Commit 17beb114 authored by Tails developers's avatar Tails developers
Browse files

Update changelog for 0.21~rc1.

parent fef84cf7
tails (0.21) UNRELEASED; urgency=low
tails (0.21~rc1) unstable; urgency=low
* Security fixes
- Don't grant access to the Tor control port for the desktop user
(amnesia). Else, an attacker able to run arbitrary code as this user
could obtain the public IP with a get_info command.
· Vidalia is now run as a dedicated user.
· Remove the amnesia user from the debian-tor group.
· Remove the Vidalia launcher in the Applications menu.
The Vidalia instance it starts is useless, since it can't connect
to the Tor control port.
- Don't allow the desktop user to directly change persistence settings.
Else, an attacker able to run arbitrary code as this user could
leverage this feature to gain persistent root access, as long as
persistence is enabled.
· Fully rework the persistent filesystem and files ownership
and permissions.
· Run the Persistent Volume Assistant as a dedicated user, that is
granted the relevant udisks and filesystem -level credentials.
· At persistence activation time, don't trust existing persistence
configuration files, migrate to the new ownership and permissions,
migrate every known-safe existing settings and backup what's left.
Warn the user when not all persistence settings could be migrated.
· Persistent Volume Assistant uses the new ownership and permissions
scheme when initializing a new persistent volume, and refuses to
read persistence.conf if it, or the parent directory, hasn't the
expected permissions.
· Make boot medium 'system internal' for udisks with bilibop.
Once Tails is based on Wheezy, this will further complete the
protection (see #6172 for details).
* Upcoming release.
* Major new features
- Add a persistence preset for printing settings (Closes: #5686).
Reload CUPS configuration after persistence activation.
- Support SD card connected through a SDIO host adapter (Closes: #6324).
· Rebrand Tails USB installer to Tails installer.
· Display devices brand, model and size in the Installer
(Closes: #6292).
· Ask for confirmation before installing Tails onto a device
(Closes: #6293).
· Add support for SDIO and MMC block devices to the Tails Installer
(Closes: #5744) and the Persistent Volume Assistant (Closes: #6325).
· Arm the udev watchdog when booted from SD (plugged in SDIO) too
(Closes: #6327).
* Minor improvements
- Add a KeePassX launcher to the top GNOME panel (Closes: #6290).
- Rework bug reporting workflow: point the desktop launcher to
the troubleshooting page.
- Make /home world-readable at build time, regardless of the Git
working copy permissions. This makes the build process more robust
against strict umasks.
- Add signing capabilities to the tails-build script (Closes: #6267).
This is in turn used to sign ISO images built by our Jenkins setup
(Closes: #6193).
- Simplify the ikiwiki setup and make more pages translatable.
- Exclude the version string in GnuPG's ASCII armored output.
- Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting
data with GnuPG.
- Use the same custom Startpage search URL than the TBB.
This apparently disables the new broken "family" filter.
- Enable oldstable-proposed-updates APT sources to install packages
scheduled for the next Squeeze point-release. Accordingly update
APT pinning.
- Update AdBlock Plus patterns.
-- Tails developers <> Thu, 19 Sep 2013 15:59:43 +0200
* Test suite
- Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use.
- Adapt tests to match the Control Port access security fix:
· Take into account that the amnesia user isn't part of the debian-tor
group anymore.
· Run as root the checks to see if a process is running: this
is required to see other users' processes.
-- Tails developers <> Thu, 17 Oct 2013 14:13:27 +0200
tails (0.20.1) unstable; urgency=low
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment