Rework the changelog, release notes and security announce a bit.

03c33fa3 · Tails developers · 27ca4ed3 · 03c33fa3 · 03c33fa3 · 03c33fa3
Commit 03c33fa3 authored Oct 15, 2014 by Tails developers
3 changed files
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,28 +2,23 @@ tails (1.2) unstable; urgency=medium

  * Major new features
    - Migrate from Iceweasel to the Tor Browser from the Tor Browser
-      Bundle 4.0 nightly build from 2014-10-07 (based on Firefox
-      esr31-pre). The installation in Tails is made global
-      (multi-profile), uses the system-wide Tor instance, does not use
-      the Tor Browser updater, and keeps the desired deviations
-      previously present in Iceweasel, e.g. we install the addon
-      AdBlock Plus but not Tor Launcher (since we run it as a
-      standalone XUL application), among other things.
+      Bundle 4.0 (based on Firefox 31.2.0esr).
+      The installation in Tails is made global (multi-profile), uses
+      the system-wide Tor instance, disables the Tor Browser updater,
+      and keeps the desired deviations previously present in Iceweasel,
+      e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
+      we run it as a standalone XUL application), among other things.
    - Install AppArmor's userspace tools and apparmor-profiles-extra
-      from Wheezy Backports, and enable the AppArmor Linux security
-      module. This adds Mandatory Access control for several critical
-      applications in Tails, including:
-      * Tor
-      * Vidalia
-      * Pidgin
-      * Evince
-      * Totem
+      from Wheezy Backports, and enable the AppArmor Linux Security
+      Module. This adds Mandatory Access Control for several critical
+      applications in Tails, including Tor, Vidalia, Pidgin, Evince
+      and Totem.
    - Isolate I2P traffic from the Tor Browser by adding a dedicated
-      I2P Browser, which can be reached via GNOME's menu -> Internet
-      -> I2P Browser. It is set up similarly to the Unsafe Browser,
+      I2P Browser. It is set up similarly to the Unsafe Browser,
      but further disables features that are irrelevant for I2P, like
-      search plugins and the AdBlock Plus addon, and keeps Tor Browser
+      search plugins and the AdBlock Plus addon, while keeping Tor Browser
      security features like the NoScript and Torbutton addons.
+    - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.

  * Security fixes
    - Disable TCP timestamps (Closes: #6579).
@@ -34,37 +29,35 @@ tails (1.2) unstable; urgency=medium
      make stderr more easily accessible (Closes: #7431).
    - Run tails-persistence-setup with sudo instead of gksudo to make
      stderr more easily accessible, and allow the desktop user to
-      pass the --verbose parameter. (Closes: #7623)
-    - Disable cups in the Unsafe Browser. This will prevent the
+      pass the --verbose parameter (Closes: #7623).
+    - Disable CUPS in the Unsafe Browser. This will prevent the
      browser from hanging for several minutes when accidentally
-      pressing CTRL+P or trying to go to File -> Print.
+      pressing CTRL+P or trying to go to File -> Print (Closes: #7771).

  * Minor improvements
-    - Install Linux 3.16-3 (that is currently 3.16.5-1) from Debian
-      unstable (Closes: #7886 and #8100).
-    - Install cryptsetup and friends from wheezy-backports (Closes:
-      #5932).
+    - Install Linux 3.16-3 (version 3.16.5-1) from Debian
+      unstable (Closes: #7886, #8100).
+    - Transition away from TrueCrypt: install cryptsetup and friends
+      from wheezy-backports (Closes: #5932), and make it clear that
+      TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
    - Install Monkeysign dependencies for qrcodes scanning.
    - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
      the new syslinux-efi package.
    - Upgrade I2P to 0.9.15-1~deb7u+1
-    - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
    - Enable Wheezy proposed-updates APT repository and setup APT
      pinnings to install packages from it.
    - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
      should make Tor a bit harder to exploit. It is only be enabled
      when when no special Tor configuration is requested in Tails
-      Greeter due to incompatibility with Tor bridges.
+      Greeter due to incompatibility with pluggable transports.
    - Start I2P automatically when the network connects via a
      NetworkManager hook, and "i2p" is present on the kernel command
      line. The router console is no longer opened automatically, but
-      can be accessed through the I2P Browser.
-    - Simplify the IPv6 ferm rules.
+      can be accessed through the I2P Browser (Closes: #7732).
+    - Simplify the IPv6 ferm rules (Closes: #7668).
    - Include persistence.conf in WhisperBack reports (Closes: #7461)
    - Pin packages from testing to 500, so that they can be upgraded.
    - Don't set Torbutton environment vars globally (Closes: #5648).
-    - Make it clear in the TrueCrypt wrapper that it'll be removed in
-      Tails 1.3 or earlier (Closes: #7739).
    - Enable VirtualBox guest additions by default (Closes: #5730). In
      particular this enables VirtualBox's display management service.
    - In the Unsafe Browser, hide option for "Tor Browser Health

--- a/wiki/src/news/version_1.2.mdwn
+++ b/wiki/src/news/version_1.2.mdwn
@@ -17,20 +17,21 @@ Notable user-visible changes include:
  * Major new features
    - Install (most of) the Tor Browser, replacing our previous
      Iceweasel-based browser. The version installed is from TBB 4.0
-      and is based on Firefox 31.2.1esr.
+      and is based on Firefox 31.2.0esr.
    - Upgrade Tor to 0.2.5.8-rc.
    - Confine several important applications with AppArmor.

  * Bugfixes
-    - Install Linux 3.16-3 (that is 3.16.5-1) from Debian unstable.
+    - Install Linux 3.16-3 (version 3.16.5-1).

  * Minor improvements
    - Upgrade I2P to 0.9.15, and isolate I2P traffic from the Tor
      Browser by adding a dedicated I2P Browser. Also, start I2P
-      automatically upon network connection, when `i2p` is present on
-      the kernel command line.
-    - Make it clear that TrueCrypt will be removed in Tails 1.2.1
-      ([[!tails_ticket 7739]]).
+      automatically upon network connection, when the `i2p` boot
+      option is added.
+    - Make it clear that *TrueCrypt* will be removed in Tails 1.2.1
+      ([[!tails_ticket 7739]]), and document how to open *TrueCrypt*
+      volumes with `cryptsetup`.
    - Enable VirtualBox guest additions by default ([[!tails_ticket
      5730]]). In particular this enables VirtualBox's display
      management service.

--- a/wiki/src/security/Numerous_security_holes_in_1.1.2.mdwn
+++ b/wiki/src/security/Numerous_security_holes_in_1.1.2.mdwn
@@ -14,8 +14,8 @@ Details
 - Tor Browser and its bundled NSS: [[!mfsa2014 74]],
   [[!mfsa2014 75]], [[!mfsa2014 76]], [[!mfsa2014 77]],
   [[!mfsa2014 79]], [[!mfsa2014 81]] and [[!mfsa2014 82]]
- - nss: [[!debsa2014 3033]] (CVE-2014-1568)
+ - NSS: [[!debsa2014 3033]] (CVE-2014-1568)
 - bash: [[!debsa2014 3035]] (CVE-2014-7169)
 - rsyslog: [[!debsa2014 3040]] (CVE-2014-3634) and
   [[!debsa2014 3047]] (CVE-2014-3683)
- - apt: [[!debsa2014 3047]] (CVE-2014-7206)
+ - APT: [[!debsa2014 3047]] (CVE-2014-7206)