Update changelog for 1.4.1.

debian/changelog

-tails (1.4.1) UNRELEASED; urgency=medium
+tails (1.4.1) unstable; urgency=medium
 
-  * Dummy entry.
+  * Security fixes
+    - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
+    - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
+      isolation bugfix. (Closes: #9560)
+    - AppArmor: deny Tor Browser access to the list of recently used files.
+      (Closes: #9126)
+    - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
+    - Upgrade Linux to 3.16.7-ckt11-1.
+    - Upgrade CUPS to 1.5.3-5+deb7u6.
+    - Upgrade FUSE 2.9.0-2+deb7u2.
+    - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
+    - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
+    - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
+
+  * Bugfixes
+    - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
+    - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
+      (Closes: #9416)
+    - Partially fix the truncated notification issue. (#7249)
+
+  * Minor improvements
+    - Disable the hwclock.sh initscript at reboot/shutdown time.
+      This is an additional safety measure to ensure that the hardware clock
+      is not modified. (Closes: #9364)
+    - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
+      (Closes: #9417)
+    - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
+      profile shipped with torbrowser-launcher 0.2.0-1.
+    - Add the jessie/updates APT repo and set appropriate pinning.
+    - Install the Linux kernel from Debian Jessie. (Closes: #9341)
+    - Upgrade Electrum to 1.9.8-4~bpo70+1.
+    - Upgrade kernel firmware packages to 0.44.
+
+  * Build system
+    - Remove files that are not under version control when building in Jenkins.
+      (Closes: #9406)
+    - Don't modify files in the source tree before having possibly merged
+      the base branch into it. (Closes: #9406)
+    - Make it so eatmydata is actually used during a greater part of the build
+      process. This includes using eatmydata from wheezy-backports.
+      (Closes: #9419, #9523
+    - release script: adjust to support current Debian sid.
 
- -- Tails developers <tails@boum.org>  Tue, 12 May 2015 17:19:13 +0200
+  * Test suite
+    - Test the system clock sanity check we do at boot. (Closes: #9377)
+    - Remove the impossible "Clock way in the past" scenarios.
+      Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
+      these scenarios cannot happen, and since we test that it works they
+      can be safely removed.
+    - Pidgin: retry looking for the roadmap URL in the topic.
+    - Avoid showing Pidgin's tooltips during test, potentially confusing sikuli.
+      (Closes: #9317)
+    - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
+    - Check that notification-daemon is running when looking for notifications
+      fails. (Closes: #9332)
+    - Allow using the cucumber formatters however we want. (Closes: #9424)
+    - Enable Spice in the guest, and blacklist the psmouse kernel module,
+      to help with lost mouse events. (Closes: #9425)
+    - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
+    - Test that Seahorse is configured to use the correct keyserver.
+      (Closes: #9339)
+    - Always export TMPDIR back to the test suite's shell environment.
+      (Closes: #9479)
+    - Make OpenPGP tests more reliable:
+      · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
+      · Retry accessing menus in Seahorse on failure. (Closes: #9344)
+    - Focus the Pidgin conversation window before any attempt to interact
+      with it. (Closes: #9317)
+    - Use convertkey from the (backported to Jessie) Debian package,
+      instead of our own copy of that script. (Closes: #9066)
+    - Make the memory erasure tests more robust (Closes: #9329):
+      · Bump /proc/sys/vm/min_free_kbytes when running fillram.
+      · Actually set oom_adj for the remote shell when running fillram.
+      · Try to be more sure that we OOM kill fillram.
+      · Run fillram as non-root.
+    - Only try to build the storage pool if TailsToasterStorage isn't found.
+      (Closes: #9568)
+
+ -- Tails developers <tails@boum.org>  Sun, 28 Jun 2015 19:46:25 +0200
 
 tails (1.4) unstable; urgency=medium