Skip to content
GitLab
Commit 58f005b5 authored by segfault's avatar segfault
Browse files

Merge commit '70091e58' (Tails 3.0~beta3 release) into feature/5688-tails-server

parents e8adad89 70091e58
Expand all Hide whitespace changes
Inline Side-by-side
config/chroot_local-includes/usr/share/applications/i2p-browser.desktop.in deleted 100644 → 0
View file @ e8adad89
[Desktop Entry]
Categories=Network;
_Comment=Anonymous overlay network browser
Exec=sudo /usr/local/sbin/i2p-browser
Icon=/usr/share/i2p/eepsite/docroot/favicon.ico
_Name=I2P Browser
_GenericName=Anonymous overlay network browser
Terminal=false
Type=Application
config/chroot_local-includes/usr/share/tails/chroot-browsers/common/prefs.js
View file @ 58f005b5
......@@ -5,7 +5,7 @@ pref("extensions.update.enabled", false);
// Disable fetching of the new tab page's Tiles links/ads. Ads are
// generally unwanted, and also the fetching is a "phone home" type of
// feature that generates traffic at least the first time the browser
// is started. It won't work in e.g. the I2P Browser, too.
// is started.
pref("browser.newtabpage.directory.source", "");
pref("browser.newtabpage.directory.ping", "");
// ... and disable the explanation shown the first time
......
config/chroot_local-includes/usr/share/tails/chroot-browsers/common/userChrome.css
View file @ 58f005b5
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide Firefox Sync options. It will not work with the I2P Browser
and will only promote unsupported use cases for the Unsafe Browser. */
/* Hide Firefox Sync options. It will only promote unsupported use
cases for the Unsafe Browser. */
#BrowserPreferences radio[pane="paneSync"],
#sync-button,
#sync-menu-button,
......@@ -15,16 +15,14 @@
Tools -> Add-ons link to the Add-ons manager. We do not want to
encourage installing such things as it's not part of the supported
use-cases and may have privacy issues. Also they will not persist a
restart, which is just confusing. In the I2P Browser, many of these
features will not work any way. */
restart, which is just confusing. */
#menu_openApps,
#menu_openAddons, /* traditional menu */
#add-ons-button, /* new style Firefox menu */
#wrapper-add-ons-button, /* Customize toolbar */
/* Hide the "Share this page" button in the Tool bar, which encourages
the use of social (= tracking) networks. These will not work in the
I2P browser any way. */
the use of social (= tracking) networks. */
#social-share-button,
/* Hide the Health Report and its configuration option. It's just a
......
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/prefs.js deleted 100644 → 0
View file @ e8adad89
/* Disable proxy settings. We also set the other settings that
Torbutton requires to be happy, i.e. its icon is green. */
pref("network.proxy.ftp", "127.0.0.1");
pref("network.proxy.ftp_port", 4444);
pref("network.proxy.http", "127.0.0.1");
pref("network.proxy.http_port", 4444);
pref("network.proxy.no_proxies_on", "127.0.0.1");
pref("network.proxy.ssl", "127.0.0.1");
pref("network.proxy.ssl_port", 4444);
// Disable searching from the URL bar
pref("keyword.enabled", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
// Never add 'www' or '.com' to hostnames in I2P Browser.
pref("browser.fixup.alternate.enabled", false);
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/theme.js deleted 100644 → 0
View file @ e8adad89
user_pref("lightweightThemes.isThemeSelected", true);
user_pref("lightweightThemes.usedThemes", "[{\"id\":\"1\",\"name\":\"I2P Browser\",\"headerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"footerURL\":\"file:///usr/share/pixmaps/red_dot.png\",\"textcolor\":\"#FFFFFF\",\"accentcolor\":\"#66ABEB\",\"updateDate\":0,\"installDate\":0}]");
config/chroot_local-includes/usr/share/tails/chroot-browsers/i2p-browser/userChrome.css deleted 100644 → 0
View file @ e8adad89
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
/* Hide access to the bookmarks to try to prevent "data loss" due to users
* adding bookmarks even though the profile is destroyed at browser close.
* Keyboard shortcuts still work, but this makes it harder to 'accidentally'
* lose bookmarks.
*
* Note that any of the selectors that start with 'app' apply to the menu that
* is used if the main menu is hidden. Any that start with 'wrapper' are
* buttons that are normally visible within the 'customize toolbar' option. The
* others are probably self-explanatory.
*/
/* Remove the History and Bookmarks menus and buttons */
#appmenu_bookmarks,
#appmenu_history,
#bookmarks,
#bookmarks-menu-button,
#bookmarksMenu,
#history,
#history-menu,
#history-menu-button,
#wrapper-history-button,
#wrapper-bookmarks-button,
/* Hide the sidebar menu (underneath View) since the default sidebars consist
* of history and bookmarks. Also disable the bookmark toolbar.
*/
#toggle_PersonalToolbar,
#viewSidebarMenuMenu,
/* Remove the "Star button" and "History Dropdown arrow" from the URL bar
* since neither history nor bookmarks are saved.
*/
#star-button,
[anonid="historydropmarker"],
/* Remove bookmark options from the context menus */
#context-bookmarkframe,
#context-bookmarklink,
#context-bookmarkpage,
/* Hide the option for emailing links since it's doomed to failure
* without a configured email client in the chroot.
*/
menuitem[command="Browser:SendLink"],
/* Hide Print options */
/*
#menu_printSetup,
#menu_printPreview,
#menu_print,
#menu_print + menuseparator,
[command="cmd_print"],
*/
/* Without I2P search engines defined, the search bar is useless.
* Since there are no I2P search engines added to Tails (yet),
* let's hide it and the Update Pane in Firefox's Preferences.
*/
#search-container,
#updateTab,
/* Hide options that lead to resources inaccessible over I2P */
#menu_keyboardShortcuts,
#menu_openTour,
#appmenu_feedbackPage,
#appmenu_gettingStarted,
#appmenu_openHelp,
#feedbackPage,
#gettingStarted,
#menu_HelpPopup_reportPhishingtoolmenu,
#menu_openHelp,
/* Hide the TorButton button from the toolbar */
#torbutton-button,
#wrapper-torbutton-button
/* Do the actual hiding. */
{display: none !important}
config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt
View file @ 58f005b5
http://torbrowser-archive.tails.boum.org/6.5-build3/
http://torbrowser-archive.tails.boum.org/6.5.1-build2/
config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt
View file @ 58f005b5
ac3cf4105d116a86dbe36c9e1eea7733d9ef860168063c9e7e48e4c87a228bbb tor-browser-linux64-6.5_ar.tar.xz
ccdb80c30041af3c31cd7725bc7b0a3ea3bbe12701cfeec6f13df19f77ff233c tor-browser-linux64-6.5_de.tar.xz
e1b15116000b8967198b24c30c3d9e3c8209c003a0eb7735b6dd6e12261ff535 tor-browser-linux64-6.5_en-US.tar.xz
1877b58dcb8e5903eb5366f994c714d4b87bfe419647a6aa6de09667453f0e67 tor-browser-linux64-6.5_es-ES.tar.xz
3c978a9ed5bae96bc9852eda5902881c2ef95a922976e4cb52503639b7150ada tor-browser-linux64-6.5_fa.tar.xz
8c938ad4e6b90a63873a528e0e46bfb4d9f361fdeafba9ae3b45fc733eaffd45 tor-browser-linux64-6.5_fr.tar.xz
68a705b336dd4a1d72415105669f49ef2d0c337dd8cba4a74af682114d3a9d1e tor-browser-linux64-6.5_it.tar.xz
7a634438c386e72b0d36b9c35aae768e288831e8a98220e083ae67073172281d tor-browser-linux64-6.5_ja.tar.xz
0302e62d6e220122eab3e2316473f2d5d3d6dcfb6b789184b6e2771ce3798659 tor-browser-linux64-6.5_ko.tar.xz
a344ddb4ca2e6dc4c7b1eb1cf364c8ca5b96efcdd6c18f2b7d002a320080a573 tor-browser-linux64-6.5_nl.tar.xz
5558337cbda27c6268d368b6507609021d2adaa4c8b777ba77e058fb584a0f80 tor-browser-linux64-6.5_pl.tar.xz
2a96fa2e87c4b454a4d3199cb439dd1137f50a5af48b3193f1047b8f23f43f18 tor-browser-linux64-6.5_pt-BR.tar.xz
5f6bb736c4f9721d038bd924b7b81eaed3a3d1625b39b83f0951dcc3d5c7c033 tor-browser-linux64-6.5_ru.tar.xz
1e04d9d357c1037e9946860650c7a9295f0e9afd074651d15382d826497bed6d tor-browser-linux64-6.5_tr.tar.xz
0c08d94033e7626180e8c5c7664deabf154233f7e4706d7eecc649e083933bc4 tor-browser-linux64-6.5_vi.tar.xz
602138072e7b474bfd03db4fa5d70dbafb658d5a35e7c0df278523efa6ae3382 tor-browser-linux64-6.5_zh-CN.tar.xz
5fbe4da6013fdff3c6c8b10b01510e0da53d919cc3c3c3cf54db0f22cd927413 tor-browser-linux64-6.5.1_ar.tar.xz
01f8cdd180c671077e601f3a48a413e381afdfca8bc3ddf4da0677f3686cd998 tor-browser-linux64-6.5.1_de.tar.xz
1158989f43d299bf3f6241c3b087823583a20123e1eef4e4c5507dbfb77a4bdc tor-browser-linux64-6.5.1_en-US.tar.xz
f6b9d29152ef796273ae6b9baf29eea4aa4cbf6325ea215c7e2ef007a0ebb9ff tor-browser-linux64-6.5.1_es-ES.tar.xz
43a4f9804e2c4067ee9eb9e856cc0dfd2670e011bd5144acbd2c5f61660509bf tor-browser-linux64-6.5.1_fa.tar.xz
43d68ef0434281a7c0774f41539a9ba91e93bd55505d849bb5d4e9bbf62f4cb7 tor-browser-linux64-6.5.1_fr.tar.xz
e4cfe69d1327fc47214e16ee3f057791b041f0d2f85c8feff1bf8d52e6379189 tor-browser-linux64-6.5.1_it.tar.xz
d16fd85919e64f6be58fa557b3a3d89b1faf8b4b7401e41b9f394721d2a333c4 tor-browser-linux64-6.5.1_ja.tar.xz
9d92b4fabb23bd3514637b750f6fe45cfa2243d16eb5efea06c7bab574aaa63f tor-browser-linux64-6.5.1_ko.tar.xz
2891f90c30f90254fc25f0695c2d5e84eafc97399397f15880f082765f5bdb74 tor-browser-linux64-6.5.1_nl.tar.xz
a98b4e503003fa5e54b382f93db179fbd9d590c455a329e6be9292bafc3a41b0 tor-browser-linux64-6.5.1_pl.tar.xz
a506692a78428fe988d176c577eaa49da3741f37f726054a0aa88972ee93e773 tor-browser-linux64-6.5.1_pt-BR.tar.xz
d1fc5f1a7caadea3868917bbbc795cc58a208dc63e2a48614c381b8f0ef62c94 tor-browser-linux64-6.5.1_ru.tar.xz
4d4b85f694ed0c2eccae78a292a24cdb2dfb358cfb02ec015a21fc9078360859 tor-browser-linux64-6.5.1_tr.tar.xz
252e838ac36b9e8e2ef577b5b8d501d2dc4cf11fb3408cebe40588156222c2f4 tor-browser-linux64-6.5.1_vi.tar.xz
1a33c983ddfd68f8f18203ec5445ac0bbce332579fdfd1f672c7c58fd68eacef tor-browser-linux64-6.5.1_zh-CN.tar.xz
config/chroot_local-packageslists/tails-common.list
View file @ 58f005b5
......@@ -73,6 +73,7 @@ cryptsetup
rsync
bash-completion
cracklib-runtime
dbus-user-session
desktop-base
dmz-cursor-theme
dosfstools
......@@ -149,6 +150,7 @@ live-tools
lvm2
macchanger
mat
mesa-utils
monkeysign
monkeysphere
msva-perl
......@@ -394,10 +396,6 @@ python3-systemd
xclip
xdotool
i2p
# Prevent java 6 from being installed
openjdk-8-jre
# Enable Electrum's Qt GUI & TREZOR support
python-qt4
python-trezor
......
config/chroot_local-patches/0002-Allow-specifying-that-Enigmail-keyserver-communicati.patch
View file @ 58f005b5
......@@ -29,11 +29,23 @@ torifying Enigmail communication with keyservers can go away:
... which is why I didn't bother investing time into a nicer solution on
Torbirdy's side.
---
chrome/content/preferences.js | 12 +++++++-----
components/torbirdy.js | 12 +-----------
chrome/content/overlay.js | 1 +
chrome/content/preferences.js | 13 ++++++++-----
defaults/preferences/prefs.js | 1 +
3 files changed, 9 insertions(+), 16 deletions(-)
3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/chrome/content/overlay.js b/chrome/content/overlay.js
index 1f72c9d..f0c0304 100644
--- a/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
+++ b/usr/share/xul-ext/torbirdy/chrome/content/overlay.js
@@ -40,6 +40,7 @@
// Tor.
if (type === 0) {
myPanel.label = strbundle.getString("torbirdy.enabled.tor");
+ org.torbirdy.prefs.setProxyTor();
}
// JonDo/Whonix.
if (type === 1) {
diff --git a/chrome/content/preferences.js b/chrome/content/preferences.js
index 87f46aa..73ef18f 100644
--- a/usr/share/xul-ext/torbirdy/chrome/content/preferences.js
......@@ -45,7 +57,7 @@ index 87f46aa..73ef18f 100644
- var proxy = "socks5h://127.0.0.1:9050";
- if (anonService === "jondo") {
- proxy = "http://127.0.0.1:4001";
+ if (! pub.prefs.getBoolPref("extensions.torbirdy.enigmail.already_torified")) {
+ if (! pub.prefs.getBoolPref("extensions.torbirdy.gpg_already_torified")) {
+ var proxy = "socks5h://127.0.0.1:9050";
+ if (anonService === "jondo") {
+ proxy = "http://127.0.0.1:4001";
......@@ -63,38 +75,23 @@ index 87f46aa..73ef18f 100644
};
pub.updateKeyserver = function(anonService) {
diff --git a/components/torbirdy.js b/components/torbirdy.js
index 01c1c7a..d8b67b3 100644
--- a/usr/share/xul-ext/torbirdy/components/torbirdy.js
+++ b/usr/share/xul-ext/torbirdy/components/torbirdy.js
@@ -263,17 +263,7 @@ var TorBirdyPrefs = {
"extensions.enigmail.addHeaders": false,
// Use GnuPG's default comment for signed messages.
"extensions.enigmail.useDefaultComment": true,
- // We need to pass some more parameters to GPG.
- "extensions.enigmail.agentAdditionalParam":
- // Don't disclose the version
- "--no-emit-version " +
- // Don't add additional comments (may leak language, etc)
- "--no-comments " +
- // We want to force UTF-8 everywhere
- "--display-charset utf-8 " +
- // We want to ensure that Enigmail is proxy aware even when it runs gpg in a shell
- "--keyserver-options http-proxy=socks5h://127.0.0.1:9050 ",
-
+
// The default key server should be a hidden service; use the Tor OnionBalance hidden service pool (https://sks-keyservers.net/overview-of-pools.php#pool_tor)
"extensions.enigmail.keyserver": "hkp://jirk5u4osbsr34t5.onion",
// Force GnuPG to use SHA512.
@@ -201,6 +203,7 @@ if (!org.torbirdy.prefs) org.torbirdy.prefs = new function() {
pub.setPanelSettings(pub.strBundle.GetStringFromName("torbirdy.enabled.tor"), "green");
pub.prefs.setIntPref(pub.prefBranch + 'proxy', 0);
+ pub.setPreferences("extensions.enigmail.agentAdditionalParam", pub.setEnigmailPrefs("tor"));
};
pub.setProxyJonDo = function() {
diff --git a/defaults/preferences/prefs.js b/defaults/preferences/prefs.js
index 8b43562..7268b5a 100644
index 8b43562..ea316d3 100644
--- a/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
+++ b/usr/share/xul-ext/torbirdy/defaults/preferences/prefs.js
@@ -5,6 +5,7 @@ pref("extensions.torbirdy.warn", true);
pref("extensions.torbirdy.startup_folder", false);
pref("extensions.torbirdy.enigmail.throwkeyid", false);
pref("extensions.torbirdy.enigmail.confirmemail", false);
+pref("extensions.torbirdy.enigmail.already_torified", false);
+pref("extensions.torbirdy.gpg_already_torified", false);
pref("extensions.torbirdy.timezone", true);
pref("extensions.torbirdy.whonix_run", true);
pref("extensions.torbirdy.info_run", false);
config/chroot_local-patches/do_not_save_mixer_levels_on_shutdown.diff deleted 100644 → 0
View file @ e8adad89
Tails specific: we are amnesic, no need to save mixer levels on shutdown.
--- chroot.orig/etc/init.d/alsa-utils 2012-09-24 10:05:12.749039812 +0200
+++ chroot/etc/init.d/alsa-utils 2012-09-24 10:47:23.717869294 +0200
@@ -10,1 +10,1 @@
-# Default-Stop: 0 1 6
+# Default-Stop:
config/chroot_local-patches/unmute_alsa_channels.patch deleted 100644 → 0
View file @ e8adad89
--- chroot.orig/etc/init.d/alsa-utils 2010-10-04 18:14:10.000000000 +0000
+++ chroot/etc/init.d/alsa-utils 2012-03-12 13:49:11.815997232 +0000
@@ -206,4 +206,9 @@
exit 3
;;
esac
+ # On MacBook5,2 models (See Bug#602973)
+ unmute_and_set_level "LFE" "80%"
+
+ # On Intel 82801H (See Bug#603550)
+ unmute_and_set_level "Speaker" "80%"
config/chroot_sources/torproject-obfs4proxy.binary deleted 120000 → 0
View file @ e8adad89
torproject-obfs4proxy.chroot
\ No newline at end of file
config/chroot_sources/torproject-obfs4proxy.chroot deleted 100644 → 0
View file @ e8adad89
deb http://deb.torproject.org/torproject.org obfs4proxy main
debian/changelog
View file @ 58f005b5
tails (3.0~beta2) UNRELEASED; urgency=medium
tails (3.0~beta3) unstable; urgency=medium
* Dummy entry for next release.
* Major new features and changes
- Make the "Formats" settings in Tails Greeter take effect (Closes: #12079,
new feature that was broken since it was introduced in 3.0~alpha1).
- Upgrade to a new snapshot of the Debian and Torproject
APT repositories (2017031702).
* Removed features
- Stop including I2P: we decided (#11276) to remove I2P, due to our failure
at finding someone to maintain it in Tails (Closes: #12263).
* Security fixes
- Upgrade MAT to 0.6.1-4: fixes silent failure of the Nautilus
contextual menu extension.
- Ensure /etc/resolv.conf is owned by root:root in the SquashFS
(Closes: #12343).
- Protect against CVE-2017-2636 by disabling the n-hdlc kernel module
(Closes: #12315).
* Minor improvements
- Reintroduce the X11 guest utilities for VirtualBox (regression
introduced in 3.0~beta2).
- Upgrade X.Org server and the modesetting driver (hopefully helps
fixing #12219).
- Automate the migration from KeePassX databases generated on Tails 2.x
to the format required by KeePassX 2.0.x (Closes: #10956, #12369).
- Add keyboard shortcuts in Tails Greeter (Closes: #12186, #12063).
- Install dbus-user-session (regression introduced in 3.0~beta2).
- Manage temporary directories in a declarative way (tmpfiles.d).
- Replace references to the /var/run compatibility symlink
with the canonical /run.
- Update our Torbirdy patchset to the latest one sent upstream.
- Install mesa-utils, so that Qt 5 can detect whether software based
rendering is needed.
- Have Tails Greeter honor the "debug" kernel command-line option,
for easier debugging (Closes: #12373).
- Refactor Tails Greeter to reduce code duplication (Closes: #12247).
* Bugfixes
- Fix sizing of zenity dialogs (Closes: #12313, regression introduced
in 3.0~alpha1).
- Fix confusing, spurious error messages in command-line applications
wrapped with torsocks:
· Ship a /etc/mailname file with content "localhost".
Otherwise something (Git? libc6?) tries to resolve the "amnesia" host
name, which fails, and a confusing error message is displayed
(Closes: #12205, regression introduced in 3.0~alpha1).
· Have torsocks allow UDP connections to the loopback interface,
with AllowOutboundLocalhost 2 (Closes: #11736).
* Test suite
- Improve debugging info logging for PacketFu parsing issues,
and implement a plausible fix (refs: #11508).
- Try to make "double-click on desktop launcher" more reliable.
- Fix selection of ISO in Tails Installer.
- Re-enable the GnuPG tests that require a keyserver, pointing them
to an Onion service we run on Chutney, that redirects all TCP traffic
to a real, clearnet keyserver (Closes: #12211).
- Implement a workaround for checking the configured keyserver in GnuPG,
until a better fix is implemented (refs: #12371).
- Fix the "Report an Error launcher" scenario in German.
* Build system
- Retry curl and APT operations up to 20 times to make the ISO build
more robust wrt. unreliable Internet connectivity.
Thanks to Arnaud <arnaud@preev.io> for the patch!
- Install ikiwiki from jessie-backports, instead of our patched one
(Closes: #12051).
- Clean up libdvd-pkg build files, again (Closes: #11273).
- Rakefile: fix TAILS_OFFLINE_BUILD exported variable name.
- Adjust apt-mirror to support branches based on feature/stretch
that don't use frozen APT snapshots.
-- Tails developers <tails@boum.org> Sun, 19 Mar 2017 15:10:28 +0100
tails (3.0~beta2) unstable; urgency=medium
* All changes brought by Tails 2.11, except:
- the test suite changes, that are not all compatible with this branch;
- the "Tails 3.0 will require a 64-bit processor" notification:
this advance warning is not useful on a release series
that's 64-bit only.
* Major new features and changes
- Upgrade to a new snapshot of the Debian APT repositories (2017030802),
and of the Torproject ones (2017030801).
- Upgrade Linux to 4.9.0-2 (version 4.9.13-1).
* Minor improvements
- Improve GNOME Shell Window List styling. (Closes: #12233)
* Bugfixes
- Make it possible to start graphical applications in the Root Terminal.
(part of #12000)
* Test suite
- Improve robustness when dealing with notifications. (Closes: #11464)
- Bump timeout when waiting for 'Tor is ready' notification.
- Fix the incremental upgrade test.
- Drop a few obsolete test cases, update a number of images.
- Adapt firewall leak test to new DHCP source IP address.
- Adjust Seahorse and Enigmail tests to the keyserver that is now used.
-- Tails developers <tails@boum.org> Wed, 08 Mar 2017 16:29:44 +0000
tails (2.11) unstable; urgency=medium
* Security fixes
- Upgrade Tor Browser to 6.5.1 based on Firefox 45.8. (Closes:
#12283)
- Fix CVE-2017-6074 (local root privilege escalation) by disabling
the 'dccp' module. (Closes: #12280)
- Disable kernel modules for some uncommon network protocol. These
are the ones recommended by CIS. (Part of: #6457)
- Disable modules we blacklist for security reasons. Blacklisted
(via `blacklist MODULENAME`) modules are only blocked from being
loaded during the boot process, but are still loadable with an
explicit `modprobe MODULENAME`, and (worse!) via kernel module
auto-loading.
- Upgrade linux-image-4.8.0-0.bpo.2-686-unsigned to 4.8.15-2~bpo8+2.
- Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u10.
- Upgrade imagemagick to 8:6.8.9.9-5+deb8u7.
- Upgrade libevent-2.0-5 to 2.0.21-stable-2+deb8u1.
- Upgrade libgd3 to 2.1.0-5+deb8u9.
- Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u2.
- Upgrade liblcms2-2 to 2.6-3+deb8u1.
- Upgrade libxpm4 to 1:3.5.12-0+deb8u1.
- Upgrade login to 1:4.2-3+deb8u3.
- Upgrade ntfs-3g to 1:2014.2.15AR.2-1+deb8u3.
- Upgrade openjdk-7-jre to 7u121-2.6.8-2~deb8u1.
- Upgrade openssl to 1.0.1t-1+deb8u6.
- Upgrade tcpdump to 4.9.0-1~deb8u1.
- Upgrade vim to 2:7.4.488-7+deb8u2.
- Upgrade libreoffice to 1:4.3.3-2+deb8u6.
* Minor improvements
- import-translations: also import PO files for French from
Transifex. The translation team for French switched to Transifex
even for our custom programs:
https://mailman.boum.org/pipermail/tails-l10n/2016-November/004312.html
- Notify the user, if running on a 32-bit processor, that it won't
be supported in Tails 3.0 anymore. (Closes: #12193)
- Notify I2P users that I2P will be removed in Tails
2.12. (Closes: #12271)
* Bugfixes
- Disable -proposed-updates at boot time. If a Debian point
release happens right after a freeze but we have decided to
enable it before the freeze to get (at least most of) it, then
we get in the situation where -proposed-updates is enabled in
the final release, which we don't want. We only want it enabled
at build time. (Closes: #12169)
- Ferm: Use the variable when referring to the Live user. The
firewall will fail to start during early boot otherwise since
the "amnesia" user hasn't been created yet. (Closes: #12208)
- Tor Browser: Don't show offline warning when opening local
documentation. (Closes: #12269)
- tails-virt-notify-user: use the tails-documentation helper to
improve UX when one is not connected to Tor yet, and display
localized doc when available.
- Fix rare issue causing automatic upgrades to not apply properly
(Closes: #8449, and hopefully #11839 as well):
* Allow the tails-install-iuk user to run "/usr/bin/nocache
/bin/cp *" as root.
* Install tails-iuk 2.8, which will use nocache for various file
operations, and sync writes to the installation medium.
- Install Linux 4.8.15 to prevent GNOME from freezing with Intel
GM965/GL960 Integrated Graphics. (Closes: #12217, but fixes tons
of other small bugs)
* Build system
- Add 'offline' option, making it possible to build Tails offline
(if all needed resources are present in your cache). (Closes:
#12272)
-- intrigeri <tails@boum.org> Thu, 02 Feb 2017 15:13:50 +0000
* Test suite
- Encapsulate exec_helper's class to not "pollute" the global
namespace with all our helpers. This is an example of how we can
work towards #9030.
- Extend remote shell with *safe* file operations. Now we can
read/write/append *any* characters without worrying that it will
do crazy things by being passed through the shell, as was the
case before. This commit also:
* adds some better reporting of errors happening on the server
side by communicating back the exception thrown.
* removes the `user` parameter from the VM.file_* methods. They
were not used, any way, and simply do not feel like they
fit. I think the only reason we had it initially was because
it was implemented via the command interface, where a user
concept makes a lot of sense.
- debug_log() Dogtail script content on failure.
- Add a very precise timestamp to each debug_log().
- Make robust_notification_wait() ensure the applet is closed. In
robust_notification_wait() when we close the notification
applet, other windows may change position, creating a racy
situation for any immediately following action aimed at one such
window. (Closes: #10381)
- Fix I2P's Pidgin test. The initial conversation (that determines
the title of the conversation window) is now made by a different
IRC service than before.
- Use lossless compression for the VNC viewer with --view.
Otherwise the VNC viewer is not a good place to extract test
suite images from, at least with xtigervncviewer.
- Add optional pause() notification feature to the test suite. It
will run a user-configurable arbitrary shell command when
pause() is called, e.g. on failure when --interactive-debugging
is used. This is pretty useful when multitasking with long test
suite runs, so you immediately are notified when a test fails
(or when you reached a temporary pause() breakpoint). (Closes:
#12175)
- Add the possibility to run Python code in a persistent session
in the remote shell and use this for Dogtail to significantly
improve its performance by saving state and reusing it between
commands. This changes the semantics of the creation of Dogtail
objects. Previously they just created the code that then would
be run once an actionable method was called (.wait, .click etc),
but now it works like in Python, that Dogtail will try to find
the graphical element upon object creation. (Closes: #12059)
- Test that we don't ship any -proposed-updates APT sources.
(Closes: #12169)
- Make force_new_tor_circuit() respect NEWNYM rate limiting.
- Add retry magic for lost click when opening Tails' documentation
from the desktop launcher. (Closes: #12131)
-- Tails developers <tails@boum.org> Mon, 06 Mar 2017 17:14:52 +0100
tails (3.0~beta1) experimental; urgency=medium
......
features/apt.feature
View file @ 58f005b5
......@@ -8,6 +8,7 @@ Feature: Installing packages through APT
Scenario: APT sources are configured correctly
Given I have started Tails from DVD without network and logged in
Then the only hosts in APT sources are "vwakviie2ienjx6t.onion,sgvtcaew4bxjd7ln.onion,jenw7xbd6tf7vfhp.onion,sdscoq7snqtznauu.onion"
And no proposed-updates APT suite is enabled
@check_tor_leaks
Scenario: Install packages using apt
......
features/chutney/test-network
View file @ 58f005b5
......@@ -45,12 +45,19 @@ BridgeObfs4 = Node(
torrc="bridge-obfs4.tmpl"
)
OnionService = Node(
tag="hs",
hs=1,
torrc="hs.tmpl"
)
NODES = Authority.getN(4) + \