Commit 3584ab6c authored by Tails developers's avatar Tails developers
Browse files

Merge branch 'master' into devel

parents 67ccb11d 71b70a1c
This diff is collapsed.
tails (0.8) unstable; urgency=low
* Rebase on the Debian Squeeze 6.0.2.1 point-release.
* Tor
- Update to 0.2.2.33-1.
- Disabled ControlPort in favour of ControlSocket.
- Add port 6523 (Gobby) to Tor's LongLivedPorts list.
* I2P
- Update to 0.8.8.
- Start script now depends on HTP since I2P breaks if the clock jumps or is
too skewed during bootstrap.
* Iceweasel
- Update to 3.5.16-9 (fixes CVE-2011-2374, CVE-2011-2376, CVE-2011-2365,
CVE-2011-2373, CVE-2011-2371, CVE-2011-0083, CVE-2011-2363, CVE-2011-0085,
CVE-2011-2362, CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984,
CVE-2011-2983).
- Enable HTTP pipelining (like TBB).
- Update HTTPS Everywhere extension to 1.0.1-1 from Debian unstable.
- Suppress FoxyProxy update prompts.
- Prevent FoxyProxy from "phoning home" after a detected upgrade.
- Fixed a bunch of buggy regular expressions in FoxyProxy's configuration.
See [[bugs/exploitable_typo_in_url_regex?]] for details. Note that none of
these issues are critical due to the transparent proxy.
- Add DuckDuckGo SSL search engine.
* Torbutton
- Update to torbutton 1.4.3-1 from Debian unstable.
- Don't show Torbutton status in the status bar as it's now displayed in the
toolbar instead.
* Pidgin
- More random looking nicks in pidgin.
- Add IRC account on chat.wikileaks.de:9999.
* HTP
- Upgrade htpdate script (taken from Git 7797fe9) that allows setting wget's
--dns-timeout option.
* Software
- Update Linux to 3.0.0-1. -686 is now deprecated in favour of -486 and
-686-pae; the world is not ready for -pae yet, so we now ship -486.
- Update OpenSSL to 0.9.8o-4squeeze2 (fixes CVE-2011-1945 (revoke
compromised DigiNotar certificates), CVE-2011-1945).
- Update Vidalia to 0.2.14-1+tails1 custom package.
- Install accessibility tools:
- gnome-mag: screen magnifier
- gnome-orca: text-to-speech
- Replace the onBoard virtual keyboard with Florence.
- Install the PiTIVi non-linear audio/video editor.
- Install ttdnsd.
- Install tor-arm.
- Install lzma.
* Arbitrary DNS queries
- Tor can not handle all types of DNS queries, so if the Tor resolver fails
we fallback to ttdnsd. This is now possible with Tor 0.2.2.x, since we
fixed Tor bug #3369.
* Hardware support
- Install ipheth-utils for iPhone tethering.
- Install xserver-xorg-input-vmmouse (for mouse integration with the host OS
in VMWare and KVM).
- Install virtualbox-ose 4.x guest packages from Debian backports.
* Miscellaneous
- Switch gpg to use keys.indymedia.org's hidden service, without SSL.
The keys.indymedia.org SSL certificate is now self-signed. The hidden
service gives a good enough way to authenticate the server and encrypts
the connection, and just removes the certificates management issue.
- The squashfs is now compressed using XZ which reduces the image size quite
drastically.
- Remove Windows autorun.bat and autorun.inf. These files did open a static
copy of our website, which is not accessible any longer.
* Build system
- Use the Git branch instead of the Debian version into the built image's
filename.
- Allow replacing efficient XZ compression with quicker gzip.
- Build and install documentation into the chroot (-> filesystem.squashfs).
Rationale: our static website cannot be copied to a FAT32 filesystem due
to filenames being too long. This means the documentation cannot be
browsed offline from outside Tails. However, our installer creates GPT
hidden partitions, so the doc would not be browseable from outside Tails
anyway. The only usecase we really break by doing so is browsing the
documentation while running a non-Tails system, from a Tails CD.
-- Tails developers <amnesia@boum.org> Thu, 09 Sep 2011 11:31:18 +0200
tails (0.7.2) unstable; urgency=high
* Iceweasel
......
Um, I would be very grateful if you included option for using KDE and TorK ( http://sourceforge.net/projects/tork/ )
Opinions on KDE might ... differ, but TorK is definitely better Vidalia.
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-04-12 04:25-0600\n"
"POT-Creation-Date: 2011-09-13 03:32-0600\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -105,3 +105,44 @@ msgid ""
"Then try to boot again, and append the end of the boot log (or what seems to "
"be relevant to your problem) to your bug report."
msgstr ""
#. type: Title -
#, no-wrap
msgid "No internet access\n"
msgstr ""
#. type: Plain text
msgid ""
"The WhisperBack bug reporting tool (accessed from the Tails desktop) can of "
"course not send the bug report when there is not internet access. The "
"following steps can be used as a work-around (Note that your bug report will "
"not be anonymous unless you take further steps yourself (e.g. using Tor with "
"a throw-away email account)):"
msgstr ""
#. type: Bullet: '1. '
msgid "In Tails, start the bug reporting tool"
msgstr ""
#. type: Bullet: '2. '
msgid "In the bug report window, expand \"technical details to include\""
msgstr ""
#. type: Bullet: '3. '
msgid "Copy everything in the \"debugging info\" box"
msgstr ""
#. type: Bullet: '4. '
msgid "Paste it to another document (using gedit for instance)"
msgstr ""
#. type: Bullet: '5. '
msgid "Save the document on a USB strick"
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
"6. Boot into a system with working networking and send the debugging\n"
"info to us.\n"
msgstr ""
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-04-12 04:25-0600\n"
"POT-Creation-Date: 2011-09-13 03:32-0600\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -105,3 +105,44 @@ msgid ""
"Then try to boot again, and append the end of the boot log (or what seems to "
"be relevant to your problem) to your bug report."
msgstr ""
#. type: Title -
#, no-wrap
msgid "No internet access\n"
msgstr ""
#. type: Plain text
msgid ""
"The WhisperBack bug reporting tool (accessed from the Tails desktop) can of "
"course not send the bug report when there is not internet access. The "
"following steps can be used as a work-around (Note that your bug report will "
"not be anonymous unless you take further steps yourself (e.g. using Tor with "
"a throw-away email account)):"
msgstr ""
#. type: Bullet: '1. '
msgid "In Tails, start the bug reporting tool"
msgstr ""
#. type: Bullet: '2. '
msgid "In the bug report window, expand \"technical details to include\""
msgstr ""
#. type: Bullet: '3. '
msgid "Copy everything in the \"debugging info\" box"
msgstr ""
#. type: Bullet: '4. '
msgid "Paste it to another document (using gedit for instance)"
msgstr ""
#. type: Bullet: '5. '
msgid "Save the document on a USB strick"
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
"6. Boot into a system with working networking and send the debugging\n"
"info to us.\n"
msgstr ""
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2011-04-12 04:25-0600\n"
"POT-Creation-Date: 2011-09-13 03:32-0600\n"
"PO-Revision-Date: 2011-03-25 12:39+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -123,3 +123,44 @@ msgid ""
msgstr ""
"Ensuite, essayez de redémarrer, et ajoutez la fin du journal de démarrage "
"(ou ce qui semble correspondre à votre problème) à votre rapport de bug."
#. type: Title -
#, no-wrap
msgid "No internet access\n"
msgstr ""
#. type: Plain text
msgid ""
"The WhisperBack bug reporting tool (accessed from the Tails desktop) can of "
"course not send the bug report when there is not internet access. The "
"following steps can be used as a work-around (Note that your bug report will "
"not be anonymous unless you take further steps yourself (e.g. using Tor with "
"a throw-away email account)):"
msgstr ""
#. type: Bullet: '1. '
msgid "In Tails, start the bug reporting tool"
msgstr ""
#. type: Bullet: '2. '
msgid "In the bug report window, expand \"technical details to include\""
msgstr ""
#. type: Bullet: '3. '
msgid "Copy everything in the \"debugging info\" box"
msgstr ""
#. type: Bullet: '4. '
msgid "Paste it to another document (using gedit for instance)"
msgstr ""
#. type: Bullet: '5. '
msgid "Save the document on a USB strick"
msgstr ""
#. type: Plain text
#, no-wrap
msgid ""
"6. Boot into a system with working networking and send the debugging\n"
"info to us.\n"
msgstr ""
......@@ -44,3 +44,20 @@ that a bunch of hopefully useful messages are displayed on boot.
Then try to boot again, and append the end of the boot log (or what
seems to be relevant to your problem) to your bug report.
No internet access
------------------
The WhisperBack bug reporting tool (accessed from the Tails desktop)
can of course not send the bug report when there is not internet
access. The following steps can be used as a work-around (Note that
your bug report will not be anonymous unless you take further steps
yourself (e.g. using Tor with a throw-away email account)):
1. In Tails, start the bug reporting tool
2. In the bug report window, expand "technical details to include"
3. Copy everything in the "debugging info" box
4. Paste it to another document (using gedit for instance)
5. Save the document on a USB strick
6. Boot into a system with working networking and send the debugging
info to us.
......@@ -8,5 +8,4 @@ was released. If HTP fails a first time, and if the current time clock
is different by more than 6 (?) months, we start by setting the time
clock to the live system release before attempting HTP once more.
This issue will be fixed when
[[todo/remove_the_htp_user_firewall_exception]] is implemented.
> [[done]] in Tails 0.8
Torbutton's "warning, an external application will be run, you'd be
safer using Tails" dialog should not be displayed when running Tails.
> Fixed in Git stable and devel branches => [[pending]].
> [[done]] in Tails 0.8
......@@ -5,3 +5,5 @@ As of Tails 0.7, it is too easy to shutdown Tails. It shuts down, without waitin
>> I'm against changing this. It's a feature; when necessary, you can
>> just grab your media and run without having any secon thoughts. A
>> confirmation prompt would be dangerious. --anonym
>>> We reached agreement to close this bug as invalid. [[done]]
......@@ -83,8 +83,8 @@ Of course, that still allows requests for invalid names like "http://...---...i2
Many apologies if my English is unclear: please feel free to ask for clarification on any points.
> Thanks! All this was fixed in the devel branch (41ee709)
> => [[!taglink pending]]
> Thanks! All this was fixed in the devel branch (41ee709).
>> [[done]] in Tails 0.8
>> Thanks for the update, and for fixing up my markup - I learned
>> stuff! :D Is the devel branch publicly available on some SVN
......
......@@ -3,4 +3,4 @@ supported method yet), shell syntax errors are spitted out by one of
the scripts supposed to arm the udev sdmem watchdog, which is not
started indeed. Memory is hence not wiped on boot medium removal.
> Fixed in devel branch => [[pending]].
> [[done]] in Tails 0.8
In Tails 0.8-rc2, the msva does not use the configured keyserver but
pool.sks-keyservers.net.
`.xsession-errors` says:
Not a valid keyserver (from gpg config /home/amnesia/.gnupg/gpg.conf):
hkp://2eghzlv2wwcq7u7y.onion
[Reported upstream](https://labs.riseup.net/code/issues/3457).
In Tails 0.8-rc1, sdmem on eject works when booting from USB, but has
no visible effect when booting from CD.
The problems seem to have something to to with udev not sending events
(e.g. the "change" uevent we wait for) until the device is unmounted.
The following was tested on a secondary CD-ROM drive (so not the boot
device which may or may not invalidate this theory):
1. Insert a CD in the seconday CD-ROM drive (say it's /dev/sr1) and
mount it.
2. Run: udev-watchdog <udev path for /dev/sr1> cd
3. Eject the CD.
4. Observe that the watchdog sees nothing and that the device remains
mounted. Trying to access the mounted filesystem will produce I/O
errors.
4. Run: umount /dev/sr1
5. Observe that the watchdog finally sees the "change" action.
Furthermore, in lack of hardware, I tested this in VirtualBox, which
may behave different than real hardware. So YMMV.
When building 0.8-rc1 with the stable kernel (2.6.32-5-486) this issue
does not arise, which suggests that the issue is with the linux kernel
and was introduced somewhere after 2.6.32. Otoh, on my up-to-date
wheezy system (linux 3.0.0-1-amd64, udev 172-1, etc.) I do not have
this issue using udev-watchdog, wich could suggest a compatibility
issue with some other package (we also have i386 vs amd64, of course).
Updating to unstable's udev (172-1) in hope of it playing better with
linux 3.0.0-1 from unstable did not solve the issue either, however.
> Indeed, linux 2.6.38-rc1 [[reworked disk event handling|http://lwn.net/Articles/423619/]]
> and adds block.events_dfl_poll_msecs that can be used to set the
> interval for polling block devices for events. This does not seem
> to work properly though: settings it to 1000 makes it work in
> VirtualBox with its virtual CD-ROM drive, but no value seems to work
> on the one real machine I have available with a CD-ROM drive.
>> This was half-workaround'd for 0.8 => the eject button now triggers
>> shutdown/sdmem sequence, but the CD is not ejected, which is a
>> regression.
>>> Should be fixed in d5353b5 in devel.
......@@ -11,4 +11,4 @@ apt-get install rar unrar
seems to work now.
> Duplicate of [[todo/Add_rar_in_tails]], which is [[pending]].
> Duplicate of [[todo/Add_rar_in_tails]], which is [[done]].
......@@ -959,16 +959,19 @@ stored there), history is disabled (just in case) and many other
things. It is also setup not to automatically check for updates of its
installed extensions. Java support is disabled.
Iceweasel is shipped with some extensions to help users manage
their browsing experience. The
[CS Lite](https://addons.mozilla.org/fr/firefox/addon/5207/)
extension treats all cookies as session cookies by default, and
provides more fine-grained cookie control for users who need it. This
prevents the known leak of browsing informations cookies can lead to.
The [Adblock plus](https://addons.mozilla.org/fr/firefox/addon/1865/)
extension protects against many tracking possibilities by
removing most ads. The [FireGPG](http://getfiregpg.org/) plugin allows
users to use GnuPG inside websites such as webmails.
Iceweasel is shipped with some extensions to help users manage their
browsing experience. The Torbutton settings treat all cookies as
session cookies by default; the [CS
Lite](https://addons.mozilla.org/fr/firefox/addon/5207/)
(until Tails 0.8) (PENDING-FOR-0.9 [Cookie
Monster](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster))
provides more
fine-grained cookie control for users who need it. This prevents the
known leak of browsing informations cookies can lead to. The [Adblock
plus](https://addons.mozilla.org/fr/firefox/addon/1865/) extension
protects against many tracking possibilities by removing most ads. The
[FireGPG](http://getfiregpg.org/) plugin allows users to use GnuPG
inside websites such as webmails.
Tails ships the [HTTPS
Everywhere](https://www.eff.org/https-everywhere) extension that
......
......@@ -8,7 +8,6 @@ lookups through the Tor network using the `DNSPort` configured in
the single reason for its presence is the improvement of performance
brought by its caching feature.
**PENDING-FOR-0.8**:
But the Tor DNS resolver lacks support for most types of DNS queries
except "A", so pdnsd is configured to query the Tor resolver first,
and fallback to [ttdnsd](https://www.torproject.org/ttdnsd/) if the
......
......@@ -17,9 +17,9 @@ Merge the `master` branch into the one used to build the release.
### version number
In the branch used to build the release, update the `inc/*` files to match the
version number of the new release. Don't update `/inc/stable_i386_hash.html`
since the hash can't be computed yet.
In the branch used to build the release, update the `inc/*` files to
match the *version number* and *date* of the new release. Don't update
`/inc/stable_i386_hash.html` since the hash can't be computed yet.
### design documentation
......
......@@ -93,6 +93,13 @@ Check the output for:
EHLO/HELO SMTP messages it sends). Send an email using Claws and a
non-anonymizing SMTP relay. Then check that email's headers once
received, especially the `Received:` and `Message-ID:` ones.
* Also check that the EHLO/HELO SMTP message is not leaking anything
with a packet sniffer: Disable SSL/TLS for SMTP in Claws (so take
recations for not leaking you password in plaintext by either
chaning it temporarily or using a disposable account). Then run
"sudo tcpdump -i lo -w dump" so we capture the packet before Tor
encrypts it, and check the dump for the HELO/EHLO message and
verify that it only contains "localhost".
# Whisperback
......@@ -104,17 +111,16 @@ Check the output for:
Those tests shall be run using GnuPG on the command-line, the
Seahorse GUI and FireGPG:
* key search/receive: torified? going to the configured hkps://
server?
* key search/receive: torified? going to the configured keyserver?
- `gpg --search` tells what server it is connecting to
- the IP of the configured keyserver must appear in Vidalia's list
of connections
- the connection to the configured keyserver must appear in Vidalia's
list of connections
- if you run a keyserver, have a look there.
# Monkeysphere
* Monkeysphere validation agent key search/receive: torified?
(the MSVA is simply not working currently, ignore this.)
* Monkeysphere validation agent key search/receive: torified? uses
configured keyserver?
# HTP
......@@ -127,11 +133,7 @@ Seahorse GUI and FireGPG:
4. connect the network cable
=> the date should be corrected and Tor/Vidalia should start
correctly. Except it does not work currently as the queried servers'
SSL certificates are invalid if the date is too much wrong
=> also test with a slightly less wrong date, which is supposed to
work already.
correctly.
# erase memory on shutdown
......@@ -144,6 +146,11 @@ Testing that the needed files are really mapped in memory, and the
erasing process actually works, involves slightly more complicated
steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].
# Virtualization support
* `modinfo vboxguest` should work
* test in VirtualBox
# Misc
* Check that links to the online website (`Mirror:`) at the bottom of
......@@ -159,3 +166,5 @@ steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].
* Boot and check basic functionality is working for every supported language.
* Try to start with the `truecrypt` option on boot, see if it can be found in
the Application -> Accessories menu and that it runs correctly
* Virtual keyboard must work and be auto-configured to use the same
keyboard layout as the X session.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment