Commit 76becb81 authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/stable' into test/5571-no-more-filesystem-shares

parents 8bc7ed16 30d07ea9
......@@ -83,6 +83,9 @@ chmod -R go+rX config/chroot_sources
# we need /debootstrap/deburis to build a manifest of used packages:
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keep-debootstrap-dir"
# we're not ready for merged-/usr yet: Debian#843461, Tails#11903
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --no-merged-usr"
# use our own APT repository's key:
DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
......
......@@ -10,6 +10,3 @@ EXT="/usr/lib/icedove/extensions"
echo "Enabling Torbirdy and Enigmail in Icedove"
ln -s /usr/share/xul-ext/torbirdy "$EXT"/castironthunderbirdclub@torproject.org
ln -s /usr/lib/xul-ext/enigmail "$EXT"/\{847b3a00-7ab1-11d4-8f02-006008948af5\}
echo "Enabling the amnesia branding extension in Icedove"
ln -s /usr/local/share/tor-browser-extensions/branding@amnesia.boum.org "$EXT"
#!/bin/sh
# This hook backports the only relevant fix introduced in -build7,
# which later was released as Tor Browser 6.0.6.
set -e
echo "Add DDG search plugin fixup to Tor Browser 6.0.6-build6"
# Import the TBB_INSTALL variable and supported_tor_browser_locales()
. /usr/local/lib/tails-shell-library/tor-browser.sh
OMNI="${TBB_INSTALL}/browser/omni.ja"
TMP="$(mktemp -d)"
DDG="chrome/en-US/locale/browser/searchplugins/ddg.xml"
7z x -o"${TMP}" "${OMNI}" "${DDG}"
sed -i 's@<Url type="text/html" method="POST" template="https://duckduckgo.com/">@<Url type="text/html" method="POST" template="https://duckduckgo.com/html">@' "${TMP}/${DDG}"
( cd "${TMP}" ; 7z u -tzip "${OMNI}" . )
chmod a+r "${OMNI}"
rm -r "${TMP}"
......@@ -18,15 +18,6 @@
</Description>
</em:targetApplication>
<!-- Thunderbird -->
<em:targetApplication>
<Description>
<em:id>{3550f703-e582-4d05-9a08-453d09bdfdc6}</em:id>
<em:minVersion>24.0</em:minVersion>
<em:maxVersion>32.0</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>
http://torbrowser-archive.tails.boum.org/6.0.5/
http://torbrowser-archive.tails.boum.org/6.0.6
362947f533e7088f0876a8558983c8cbb3cf5124cc7947741ac4c928b3a5d5d1 tor-browser-linux32-6.0.5_ar.tar.xz
8527f6727fd0db73865f4cdfa39678679a083ee42f3e4910466103bcf1c67e71 tor-browser-linux32-6.0.5_de.tar.xz
e0c3ce406b6de082692ce3db52b6e04053e205194b26fbf0eee9014be543d98d tor-browser-linux32-6.0.5_en-US.tar.xz
b7538a32fbce52a100d239379c99c38f8f0d7769c64fb3d2320f532539c252f3 tor-browser-linux32-6.0.5_es-ES.tar.xz
2d73f6c0935ec22682ae0520f9e730a0bdad65c90e33efbfdda5bd75ee8e775b tor-browser-linux32-6.0.5_fa.tar.xz
875e7fed0de0513137cfc6b7a284bf111c1ec95736b517efff79969b7adc2f2e tor-browser-linux32-6.0.5_fr.tar.xz
fb7f30932f7004944173a4329ab4744e885f17fe4fbc42ad1bdcc07e20a000ec tor-browser-linux32-6.0.5_it.tar.xz
0d75c169db906587627bc62a1e7e6914a808faa8e9214b7ff02b0ed7108218f1 tor-browser-linux32-6.0.5_ja.tar.xz
e9ff157446e5ee72552a911e9fa6223f43cbba8c38ef9d551f32710f48d24b02 tor-browser-linux32-6.0.5_ko.tar.xz
149b2576ce450a2103e7f936738ae223a63b6ee384d211313d207a6de1f3990d tor-browser-linux32-6.0.5_nl.tar.xz
a761abf4efd328ca0398fb37a8c98004bc74ff55f9f488eea8c6b24fda1f8fbe tor-browser-linux32-6.0.5_pl.tar.xz
4a06874edc060c3db2c21b81387b6f6d2a238c5d170c78e20526b999b0ff7e68 tor-browser-linux32-6.0.5_pt-PT.tar.xz
52843cd18b72a74a2bb87fa9331d6d7052f86e95ad5c9ac4b7c5f7beebee028c tor-browser-linux32-6.0.5_ru.tar.xz
847ad456fd73bcce6fd97143d5c35492ed6302700a6bdafba89ec1c617bdd120 tor-browser-linux32-6.0.5_tr.tar.xz
81e00ba20bcedcf043d5aa87042065ad07e3afaa175f0ba54ab9e99d3b3080f2 tor-browser-linux32-6.0.5_vi.tar.xz
533c45bee7ebeb9bd42d07d7c19fadd57f5043735144e9aa8aa8046487fe56cb tor-browser-linux32-6.0.5_zh-CN.tar.xz
018b574b40f0c0913dd11fe6560e7bc012b9b3f45b69cc5c3367ceb1d1db2a4d tor-browser-linux32-6.0.6_ar.tar.xz
dad8d40a75e597ffb1b0839433b1ecb39f8af06e3f448d235c0858abb69726f3 tor-browser-linux32-6.0.6_de.tar.xz
61e4f87f66ece5a9ca79f836feaae2c63ab40a37324f55357f37b970ec82aa8c tor-browser-linux32-6.0.6_en-US.tar.xz
80ecede9642b4beb20be9d55b4d668c6232fdc5000063c96a30d840e936fa3b3 tor-browser-linux32-6.0.6_es-ES.tar.xz
31d925dc211954b74a2cc618d6b6cbeb682a6a57f33bed80f26ca6f92ffa823b tor-browser-linux32-6.0.6_fa.tar.xz
6b4a2a9e4da54b6dc65d04017c4822dc9b21ffe6095c3c83b4470f782f7e9e94 tor-browser-linux32-6.0.6_fr.tar.xz
3f19e0edf688723409ef1cc468f0faa539d43e5b782fe617b4cd75a2b929c113 tor-browser-linux32-6.0.6_it.tar.xz
cc8f38e2a3a2c9596097e3fd80cbedebcc24fcb488ee7fa850d9ac938f5cc3c6 tor-browser-linux32-6.0.6_ja.tar.xz
b0a4864c0d71d2d37382a98a5e221bbc0b04b78aeca33408a521f708045dae5b tor-browser-linux32-6.0.6_ko.tar.xz
4e55334aeb44adf49a7cfccf3d8b98816cefab971a8be02db2061d76d91150ec tor-browser-linux32-6.0.6_nl.tar.xz
0165b8528f194bb4c5fa1f957cc1c4b3e521f48ad98d4b806b2256a9906837f8 tor-browser-linux32-6.0.6_pl.tar.xz
342f92aac96abc0cd0886821183e108473f40392721ea1c074a6393dfb55748c tor-browser-linux32-6.0.6_pt-PT.tar.xz
2ebcee122f8eb97ce93dc0eb7d047d8d8d940a954d85bb3cd80568d2bd927d73 tor-browser-linux32-6.0.6_ru.tar.xz
58e8bac9e2f98888de559d3a4dcba09b6a9c58456a4d7523467ccf3c33a96594 tor-browser-linux32-6.0.6_tr.tar.xz
bc4eea4ae3683d4541f0b4bec550811f472aefd2a7fc91320aac2e0d20e12a03 tor-browser-linux32-6.0.6_vi.tar.xz
29efa732e16b28b637d7fc9d4d4450b887aa0658b50f5ba0cf219369daac9b71 tor-browser-linux32-6.0.6_zh-CN.tar.xz
--- a/etc/apparmor.d/usr.bin.totem 2014-09-16 11:17:44.000000000 +0000
+++ b/etc/apparmor.d/usr.bin.totem 2014-11-28 09:40:26.960000000 +0000
@@ -9,6 +9,9 @@
diff -Naur etc/apparmor.d.orig/abstractions/totem etc/apparmor.d/abstractions/totem
--- a/etc/apparmor.d/abstractions/totem 2014-08-28 15:51:48.000000000 +0000
+++ b/etc/apparmor.d/abstractions/totem 2016-11-05 14:58:38.676759826 +0000
@@ -30,6 +30,10 @@
/usr/lib/@{multiarch}/gstreamer[0-9].[0-9]/gstreamer-[0-9].[0-9]/gst-plugin-scanner Cix -> gst_plugin_scanner,
+ owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin rw,
+ owner @{HOME}/.cache/gstreamer-[0-9]*.[0-9]*/registry.*.bin.tmp* rw,
owner @{HOME}/.cache/tracker/meta.db k,
owner @{HOME}/.cache/tracker/meta.db-shm k,
+ owner @{HOME}/.config/totem/** rwk,
owner @{HOME}/.local/share/grilo-plugins/*.db k,
+ owner @{HOME}/.local/share/gvfs-metadata/** r,
diff -Naur etc/apparmor.d.orig/usr.bin.totem etc/apparmor.d/usr.bin.totem
--- a/etc/apparmor.d/usr.bin.totem 2015-11-14 13:39:59.000000000 +0000
+++ b/etc/apparmor.d/usr.bin.totem 2016-11-05 14:57:21.817646742 +0000
@@ -9,16 +9,20 @@
#include <abstractions/python>
#include <abstractions/totem>
......@@ -10,3 +25,33 @@
# Maybe in an abstraction?
/usr/include/**/pyconfig.h r,
/usr/bin/totem r,
/dev/sr* r,
- # Allow read and write on anything in @{HOME}. Lenient, but
+ # Allow read and write on almost anything in @{HOME}. Lenient, but
# private-files-strict is in effect.
#include <abstractions/private-files-strict>
- owner @{HOME}/** rw,
+ owner @{HOME}/[a-zA-Z0-9]* rw,
+ owner @{HOME}/[a-zA-Z0-9]*/** rw,
owner /{,var/}run/user/*/dconf/user w,
owner /{,var/}run/user/*/at-spi2-*/ rw,
diff -Naur etc/apparmor.d.orig/usr.bin.totem-previewers etc/apparmor.d/usr.bin.totem-previewers
--- a/etc/apparmor.d/usr.bin.totem-previewers 2014-10-14 23:22:57.000000000 +0000
+++ b/etc/apparmor.d/usr.bin.totem-previewers 2016-11-05 14:57:21.817646742 +0000
@@ -6,10 +6,11 @@
/usr/bin/totem-video-thumbnailer {
#include <abstractions/totem>
- # Allow read on anything in @{HOME}. Lenient, but private-files-strict is in
+ # Allow read on almost anything in @{HOME}. Lenient, but private-files-strict is in
# effect.
#include <abstractions/private-files-strict>
- owner @{HOME}/** r,
+ owner @{HOME}/[a-zA-Z0-9]* rw,
+ owner @{HOME}/[a-zA-Z0-9]*/** rw,
# Not needed by nautilus, but maybe other applications
owner /**.[pP][nN][gG] w,
tails (2.7) UNRELEASED; urgency=medium
tails (2.7.1) UNRELEASED; urgency=medium
* Major new features and changes
- Install Tor 0.2.8.8. (Closes: #11832)
* Emergency release.
-- bertagaz <bertagaz@haze> Tue, 15 Nov 2016 23:23:11 +0100
tails (2.7) unstable; urgency=medium
* Security fixes
- Upgrade to Linux 4.7. (Closes: #11885, #11818)
- Upgrade to Tor 0.2.8.9. (Closes: #11832, #11891)
- Upgrade Tor Browser to 6.0.6 based on Firefox 45.5. (Closes: #11910)
- Upgrade Icedove to 1:45.4.0-1~deb8u1+tails1. (Closes: #11854,
#11860)
- Upgrade imagemagick to 8:6.8.9.9-5+deb8u5.
- Upgrade openssl to 1.0.1t-1+deb8u5.
- Upgrade libarchive to 3.1.2-11+deb8u3.
- Upgrade bind9 to 1:9.9.5.dfsg-9+deb8u8.
- Upgrade libav to 6:11.8-1~deb8u1.
- Upgrade ghostscript to 9.06~dfsg-2+deb8u3.
- Upgrade c-ares to 1.10.0-2+deb8u1.
- Upgrade nspr to 2:4.12-1+debu8u1.
- Upgrade nss to 2:3.26-1+debu8u1.
- Upgrade tar to 1.27.1-2+deb8u1.
- Upgrade curl to 7.38.0-4+deb8u5.
- Upgrade libgd3 to 2.1.0-5+deb8u7.
- Upgrade opendjk-7 to 7u111-2.6.7-2~deb8u1.
- Upgrade mat to 0.5.2-3+deb8u1.
- Upgrade libxslt to 1.1.28-2+deb8u2.
- Upgrade pillow to 2.6.1-2+deb8u3.
* Minor improvements
- Ship Let's encrypt intermediate certificate to prepare the
......@@ -13,6 +37,10 @@ tails (2.7) UNRELEASED; urgency=medium
* Bugfixes
- Fix multiarch support in Synaptic. (Closes: #11820)
- Set default spelling language to en_US in Icedove. (Closes: #11037)
* Build system
- Disable debootstrap merged-usr option. (Closes: #11903)
* Test suite
- Add test for incremental upgrades. (Closes: #6309)
......@@ -27,8 +55,7 @@ tails (2.7) UNRELEASED; urgency=medium
- Remove DVDROM device when not used, to workaround QEMU/Libvirt
compatibility issue. (Closes: #11874)
-- Tails developers <tails@boum.org> Mon, 03 Oct 2016 23:06:51 +0200
-- Tails developers <tails@boum.org> Sun, 13 Nov 2016 14:46:04 +0100
tails (2.6) unstable; urgency=medium
......
......@@ -14,7 +14,7 @@ Feature: Icedove email client
Given I cancel setting up an email account
When I open Icedove's Add-ons Manager
And I click the extensions tab
Then I see that only the amnesia branding, Enigmail and TorBirdy addons are enabled in Icedove
Then I see that only the Enigmail and TorBirdy addons are enabled in Icedove
Scenario: Enigmail is configured to use the correct keyserver
Given I cancel setting up an email account
......
@product
#11901: mat does not clean PDF files anymore
@product @fragile
Feature: Metadata Anonymization Toolkit
As a Tails user
I want to be able to remove leaky metadata from documents and media files
......
......@@ -38,6 +38,12 @@ Feature: Using Totem
# Due to our AppArmor aliases, /live/overlay will be treated
# as /lib/live/mount/overlay.
And AppArmor has denied "/usr/bin/totem" from opening "/lib/live/mount/overlay/home/amnesia/.gnupg/video.mp4"
Given I close Totem
And I copy "/home/amnesia/video.mp4" to "/home/amnesia/.purple/otr.private_key" as user "amnesia"
And I restart monitoring the AppArmor log of "/usr/bin/totem"
When I try to open "/home/amnesia/.purple/otr.private_key" with Totem
Then I see "TotemUnableToOpen.png" after at most 10 seconds
And AppArmor has denied "/usr/bin/totem" from opening "/home/amnesia/.purple/otr.private_key"
@check_tor_leaks @fragile
Scenario: Watching a WebM video over HTTPS
......
......@@ -141,7 +141,7 @@ gitmaster_branch: master
# htmlscrubber plugin
# PageSpec specifying pages not to scrub
htmlscrubber_skip: 'donate or donate.* or donate/* or download or download.* or install or install.* or install/* or upgrade or upgrade.* or upgrade/*'
htmlscrubber_skip: 'donate or donate.* or donate/* or download or download.* or home or home.* or install or install.* or install/* or upgrade or upgrade.* or upgrade/*'
# inline plugin
# enable rss feeds by default?
......
......@@ -118,7 +118,7 @@ allow_symlinks_before_srcdir: 1
# htmlscrubber plugin
# PageSpec specifying pages not to scrub
htmlscrubber_skip: 'misc/unsafe_browser_warning or misc/unsafe_browser_warning.* or donate or donate.* or donate/* or download or download.* or install or install.* or install/* or upgrade or upgrade.* or upgrade/*'
htmlscrubber_skip: 'misc/unsafe_browser_warning or misc/unsafe_browser_warning.* or donate or donate.* or donate/* or download or download.* or home or home.* or install or install.* or install/* or upgrade or upgrade.* or upgrade/*'
# inline plugin
# enable rss feeds by default?
......
......@@ -19,7 +19,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-09-19 13:02+0200\n"
"POT-Creation-Date: 2016-11-13 08:15+0100\n"
"PO-Revision-Date: 2014-12-05 17:21+0000\n"
"Last-Translator: Osama M. Mneina <o.mneina@gmail.com>\n"
"Language-Team: Arabic (http://www.transifex.com/projects/p/torproject/"
......@@ -182,11 +182,11 @@ msgstr "تور يحتاج ساعة دقيقة للعمل، خصوصاً للخد
msgid "Failed to synchronize the clock!"
msgstr "فشل في تزامن ساعة النظام!"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:146
#: config/chroot_local-includes/usr/local/bin/tails-security-check:124
msgid "This version of Tails has known security issues:"
msgstr "هذه النسخة من تيلز تحتوي مشاكل أمنية:"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:156
#: config/chroot_local-includes/usr/local/bin/tails-security-check:134
msgid "Known security issues"
msgstr ""
......
......@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-09-19 13:02+0200\n"
"POT-Creation-Date: 2016-11-13 08:15+0100\n"
"PO-Revision-Date: 2014-12-30 17:30+0000\n"
"Last-Translator: E <ehuseynzade@gmail.com>\n"
"Language-Team: Azerbaijani (http://www.transifex.com/projects/p/torproject/"
......@@ -178,11 +178,11 @@ msgstr ""
msgid "Failed to synchronize the clock!"
msgstr "Saatın sinxronlaşdırılması alınmadı!"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:146
#: config/chroot_local-includes/usr/local/bin/tails-security-check:124
msgid "This version of Tails has known security issues:"
msgstr "Tails-in bu versiyasının bilinən təhlükəsizlik problemləri var:"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:156
#: config/chroot_local-includes/usr/local/bin/tails-security-check:134
msgid "Known security issues"
msgstr ""
......
......@@ -17,7 +17,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-09-19 13:02+0200\n"
"POT-Creation-Date: 2016-11-13 08:15+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Bulgarian (http://www.transifex.com/otf/torproject/language/"
......@@ -198,11 +198,11 @@ msgstr ""
msgid "Failed to synchronize the clock!"
msgstr "Неуспешно синхронизиране на часовника!"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:146
#: config/chroot_local-includes/usr/local/bin/tails-security-check:124
msgid "This version of Tails has known security issues:"
msgstr "Тази версия на Tails е известна с проблемите със сигурността:"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:156
#: config/chroot_local-includes/usr/local/bin/tails-security-check:134
msgid "Known security issues"
msgstr "Проблеми със сигурноста за които се знае"
......
......@@ -13,7 +13,7 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2016-09-19 13:02+0200\n"
"POT-Creation-Date: 2016-11-13 08:15+0100\n"
"PO-Revision-Date: 2016-09-03 08:57+0000\n"
"Last-Translator: carolyn <carolyn@anhalt.org>\n"
"Language-Team: Catalan (http://www.transifex.com/otf/torproject/language/"
......@@ -195,11 +195,11 @@ msgstr ""
msgid "Failed to synchronize the clock!"
msgstr "Error en sincronitzar el rellotge"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:146
#: config/chroot_local-includes/usr/local/bin/tails-security-check:124
msgid "This version of Tails has known security issues:"
msgstr "Aquesta versió de Tails té problemes de seguretat coneguts:"
#: config/chroot_local-includes/usr/local/bin/tails-security-check:156
#: config/chroot_local-includes/usr/local/bin/tails-security-check:134
msgid "Known security issues"
msgstr "Problemes de seguretat coneguts"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment