Commit b8bf6b87 authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'bugfix/16352-16184-systemd-v240+force-all-tests' into devel

(Fix-committed: #16352, #16184)
parents cd5ea039 26671c6e
...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose" ...@@ -26,7 +26,7 @@ AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"
REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20" REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION="6.03~pre20"
# Kernel version # Kernel version
KERNEL_VERSION='4.18.0-3' KERNEL_VERSION='4.19.0-1'
KERNEL_SOURCE_VERSION=$( KERNEL_SOURCE_VERSION=$(
echo "$KERNEL_VERSION" \ echo "$KERNEL_VERSION" \
| perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms' | perl -p -E 's{\A (\d+ [.] \d+) [.] .*}{$1}xms'
......
...@@ -88,6 +88,12 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c ...@@ -88,6 +88,12 @@ Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-c
Pin: release o=Debian,n=stretch-backports Pin: release o=Debian,n=stretch-backports
Pin-Priority: 999 Pin-Priority: 999
Explanation: src:systemd
Explanation: systemd >= v240 required to fix CVE-2018-16864, CVE-2018-16865 and CVE-2018-16866 (#16352)
Package: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Pin: origin deb.tails.boum.org
Pin-Priority: 999
Package: openpgp-applet Package: openpgp-applet
Pin: release o=Debian,n=sid Pin: release o=Debian,n=sid
Pin-Priority: 999 Pin-Priority: 999
......
...@@ -27,5 +27,5 @@ done ...@@ -27,5 +27,5 @@ done
# Redirect to existing wrapper # Redirect to existing wrapper
sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \ sed -i'' --regexp-extended 's,^Exec=pidgin$,Exec=/usr/local/bin/pidgin,' \
"/usr/share/applications/pidgin.desktop" "/usr/share/applications/pidgin.desktop"
sed -i'' --regexp-extended 's,^Exec=/usr/bin/totem$,Exec=/usr/local/bin/totem,' \ sed -i'' --regexp-extended 's,^Exec=/usr/bin/totem(\s+.*)?$,Exec=/usr/local/bin/totem,' \
"/usr/share/dbus-1/services/org.gnome.Totem.service" "/usr/share/dbus-1/services/org.gnome.Totem.service"
...@@ -12,8 +12,8 @@ echo "Setting up a build environment for kernel modules" ...@@ -12,8 +12,8 @@ echo "Setting up a build environment for kernel modules"
# install_fake_package() # install_fake_package()
. /usr/local/lib/tails-shell-library/build.sh . /usr/local/lib/tails-shell-library/build.sh
# Install gcc-6 and fake linux-compiler-gcc-7-x86 # Install gcc-6 and fake linux-compiler-gcc-8-x86
# (linux-headers-4.14+ depends on it, but Stretch hasn't GCC 7) # (linux-headers-4.19+ depends on it, but Stretch hasn't GCC 8)
# XXX:Buster: remove this hack. # XXX:Buster: remove this hack.
ensure_hook_dependency_is_installed gcc-6 ensure_hook_dependency_is_installed gcc-6
NEWEST_INSTALLED_KERNEL_VERSION="$( NEWEST_INSTALLED_KERNEL_VERSION="$(
...@@ -21,9 +21,9 @@ NEWEST_INSTALLED_KERNEL_VERSION="$( ...@@ -21,9 +21,9 @@ NEWEST_INSTALLED_KERNEL_VERSION="$(
| sort --version-sort | tail -n1 | sort --version-sort | tail -n1
)" )"
install_fake_package \ install_fake_package \
linux-compiler-gcc-7-x86 \ linux-compiler-gcc-8-x86 \
"${NEWEST_INSTALLED_KERNEL_VERSION}~0tails1" "${NEWEST_INSTALLED_KERNEL_VERSION}~0tails1"
ln -s /usr/bin/gcc-6 /usr/bin/gcc-7 ln -s /usr/bin/gcc-6 /usr/bin/gcc-8
ensure_hook_dependency_is_installed \ ensure_hook_dependency_is_installed \
build-essential \ build-essential \
......
fs.protected_fifos = 2
fs.protected_regular = 2
...@@ -36,20 +36,20 @@ Feature: Spoofing MAC addresses ...@@ -36,20 +36,20 @@ Feature: Spoofing MAC addresses
Scenario: MAC address spoofing fails and macchanger returns false Scenario: MAC address spoofing fails and macchanger returns false
Given macchanger will fail by not spoofing and always returns false Given macchanger will fail by not spoofing and always returns false
When I log in to a new session When I log in to a new session
# XXX: workaround for #11941
And I see the "Network card disabled" notification after at most 60 seconds
Then no network interfaces are enabled Then no network interfaces are enabled
And no network device leaked the real MAC address And no network device leaked the real MAC address
# XXX: workaround for #11941
And I see the "Network card disabled" notification after at most 60 seconds
#10774 #10774
@fragile @fragile
Scenario: MAC address spoofing fails and macchanger returns true Scenario: MAC address spoofing fails and macchanger returns true
Given macchanger will fail by not spoofing and always returns true Given macchanger will fail by not spoofing and always returns true
When I log in to a new session When I log in to a new session
# XXX: workaround for #11941
And I see the "Network card disabled" notification after at most 60 seconds
Then no network interfaces are enabled Then no network interfaces are enabled
And no network device leaked the real MAC address And no network device leaked the real MAC address
# XXX: workaround for #11941
And I see the "Network card disabled" notification after at most 60 seconds
#10774 #10774
@fragile @fragile
...@@ -57,10 +57,10 @@ Feature: Spoofing MAC addresses ...@@ -57,10 +57,10 @@ Feature: Spoofing MAC addresses
Given macchanger will fail by not spoofing and always returns true Given macchanger will fail by not spoofing and always returns true
And no network interface modules can be unloaded And no network interface modules can be unloaded
When I log in to a new session When I log in to a new session
And I see the "All networking disabled" notification after at most 60 seconds
Then 1 network interface is enabled Then 1 network interface is enabled
But the MAC spoofing panic mode disabled networking But the MAC spoofing panic mode disabled networking
And no network device leaked the real MAC address And no network device leaked the real MAC address
And I see the "All networking disabled" notification after at most 60 seconds
Scenario: The MAC address is not leaked when booting Tails Scenario: The MAC address is not leaked when booting Tails
Given a computer Given a computer
......
Subproject commit a93b3dc526afe614f133b738ddf7fcab06bfd366 Subproject commit dc68432bc8fed5faf20f2a0889739a13110abdc1
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment