal is fragile (tails/tails#13462)
      - Test suite: update the set of @fragile tags (tails/tails#19007)

    Commits:
      - add @fragile tags when it's useful
      - Remove many @feature tags

  * follow up again on tca audit: clarify comments (tails/tails!860)

    Closes issues:
      - Audit tca-portal (tails/tails#18374)

    Commits:
      - acknowledge jvoisin's comments

  * Test suite: exercise the screen keyboard with a key that won't auto-complete
    (tails/tails!857)

    Closes issues:
      - "the screen keyboard works in Tor Browser" fails in Arabic (tails/tails#19013)

    Commits:
      - Test suite: exercise the screen keyboard with a key that won't auto-complete

  * GitLab CI: improve jobs rules (tails/tails!856)

    Commits:
      - GitLab CI: don't run code tests on the master branch
      - GitLab CI: also run https-get-expired* jobs when we modify our htpdate
        configuration
      - GitLab CI: only run https-get-expired when relevant

  * Inline strtobool function (tails/tails!855)

    Commits:
      - Inline strtobool function

  * Test suite: improve robustness (tails/tails!851)

    Closes issues:
      - Developers need to apply workaround in order to build Tails during the release
        process (tails/tails#18998)
      - Test scenario "htpdate is using the Tails-specific SocksPort" is broken
        (tails/tails#19003)

    Commits:
      - Test suite: avoid missed clicks retry when opening the calendar & notifications
        menu
      - Test suite: give the Upgrader time to fill the zenity dialog
      - Test suite: give the Greeter some time to re-enable the login button
      - Fix building from dev branches during the release process
      - Test suite: don't reset virtual X display between clients
      - Test suite: hopefully increase chances we catch the process we want
      - Lint
      - Test suite: ensure we write every line extracted from "ss -taupen" as soon as
        we have it
      - Test suite: migrate from service(8) to directly using systemctl
      - Test suite: adapt to new HTTPS client used by htpdate
      - Test suite: make setting up a Pidgin account more robust
      - Test suite: make interaction with GNOME Disks title bar buttons more robust
      - Test suite: make copying'n'pasting into a Terminal more robust

  * Have a better footer (tails/tails!756)

    Commits:
      - Translate a couple strings to check sidebar2 vs. PO plugin
      - Update PO files
      - Update PO files
      - Link to accessibility from footer
      - Rescue translations
      - Update PO files
      - Fix very old bug
      - Use sidebar2 to replace translation hacks in templates
      - Integrate sidebar2 in the local build
      - Add missing ARIA label
      - Make the label bold
      - Improve the appeal to the newsletter (#16888)
      - Translate footer into Spanish
      - Update PO files
      - Move jobs from top navigation to footer
      - Use more consistent margin system
      - Have a better footer (#17699)
      - Create dedicated page for testimonials
      - Don't use all capitals (#16137)

  * early-patch: live-patch at initramfs's time (tails/tails!696)

    Commits:
      - Fix formatting
      - Fix documentation wrt. the name of the option actually passed
      - Document --late-patch
      - more documentation
      - works even if hook fails
      - early_patch from test suite umounts immediately
      - pass 9p fs to TailsToaster: --early-patch works
      - live-patch → late-patch
      - early-live-patch → early-patch
      - Test suite: make EARLY_LIVE_PATCH a boolean
      - Disable obsolete shellcheck override
      - Don't enable live_patch by default
      - Make headings levels consistent with the rest of our website
      - Add a TOC
      - Apply 4 suggestion(s) to 1 file(s)
      - run_test_suite --early-live-patch
      - developer documentation for live_patch
      - live_patch: early-patching system
intrigeri's avatar
intrigeri committed
351

intrigeri's avatar
intrigeri committed
352
353
 -- Tails developers <tails@boum.org>  Wed, 22 Jun 2022 11:31:52 +0000

intrigeri's avatar
intrigeri committed
354
tails (5.1) unstable; urgency=medium
boyska's avatar
boyska committed
355

intrigeri's avatar
intrigeri committed
356
  * Upgrade to Thunderbird 91.9.0
boyska's avatar
boyska committed
357

intrigeri's avatar
intrigeri committed
358
  * Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails!852)
boyska's avatar
boyska committed
359

intrigeri's avatar
intrigeri committed
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
    Closes issues:
      - Upgrade to Tor Browser 11.0.14 based on Firefox 91.10 (tails/tails#18979)

    Commits:
      - htpdate: replace tachanka.org with www.autistici.org
      - Mark security advisory against 5.0 as fixed
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.14-build1

  * Resolve "displayed_time_str fails in test suite" (tails/tails!839)

    Closes issues:
      - displayed_time_str fails in test suite (tails/tails#18991)

    Commits:
      - Ignore advisories when looking for displayed time
      - help debug

  * FIX Clock disappearing when the user sets UTC as their local timezone
    (tails/tails!841)

    Closes issues:
      - Clock disappears from the GNOME top bar after "Fix the clock" and choosing UTC
        timezone (tails/tails#18993)

    Commits:
      - safety net for future problems
      - handle UTC special-case

  * Test suite: workaround lost and duplicate key presses by pasting long strings
    instead of typing them (tails/tails!821)

    Commits:
      - Test suite: merge step used only by another step into its caller
      - Test suite: paste long strings instead of typing them
      - Test suite: drop useless step
      - Test suite: refactor (extract code to method)

  * Test suite: Make opening GNOME menus more robust (tails/tails!816)

    Closes issues:
      - Opening GNOME menus in the test suite on Bullseye is very fragile
        (tails/tails#18930)

    Commits:
      - Test suite: try harder to open GNOME menus
      - Test suite: drop unnecessary delay
      - Test suite: use Dogtail to check presence of GNOME bookmarks
      - Test suite: use Dogtail to open the GNOME menus
      - Test suite: wait for the desktop to be visible before we interact with it after
        restoring a snapshot
      - Lint.

  * Upgrade to Linux 5.10.113-1 (DSA 5127-1) (tails/tails!813)

    Closes issues:
      - Upgrade Linux to 5.10.113-1 (DSA 5127-1) (tails/tails#18962)

    Commits:
      - Upgrade to Linux 5.10.113-1 (DSA 5127-1)

  * Make console-setup.service startup non-racy (tails/tails!811)

    Closes issues:
      - console-setup.service fails sometimes, which breaks "Tor is ready" in test
        suite (tails/tails#18636)

    Commits:
      - Make console-setup.service startup non-racy

  * Test suite: support running on Ruby 3.0 (tails/tails!810)

    Closes issues:
      - Test suite misbehaves on Ruby 3.0, e.g. "the Tor Connection Assistant connects
        to Tor" step always incorrectly fails (tails/tails#18904)

    Commits:
      - Test suite: ensure we don't try to click the "Restore Disk Image" button before
        it's visible
      - Test suite: support Bookworm host system's improved UEFI graphics
      - Test suite: enable Ruby deprecation warnings
      - Test suite: adjust to separation of positional and keyword arguments in Ruby
        3.0
      - Test suite: update button label for Bullseye
      - Remove duplicate word in comment
      - Test suite: drop workaround for Ruby < 2.7
      - Test suite: migrate from deprecated luks_open and luks_close to
        cryptsetup_{open,close}

  * test https-get-expired with sid's Go (tails/tails!849)

    Commits:
      - GitLab CI: only run https-get-expired-sid job when relevant
      - GitLab CI: factorize
      - GitLab CI: test https-get-expired with sid's Go on a sid image
      - also test https-get-expired with sid's golang

  * Vagrant: install ikiwiki that fixes #18992 (tails/tails!847)

    Closes issues:
      - ikiwiki generates buggy PO files with po4a 0.62 (tails/tails#18992)

    Commits:
      - Vagrant: stop using the obsolete builder-jessie APT suite
      - Vagrant: install ikiwiki that fixes #18992

  * tca-portal: stricter validation (tails/tails!846)

    Commits:
      - test: right length, valid for date(1), but invalid format
      - drop test case for "minutes" timespec
      - be more explicit about the format we want
      - seconds always included
      - stricter validation for SetTimeCommand

  * ignore advisories + better debug (tails/tails!845)

    Commits:
      - ignore advisory
      - FIX error message

  * Test suite: fix regression when testing Tor Connection in non-English locale
    (tails/tails!843)

    Commits:
      - Test suite: fix regression when testing Tor Connection in non-English locale

  * FIX sharing via onionshare from nautilus (tails/tails!840)

    Closes issues:
      - "Share via OnionShare" does nothing (tails/tails#18990)

    Commits:
      - FIX sharing via onionshare from nautilus

  * lint_po: ignore unknown-message-flag errors (tails/tails!836)

    Commits:
      - lint_po: ignore unknown-message-flag errors

  * Don't enable "configure a bridge" just because the user looked at the hide mode
    (tails/tails!835)

    Closes issues:
      - “Configure a Bridge” is enabled when rolling back from hiding Tor
        (tails/tails#18546)

    Commits:
      - regression test for #18546
      - enable easymode-bridges only in easy mode

  * Vagrant build box: upgrade to po4a 0.62-1 (tails/tails!834)

    Commits:
      - Vagrant build box: drop APT configuration for Buster
      - Vagrant build box: upgrade to po4a 0.62-1

  * Installer: create system partition 2 MiB from the beginning of the drive
    (tails/tails!832)

    Commits:
      - Installer: create system partition 2 MiB from the beginning of the drive

  * Various Tor Connection UX improvements (tails/tails!831)

    Closes issues:
      - Tor Connection: Give the same instructions on both bridge screens
        (tails/tails#18596)
      - Always tell whether bridges are used in the success screen (tails/tails#18547)

    Commits:
      - Clarify docstring
      - Test suite: update expected images
      - Make phrasing consistent
      - Test suite: DRY
      - refactor: properties allow our code to be clearer
      - bridges: same instructions on both screens
      - Success message conditional to bridges

  * Rewrite the home pages of the Unsafe Browser + Have different homes for the
    Unsafe Browser depending on whether we're connected to Tor already
    (tails/tails!829)

    Closes issues:
      - Have different homes for the Unsafe Browser depending on whether we're
        connected to Tor already (tails/tails#18601)
      - Rewrite the home pages of the Unsafe Browser (tails/tails#18602)

    Commits:
      - Apply style guide
      - Improve sentence
      - Improve grammar
      - Improve grammar
      - Improve grammar
      - Be more clear
      - Add illustration by Andrés
      - Test suite: remove obsolete localized images
      - Test suite: update expected image
      - Test suite: add missing @doc tag
      - FIX wrong path was checked
      - Clarify that the image is an example
      - Clarify use of CSS (Take 2)
      - Unsafe browser: home page if non connected to Tor
      - Clarify use of CSS
      - Rework CSS
      - Improve structure
      - Write a dedicated page for captive portals
      - Improve instructions
      - Give examples of websites to use
      - Use our own image and remove the login and password
      - Shorten

  * Test suite: misc. robustness improvements (tails/tails!827)

    Closes issues:
      - Tests for backup are fragile (tails/tails#18727)

    Commits:
      - Test suite: add localized expected image for Unsafe Browser start page in pt_BR
      - Test suite: enable debug logging for Screen#wait
      - Test suite: Fix frequent "cannot find TailsGreeterLoginButton.png" failures
      - Test suite: update expected image for Bullseye
      - Test suite: give the XMPP server some time to create the room
      - Test suite: update expected Pidgin images
      - Test suite: fix error message
      - Test suite: Improve error reporting
      - Test suite: Fix clock upper bound calculation
      - Test suite: refactoring (save value to variable)
      - Test suite: Drop most debugging info for issue that does not happen anymore
      - Test suite: Drop spurious verb in debug log
      - Revert "Mark test scenario as fragile"
      - Test suite (backup): Wait for Zenity to have filled its widgets with the
        expected text

  * Upgrade apt-cacher-ng to bullseye-backports - fixes issue #18931
    (tails/tails!825)

    Closes issues:
      - rake build fails - apt-get works erratically ( 502 connection closed
        [IP:127.0.0.1:3142] ) - No build artifacts were found! (tails/tails#18931)

    Commits:
      - Upgrade apt-cacher-ng to bullseye-backports.

  * Disable search providers in the Activities Overview: Calculator, Nautilus,
    Terminal (tails/tails!824)

    Closes issues:
      - Disable some GNOME Overview search providers (tails/tails#18952)

    Commits:
      - Disable search providers in the Activities Overview: Calculator, Contacts,
        Documents, Nautilus, Terminal

  * Test suite: ignore failures to destroy a stopped domain (tails/tails!822)

    Closes issues:
      - Scenario: "Upgrading an old Tails USB installation from another Tails USB
        drive" after-hook is racy (tails/tails#18972)

    Commits:
      - Test suite: ignore failures to destroy a stopped domain

  * Associate OpenPGP-encrypted files with Kleopatra (tails/tails!820)

    Closes issues:
      - Tails 5 does not decrypt .gpg files when double-clicking them
        (tails/tails#18967)

    Commits:
      - Associate OpenPGP-encrypted files with Kleopatra

  * safely get gnome_env_vars (tails/tails!819)

    Commits:
      - clarify about which environment is being dumped
      - Clarify comment
      - Fix typo in comment
      - comments clarify why we think we are safe
      - fix systemd path
      - gnome_env_vars look at the gnome-shell env dump
      - gnome-shell dumps its conf in a root-owned file

  * Avoid user confusion wrt. name of the default KeePassXC database
    (tails/tails!818)

    Closes issues:
      - KeePassXC offers to rename the default database on non-English locales
        (tails/tails#18966)

    Commits:
      - Silence false positive
      - Drop obsolete reason
      - Don't allow translating Passwords.kdbx

  * Use Bullseye debootstrap configuration (tails/tails!817)

    Commits:
      - Use Bullseye debootstrap configuration

  * FIX IUK verification when we have 2 series at the same time (tails/tails!815)

    Closes issues:
      - bin/copy-iuks-to-rsync-server-and-verify failing because of old releases
        (tails/tails#18959)

    Commits:
      - Apply 1 suggestion(s) to 1 file(s)
      - document how the RM should use this command
      - don't fail when 404s have been ignored
      - proper exit code on failure
      - refactor --ignore-404
      - refactor run()
      - fix leftover
      - 404s found -> non-zero exit code
      - --ignore-404 and --dry-run

  * Fix FTBFS with uBlock 1.42 (tails/tails!814)

    Commits:
      - Unfuzzy patch

  * Upgrade to tor 0.4.7.7 (tails/tails!812)

    Closes issues:
      - Upgrade to tor 0.4.7.x (tails/tails#18932)

    Commits:
      - Upgrade to tor 0.4.7.7

  * Add translation files for Qt5 (#18958) (tails/tails!808)

    Closes issues:
      - Translations of basic Qt5 strings are missing (tails/tails#18958)

    Commits:
      - Add translation files for Qt

  * Make news/version_3* non-translatable (#16758) (tails/tails!805)

    Commits:
      - Make news/version_3* non-translatable (#16758)

  * Add Kleopatra to the Favorites (tails/tails!802)

    Commits:
      - Test suite: make expected image a tiny bit smaller
      - Add Kleopatra to the Favorites submenu

  * Test suite: drop pre-Bullseye compatibility (tails/tails!789)

    Commits:
      - Test suite: drop workaround for Ruby < 2.7
      - Test suite: migrate from deprecated luks_open and luks_close to
        cryptsetup_{open,close}

  * Add to confirm before restarting (#18912) (tails/tails!782)

    Closes issues:
      - New dialog when Unsafe Browser is not enabled makes it too easy to lose work
        (tails/tails#18912)

    Commits:
      - Make code more readable
      - Make function's responsibility tighter to simplify its code
      - Handle new code branch that was forgotten
      - Fix local variables declaration
      - Use 'Cancel' as default button (#18912)
      - 'Cancel' is more standard
      - Add to confirm before restarting (#18912)

  * Display time in the timezone that the user has chosen in Tor Connection
    (tails/tails!751)

    Closes issues:
      - Display time in the timezone that the user has chosen in Tor Connection
        (tails/tails#6284)

    Commits:
      - Design doc: Explain security trade-off
      - Test suite: Explain that Asia/Shanghai == +08:00
      - tails-get-date: use Python instead of date(1)
      - Fix typo in error message
      - Test suite: ensure the displayed clock is in the user's timezone
      - Test suite: remove workaround
      - Test suite: refactor (extract code do method)
      - Test suite: be more defensive to give better error output
      - Test suite: send debug info to the debug log
      - Test suite: make step name clearer
      - Design doc: mention timezone status and plans
      - Apply 1 suggestion(s) to 1 file(s)
      - Fix typo in comment
      - Improve grammar
      - Improve grammar
      - Remove unnecessary comma
      - try to fix the vertical misalignment
      - Update to #6284
      - Link back to main page
      - https://www.merriam-webster.com/dictionary/time%20zone
      - Move FAQ to a dedicated page
      - Shorten path
      - Don't potentially overwrite TZ key in dict with environment's value.
      - Cleanup dead code, fix formatting.
      - Consistently display GMT instead of UTC.
      - Use the same time format as GNOME's clock.
      - use date to format the date
      - date@ extension does The Right Thing
      - DRAFT: display time in local timezone

  * Follow-up on "Audit tca-portal" (tails/tails!723)

    Commits:
      - useless shellcheck directive
      - Apply 2 suggestion(s) to 2 file(s)
      - Fix typo in comment
      - clarify how we believe pgrep --ns 1 will help us
      - PersistenceSetupCommand: gnome_env_vars not needed
      - export_gnome_env hardening
      - some more validation when setting system time
      - gnome.py executes later; required for testing
      - add some doctests to tca-portal
      - more tuples, less lists
      - clarify: we are fine with the TOCTOU
      - --systemd-socket is exclusive with --listen
      - be more explicit about stdout/stderr handling
      - clarify handle_* comments
      - clarify what is the role of handle_line
      - anchor SetTimeCommand regexp
      - clarify comment about validate_args
      - use full path to commands whenever possible

  * Automatic time sync before connecting to Tor in automatic mode
    (tails/tails!681)

    Closes issues:
      - Mitigate attack by active network adversary on automated time sync + replayed
        Tor consensus (tails/tails#18830)
      - Automatic time sync before connecting to Tor in automatic mode
        (tails/tails#18717)

    Commits:
      - Test suite: rename step to make it closer to what a user would do
      - use the non-deprecated version of "Tor is ready"
      - Use less jargon
      - Add missing word in comment
      - Update comment: this now build reproducibly
      - Clarify comment
      - fix undefined local variable
      - tails-get-network-time better syslog
      - tails-get-network-time has timeout
      - refactor old test case based on new functions
      - new test: time sync times out
      - tor connection runs even if timesync fails
      - python style
      - some info is shown during network time sync
      - comments
      - wait for time to be retrieved before starting Tor
      - use APT preferences, not --target-release
      - gitlab tests run with the correct Go version
      - public key type check
      - Explain why these if statements don't apply to us
      - Fix typo
      - Design doc: 2 out of 3 is enough since we're using the median
      - ignore redirects
      - test all urls in htpdate.pools
      - https-get-expired gets more testing
      - https-get-expired: explain how this compares to Go implementation
      - Test suite: explain why scenarios pass in a somewhat surprisingly manner
      - Lint
      - Lint
      - Design doc: explain why we accept a risk
      - Design doc: improve phrasing
      - Design doc: drop conditional
      - Design doc: explain why we're protected
      - Design doc: clarify phrasing
      - Update design doc: this is not a problem anymore
      - reproducibility: clean cache after compiling
      - fix spelling
      - htpdate performs the median
      - design doc: explain https-get-expired
      - Lint: gofmt
      - Pick Go from buster-backports
      - try to make go build reproducible: -trimpath
      - Test suite: mark fragile scenario as such
      - https-get-expired: CI tests now
      - test https-get-expired building
      - https-get-expired gains -proxy option
      - port htpdate to https-get-expired
      - https-get-expired: more similar to htpdate's curl
      - https-get-expired output headers, not body
      - fix go compilation
      - add https-get-expired: will need for time sync
      - "date in past" check is more robust
      - sanity check: the new date cannot be in the past
      - unsafe browser is checked for tor leaks
      - UnsafeBrowser correctly detects if we're online
      - checking DisableNetowrk is #18293-aware
      - Merge the new scenario with the old one
      - FIX restore: some snapshot has network but no Tor
      - UnsafeBrowser tests don't need Tor; scenarios--
      - FIX we don't even need to check Tor
      - Test suite: clarify what we're actually testing
      - Improve grammar
      - Fix typo
      - Fix typo
      - Update doc to automatic time sync (#18717)
      - Improve structure of design doc
      - Avoid jargon
      - Design doc: copy more detailed explanation from the blueprint
      - Design doc: improve structure
      - Design doc: document new automatic time sync mechanism
      - Remove very old explanation
      - wording: we're looking for unneeded *exceptions*
      - Apply 5 suggestion(s) to 2 file(s)
      - FIX test case: allow it to use time sync
      - "flow through" supports fake connectivity check
      - FIX globally setting allowed DNS queries
      - refactor check for leaks
      - debugging leaks is easier
      - fix DNS query for easy mode
      - test suite self-correction warning
      - dns queries are allowed only when needed
      - +debug "traffic has only flowed through"
      - break the "Tor is ready" step in two
      - rubocop
      - easy-mode allowed_hosts are set in tca_configure
      - explicitly allow connectivity check in many tests
      - fix time sync error simulation
      - fix exception wording
      - use DNS inspection to check for leaks
      - the FirewallHelper is DNS-aware
      - one more check
      - test "traffic only flows through" supports timesync
      - Add tests for time sync before Tor connects
      - Improve TCA test suite code
      - add vm script to upload/download files
      - tails-get-network-time: don't assume anything about body encoding
      - Raise exception instance, not class
      - Clean up code
      - tails-get-network-time: emulate NetworkManager's behavior more closely
      - Move hard-coded string to constant
      - Blacken
      - tails-get-network-time: refactor
      - Add more typing
      - tails-get-network-time: migrate to pycurl, to make our fingerprint closer to
        NetworkManager's
      - Store the network time server in a configuration file
      - Move code to main() function
      - Test suite: adjust to new automatic time sync feature
      - Test suite: drop workaround
      - Tor Connection: in automatic mode, set the system time from the network
      - tca-portal: implement a new get-network-time command
      - tca-portal: include stdout in responses

intrigeri's avatar
intrigeri committed
914
915
 -- Tails developers <tails@boum.org>  Sat, 04 Jun 2022 08:11:47 +0000

boyska's avatar
boyska committed
916
tails (5.0) unstable; urgency=medium
boyska's avatar
boyska committed
917

boyska's avatar
boyska committed
918
  * Upgrade Thunderbird to 91.8
intrigeri's avatar
intrigeri committed
919

boyska's avatar
boyska committed
920
  * Upgrade Tor Browser to 11.0.11 (based on esr91.9) (tails/tails!804)
intrigeri's avatar
intrigeri committed
921

boyska's avatar
boyska committed
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
    Commits:
      - Test suite: update expected image
      - Test suite: update expected web page title
      - Fetch Tor Browser from our own archive
      - Upgrade Tor Browser to 11.0.11-build1

  * Fix Additional Software test suite on Bullseye (tails/tails!794)

    Commits:
      - Test suite: use popularity-contest as a test package instead of sslh

  * Fix devel branch FTBFS (tails/tails!773)

    Commits:
      - Preserve UIDs/GIDs stability
      - Refresh list of standard packages

  * Drop obsolete patch (tails/tails!690)

    Commits:
      - Drop obsolete patch

  * all languages are listed (tails/tails!683)

    Commits:
      - all formats are shown
      - translations appear again in Greeter
      - when native l10n is not available, use english
      - all languages are listed

  * Fix the Tails Installer in bullseye (tails/tails!679)

    Commits:
      - retry has shorter sleep times
      - FIX self.sleep never existed
      - retry getting udisks object upon failure
      - don't rescan devices: we already know!
      - partition_device returns a UDI
      - refactor detect_supported_drives
      - retrying getting system partition helps
      - race conditions? let's increase sleep time!

  * Document Kleopatra (tails/tails!803)

    Commits:
      - Be more clear
      - Improve grammar
      - Be more clear
      - Improve grammar
      - Fix typo
      - Fix broken links
      - Mention Kleopatra in the Persistent Storage settings
      - Remove not-so-useful note
      - Document Kleopatra (Closes: #18933)
      - Remove Seahorse from the doc
      - Remove screenshots that need updating
      - Remove OpenPGP Applet from the doc
      - Patch screenshots for the removal of the OpenPGP Applet

  * Fix opening links and attachments from Thunderbird, disable LibreOffice tip of
    the day (tails/tails!793)

    Commits:
      - AppArmor Thunderbird profile: allow executing /bin/dash with inherited policy
      - Disable LibreOffice's tip of the day

  * fix whisperback sending error (tails/tails!787)

    Commits:
      - Thread.isAlive -> is_alive

  * Fix Scenario: Upgrading an old Tails USB installation from another Tails USB
    drive (tails/tails!765)

    Commits:
      - apparently fix tails/tails#18840
      - send tails installer log to syslog

  * Additional Software: synchronize APT data when needed directly from t-p-s