Commit 4cedca66 authored by Tails developers's avatar Tails developers
Browse files

Merge branch 'stable'

parents ca6e637c ad13bdac
......@@ -35,7 +35,7 @@ $RUN_LB_CONFIG \
--memtest none \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-3.16-3" \
--linux-packages="linux-image-3.16.0-4" \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
......@@ -47,7 +47,7 @@ hw_arch="`dpkg --print-architecture`"
if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
$RUN_LB_CONFIG \
--architecture i386 \
--linux-flavours "486 amd64" \
--linux-flavours "586 amd64" \
${@}
# build powerpc images on powerpc64 as well, include only powerpc kernel
elif [ "$hw_arch" = powerpc -o "$hw_arch" = powerpc64 ]; then
......
This diff is collapsed.
......@@ -30,10 +30,18 @@ Package: florence
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
Package: hopenpgp-tools
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: iproute2
Pin: origin o=Debian Backports,n=wheezy-backports
Pin-Priority: -1
Package: libffi6
Pin: release o=Debian,n=jessie
Pin-Priority: 999
Package: poedit
Pin: release o=Debian Backports,n=wheezy-backports
Pin-Priority: 999
......@@ -114,7 +122,7 @@ Package: linux-compiler-gcc-4.8-x86
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-486
Package: linux-headers-586
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -126,23 +134,23 @@ Package: linux-headers-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.16-3-common
Package: linux-headers-3.16.0-4-common
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.16-3-486
Package: linux-headers-3.16.0-4-586
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.16-3-686-pae
Package: linux-headers-3.16.0-4-686-pae
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.16-3-amd64
Package: linux-headers-3.16.0-4-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-486
Package: linux-image-586
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -154,15 +162,15 @@ Package: linux-image-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.16-3-486
Package: linux-image-3.16.0-4-586
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.16-3-686-pae
Package: linux-image-3.16.0-4-686-pae
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.16-3-amd64
Package: linux-image-3.16.0-4-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -231,10 +239,6 @@ Package: *
Pin: release o=Debian,n=wheezy-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=wheezy-proposed-updates
Pin-Priority: 990
Package: *
Pin: release o=Debian,n=wheezy
Pin-Priority: 990
......
......@@ -216,3 +216,4 @@ chmod -R a+rX "${TBB_INSTALL}" "${TBB_PROFILE}" "${TBB_EXT}"
# Make the Tor Browser into the system's default web browser
update-alternatives --install /usr/bin/x-www-browser x-www-browser /usr/local/bin/tor-browser 99
update-alternatives --install /usr/bin/gnome-www-browser gnome-www-browser /usr/local/bin/tor-browser 99
sed -i 's/\<iceweasel\.desktop\>/tor-browser.desktop/' /etc/gnome/defaults.list
......@@ -17,7 +17,11 @@ for langpack in "${TBB_EXT}"/langpack-*@firefox.mozilla.org.xpi; do
apt-get download "${pkg}"
ar x "${pkg}"*.deb
path_to_searchplugins=etc/iceweasel/searchplugins/locale/"${locale}"
tar xf data.tar.* --wildcards ./"${path_to_searchplugins}"/wikipedia-'*'.xml
tar xf data.tar.* ./"${path_to_searchplugins}"
rm -f "${path_to_searchplugins}"/amazon*.xml \
"${path_to_searchplugins}"/bing*.xml \
"${path_to_searchplugins}"/eBay*.xml \
"${path_to_searchplugins}"/yahoo*.xml
mkdir -p "${LOCALIZED_PLUGINS_DIR}"/"${locale}"
cp "${path_to_searchplugins}"/* "${LOCALIZED_PLUGINS_DIR}"/"${locale}"
cd /
......
......@@ -25,6 +25,7 @@ memlockd
network-manager
plymouth
polipo
pulseaudio
resolvconf
saned
spice-vdagent
......
#
# This is an implementation of the Riseup OpenPGP Best Practices
# https://help.riseup.net/en/security/message-security/openpgp/best-practices
#
#-----------------------------
# default key
#-----------------------------
# The default key to sign with. If this option is not used, the default key is
# the first key found in the secret keyring
#default-key 0xD8692123C4065DEA5E0F3AB5249B39D24F25E3B6
#-----------------------------
# behavior
#-----------------------------
# Disable inclusion of the version string in ASCII armored output
no-emit-version
# Disable comment string in clear text signatures and ASCII armored messages
no-comments
# Display long key IDs
keyid-format 0xlong
# List all keys (or the specified ones) along with their fingerprints
with-fingerprint
# Display the calculated validity of user IDs during key listings
list-options show-uid-validity
verify-options show-uid-validity
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
# the agent before it asks for a passphrase.
use-agent
#-----------------------------
# keyserver
#-----------------------------
# This is the server that --recv-keys, --send-keys, and --search-keys will
# communicate with to receive keys from, send keys to, and search for keys on
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options ca-cert-file=/etc/ssl/certs/sks-keyservers.netCA.pem
keyserver-options http-proxy=http://127.0.0.1:8118/ no-honor-keyserver-url
personal-cipher-preferences AES256,AES192,AES,CAST5
personal-digest-preferences SHA512,SHA384,SHA256
# Provide a certificate store to override the system default
# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem
keyserver-options ca-cert-file=/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem
# Set the proxy to use for HTTP and HKP keyservers - default to the standard
# local Tor socks proxy
# It is encouraged to use Tor for improved anonymity. Preferrably use either a
# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and
# IsolateDestAddr
keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050
# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846
keyserver-options no-try-dns-srv
# When using --refresh-keys, if the key in question has a preferred keyserver
# URL, then disable use of that preferred keyserver to refresh the key from
keyserver-options no-honor-keyserver-url
# When searching for a key with --search-keys, include keys that are marked on
# the keyserver as revoked
keyserver-options include-revoked
#-----------------------------
# algorithm and ciphers
#-----------------------------
# list of personal digest preferences. When multiple digests are supported by
# all recipients, choose the strongest one
personal-cipher-preferences AES256 AES192 AES CAST5
# list of personal digest preferences. When multiple ciphers are supported by
# all recipients, choose the strongest one
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
# message digest algorithm used when signing a key
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
use-agent
no-auto-key-locate
no-emit-version
# This preference list is used for new keys and becomes the default for
# "setpref" in the edit menu
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
......@@ -4,8 +4,6 @@ pref("extensions.torbutton.banned_ports", "631,6136,4444,4445,6668,7656,7657,765
pref("extensions.torbutton.custom.socks_host", "127.0.0.1");
pref("extensions.torbutton.custom.socks_port", 9150);
pref("extensions.torbutton.launch_warning", false);
pref("extensions.torbutton.loglevel", 2);
pref("extensions.torbutton.logmethod", 0);
pref("extensions.torbutton.settings_method", "custom");
pref("extensions.torbutton.socks_port", 9150);
pref("extensions.torbutton.use_privoxy", false);
......
#!/bin/sh
Install_TrueCrypt ()
{
# Only install TrueCrypt when "truecrypt" appers on kernel command line
grep -qw "truecrypt" /proc/cmdline || return 0
echo "- Installing TrueCrypt"
# Create temporary directory to extract upstream tarball
TMPDIR=$(mktemp -d) || return 1
trap "rm -rf '$TMPDIR'" EXIT
# Find upstream tarball
UPSTREAM_TARBALL="$(find /usr/share/amnesia -type f \
-name 'truecrypt-*-linux-x86.tar.gz' | sort -n | tail -n 1)"
# Unpack upstream tarball and lookup setup binary
INSTALLER="$(tar -C "$TMPDIR" -zvxf "$UPSTREAM_TARBALL" | grep -- '-setup-x86$')"
expect >/var/log/truecrypt-installer.log <<-EOF
set timeout 30
spawn "$TMPDIR/$INSTALLER"
expect "To select, enter 1 or 2:"
send "1\n"
expect "Press Enter to display the license terms..."
send "\n"
expect "\n:"
send "q"
expect "Do you accept and agree to be bound by the license terms? (yes/no):"
send "yes\n"
expect "Press Enter to exit..."
send "\n"
EOF
# Activate TrueCrypt deprecation wrapper
cp /usr/share/tails/truecrypt-wrapper.disabled /usr/local/bin/truecrypt
# Monkey patch the truecrypt.desktop file to show the greeter
sed -i 's,/usr/bin/truecrypt,/usr/local/bin/truecrypt,' /usr/share/applications/truecrypt.desktop
}
Install_TrueCrypt
......@@ -276,9 +276,10 @@ sub set_clipboards_text {
# is supposed to need input encoded in UTF-8. But it seems like the Perl
# bindings encode it, and we need to pass a string of chars instead of bytes.
foreach (all_clipboards()) {
$_->set_text($encoded_text);
$_->set_text($text);
}
# GTK fails setting the primary selection above, so let's use xclip :/
# xclip needs encoded text.
open(my $xclip, '| xclip') or die "Error opening pipe to xclip";
print $xclip $encoded_text or die "Error copying data to X clipboard";
close $xclip or die "Error closing pipe to xclip";
......
/etc/ssl/certs/sks-keyservers.netCA.pem
\ No newline at end of file
......@@ -43,7 +43,8 @@ class ProfileProcessor(ProcessEvent):
self.add_file(event.pathname)
def process_IN_ACCESS(self, event):
self.add_file(event.pathname)
if not event.dir:
self.add_file(event.pathname)
def process_IN_CREATE(self, event):
self.ignore_file(event.pathname)
......
......@@ -14,7 +14,6 @@ export TEXTDOMAIN
. /usr/local/lib/tails-shell-library/i2p.sh
ROFS=/lib/live/mount/rootfs/filesystem.squashfs
CONF_DIR=/var/lib/i2p-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
......@@ -98,9 +97,25 @@ setup_chroot () {
trap cleanup INT
trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`"
......
......@@ -9,7 +9,6 @@ LOCK=/var/lock/${CMD}
TEXTDOMAIN="tails"
export TEXTDOMAIN
ROFS=/lib/live/mount/rootfs/filesystem.squashfs
CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot
......@@ -98,9 +97,25 @@ setup_chroot () {
trap cleanup INT
trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`"
......
......@@ -6,4 +6,4 @@ Categories=Network;
Icon=/usr/local/lib/tor-browser/browser/icons/mozicon128.png
Terminal=false
Type=Application
Exec=/usr/local/bin/tor-browser
Exec=/usr/local/bin/tor-browser %u
40214c8c396a16acebd2cfa55807ebaa420a37ff1d7c4b6ac183c71b208eacd3 tor-browser-linux32-4.0_ar.tar.xz
aa96c1fb30c142ea70a51c06dd2be64ae07dd29d85e362473330a2b060af4d78 tor-browser-linux32-4.0_de.tar.xz
b2fad95b8f20f09ce2ad9bb638e66b7790e91ce8ca14faea56a5ab0495504c22 tor-browser-linux32-4.0_en-US.tar.xz
2985e83bef151527fa04c34aa3d02d88effb0285b51711e8fc344c75382e237b tor-browser-linux32-4.0_es-ES.tar.xz
18866e5813e009188e5faabe57ff4bd7c38703f4c9e60aab9623d57d3dec0b8c tor-browser-linux32-4.0_fa.tar.xz
621cf15714fa7ec8b7a3b462715ba6d4850d5b40ed56a049d35dc7cb241f81a9 tor-browser-linux32-4.0_fr.tar.xz
5f810083a9f2654da1bed77a3258838ade898500fef913f95e318023b325b2cd tor-browser-linux32-4.0_it.tar.xz
7e946cb84fe37c5e2c8939e0f56dc92b1cb5b27eb41a991fca041fd8fe4679cd tor-browser-linux32-4.0_ko.tar.xz
24bdeeaed21bddcf75a062173b7b366fd26a1244065d961236199e388a6563c2 tor-browser-linux32-4.0_nl.tar.xz
210d6ec704e6a0636e866436062b1639814d7ff979d2fb96dc5b2f3a081c7714 tor-browser-linux32-4.0_pl.tar.xz
281a54210efaf9da7e4df7469d4efa0fdebe6163fad2aa688edaeb48d13d418d tor-browser-linux32-4.0_pt-PT.tar.xz
9c9e9ed287e51c2e265b331ac6bad8e0a44706ed7a1ec128312d9b95b64e66ea tor-browser-linux32-4.0_ru.tar.xz
b771d4fa62a7ea5ee16965ebd1cedb9470bbe801fb9c58c617710e0ea5e8837d tor-browser-linux32-4.0_tr.tar.xz
d645ec6e8704bc2a58c258cdf51deb0c58bba8783883052df997255373f6a588 tor-browser-linux32-4.0_vi.tar.xz
e41fb3dfe6464d45be8a8a40d6f80ab0806336161e3dfefeefa42437d870c932 tor-browser-linux32-4.0_zh-CN.tar.xz
3038430abae8be9e4c750311332d101035a05698df33c9cd1e1f4caf86354ef1 tor-browser-linux32-4.0.2_ar.tar.xz
45473a6d262d84d0f52b35a036301d35c412f072a5495b62de9bbe7a25623e79 tor-browser-linux32-4.0.2_de.tar.xz
3e4f9d08c4b194cbe9efd879e25c1581c6f58b6bd034ce037aae479edb9ab0b3 tor-browser-linux32-4.0.2_en-US.tar.xz
ef648c5971dd2987747bd833dc45493bfb5a7b0e58caca69ca2f535c58c4a052 tor-browser-linux32-4.0.2_es-ES.tar.xz
f7b5badc65519e9b3e31289415180a451dd4c1a6839d37de0a4fb2d64515f380 tor-browser-linux32-4.0.2_fa.tar.xz
d59369130530bfa1e9b962f593d7042285014644da06e6f6e62018256fb4950c tor-browser-linux32-4.0.2_fr.tar.xz
5f26e3b5478ad7bef56f6ecd5c3b6ee71324aabacf4d3f1751fa67e2c12a9abc tor-browser-linux32-4.0.2_it.tar.xz
16786224af7ec671d2526d08438082e0fd0f1f3346f91fba4b5d4eb78ee0451b tor-browser-linux32-4.0.2_ko.tar.xz
7b7a2b2b4fcdc1925e910628d558b8b51c54c8ef751136c782fa4a997d0fadb0 tor-browser-linux32-4.0.2_nl.tar.xz
361a93a91c0445d41974c57cd43f91a02d734ffd820c72a2a4c3d3a91ec0a0fb tor-browser-linux32-4.0.2_pl.tar.xz
bf7ba77b2f711d6ef106ae927fef96e83df59d581db54661ee37709aabbb5fdb tor-browser-linux32-4.0.2_pt-PT.tar.xz
9eafcb51a79b076ab22ba581976e646c1a8b6e67b95987ddfc0b7a5e31ba1229 tor-browser-linux32-4.0.2_ru.tar.xz
684be583d0020d3d3667699965f5c0ba01d8fbe71abfb0d1f240e1d936767de2 tor-browser-linux32-4.0.2_tr.tar.xz
1701e9414f676f880b2256ff00940af1f3d7070825a530e210251360d43a83aa tor-browser-linux32-4.0.2_vi.tar.xz
2969c05faf3de2f9660a8f38cfb1ba2a7e81a91eafb7155ebdcbc0f95f040375 tor-browser-linux32-4.0.2_zh-CN.tar.xz
#!/bin/sh
# Deprecation wrapper for TrueCrypt
#
# This file will be installed in /usr/bin if TrueCrypt is enabled at boot
. gettext.sh
TEXTDOMAIN="tails"
export TEXTDOMAIN
zenity --warning --title="`gettext \"TrueCrypt will be removed in Tails 1.2.1\"`" \
--text="`gettext \"TrueCrypt is no longer maintained and is said to be insecure by its own authors. Therefore, it will be removed in Tails 1.2.1 (November 25). We recommend that you learn how to <a href='file:///usr/share/doc/tails/website/doc/encryption_and_privacy/truecrypt.en.html#cryptsetup'>open TrueCrypt volumes with cryptsetup</a> as soon as possible.\"`"
exec /usr/bin/truecrypt
......@@ -24,8 +24,6 @@ liblwp-protocol-socks-perl
libnet-ssleay-perl
libwww-perl
libxml-atom-perl
# needed by our TrueCrypt installer wrapper
expect
# needed by the upcoming virtualization environment warning
virt-what
# needed by htpdate
......@@ -140,6 +138,7 @@ haveged
# needed by laptop-mode-tools to spin-down hard drives
hdparm
hledger
hopenpgp-tools
inkscape
ipheth-utils
iptables
......@@ -217,6 +216,8 @@ sshfs
# ships the *.c32 modules in syslinux 6.x packaging
syslinux-common
syslinux-efi
# ships isohybrid in syslinux 6.x packaging
syslinux-utils
system-config-printer
systemd
synaptic
......@@ -403,6 +404,7 @@ wireless-regdb
### Automated test suite
python-serial
xdotool
i2p
# Prevent java 6 from being installed
......
--- a/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:47:51.945948920 +0100
+++ b/etc/apparmor.d/usr.bin.pidgin 2014-10-30 17:48:29.273511368 +0100
@@ -46,6 +46,7 @@
/usr/bin/gvfs-open rmix,
/usr/bin/pidgin r,
/usr/bin/xdg-open rmix,
+ /usr/local/bin/tor-browser rmUx,
/usr/share/gnome/applications/ r,
/usr/share/glib-2.0/schemas/gschemas.compiled r,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment