Commit ac85d5e8 authored by anonym's avatar anonym
Browse files

Update changelog for 2.10~rc1.

parent 7bc93f85
tails (2.10) UNRELEASED; urgency=medium
tails (2.10~rc1) UNRELEASED; urgency=medium
* Dummy entry.
* Tails Greeter: use gdm-password instead of gdm-autologin,
to fix switching to the VT where the desktop session lives
on Stretch (Closes: #11694)
* Tails Greeter: Fix more options scrolledwindow size in Stretch
(Closes: #11919)
* Major new features and changes
- Upgrade the Linux kernel to 4.8.0-0.bpo.2 (Closes: #11886).
- Install OnionShare from jessie-backports. Also install
python3-stem from jessie-backports to allow the use of ephemeral
onion services (Closes: #7870).
- Completely rewrite tor-controlport-filter. Now we can safely
support OnionShare, Tor Browser's per-tab circuit view and
* Port to python3.
* Handle multiple sessions simultaneously.
* Separate data (filters) from code.
* Use python3-stem to allow our filter to be a lot more
oblivious of the control language (Closes: #6788).
* Allow restricting STREAM events to only those generated by the
subscribed client application.
* Allow rewriting commands and responses arbitrarily.
* Make tor-controlport-filter reusable for others by e.g. making
it possible to pass the listen port, and Tor control
cookie/socket paths as arguments (Closes: #6742). We hear
Whonix plan to use it! :)
- Upgrade Tor to, the new stable series
(Closes: #12012).
* Security fixes
- Dummy.
-- bertagaz <bertagaz@haze> Tue, 15 Nov 2016 23:19:34 +0100
* Minor improvements
- Enable and use the Debian Jessie proposed-updates APT
repository, anticipating on the Jessie 8.7 point-release
(Closes: #12124).
- Enable the per-tab circuit view in Tor Browser (Closes: #9365).
- Change syslinux menu entries from "Live" to "Tails" (Closes:
#11975). Also replace the confusing "failsafe" wording with
"Troubleshooting Mode" (Closes: #11365).
- Make OnionCircuits use the filtered control port (Closes:
- Make tor-launcher use the filtered control port.
- Run OnionCircuits directly as the Live user, instead of a
separate user. This will make it compatible with the Orca screen
reader (Closes: #11197).
- Run tor-controlport-filter on port 9051, and the unfiltered one
on 9052. This simplifies client configurations and assumptions
made in many applications that use Tor's ControlPort. It's the
exception that we connect to the unfiltered version, so this
seems like the more sane approach.
- Remove tor-arm (Nyx) (Closes: #9811).
- Remove AddTrust_External_Root.pem from our website CA bundle. We
now only use Let's Encrypt (Closes: #11811).
- Configure APT to use Debian's Onion services instead of the
clearnet ones (Closes: #11556).
- Replaced AdBlock Plus with uBlock Origin (Closes: #9833). This
incidentally also makes our filter lists lighter by
de-duplicating common patterns among the EasyList filters
(Closes: #6908). Thanks to spriver for this first major code
- Install OpenPGP Applet 1.0 (and libgtk3-simplelist-perl) from
Jessie backports (Closes: #11899).
- Add support for exFAT (Closes: #9659).
- Disable unprivileged BPF. Since upgrading to kernel 4.6,
unprivileged users can use the bpf() syscall, which is a
security concern, even with JIT disabled. So we disable that.
This feature wasn't available before Linux 4.6, so disabling it
should not cause any regressions (Closes: #11827).
- Add and enable AppArmor profiles for OnionCircuits and OnoinShare.
- Raise the maximum number of loop devices to 32 (Closes: #12065).
- Drop kernel.dmesg_restrict customization: it's enabled by
default since 4.8.4-1~exp1 (Closes: #11886).
tails (2.9.2) UNRELEASED; urgency=medium
* Bugfixes
- Tails Greeter:
* use gdm-password instead of gdm-autologin, to fix switching to
the VT where the desktop session lives on Stretch (Closes:
* Fix more options scrolledwindow size in Stretch (Closes:
- Tails Installer: remove unused code warning about missing
extlinux in Tails Installer (Closes: #11196).
- Update APT pinning to cover all binary packages built from
src:mesa so we ensure installing mesa from jessie-backports
(Closes: #11853).
- Install xserver-xorg-video-amdgpu. This should help supporting
newer AMD graphics adapters. (Closes #11850)
- Fix firewall startup during early boot, by referring to the
"amnesia" user via its UID (Closes: #7018).
- Include all amd64-microcodes.
* Dummy entry.
* Build system
- Be more careful when unmounting the tmpfs used as workspace
during builds, fixing an issue that made Jenkins' ISO builders
prone to failures (Closes: #12009).
- Upgrade the Vagrant basebox to 20170105. The only big change is
that we now install the backported kernel in the builder VM, to
make building possible on Debian Sid (Closes: #12081).
-- Tails developers <> Wed, 14 Dec 2016 21:04:55 +0100
* Test suite
- Replace the filesystem shares support with a helper for easily
sharing files from the host to the guest using virtual disks
(Closes: #5571).
- Do not test sending email when testing POP3. We cannot clean
that email up (easily) since when we use POP3 deletions won't
affect the remote inbox, only our local one, resulting in the
quota being reached eventually (Closes: #12006).
- Have APT tests configure APT to use non-onion sources. Our test
suite uses Chutney to create a virtual, private Tor network, and
thus doesn't support connections to Onion services running in
the real Tor network (Refs: #11556).
- Allow connections to Tor's control port during stream isolation
tests, but only for those applications where we expect that.
-- Tails Developers <> Thu, 12 Jan 2017 20:27:43 +0100
tails (2.9.1) unstable; urgency=medium
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment