Commit 9cf4aec0 authored by Tails developers's avatar Tails developers
Browse files

Merge branch 'testing'

parents 89559d88 aa3b6769
......@@ -35,7 +35,7 @@ $RUN_LB_CONFIG \
--memtest none \
--packages-lists="standard" \
--tasks="standard" \
--linux-packages="linux-image-3.9-1" \
--linux-packages="linux-image-3.10-1" \
--syslinux-menu vesamenu \
--syslinux-splash data/splash.png \
--syslinux-timeout 4 \
......@@ -251,19 +251,19 @@ Package: linux-headers-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.9-1-common
Package: linux-headers-3.10-1-common
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.9-1-486
Package: linux-headers-3.10-1-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.9-1-686-pae
Package: linux-headers-3.10-1-686-pae
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-headers-3.9-1-amd64
Package: linux-headers-3.10-1-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
......@@ -279,19 +279,19 @@ Package: linux-image-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.9-1-486
Package: linux-image-3.10-1-486
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.9-1-686-pae
Package: linux-image-3.10-1-686-pae
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-image-3.9-1-amd64
Package: linux-image-3.10-1-amd64
Pin: release o=Debian,a=unstable
Pin-Priority: 999
Package: linux-kbuild-3.9
Package: linux-kbuild-3.10
Pin: release o=Debian,a=unstable
Pin-Priority: 999
set -e
# Remove pidgin's (libpurple's) MSN support, that is affected by
# security issues far too often.
echo "removing pidgin MSN support"
dpkg -L libpurple0 | grep '/$' | xargs rm
set -e
# Remove pidgin's (libpurple's) mxit support, until CVE-2013-0272 and
# CVE-2013-0271 are fixed in the version of Debian Tails is built upon.
echo "removing pidgin mxit support"
dpkg -L libpurple0 | grep '/$' | xargs rm
set -e
# Remove pidgin's (libpurple's) sametime support, until CVE-2013-0273
# is fixed in the version of Debian Tails is built upon.
echo "removing pidgin sametime support"
dpkg -L libpurple0 | grep '/$' | xargs rm
set -e
# Remove pidgin's (libpurple's) support for protocols we don't support.
echo "removing Pidgin libraries for protocols we do not support"
find /usr/lib/purple-2/ -name 'lib*.so' \
| /bin/grep -Ev "/lib($KEEP)\.so" \
| xargs rm
......@@ -50,8 +50,7 @@ pref("browser.display.max_font_count", 5);
pref("gfx.downloadable_fonts.fallback_delay", -1);
pref("general.appname.override", "Netscape");
pref("general.appversion.override", "5.0 (Windows)");
pref("general.buildID.override", "0");
pref("general.useragent.locale", "en-US");
pref("general.buildID.override", "20130618114625");
pref("general.oscpu.override", "Windows NT 6.1");
pref("general.platform.override", "Win32");
pref("general.productSub.override", "20100101");
......@@ -60,7 +59,7 @@ pref("general.useragent.vendor", "");
pref("general.useragent.vendorSub", "");
pref("dom.enable_performance", false);
pref("plugin.expose_full_path", false);
pref("browser.startup.homepage_override.buildID", "20110325121920");
pref("browser.startup.homepage_override.buildID", "20130618114625");
pref("browser.startup.homepage_override.mstone", "rv:2.0");
pref("browser.zoom.siteSpecific", false);
......@@ -91,6 +90,7 @@ pref("browser.history_expire_days", 0);
pref("browser.history_expire_days.mirror", 0);
pref("browser.microsummary.updateGenerators", false);
pref("browser.safebrowsing.remoteLookups", false);
pref("", false);
pref("browser.sessionstore.enabled", false);
pref("extensions.shownSelectionUI", true);
pref("extensions.update.autoUpdateDefault", false);
......@@ -9,6 +9,7 @@ user_pref("extensions.adblockplus.subscriptions_autoupdate", false);
user_pref("extensions.https_everywhere._observatory.enabled", false);
user_pref("extensions.https_everywhere._observatory.popup_shown", true);
user_pref("extensions.https_everywhere.toolbar_hint_shown", true);
// Block read and write access to the history in non-Tor mode
user_pref("extensions.torbutton.block_nthread", true);
......@@ -116,6 +117,7 @@ user_pref("noscript.forbidMedia", false);
user_pref("noscript.forbidWebGL", true);
user_pref("", true);
user_pref("noscript.gtemp", "");
user_pref("noscript.notify", false);
user_pref("noscript.opacizeObject", 3);
user_pref("noscript.options.tabSelectedIndexes", "5,0,0");
user_pref("noscript.policynames", "");
......@@ -124,9 +126,9 @@ user_pref("noscript.showAllowPage", false);
user_pref("noscript.showBaseDomain", false);
user_pref("noscript.showDistrust", false);
user_pref("noscript.showRecentlyBlocked", false);
user_pref("noscript.showRevokeTemp", false);
user_pref("noscript.showRevokeTemp", true);
user_pref("noscript.showTemp", false);
user_pref("noscript.showTempAllowPage", false);
user_pref("noscript.showTempAllowPage", true);
user_pref("noscript.showTempToPerm", false);
user_pref("noscript.showUntrusted", false);
user_pref("noscript.STS.enabled", false);
......@@ -136,6 +138,5 @@ user_pref("noscript.untrusted", "");
user_pref("privacy.item.cookies", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("security.xpconnect.plugin.unrestricted", false);
user_pref("security.warn_leaving_secure", true);
user_pref("security.warn_submit_insecure", true);
user_pref("torbrowser.version", "Tails");
......@@ -18,6 +18,7 @@ unsafe_ssl_certs=0
......@@ -23,7 +23,7 @@
<setting name='ssl' type='bool'>1</setting>
<settings ui='gtk-gaim'>
<setting name='auto-login' type='bool'>1</setting>
<setting name='auto-login' type='bool'>0</setting>
......@@ -33,6 +33,13 @@ Install_TrueCrypt ()
expect "Press Enter to exit..."
send "\n"
# Activate TrueCrypt deprecation wrapper
cp /usr/share/tails/truecrypt-wrapper.disabled /usr/local/bin/truecrypt
# Monkey patch the truecrypt.desktop file to show the greeter
sed -i 's,/usr/bin/truecrypt,/usr/local/bin/truecrypt,' /usr/share/applications/truecrypt.desktop
......@@ -11,14 +11,19 @@ PACKAGES_LIST_FILE="live-additional-software.conf"
def _launch_apt_get(args):
def _launch_apt_get(specific_args):
"""Launch apt-get with given args
Launch apt-get with given arguments list, log its standard and error output
and return its returncode"""
apt_get_env = os.environ.copy()
# The environnment provided in GDM PostLogin hooks doesn't contain /sbin/
# which is required by dpkg. Let's use the default path for root in Tails.
apt_get_env['PATH'] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
apt_get_env['LANG'] = "C" # we will log the output and want it in English when included in bug reports
# We will log the output and want it in English when included in bug reports
apt_get_env['LANG'] = "C"
args = ["apt-get", "--quiet", "--yes"]
apt_get = subprocess.Popen(
......@@ -36,10 +41,23 @@ def _launch_apt_get(args):
def _notify(title, body):
"""Display a notification to the user of the live system
cmd = "/usr/local/sbin/tails-notify-user"
subprocess.check_call(["/usr/local/sbin/tails-notify-user", title, body])
syslog.syslog(syslog.LOG_WARNING, "Warning: unable to notify the user. The notification was: %s %s" % (title, body))
# XXX: replace with check_output when Tails will be based on Wheezy
# (which includes Python 2.7)
notify_user = subprocess.Popen([cmd, title, body],
stderr=subprocess.STDOUT, stdout=subprocess.PIPE)
notify_user_output =
if notify_user.returncode != 0:
syslog.syslog(syslog.LOG_WARNING, "Warning: unable to notify the user. %s returned with exit code %s"
% (cmd, notify_user.returncode))
syslog.syslog(syslog.LOG_WARNING, "%s output follows: %s."
% (cmd, notify_user_output))
syslog.syslog(syslog.LOG_WARNING, "The notification was: %s %s" % (title, body))
except OSError, e:
syslog.syslog(syslog.LOG_WARNING, "Warning: unable to notify the user. %s" % e)
syslog.syslog(syslog.LOG_WARNING, "The notification was: %s %s" % (title, body))
def get_additional_packages_lists():
"""Returns the paths of additional packageslists
......@@ -59,7 +77,8 @@ def get_additional_packages():
for package_list in get_additional_packages_lists():
with open(package_list) as f:
for line in f:
line = line.strip()
if line: packages.append(line)
return packages
......@@ -70,16 +89,13 @@ def install_additional_packages():
if not get_additional_packages_lists():
syslog.syslog(syslog.LOG_WARNING, "Warning: no additional software configured, exiting.")
return True
packages = get_additional_packages()
if not packages:
syslog.syslog(syslog.LOG_WARNING, "Warning: no packages to install, exiting")
return True
syslog.syslog("Will install the following packages: %s" % " ".join(packages))
apt_get_returncode = _launch_apt_get(["apt-get",
apt_get_returncode = _launch_apt_get(["--no-remove",
"--option", "DPkg::Options::=--force-confold",
"install"] + packages)
if apt_get_returncode:
......@@ -96,10 +112,7 @@ def upgrade_additional_packages():
syslog.syslog(syslog.LOG_WARNING, "Warning: additional packages not activated, exiting")
return True
syslog.syslog("Starting to upgrade additional software...")
apt_get_returncode = _launch_apt_get(["apt-get",
apt_get_returncode = _launch_apt_get(["update"])
if apt_get_returncode:
syslog.syslog(syslog.LOG_WARNING, "Warning: the update failed.")
_notify(_("Your additional software"),
......@@ -20,6 +20,9 @@ debug_command "/bin/lsmod"
debug_command "/usr/bin/lspci"
debug_file "/etc/X11/xorg.conf"
debug_file "/proc/asound/cards"
debug_file "/proc/asound/devices"
debug_file "/proc/asound/modules"
debug_file "/var/log/Xorg.0.log"
debug_file "/var/log/gdm3/:0-slave.log"
debug_file "/var/log/gdm3/:0-greeter.log"
# Deprecation wrapper for TrueCrypt
# This file will be installed in /usr/bin if TrueCrypt is enabled at boot
zenity --warning --title="`gettext \"TrueCrypt will soon be removed from Tails\"`" \
--text="`gettext \"TrueCrypt will soon be removed from Tails due to license and development concerns.\"`"
exec /usr/bin/truecrypt
......@@ -160,7 +160,6 @@ openssh-client
......@@ -285,6 +284,8 @@ gnome-mag
## high-contrast theme
## graphical predictive text input system
### Dictionaries and spell checking
tails (0.20) unstable; urgency=low
* Major new features
- Install Linux kernel 3.10.3-1 from Debian unstable.
- Iceweasel 17.0.8esr + Torbrowser patches.
* Bugfixes
- Prevent Iceweasel from displaying a warning when leaving HTTPS web sites.
- Make Iceweasel use the correct, localized search engine.
- Fix Git access to https:// repositories.
* Minor improvements
- Install Dasher, a predictive text entry tool.
- Add a wrapper around TrueCrypt which displays a warning about it soon
being deprecated in Tails.
- Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP.
Many of the other protocols Pidgin support are broken in Tails and
haven't got any security auditting.
- Disable the pre-defined Pidgin accounts so they do not auto-connect
on Pidgin start.
- Include information about Alsa in WhisperBack reports.
- Explicitly restrict access to ptrace. While this setting was enabled
by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1.
It's unclear what will happen next, so let's explicitly enable it ourselves.
- Do not display dialog when a message is sent in Claws Mail.
- Sync iceweasel preferences with the Torbrowser's.
* Localization
- Many translation updates all over the place.
- Merge all Tails-related POT files into one, and make use of intltoolize
for better integration with Transifex.
-- Tails developers <> Tue, 30 Jul 2013 14:19:57 +0200
tails (0.19) unstable; urgency=low
* Major new features
def persistent_dirs
......@@ -8,7 +7,6 @@ def persistent_dirs
......@@ -132,11 +130,6 @@ Given /^I enable all persistence presets$/ do
10.times do
@screen.type(" \t")
# Now we'll have the custom persistence field selected
@screen.type('a', Sikuli::KEY_ALT)
@screen.type('a', Sikuli::KEY_ALT)
@screen.wait_and_click('PersistenceWizardSave.png', 10)
@screen.wait('PersistenceWizardDone.png', 20)
@screen.type(Sikuli::KEY_F4, Sikuli::KEY_ALT)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment