Commit 08df6ace authored by anonym's avatar anonym
Browse files

Update changelog for 2.12~rc1.

parent 98e6b338
tails (2.12) UNRELEASED; urgency=medium
tails (2.12~rc1) UNRELEASED; urgency=medium
* Dummy.
* Major changes
- Completely remove I2P. :( We have decided to remove I2P (see
#11276) due to our failure of finding someone interested in
maintaining it in Tails (Closes: #12263).
- Upgrade the Linux kernel to 4.9.0-0.bpo.2 (Closes: #12122).
-- anonym <> Wed, 25 Jan 2017 01:32:33 +0100
* Security fixes
- Mount a dedicated filesystem on /var/tmp, to mitigate the
hardlinks permissions open by the user-tmp abstraction. See for details
(Closes: #12125).
- Protect against CVE-2017-2636 by disabling the n-hdlc kernel
module (Closes: #12315).
- Ensure /etc/resolv.conf is owned by root:root in the SquashFS.
lb_chroot_resolv will "cp -a" it from the source tree, so it
inherits its ownership from the whoever cloned the Git
repository. This has two problems. First, this results in unsafe
permissions on this file (e.g. a Vagrant build results in the
'amnesia' user having write access to it).
* Minor improvements
- Don't add the live user to the "audio" group. This should not be
needed on a modern Linux desktop system anymore (Closes:
- Install virtualbox-* 5.1.14-dfsg-3~bpo8+1 from our custom APT
repository (Closes: #12307).
- Install virtualbox-guest-* from sid. The version currently in
jessie-backports is not compatible with Linux 4.9, and there's
basically no chance that it gets updated (the maintainer asked
for them to be *removed* from jessie-backports) (Closes:
- Pull ttdnsd from our custom APT repository. It's gone from the
TorProject one. We removed ttdnsd on feature/stretch already, so
we'll need to pull it from our custom APT repository only for
the next 3 months.
- Clean up libdvd-pkg build files, again. This cleanup operation
was mistakenly removed in commit c4e8744 (Closes: #11273).
- Install gnome-sound-recorder (Closes #10950). Thanks to Austin
English <> for the patch!
- Stop restarting tor if bootstrapping stalls. It seems tor might
have fixed the issues we used (see: #10238, #9516) to experience
with the bootstrap process stalling and requiring a restart to
kickstart it (Closes: #12411).
- communicate via the UNIX socket instead of TCP port.
This makes the library usable when run inside systemd units that
have `PrivateNetwork=yes` set.
- Get tor's bootstrap progress via GETINFO instead of log
tails (2.11.1) UNRELEASED; urgency=medium
* Bugfixes
- mirror-pool-dispatcher: bump maximum expected mirrors.json size
to 32 KiB. This fixes an error where Tails Upgrader would
complain with "cannot choose a download server" (Closes:
* Dummy entry.
* Build system
- Retry curl and APT operations up to 20 times to make the ISO
build more robust wrt. unreliable Internet connectivity. Thanks
to Arnaud <> for the patch!
- Install ikiwiki from jessie-backports, instead of our patched
one. Our changes were merged in 3.20161219, and jessie-backports
now has 3.20170111~bpo8+1 (Closes: #12051).
- Fix FTBFS when installing a .deb via config/chroot_local-packages
by being more flexible when matching local packages in the apt
list file (Closes: #12374). Thanks to Arnaud <>
for the patch!
-- Tails developers <> Tue, 07 Mar 2017 19:24:29 +0100
* Test suite
- Try possible fix for #11508. IPv6Packet:s' source is accessed by
`.ipv6_saddr`, not `ip_saddr` (that's for IPv4Packet). So, let's
just try and see which one of the two each packet has, because
one of them must be there! Also, given that UDPPacket can be
either IPv4 or IPv6 it seems safest to try to parse each packet
as IPv6Packet first -- that way we keep looking at transport
layer protocols for IPv4 only, and treat everything IPv6 as the
same, which makes sense, since we should block all IPv6, so
everything should be treated the same at all times.
- Changes due to #12411:
* Raise special exception for Tor bootstrap failures.
* Remove obsolete debug logging now that we don't log anything
interesting for `restart-tor` any more.
-- Tails developers <> Thu, 06 Apr 2017 21:11:54 +0200
tails (2.11) unstable; urgency=medium
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment