Commit 8f47aa81 authored by Tails developers's avatar Tails developers
Browse files

Update changelog for 1.3~rc1.

parent 689d43a8
tails (1.3) UNRELEASED; urgency=medium
tails (1.3~rc1) unstable; urgency=medium
* Placeholder for next major release.
* Major new features
- Install the electrum bitcoin client from wheezy-backports, and
add a persistence preset for the Live user's bitcoin wallet. If
electrum is started without the persistence preset enabled, a
warning is hown. (Closes: #6739)
* Hardening
- Sandbox the Tor Browser using AppArmor. From now on it can only
access the "~/Tor Browser" (default) and "~/Persistent/Tor
Browser" directories; the latter is only created if the
persistence preset is enabled. Both have bookmarks added in
GTK's file chooser, and GNOME's Places menu. (Closes: #5525)
- Install a custom-built Tor package with Seccomp enabled but
enable it when no pluggable transport is used. (Closes:
* Bugfixes
- Have tor_bootstrap_progress echo 0 if no matching log line is
found. (Closes: #8257)
- Always pass arguments through wrappers (connect-socks, totem,
wget, whois) with "$@". $* doesn't handle arguments with
e.g. embedded spaces correctly. (Closes: #8603, #8830)
* Minor improvements
- Install obfs4proxy instead of obfsproxy, which adds support for
the obfs4 pluggable transport to Tor. (Closes: #7980)
- Install GnuPG v2 and associated tools from wheezy-backports,
primarily for its improved support for OpenPGP smartcards. It
lives side-by-side with GnuPG v1, which still is the
default. (Closes: #6241)
- Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
- Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
- Install keyringer from Debian Jessie. (Closes: #7752)
- Install pulseaudio-utils.
- Remove all traces of Polipo: we don't use it anymore. This
closes #5379 and #6115 because:
* Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
* Wrap wget with torsocks. (Closes: #6623)
* Wrap Totem to torify it with torsocks. (Closes: #8219)
* Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
(Closes: #8680)
- Use torsocks for whois and Gobby, instead of torify.
- Produce the Tails image in hybrid mode (again) so that the same
image can be installed both on DVD *and* "hard disks" like USB
storage and similar. (Closes: #8510)
- Refactor the Unsafe and I2P browser code into a common shell
library. A lot of duplicated code is now shared, and the code
has been cleaned up and made more reliable. Several
optimizations of memory usage and startup time were also
implemented. (Closes: #7951)
- Invert Exit and About in gpgApplet context menu. This is a
short-term workaround for making it harder to exit the
application by mistake (e.g. a double right-click). (Closes:
- Implement new touchpad settings. This enables tap-to-click,
2-fingers scrolling, and disable while typing. We don't enable
reverse scrolling nor horizontal scrolling. (Closes: #7779)
- Include the mount(8) output and live-additional-software.conf in
WhisperBack bug reports (Closes: #8719, #8491).
- Reduce brightness and saturation of background color. (Closes:
- Have ALSA output sound via PulseAudio by default. This gives us
centralized sound volume controls, and... allows to easily, and
automatically, test that audio output works from Tor Browser,
thanks to the PulseAudio integration into the GNOME sound
control center.
- Import the new Tails signing key, which we will use for Tails
1.3.1, and have Tails Upgrader trust both it and the "old"
(current) Tails signing key. (Closes: #8732)
- tails-security-check: error out when passed an invalid CA file.
Unfortunately, the underlying HTTPS stack we use here fails open
in those case, so we have to check it ourselves. Currently, we
check that the file exists, is readable, is a plain file and is
not empty. Also support specifying the CA file via an
environment variable. This will ease development and bug-fixing
quite a bit.
- Fix racy code in Tails Installer that sometimes made the
automated test suite stall when for scenarios installing Tails
to USB disks. (Closes: #6092)
- Make it possible use Tails Upgrader to upgrade a Tails
installation that has cruft files on the system partition.
(Closes: #7678)
* Build system
- Install syslinux-utils from our builder-wheezy APT repository in
Vagrant. We need version 6.03~pre20 to make the Tails ISO image
in hybrid mode
- Update apt repo signing key. (Closes: #8747)
- Revert "Workaround build failure in lb_source, after creating
the ISO." This is not needed anymore given the move to the Tor
SOCKS proxy. (Closes: #5307)
- Remove the bootstrap stage usage option and disable all
live-build caching in Vagrant. It introduces complexity and
potential for strange build inconsistencies for a meager
reduction in build time. (Closes: #8725)
- Hardcode the mirrors used at build and boot time in auto/config.
Our stuff will be more consistent, easier to reproduce, and our
QA process will be more reliable if we all use the same mirrors
at build time as the one we configure in the ISO. E.g. we won't
have issues such as #8715 again. (Closes: #8726)
- Don't attempt to retrieve source packages from local-packages so
local packages can be installed via
config/chroot_local-packages. (Closes: #8756)
-- Tails developers <> Wed, 15 Oct 2014 20:47:37 +0200
* Test suite
- Use libguestfs instead of parted when creating partitions and
filsystems, and to check that only the expected files
persist. We also switch to qcow2 as the default disk image
format everywhere to reduce disk usage, enable us to use
snapshots that includes the disks (in the future), and to use
the same steps for creating disks in all tests. (Closes: #8673)
- Automatically test that Tails ignores persistence volumes stored
on non-removable media, and doesn't enable swaps. (Closes:
- Actually make sure that Tails can boot from live systems stored
on a hard drive. Running the 'I start Tails from DVD ...' step
will override the earlier 'the computer is set to boot from ide
drive "live_hd"' step, so let's make the "from DVD" part
optional; it will be the default any way.
- Make it possible to use an old iso with different persistence
presets. (Closes: #8091)
- Hide the cursor between steps when navigating the GNOME
applications menu. This makes it a bit more robust, again:
sometimes the cursor is partially hiding the menu entry we're
looking for, hence preventing Sikuli from finding it (in
particular when it's "Accessories", since we've just clicked on
"Applications" which is nearby). (Closes: #8875)
- Ensure that the test will fail if "apt-get X" commands fail.
- Test 'Tor is ready' notification in a separate scenario. (Closes:
- Add automated tests for torified wget and whois. This should
help us identify future regressions such as #8603 in their
torifying wrappers.
- Add automated test for opening an URL from Pidgin.
- And add automated tests for the Tor Browser's AppArmor
- Test that "Report an Error Launcher" opens the support
- Test that the Unsafe Browser:
* starts in various locales.
* complains when DNS isn't configured.
* tear down its chroot on shutdown.
* runs as the correct user.
* has no plugins or add-ons installed.
* has no unexpected bookmarks.
* has no proxy configured.
- Bump the "I2P router console is ready" timeout in its test to
deal with slow Internet connections.
-- Tails developers <> Wed, 11 Feb 2015 22:41:08 +0100
tails (1.2.3) unstable; urgency=medium
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment