Update changelog for 0.21~rc1.

17beb114 · Tails developers · fef84cf7 · 17beb114
Commit 17beb114 authored Oct 17, 2013 by Tails developers
--- a/debian/changelog
+++ b/debian/changelog
-tails (0.21) UNRELEASED; urgency=low
+tails (0.21~rc1) unstable; urgency=low
+
+  * Security fixes
+    - Don't grant access to the Tor control port for the desktop user
+      (amnesia). Else, an attacker able to run arbitrary code as this user
+      could obtain the public IP with a get_info command.
+      · Vidalia is now run as a dedicated user.
+      · Remove the amnesia user from the debian-tor group.
+      · Remove the Vidalia launcher in the Applications menu.
+        The Vidalia instance it starts is useless, since it can't connect
+        to the Tor control port.
+    - Don't allow the desktop user to directly change persistence settings.
+      Else, an attacker able to run arbitrary code as this user could
+      leverage this feature to gain persistent root access, as long as
+      persistence is enabled.
+      · Fully rework the persistent filesystem and files ownership
+        and permissions.
+      · Run the Persistent Volume Assistant as a dedicated user, that is
+        granted the relevant udisks and filesystem -level credentials.
+      · At persistence activation time, don't trust existing persistence
+        configuration files, migrate to the new ownership and permissions,
+        migrate every known-safe existing settings and backup what's left.
+        Warn the user when not all persistence settings could be migrated.
+      · Persistent Volume Assistant uses the new ownership and permissions
+        scheme when initializing a new persistent volume, and refuses to
+        read persistence.conf if it, or the parent directory, hasn't the
+        expected permissions.
+      · Make boot medium 'system internal' for udisks with bilibop.
+        Once Tails is based on Wheezy, this will further complete the
+        protection (see #6172 for details).

-  * Upcoming release.
+  * Major new features
+    - Add a persistence preset for printing settings (Closes: #5686).
+      Reload CUPS configuration after persistence activation.
+    - Support SD card connected through a SDIO host adapter (Closes: #6324).
+      · Rebrand Tails USB installer to Tails installer.
+      · Display devices brand, model and size in the Installer
+        (Closes: #6292).
+      · Ask for confirmation before installing Tails onto a device
+        (Closes: #6293).
+      · Add support for SDIO and MMC block devices to the Tails Installer
+        (Closes: #5744) and the Persistent Volume Assistant (Closes: #6325).
+      · Arm the udev watchdog when booted from SD (plugged in SDIO) too
+        (Closes: #6327).
+
+  * Minor improvements
+    - Add a KeePassX launcher to the top GNOME panel (Closes: #6290).
+    - Rework bug reporting workflow: point the desktop launcher to
+      the troubleshooting page.
+    - Make /home world-readable at build time, regardless of the Git
+      working copy permissions. This makes the build process more robust
+      against strict umasks.
+    - Add signing capabilities to the tails-build script (Closes: #6267).
+      This is in turn used to sign ISO images built by our Jenkins setup
+      (Closes: #6193).
+    - Simplify the ikiwiki setup and make more pages translatable.
+    - Exclude the version string in GnuPG's ASCII armored output.
+    - Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting
+      data with GnuPG.
+    - Use the same custom Startpage search URL than the TBB.
+      This apparently disables the new broken "family" filter.
+    - Enable oldstable-proposed-updates APT sources to install packages
+      scheduled for the next Squeeze point-release. Accordingly update
+      APT pinning.
+    - Update AdBlock Plus patterns.

- -- Tails developers <tails@debian.org>  Thu, 19 Sep 2013 15:59:43 +0200
+  * Test suite
+    - Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use.
+    - Adapt tests to match the Control Port access security fix:
+      · Take into account that the amnesia user isn't part of the debian-tor
+        group anymore.
+      · Run as root the checks to see if a process is running: this
+        is required to see other users' processes.
+
+ -- Tails developers <tails@boum.org>  Thu, 17 Oct 2013 14:13:27 +0200

 tails (0.20.1) unstable; urgency=low