Commit 03c33fa3 authored by Tails developers's avatar Tails developers
Browse files

Rework the changelog, release notes and security announce a bit.

parent 27ca4ed3
...@@ -2,28 +2,23 @@ tails (1.2) unstable; urgency=medium ...@@ -2,28 +2,23 @@ tails (1.2) unstable; urgency=medium
* Major new features * Major new features
- Migrate from Iceweasel to the Tor Browser from the Tor Browser - Migrate from Iceweasel to the Tor Browser from the Tor Browser
Bundle 4.0 nightly build from 2014-10-07 (based on Firefox Bundle 4.0 (based on Firefox 31.2.0esr).
esr31-pre). The installation in Tails is made global The installation in Tails is made global (multi-profile), uses
(multi-profile), uses the system-wide Tor instance, does not use the system-wide Tor instance, disables the Tor Browser updater,
the Tor Browser updater, and keeps the desired deviations and keeps the desired deviations previously present in Iceweasel,
previously present in Iceweasel, e.g. we install the addon e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
AdBlock Plus but not Tor Launcher (since we run it as a we run it as a standalone XUL application), among other things.
standalone XUL application), among other things.
- Install AppArmor's userspace tools and apparmor-profiles-extra - Install AppArmor's userspace tools and apparmor-profiles-extra
from Wheezy Backports, and enable the AppArmor Linux security from Wheezy Backports, and enable the AppArmor Linux Security
module. This adds Mandatory Access control for several critical Module. This adds Mandatory Access Control for several critical
applications in Tails, including: applications in Tails, including Tor, Vidalia, Pidgin, Evince
* Tor and Totem.
* Vidalia
* Pidgin
* Evince
* Totem
- Isolate I2P traffic from the Tor Browser by adding a dedicated - Isolate I2P traffic from the Tor Browser by adding a dedicated
I2P Browser, which can be reached via GNOME's menu -> Internet I2P Browser. It is set up similarly to the Unsafe Browser,
-> I2P Browser. It is set up similarly to the Unsafe Browser,
but further disables features that are irrelevant for I2P, like but further disables features that are irrelevant for I2P, like
search plugins and the AdBlock Plus addon, and keeps Tor Browser search plugins and the AdBlock Plus addon, while keeping Tor Browser
security features like the NoScript and Torbutton addons. security features like the NoScript and Torbutton addons.
- Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
* Security fixes * Security fixes
- Disable TCP timestamps (Closes: #6579). - Disable TCP timestamps (Closes: #6579).
...@@ -34,37 +29,35 @@ tails (1.2) unstable; urgency=medium ...@@ -34,37 +29,35 @@ tails (1.2) unstable; urgency=medium
make stderr more easily accessible (Closes: #7431). make stderr more easily accessible (Closes: #7431).
- Run tails-persistence-setup with sudo instead of gksudo to make - Run tails-persistence-setup with sudo instead of gksudo to make
stderr more easily accessible, and allow the desktop user to stderr more easily accessible, and allow the desktop user to
pass the --verbose parameter. (Closes: #7623) pass the --verbose parameter (Closes: #7623).
- Disable cups in the Unsafe Browser. This will prevent the - Disable CUPS in the Unsafe Browser. This will prevent the
browser from hanging for several minutes when accidentally browser from hanging for several minutes when accidentally
pressing CTRL+P or trying to go to File -> Print. pressing CTRL+P or trying to go to File -> Print (Closes: #7771).
* Minor improvements * Minor improvements
- Install Linux 3.16-3 (that is currently 3.16.5-1) from Debian - Install Linux 3.16-3 (version 3.16.5-1) from Debian
unstable (Closes: #7886 and #8100). unstable (Closes: #7886, #8100).
- Install cryptsetup and friends from wheezy-backports (Closes: - Transition away from TrueCrypt: install cryptsetup and friends
#5932). from wheezy-backports (Closes: #5932), and make it clear that
TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
- Install Monkeysign dependencies for qrcodes scanning. - Install Monkeysign dependencies for qrcodes scanning.
- Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
the new syslinux-efi package. the new syslinux-efi package.
- Upgrade I2P to 0.9.15-1~deb7u+1 - Upgrade I2P to 0.9.15-1~deb7u+1
- Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
- Enable Wheezy proposed-updates APT repository and setup APT - Enable Wheezy proposed-updates APT repository and setup APT
pinnings to install packages from it. pinnings to install packages from it.
- Enable Tor's syscall sandbox. This feature (new in 0.2.5.x) - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
should make Tor a bit harder to exploit. It is only be enabled should make Tor a bit harder to exploit. It is only be enabled
when when no special Tor configuration is requested in Tails when when no special Tor configuration is requested in Tails
Greeter due to incompatibility with Tor bridges. Greeter due to incompatibility with pluggable transports.
- Start I2P automatically when the network connects via a - Start I2P automatically when the network connects via a
NetworkManager hook, and "i2p" is present on the kernel command NetworkManager hook, and "i2p" is present on the kernel command
line. The router console is no longer opened automatically, but line. The router console is no longer opened automatically, but
can be accessed through the I2P Browser. can be accessed through the I2P Browser (Closes: #7732).
- Simplify the IPv6 ferm rules. - Simplify the IPv6 ferm rules (Closes: #7668).
- Include persistence.conf in WhisperBack reports (Closes: #7461) - Include persistence.conf in WhisperBack reports (Closes: #7461)
- Pin packages from testing to 500, so that they can be upgraded. - Pin packages from testing to 500, so that they can be upgraded.
- Don't set Torbutton environment vars globally (Closes: #5648). - Don't set Torbutton environment vars globally (Closes: #5648).
- Make it clear in the TrueCrypt wrapper that it'll be removed in
Tails 1.3 or earlier (Closes: #7739).
- Enable VirtualBox guest additions by default (Closes: #5730). In - Enable VirtualBox guest additions by default (Closes: #5730). In
particular this enables VirtualBox's display management service. particular this enables VirtualBox's display management service.
- In the Unsafe Browser, hide option for "Tor Browser Health - In the Unsafe Browser, hide option for "Tor Browser Health
......
...@@ -17,20 +17,21 @@ Notable user-visible changes include: ...@@ -17,20 +17,21 @@ Notable user-visible changes include:
* Major new features * Major new features
- Install (most of) the Tor Browser, replacing our previous - Install (most of) the Tor Browser, replacing our previous
Iceweasel-based browser. The version installed is from TBB 4.0 Iceweasel-based browser. The version installed is from TBB 4.0
and is based on Firefox 31.2.1esr. and is based on Firefox 31.2.0esr.
- Upgrade Tor to 0.2.5.8-rc. - Upgrade Tor to 0.2.5.8-rc.
- Confine several important applications with AppArmor. - Confine several important applications with AppArmor.
* Bugfixes * Bugfixes
- Install Linux 3.16-3 (that is 3.16.5-1) from Debian unstable. - Install Linux 3.16-3 (version 3.16.5-1).
* Minor improvements * Minor improvements
- Upgrade I2P to 0.9.15, and isolate I2P traffic from the Tor - Upgrade I2P to 0.9.15, and isolate I2P traffic from the Tor
Browser by adding a dedicated I2P Browser. Also, start I2P Browser by adding a dedicated I2P Browser. Also, start I2P
automatically upon network connection, when `i2p` is present on automatically upon network connection, when the `i2p` boot
the kernel command line. option is added.
- Make it clear that TrueCrypt will be removed in Tails 1.2.1 - Make it clear that *TrueCrypt* will be removed in Tails 1.2.1
([[!tails_ticket 7739]]). ([[!tails_ticket 7739]]), and document how to open *TrueCrypt*
volumes with `cryptsetup`.
- Enable VirtualBox guest additions by default ([[!tails_ticket - Enable VirtualBox guest additions by default ([[!tails_ticket
5730]]). In particular this enables VirtualBox's display 5730]]). In particular this enables VirtualBox's display
management service. management service.
......
...@@ -14,8 +14,8 @@ Details ...@@ -14,8 +14,8 @@ Details
- Tor Browser and its bundled NSS: [[!mfsa2014 74]], - Tor Browser and its bundled NSS: [[!mfsa2014 74]],
[[!mfsa2014 75]], [[!mfsa2014 76]], [[!mfsa2014 77]], [[!mfsa2014 75]], [[!mfsa2014 76]], [[!mfsa2014 77]],
[[!mfsa2014 79]], [[!mfsa2014 81]] and [[!mfsa2014 82]] [[!mfsa2014 79]], [[!mfsa2014 81]] and [[!mfsa2014 82]]
- nss: [[!debsa2014 3033]] (CVE-2014-1568) - NSS: [[!debsa2014 3033]] (CVE-2014-1568)
- bash: [[!debsa2014 3035]] (CVE-2014-7169) - bash: [[!debsa2014 3035]] (CVE-2014-7169)
- rsyslog: [[!debsa2014 3040]] (CVE-2014-3634) and - rsyslog: [[!debsa2014 3040]] (CVE-2014-3634) and
[[!debsa2014 3047]] (CVE-2014-3683) [[!debsa2014 3047]] (CVE-2014-3683)
- apt: [[!debsa2014 3047]] (CVE-2014-7206) - APT: [[!debsa2014 3047]] (CVE-2014-7206)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment