Commit 03c33fa3 authored by Tails developers's avatar Tails developers
Browse files

Rework the changelog, release notes and security announce a bit.

parent 27ca4ed3
......@@ -2,28 +2,23 @@ tails (1.2) unstable; urgency=medium
* Major new features
- Migrate from Iceweasel to the Tor Browser from the Tor Browser
Bundle 4.0 nightly build from 2014-10-07 (based on Firefox
esr31-pre). The installation in Tails is made global
(multi-profile), uses the system-wide Tor instance, does not use
the Tor Browser updater, and keeps the desired deviations
previously present in Iceweasel, e.g. we install the addon
AdBlock Plus but not Tor Launcher (since we run it as a
standalone XUL application), among other things.
Bundle 4.0 (based on Firefox 31.2.0esr).
The installation in Tails is made global (multi-profile), uses
the system-wide Tor instance, disables the Tor Browser updater,
and keeps the desired deviations previously present in Iceweasel,
e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
we run it as a standalone XUL application), among other things.
- Install AppArmor's userspace tools and apparmor-profiles-extra
from Wheezy Backports, and enable the AppArmor Linux security
module. This adds Mandatory Access control for several critical
applications in Tails, including:
* Tor
* Vidalia
* Pidgin
* Evince
* Totem
from Wheezy Backports, and enable the AppArmor Linux Security
Module. This adds Mandatory Access Control for several critical
applications in Tails, including Tor, Vidalia, Pidgin, Evince
and Totem.
- Isolate I2P traffic from the Tor Browser by adding a dedicated
I2P Browser, which can be reached via GNOME's menu -> Internet
-> I2P Browser. It is set up similarly to the Unsafe Browser,
I2P Browser. It is set up similarly to the Unsafe Browser,
but further disables features that are irrelevant for I2P, like
search plugins and the AdBlock Plus addon, and keeps Tor Browser
search plugins and the AdBlock Plus addon, while keeping Tor Browser
security features like the NoScript and Torbutton addons.
- Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
* Security fixes
- Disable TCP timestamps (Closes: #6579).
......@@ -34,37 +29,35 @@ tails (1.2) unstable; urgency=medium
make stderr more easily accessible (Closes: #7431).
- Run tails-persistence-setup with sudo instead of gksudo to make
stderr more easily accessible, and allow the desktop user to
pass the --verbose parameter. (Closes: #7623)
- Disable cups in the Unsafe Browser. This will prevent the
pass the --verbose parameter (Closes: #7623).
- Disable CUPS in the Unsafe Browser. This will prevent the
browser from hanging for several minutes when accidentally
pressing CTRL+P or trying to go to File -> Print.
pressing CTRL+P or trying to go to File -> Print (Closes: #7771).
* Minor improvements
- Install Linux 3.16-3 (that is currently 3.16.5-1) from Debian
unstable (Closes: #7886 and #8100).
- Install cryptsetup and friends from wheezy-backports (Closes:
#5932).
- Install Linux 3.16-3 (version 3.16.5-1) from Debian
unstable (Closes: #7886, #8100).
- Transition away from TrueCrypt: install cryptsetup and friends
from wheezy-backports (Closes: #5932), and make it clear that
TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
- Install Monkeysign dependencies for qrcodes scanning.
- Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
the new syslinux-efi package.
- Upgrade I2P to 0.9.15-1~deb7u+1
- Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
- Enable Wheezy proposed-updates APT repository and setup APT
pinnings to install packages from it.
- Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
should make Tor a bit harder to exploit. It is only be enabled
when when no special Tor configuration is requested in Tails
Greeter due to incompatibility with Tor bridges.
Greeter due to incompatibility with pluggable transports.
- Start I2P automatically when the network connects via a
NetworkManager hook, and "i2p" is present on the kernel command
line. The router console is no longer opened automatically, but
can be accessed through the I2P Browser.
- Simplify the IPv6 ferm rules.
can be accessed through the I2P Browser (Closes: #7732).
- Simplify the IPv6 ferm rules (Closes: #7668).
- Include persistence.conf in WhisperBack reports (Closes: #7461)
- Pin packages from testing to 500, so that they can be upgraded.
- Don't set Torbutton environment vars globally (Closes: #5648).
- Make it clear in the TrueCrypt wrapper that it'll be removed in
Tails 1.3 or earlier (Closes: #7739).
- Enable VirtualBox guest additions by default (Closes: #5730). In
particular this enables VirtualBox's display management service.
- In the Unsafe Browser, hide option for "Tor Browser Health
......
......@@ -17,20 +17,21 @@ Notable user-visible changes include:
* Major new features
- Install (most of) the Tor Browser, replacing our previous
Iceweasel-based browser. The version installed is from TBB 4.0
and is based on Firefox 31.2.1esr.
and is based on Firefox 31.2.0esr.
- Upgrade Tor to 0.2.5.8-rc.
- Confine several important applications with AppArmor.
* Bugfixes
- Install Linux 3.16-3 (that is 3.16.5-1) from Debian unstable.
- Install Linux 3.16-3 (version 3.16.5-1).
* Minor improvements
- Upgrade I2P to 0.9.15, and isolate I2P traffic from the Tor
Browser by adding a dedicated I2P Browser. Also, start I2P
automatically upon network connection, when `i2p` is present on
the kernel command line.
- Make it clear that TrueCrypt will be removed in Tails 1.2.1
([[!tails_ticket 7739]]).
automatically upon network connection, when the `i2p` boot
option is added.
- Make it clear that *TrueCrypt* will be removed in Tails 1.2.1
([[!tails_ticket 7739]]), and document how to open *TrueCrypt*
volumes with `cryptsetup`.
- Enable VirtualBox guest additions by default ([[!tails_ticket
5730]]). In particular this enables VirtualBox's display
management service.
......
......@@ -14,8 +14,8 @@ Details
- Tor Browser and its bundled NSS: [[!mfsa2014 74]],
[[!mfsa2014 75]], [[!mfsa2014 76]], [[!mfsa2014 77]],
[[!mfsa2014 79]], [[!mfsa2014 81]] and [[!mfsa2014 82]]
- nss: [[!debsa2014 3033]] (CVE-2014-1568)
- NSS: [[!debsa2014 3033]] (CVE-2014-1568)
- bash: [[!debsa2014 3035]] (CVE-2014-7169)
- rsyslog: [[!debsa2014 3040]] (CVE-2014-3634) and
[[!debsa2014 3047]] (CVE-2014-3683)
- apt: [[!debsa2014 3047]] (CVE-2014-7206)
- APT: [[!debsa2014 3047]] (CVE-2014-7206)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment