Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
tails
tails
Commits
58f005b5
Commit
58f005b5
authored
Apr 15, 2017
by
segfault
Browse files
Merge commit '
70091e58
' (Tails 3.0~beta3 release) into feature/5688-tails-server
parents
e8adad89
70091e58
Changes
503
Expand all
Hide whitespace changes
Inline
Side-by-side
config/chroot_local-includes/usr/share/applications/i2p-browser.desktop.in
deleted
100644 → 0
View file @
e8adad89
[Desktop Entry]
Categories=Network;
_Comment=Anonymous overlay network browser
Exec=sudo /usr/local/sbin/i2p-browser
Icon=/usr/share/i2p/eepsite/docroot/favicon.ico
_Name=I2P Browser
_GenericName=Anonymous overlay network browser
Terminal=false
Type=Application
config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js
View file @
58f005b5
...
...
@@ -5,7 +5,7 @@ pref("extensions.update.enabled", false);
// Disable fetching of the new tab page's Tiles links/ads. Ads are
// generally unwanted, and also the fetching is a "phone home" type of
// feature that generates traffic at least the first time the browser
// is started.
It won't work in e.g. the I2P Browser, too.
// is started.
pref
(
"
browser.newtabpage.directory.source
"
,
""
);
pref
(
"
browser.newtabpage.directory.ping
"
,
""
);
// ... and disable the explanation shown the first time
...
...
config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css
View file @
58f005b5
@namespace
url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul")
;
/* Hide Firefox Sync options. It will
not work with the I2P Brow
se
r
and will only promote unsupported use
cases for the Unsafe Browser. */
/* Hide Firefox Sync options. It will
only promote unsupported u
se
cases for the Unsafe Browser. */
#BrowserPreferences
radio
[
pane
=
"paneSync"
],
#sync-button
,
#sync-menu-button
,
...
...
@@ -15,16 +15,14 @@
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
restart, which is just confusing. */
#menu_openApps
,
#menu_openAddons
,
/* traditional menu */
#add-ons-button
,
/* new style Firefox menu */
#wrapper-add-ons-button
,
/* Customize toolbar */
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. These will not work in the
I2P browser any way. */
the use of social (= tracking) networks. */
#social-share-button
,
/* Hide the Health Report and its configuration option. It's just a
...
...
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/prefs.js
deleted
100644 → 0
View file @
e8adad89
/* Disable proxy settings. We also set the other settings that
Torbutton requires to be happy, i.e. its icon is green. */
pref
(
"
network.proxy.ftp
"
,
"
127.0.0.1
"
);
pref
(
"
network.proxy.ftp_port
"
,
4444
);
pref
(
"
network.proxy.http
"
,
"
127.0.0.1
"
);
pref
(
"
network.proxy.http_port
"
,
4444
);
pref
(
"
network.proxy.no_proxies_on
"
,
"
127.0.0.1
"
);
pref
(
"
network.proxy.ssl
"
,
"
127.0.0.1
"
);
pref
(
"
network.proxy.ssl_port
"
,
4444
);
// Disable searching from the URL bar
pref
(
"
keyword.enabled
"
,
false
);
// Without setting this, the Download Management page will not update
// the progress being made.
pref
(
"
browser.download.panel.shown
"
,
true
);
// Never add 'www' or '.com' to hostnames in I2P Browser.
pref
(
"
browser.fixup.alternate.enabled
"
,
false
);
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/theme.js
deleted
100644 → 0
View file @
e8adad89
user_pref
(
"
lightweightThemes.isThemeSelected
"
,
true
);
user_pref
(
"
lightweightThemes.usedThemes
"
,
"
[{
\"
id
\"
:
\"
1
\"
,
\"
name
\"
:
\"
I2P Browser
\"
,
\"
headerURL
\"
:
\"
file:///usr/share/pixmaps/red_dot.png
\"
,
\"
footerURL
\"
:
\"
file:///usr/share/pixmaps/red_dot.png
\"
,
\"
textcolor
\"
:
\"
#FFFFFF
\"
,
\"
accentcolor
\"
:
\"
#66ABEB
\"
,
\"
updateDate
\"
:0,
\"
installDate
\"
:0}]
"
);
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/userChrome.css
deleted
100644 → 0
View file @
e8adad89
@namespace
url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul")
;
/* Hide access to the bookmarks to try to prevent "data loss" due to users
* adding bookmarks even though the profile is destroyed at browser close.
* Keyboard shortcuts still work, but this makes it harder to 'accidentally'
* lose bookmarks.
*
* Note that any of the selectors that start with 'app' apply to the menu that
* is used if the main menu is hidden. Any that start with 'wrapper' are
* buttons that are normally visible within the 'customize toolbar' option. The
* others are probably self-explanatory.
*/
/* Remove the History and Bookmarks menus and buttons */
#appmenu_bookmarks
,
#appmenu_history
,
#bookmarks
,
#bookmarks-menu-button
,
#bookmarksMenu
,
#history
,
#history-menu
,
#history-menu-button
,
#wrapper-history-button
,
#wrapper-bookmarks-button
,
/* Hide the sidebar menu (underneath View) since the default sidebars consist
* of history and bookmarks. Also disable the bookmark toolbar.
*/
#toggle_PersonalToolbar
,
#viewSidebarMenuMenu
,
/* Remove the "Star button" and "History Dropdown arrow" from the URL bar
* since neither history nor bookmarks are saved.
*/
#star-button
,
[
anonid
=
"historydropmarker"
],
/* Remove bookmark options from the context menus */
#context-bookmarkframe
,
#context-bookmarklink
,
#context-bookmarkpage
,
/* Hide the option for emailing links since it's doomed to failure
* without a configured email client in the chroot.
*/
menuitem
[
command
=
"Browser:SendLink"
],
/* Hide Print options */
/*
#menu_printSetup,
#menu_printPreview,
#menu_print,
#menu_print + menuseparator,
[command="cmd_print"],
*/
/* Without I2P search engines defined, the search bar is useless.
* Since there are no I2P search engines added to Tails (yet),
* let's hide it and the Update Pane in Firefox's Preferences.
*/
#search-container
,
#updateTab
,
/* Hide options that lead to resources inaccessible over I2P */
#menu_keyboardShortcuts
,
#menu_openTour
,
#appmenu_feedbackPage
,
#appmenu_gettingStarted
,
#appmenu_openHelp
,
#feedbackPage
,
#gettingStarted
,
#menu_HelpPopup_reportPhishingtoolmenu
,
#menu_openHelp
,
/* Hide the TorButton button from the toolbar */
#torbutton-button
,
#wrapper-torbutton-button
/* Do the actual hiding. */
{
display
:
none
!important
}
config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt
View file @
58f005b5
http://torbrowser-archive.tails.boum.org/6.5-build
3
/
http://torbrowser-archive.tails.boum.org/6.5
.1
-build
2
/
config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
View file @
58f005b5
ac3cf4105d116a86dbe36c9e1eea7733d9ef860168063c9e7e48e4c87a228bbb
tor-browser-linux64-6.5_ar.tar.xz
ccdb80c30041af3c31cd7725bc7b0a3ea3bbe12701cfeec6f13df19f77ff233c
tor-browser-linux64-6.5_de.tar.xz
e1b15116000b8967198b24c30c3d9e3c8209c003a0eb7735b6dd6e12261ff535
tor-browser-linux64-6.5_en-US.tar.xz
1877b58dcb8e5903eb5366f994c714d4b87bfe419647a6aa6de09667453f0e67
tor-browser-linux64-6.5_es-ES.tar.xz
3c978a9ed5bae96bc9852eda5902881c2ef95a922976e4cb52503639b7150ada
tor-browser-linux64-6.5_fa.tar.xz
8c938ad4e6b90a63873a528e0e46bfb4d9f361fdeafba9ae3b45fc733eaffd45
tor-browser-linux64-6.5_fr.tar.xz
68a705b336dd4a1d72415105669f49ef2d0c337dd8cba4a74af682114d3a9d1e
tor-browser-linux64-6.5_it.tar.xz
7a634438c386e72b0d36b9c35aae768e288831e8a98220e083ae67073172281d
tor-browser-linux64-6.5_ja.tar.xz
0302e62d6e220122eab3e2316473f2d5d3d6dcfb6b789184b6e2771ce3798659
tor-browser-linux64-6.5_ko.tar.xz
a344ddb4ca2e6dc4c7b1eb1cf364c8ca5b96efcdd6c18f2b7d002a320080a573
tor-browser-linux64-6.5_nl.tar.xz
5558337cbda27c6268d368b6507609021d2adaa4c8b777ba77e058fb584a0f8
0 tor-browser-linux64-6.5_pl.tar.xz
2a96fa2e87c4b454a4d3199cb439dd1137f50a5af48b3193f1047b8f23f43f18
tor-browser-linux64-6.5_pt-BR.tar.xz
5f6bb736c4f9721d038bd924b7b81eaed3a3d1625b39
b8
3
f0
951dcc3d5c7c033
tor-browser-linux64-6.5_ru.tar.xz
1e04d9d357c1037e9946860650c7a9295f0e9afd074651d15382d826497bed6d
tor-browser-linux64-6.5_tr.tar.xz
0c08d94033e7626180e8c5c7664deabf154233f7e4706d7eecc649e083933bc
4 tor-browser-linux64-6.5_vi.tar.xz
602138072e7b474bfd03db4fa5d70dbafb658d5a35e7c0df278523efa6ae3382
tor-browser-linux64-6.5_zh-CN.tar.xz
5fbe4da6013fdff3c6c8b10b01510e0da53d919cc3c3c3cf54db0f22cd927413
tor-browser-linux64-6.5
.1
_ar.tar.xz
01f8cdd180c671077e601f3a48a413e381afdfca8bc3ddf4da0677f3686cd998
tor-browser-linux64-6.5
.1
_de.tar.xz
1158989f43d299bf3f6241c3b087823583a20123e1eef4e4c5507dbfb77a4bdc
tor-browser-linux64-6.5
.1
_en-US.tar.xz
f6b9d29152ef796273ae6b9baf29eea4aa4cbf6325ea215c7e2ef007a0ebb9ff
tor-browser-linux64-6.5
.1
_es-ES.tar.xz
43a4f9804e2c4067ee9eb9e856cc0dfd2670e011bd5144acbd2c5f61660509bf
tor-browser-linux64-6.5
.1
_fa.tar.xz
43d68ef0434281a7c0774f41539a9ba91e93bd55505d849bb5d4e9bbf62f4cb7
tor-browser-linux64-6.5
.1
_fr.tar.xz
e4cfe69d1327fc47214e16ee3f057791b041f0d2f85c8feff1bf8d52e6379189
tor-browser-linux64-6.5
.1
_it.tar.xz
d16fd85919e64f6be58fa557b3a3d89b1faf8b4b7401e41b9f394721d2a333c4
tor-browser-linux64-6.5
.1
_ja.tar.xz
9d92b4fabb23bd3514637b750f6fe45cfa2243d16eb5efea06c7bab574aaa63f
tor-browser-linux64-6.5
.1
_ko.tar.xz
2891f90c30f90254fc25f0695c2d5e84eafc97399397f15880f082765f5bdb74
tor-browser-linux64-6.5
.1
_nl.tar.xz
a98b4e503003fa5e54b382f93db179fbd9d590c455a329e6be9292bafc3a41b
0 tor-browser-linux64-6.5
.1
_pl.tar.xz
a506692a78428fe988d176c577eaa49da3741f37f726054a0aa88972ee93e773
tor-browser-linux64-6.5
.1
_pt-BR.tar.xz
d1fc5f1a7caadea3868917bbbc795cc58a208dc63e2a48614c381
b8f0
ef62c94
tor-browser-linux64-6.5
.1
_ru.tar.xz
4d4b85f694ed0c2eccae78a292a24cdb2dfb358cfb02ec015a21fc9078360859
tor-browser-linux64-6.5
.1
_tr.tar.xz
252e838ac36b9e8e2ef577b5b8d501d2dc4cf11fb3408cebe40588156222c2f
4 tor-browser-linux64-6.5
.1
_vi.tar.xz
1a33c983ddfd68f8f18203ec5445ac0bbce332579fdfd1f672c7c58fd68eacef
tor-browser-linux64-6.5
.1
_zh-CN.tar.xz
config/chroot_local-includes/usr/share/tails/ublock-origin/ublock0.dump
View file @
58f005b5
This diff is collapsed.
Click to expand it.
config/chroot_local-packageslists/tails-common.list
View file @
58f005b5
...
...
@@ -73,6 +73,7 @@ cryptsetup
rsync
bash-completion
cracklib-runtime
dbus-user-session
desktop-base
dmz-cursor-theme
dosfstools
...
...
@@ -149,6 +150,7 @@ live-tools
lvm2
macchanger
mat
mesa-utils
monkeysign
monkeysphere
msva-perl
...
...
@@ -394,10 +396,6 @@ python3-systemd
xclip
xdotool
i2p
# Prevent java 6 from being installed
openjdk-8-jre
# Enable Electrum's Qt GUI & TREZOR support
python-qt4
python-trezor
...
...
config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
View file @
58f005b5
...
...
@@ -29,11 +29,23 @@ torifying Enigmail communication with keyservers can go away:
... which is why I didn't bother investing time into a nicer solution on
Torbirdy's side.
---
chrome/content/
preferences.js | 12 +++++++-----
c
omp
onent
s/torbirdy.js
| 1
2
+
------
-----
chrome/content/
overlay.js | 1 +
c
hrome/c
on
t
ent
/preferences.js
| 1
3
+
+++++++
-----
defaults/preferences/prefs.js | 1 +
3 files changed,
9
insertions(+),
16
deletions(-)
3 files changed,
10
insertions(+),
5
deletions(-)
diff --git a/chrome/content/overlay.js b/chrome/content/overlay.js
index 1f72c9d..f0c0304 100644
--- a/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
+++ b/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
@@ -40,6 +40,7 @@
// Tor.
if (type === 0) {
myPanel.label = strbundle.getString("torbirdy.enabled.tor");
+ org.torbirdy.prefs.setProxyTor();
}
// JonDo/Whonix.
if (type === 1) {
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
index 87f46aa..73ef18f 100644
--- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
...
...
@@ -45,7 +57,7 @@ index 87f46aa..73ef18f 100644
- var proxy = "socks5h://127.0.0.1:9050";
- if (anonService === "jondo") {
- proxy = "http://127.0.0.1:4001";
+ if (! pub.prefs.getBoolPref("extensions.torbirdy.
enigmail.
already_torified")) {
+ if (! pub.prefs.getBoolPref("extensions.torbirdy.
gpg_
already_torified")) {
+ var proxy = "socks5h://127.0.0.1:9050";
+ if (anonService === "jondo") {
+ proxy = "http://127.0.0.1:4001";
...
...
@@ -63,38 +75,23 @@ index 87f46aa..73ef18f 100644
};
pub.updateKeyserver = function(anonService) {
diff --git a/components/torbirdy.js b/components/torbirdy.js
index 01c1c7a..d8b67b3 100644
--- a/usr/share/xul-ext/torbirdy/components/torbirdy.js
+++ b/usr/share/xul-ext/torbirdy/components/torbirdy.js
@@ -263,17 +263,7 @@
var TorBirdyPrefs = {
"extensions.enigmail.addHeaders": false,
// Use GnuPG's default comment for signed messages.
"extensions.enigmail.useDefaultComment": true,
- // We need to pass some more parameters to GPG.
- "extensions.enigmail.agentAdditionalParam":
- // Don't disclose the version
- "--no-emit-version " +
- // Don't add additional comments (may leak language, etc)
- "--no-comments " +
- // We want to force UTF-8 everywhere
- "--display-charset utf-8 " +
- // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
-
+
// The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
"extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
// Force GnuPG to use SHA512.
@@ -201,6 +203,7 @@
if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
pub.setPanelSettings(pub.strBundle.GetStringFromName("torbirdy.enabled.tor"), "green");
pub.prefs.setIntPref(pub.prefBranch + 'proxy', 0);
+ pub.setPreferences("extensions.enigmail.agentAdditionalParam", pub.setEnigmailPrefs("tor"));
};
pub.setProxyJonDo = function() {
diff --git a/defaults/preferences/prefs.js b/defaults/preferences/prefs.js
index 8b43562..
7268b5a
100644
index 8b43562..
ea316d3
100644
--- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
@@ -5,6 +5,7 @@
pref("extensions.torbirdy.warn", true);
pref("extensions.torbirdy.startup_folder", false);
pref("extensions.torbirdy.enigmail.throwkeyid", false);
pref("extensions.torbirdy.enigmail.confirmemail", false);
+pref("extensions.torbirdy.
enigmail.
already_torified", false);
+pref("extensions.torbirdy.
gpg_
already_torified", false);
pref("extensions.torbirdy.timezone", true);
pref("extensions.torbirdy.whonix_run", true);
pref("extensions.torbirdy.info_run", false);
config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff
deleted
100644 → 0
View file @
e8adad89
Tails specific: we are amnesic, no need to save mixer levels on shutdown.
--- chroot.orig/etc/init.d/alsa-utils 2012-09-24 10:05:12.749039812 +0200
+++ chroot/etc/init.d/alsa-utils 2012-09-24 10:47:23.717869294 +0200
@@ -10,1 +10,1 @@
-# Default-Stop: 0 1 6
+# Default-Stop:
config/chroot_local-patches/unmute_alsa_channels.patch
deleted
100644 → 0
View file @
e8adad89
--- chroot.orig/etc/init.d/alsa-utils 2010-10-04 18:14:10.000000000 +0000
+++ chroot/etc/init.d/alsa-utils 2012-03-12 13:49:11.815997232 +0000
@@ -206,4 +206,9 @@
exit 3
;;
esac
+ # On MacBook5,2 models (See Bug#602973)
+ unmute_and_set_level "LFE" "80%"
+
+ # On Intel 82801H (See Bug#603550)
+ unmute_and_set_level "Speaker" "80%"
config/chroot_sources/torproject-obfs4proxy.binary
deleted
120000 → 0
View file @
e8adad89
torproject-obfs4proxy.chroot
\ No newline at end of file
config/chroot_sources/torproject-obfs4proxy.chroot
deleted
100644 → 0
View file @
e8adad89
deb http://deb.torproject.org/torproject.org obfs4proxy main
debian/changelog
View file @
58f005b5
tails
(
3.0
~
beta
2
)
UNRELEASED
;
urgency
=
medium
tails
(
3.0
~
beta
3
)
unstable
;
urgency
=
medium
*
Dummy
entry
for
next
release
.
*
Major
new
features
and
changes
-
Make
the
"Formats"
settings
in
Tails
Greeter
take
effect
(
Closes
:
#
12079
,
new
feature
that
was
broken
since
it
was
introduced
in
3.0
~
alpha1
).
-
Upgrade
to
a
new
snapshot
of
the
Debian
and
Torproject
APT
repositories
(
2017031702
).
*
Removed
features
-
Stop
including
I2P
:
we
decided
(#
11276
)
to
remove
I2P
,
due
to
our
failure
at
finding
someone
to
maintain
it
in
Tails
(
Closes
:
#
12263
).
*
Security
fixes
-
Upgrade
MAT
to
0.6.1
-
4
:
fixes
silent
failure
of
the
Nautilus
contextual
menu
extension
.
-
Ensure
/
etc
/
resolv
.
conf
is
owned
by
root
:
root
in
the
SquashFS
(
Closes
:
#
12343
).
-
Protect
against
CVE
-
2017
-
2636
by
disabling
the
n
-
hdlc
kernel
module
(
Closes
:
#
12315
).
*
Minor
improvements
-
Reintroduce
the
X11
guest
utilities
for
VirtualBox
(
regression
introduced
in
3.0
~
beta2
).
-
Upgrade
X
.
Org
server
and
the
modesetting
driver
(
hopefully
helps
fixing
#
12219
).
-
Automate
the
migration
from
KeePassX
databases
generated
on
Tails
2.
x
to
the
format
required
by
KeePassX
2.0
.
x
(
Closes
:
#
10956
,
#
12369
).
-
Add
keyboard
shortcuts
in
Tails
Greeter
(
Closes
:
#
12186
,
#
12063
).
-
Install
dbus
-
user
-
session
(
regression
introduced
in
3.0
~
beta2
).
-
Manage
temporary
directories
in
a
declarative
way
(
tmpfiles
.
d
).
-
Replace
references
to
the
/
var
/
run
compatibility
symlink
with
the
canonical
/
run
.
-
Update
our
Torbirdy
patchset
to
the
latest
one
sent
upstream
.
-
Install
mesa
-
utils
,
so
that
Qt
5
can
detect
whether
software
based
rendering
is
needed
.
-
Have
Tails
Greeter
honor
the
"debug"
kernel
command
-
line
option
,
for
easier
debugging
(
Closes
:
#
12373
).
-
Refactor
Tails
Greeter
to
reduce
code
duplication
(
Closes
:
#
12247
).
*
Bugfixes
-
Fix
sizing
of
zenity
dialogs
(
Closes
:
#
12313
,
regression
introduced
in
3.0
~
alpha1
).
-
Fix
confusing
,
spurious
error
messages
in
command
-
line
applications
wrapped
with
torsocks
:
·
Ship
a
/
etc
/
mailname
file
with
content
"localhost"
.
Otherwise
something
(
Git
?
libc6
?)
tries
to
resolve
the
"amnesia"
host
name
,
which
fails
,
and
a
confusing
error
message
is
displayed
(
Closes
:
#
12205
,
regression
introduced
in
3.0
~
alpha1
).
·
Have
torsocks
allow
UDP
connections
to
the
loopback
interface
,
with
AllowOutboundLocalhost
2
(
Closes
:
#
11736
).
*
Test
suite
-
Improve
debugging
info
logging
for
PacketFu
parsing
issues
,
and
implement
a
plausible
fix
(
refs
:
#
11508
).
-
Try
to
make
"double-click on desktop launcher"
more
reliable
.
-
Fix
selection
of
ISO
in
Tails
Installer
.
-
Re
-
enable
the
GnuPG
tests
that
require
a
keyserver
,
pointing
them
to
an
Onion
service
we
run
on
Chutney
,
that
redirects
all
TCP
traffic
to
a
real
,
clearnet
keyserver
(
Closes
:
#
12211
).
-
Implement
a
workaround
for
checking
the
configured
keyserver
in
GnuPG
,
until
a
better
fix
is
implemented
(
refs
:
#
12371
).
-
Fix
the
"Report an Error launcher"
scenario
in
German
.
*
Build
system
-
Retry
curl
and
APT
operations
up
to
20
times
to
make
the
ISO
build
more
robust
wrt
.
unreliable
Internet
connectivity
.
Thanks
to
Arnaud
<
arnaud
@
preev
.
io
>
for
the
patch
!
-
Install
ikiwiki
from
jessie
-
backports
,
instead
of
our
patched
one
(
Closes
:
#
12051
).
-
Clean
up
libdvd
-
pkg
build
files
,
again
(
Closes
:
#
11273
).
-
Rakefile
:
fix
TAILS_OFFLINE_BUILD
exported
variable
name
.
-
Adjust
apt
-
mirror
to
support
branches
based
on
feature
/
stretch
that
don
't use frozen APT snapshots.
-- Tails developers <tails@boum.org> Sun, 19 Mar 2017 15:10:28 +0100
tails (3.0~beta2) unstable; urgency=medium
* All changes brought by Tails 2.11, except:
- the test suite changes, that are not all compatible with this branch;
- the "Tails 3.0 will require a 64-bit processor" notification:
this advance warning is not useful on a release series
that'
s
64
-
bit
only
.
*
Major
new
features
and
changes
-
Upgrade
to
a
new
snapshot
of
the
Debian
APT
repositories
(
2017030802
),
and
of
the
Torproject
ones
(
2017030801
).
-
Upgrade
Linux
to
4.9.0
-
2
(
version
4.9.13
-
1
).
*
Minor
improvements
-
Improve
GNOME
Shell
Window
List
styling
.
(
Closes
:
#
12233
)
*
Bugfixes
-
Make
it
possible
to
start
graphical
applications
in
the
Root
Terminal
.
(
part
of
#
12000
)
*
Test
suite
-
Improve
robustness
when
dealing
with
notifications
.
(
Closes
:
#
11464
)
-
Bump
timeout
when
waiting
for
'Tor is ready'
notification
.
-
Fix
the
incremental
upgrade
test
.
-
Drop
a
few
obsolete
test
cases
,
update
a
number
of
images
.
-
Adapt
firewall
leak
test
to
new
DHCP
source
IP
address
.
-
Adjust
Seahorse
and
Enigmail
tests
to
the
keyserver
that
is
now
used
.
--
Tails
developers
<
tails
@
boum
.
org
>
Wed
,
08
Mar
2017
16
:
29
:
44
+
0000
tails
(
2.11
)
unstable
;
urgency
=
medium
*
Security
fixes
-
Upgrade
Tor
Browser
to
6.5.1
based
on
Firefox
45.8
.
(
Closes
:
#
12283
)
-
Fix
CVE
-
2017
-
6074
(
local
root
privilege
escalation
)
by
disabling
the
'dccp'
module
.
(
Closes
:
#
12280
)
-
Disable
kernel
modules
for
some
uncommon
network
protocol
.
These
are
the
ones
recommended
by
CIS
.
(
Part
of
:
#
6457
)
-
Disable
modules
we
blacklist
for
security
reasons
.
Blacklisted
(
via
`
blacklist
MODULENAME
`)
modules
are
only
blocked
from
being
loaded
during
the
boot
process
,
but
are
still
loadable
with
an
explicit
`
modprobe
MODULENAME
`,
and
(
worse
!) via kernel module
auto
-
loading
.
-
Upgrade
linux
-
image
-
4.8.0
-
0.
bpo
.2
-
686
-
unsigned
to
4.8.15
-
2
~
bpo8
+
2.
-
Upgrade
bind9
to
1
:
9.9.5
.
dfsg
-
9
+
deb8u10
.
-
Upgrade
imagemagick
to
8
:
6.8.9.9
-
5
+
deb8u7
.
-
Upgrade
libevent
-
2.0
-
5
to
2.0.21
-
stable
-
2
+
deb8u1
.
-
Upgrade
libgd3
to
2.1.0
-
5
+
deb8u9
.
-
Upgrade
libjasper1
to
1.900.1
-
debian1
-
2.4
+
deb8u2
.
-
Upgrade
liblcms2
-
2
to
2.6
-
3
+
deb8u1
.
-
Upgrade
libxpm4
to
1
:
3.5.12
-
0
+
deb8u1
.
-
Upgrade
login
to
1
:
4.2
-
3
+
deb8u3
.
-
Upgrade
ntfs
-
3
g
to
1
:
2014.2.15
AR
.2
-
1
+
deb8u3
.
-
Upgrade
openjdk
-
7
-
jre
to
7u121
-
2.6.8
-
2
~
deb8u1
.
-
Upgrade
openssl
to
1.0.1
t
-
1
+
deb8u6
.
-
Upgrade
tcpdump
to
4.9.0
-
1
~
deb8u1
.
-
Upgrade
vim
to
2
:
7.4.488
-
7
+
deb8u2
.
-
Upgrade
libreoffice
to
1
:
4.3.3
-
2
+
deb8u6
.
*
Minor
improvements
-
import
-
translations
:
also
import
PO
files
for
French
from
Transifex
.
The
translation
team
for
French
switched
to
Transifex
even
for
our
custom
programs
:
https
://
mailman
.
boum
.
org
/
pipermail
/
tails
-
l10n
/
2016
-
November
/
004312.
html
-
Notify
the
user
,
if
running
on
a
32
-
bit
processor
,
that
it
won
't
be supported in Tails 3.0 anymore. (Closes: #12193)
- Notify I2P users that I2P will be removed in Tails
2.12. (Closes: #12271)
* Bugfixes
- Disable -proposed-updates at boot time. If a Debian point
release happens right after a freeze but we have decided to
enable it before the freeze to get (at least most of) it, then
we get in the situation where -proposed-updates is enabled in
the final release, which we don'
t
want
.
We
only
want
it
enabled
at
build
time
.
(
Closes
:
#
12169
)
-
Ferm
:
Use
the
variable
when
referring
to
the
Live
user
.
The
firewall
will
fail
to
start
during
early
boot
otherwise
since
the
"amnesia"
user
hasn
't been created yet. (Closes: #12208)
- Tor Browser: Don'
t
show
offline
warning
when
opening
local
documentation
.
(
Closes
:
#
12269
)
-
tails
-
virt
-
notify
-
user
:
use
the
tails
-
documentation
helper
to
improve
UX
when
one
is
not
connected
to
Tor
yet
,
and
display
localized
doc
when
available
.
-
Fix
rare
issue
causing
automatic
upgrades
to
not
apply
properly
(
Closes
:
#
8449
,
and
hopefully
#
11839
as
well
):
*
Allow
the
tails
-
install
-
iuk
user
to
run
"/usr/bin/nocache
/bin/cp *"
as
root
.
*
Install
tails
-
iuk
2.8
,
which
will
use
nocache
for
various
file
operations
,
and
sync
writes
to
the
installation
medium
.
-
Install
Linux
4.8.15
to
prevent
GNOME
from
freezing
with
Intel
GM965
/
GL960
Integrated
Graphics
.
(
Closes
:
#
12217
,
but
fixes
tons
of
other
small
bugs
)
*
Build
system
-
Add
'offline'
option
,
making
it
possible
to
build
Tails
offline
(
if
all
needed
resources
are
present
in
your
cache
).
(
Closes
:
#
12272
)
--
intrigeri
<
tails
@
boum
.
org
>
Thu
,
02
Feb
2017
15
:
13
:
50
+
0000
*
Test
suite
-
Encapsulate
exec_helper
's class to not "pollute" the global
namespace with all our helpers. This is an example of how we can
work towards #9030.
- Extend remote shell with *safe* file operations. Now we can
read/write/append *any* characters without worrying that it will
do crazy things by being passed through the shell, as was the
case before. This commit also:
* adds some better reporting of errors happening on the server
side by communicating back the exception thrown.
* removes the `user` parameter from the VM.file_* methods. They
were not used, any way, and simply do not feel like they
fit. I think the only reason we had it initially was because
it was implemented via the command interface, where a user
concept makes a lot of sense.
- debug_log() Dogtail script content on failure.
- Add a very precise timestamp to each debug_log().
- Make robust_notification_wait() ensure the applet is closed. In
robust_notification_wait() when we close the notification
applet, other windows may change position, creating a racy
situation for any immediately following action aimed at one such
window. (Closes: #10381)
- Fix I2P'
s
Pidgin
test
.
The
initial
conversation
(
that
determines
the
title
of
the
conversation
window
)
is
now
made
by
a
different
IRC
service
than
before
.
-
Use
lossless
compression
for
the
VNC
viewer
with
--
view
.
Otherwise
the
VNC
viewer
is
not
a
good
place
to
extract
test
suite
images
from
,
at
least
with
xtigervncviewer
.
-
Add
optional
pause
()
notification
feature
to
the
test
suite
.
It
will
run
a
user
-
configurable
arbitrary
shell
command
when
pause
()
is
called
,
e
.
g
.
on
failure
when
--
interactive
-
debugging
is
used
.
This
is
pretty
useful
when
multitasking
with
long
test
suite
runs
,
so
you
immediately
are
notified
when
a
test
fails
(
or
when
you
reached
a
temporary
pause
()
breakpoint
).
(
Closes
:
#
12175
)
-
Add
the
possibility
to
run
Python
code
in
a
persistent
session
in
the
remote
shell
and
use
this
for
Dogtail
to
significantly
improve
its
performance
by
saving
state
and
reusing
it
between
commands
.
This
changes
the
semantics
of
the
creation
of
Dogtail
objects
.
Previously
they
just
created
the
code
that
then
would
be
run
once
an
actionable
method
was
called
(.
wait
,
.
click
etc
),
but
now
it
works
like
in
Python
,
that
Dogtail
will
try
to
find
the
graphical
element
upon
object
creation
.
(
Closes
:
#
12059
)
-
Test
that
we
don
't ship any -proposed-updates APT sources.
(Closes: #12169)
- Make force_new_tor_circuit() respect NEWNYM rate limiting.
- Add retry magic for lost click when opening Tails'
documentation
from
the
desktop
launcher
.
(
Closes
:
#
12131
)
--
Tails
developers
<
tails
@
boum
.
org
>
Mon
,
06
Mar
2017
17
:
14
:
52
+
0100
tails
(
3.0
~
beta1
)
experimental
;
urgency
=
medium
...
...
features/apt.feature
View file @
58f005b5
...
...
@@ -8,6 +8,7 @@ Feature: Installing packages through APT
Scenario
:
APT sources are configured correctly
Given
I have started Tails from DVD without network and logged in
Then
the only hosts in APT sources are
"vwakviie2ienjx6t.onion,sgvtcaew4bxjd7ln.onion,jenw7xbd6tf7vfhp.onion,sdscoq7snqtznauu.onion"
And
no proposed-updates APT suite is enabled
@check_tor_leaks
Scenario
:
Install packages using apt
...
...
features/chutney/test-network
View file @
58f005b5
...
...
@@ -45,12 +45,19 @@ BridgeObfs4 = Node(
torrc="bridge-obfs4.tmpl"
)
OnionService = Node(
tag="hs",
hs=1,
torrc="hs.tmpl"
)
NODES = Authority.getN(4) + \