Update changelog for 1.1.1.

cc220254 · Tails developers · 11178ba2 · cc220254
Commit cc220254 authored Aug 31, 2014 by Tails developers
--- a/debian/changelog
+++ b/debian/changelog
-tails (1.1.1) UNRELEASED; urgency=medium
+tails (1.1.1) unstable; urgency=medium

-  * Dummy entry for next release.
-  * XXX: Upgrade I2P to 0.9.14.1.
+  * Security fixes
+    - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
+      (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
+      Also import the Tor Browser profile at commit
+      271b64b889e5c549196c3ee91c888de88148560f from
+      ttp/tor-browser-24.8.0esr-3.x-1.
+    - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
+    - Upgrade I2P to 0.9.14.1-1~deb7u+1.
+    - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
+      and CVE-2014-4943).
+    - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
+      CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
+    - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
+      CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
+    - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
+      CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
+      CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
+    - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
+      CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
+      CVE-2014-4345).
+    - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
+      CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
+      CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
+      CVE-2013-3674 and CVE-2014-2263.
+    - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
+    - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
+    - Prevent dhclient from sending the hostname over the network
+      (Closes: #7688).
+    - Override the hostname provided by the DHCP server (Closes: #7769).
+    - Add an I2P boot parameter. Without adding "i2p" to the kernel
+      command line, I2P will not be accessible for the Live user.
+    - Stricter I2P firewall rules:
+      * deny I2P from accessing the LAN
+      * deny I2P from accessing the loopback device, except for select
+        whitelisted services
+      * allow I2P access to the Internet
+      The ACCEPT rules will only be enabled when the string 'i2p' is
+      passed at the boot prompt. The rules which DENY or REJECT
+      access for the 'i2psvc' user will always be applied.
+    - Disable I2P plugins, since it doesn't make much sense without
+      persistence, and should eliminate some attack vectors.
+    - Disable I2P's BOB port. No maintained I2P application uses it.

- -- Tails developers <tails@boum.org>  Wed, 23 Jul 2014 00:49:19 +0200
+  * Bugfixes
+    - Fix condition clause in tails-security-check (Closes: #7657).
+    - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
+    - Prevent Tails Installer from updating the system partition
+      properties on MBR partitions (Closes: #7716).
+
+  * Minor improvements
+    - Upgrade to Torbutton 1.6.12.1.
+    - Install gnome-user-guide (Closes: #7618).
+    - Install cups-pk-helper (Closes: #7636).
+    - Update the SquashFS sort file.
+    - Compress the SquashFS more aggressively (Closes: #7706).
+    - I2P: Keep POP3 email on server. The default in the I2P webmail
+      app was to keep mail on the server, but that setting was changed
+      recently. This configuration setting (susimail.config) will only
+      be copied over in I2P 0.9.14 and newer.
+    - Add a Close button to the Tails Installer launcher window.
+
+  * Build system
+    - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
+    - Consistently use the same Debian mirror.
+    - Disable runtime APT proxy configuration when using APT in
+      binary_local-hooks (Closes: #7691).
+
+  * Automated test suite
+    - Automatically test hostname leaks (Closes: #7712).
+    - Move autotest live-config hook to be run last. This way we'll
+      notice if some earlier live-config hook cancels all hooks by
+      running the automated test suite since the remote shell won't be
+      running in that case.
+    - Test that the I2P boot parameter does what it's supposed to do
+      (Closes: #7760).
+    - Start applications by using the GNOME Applications menu instead
+      of the GNOME Run Dialog (Closes: #5550, #7060).
+
+ -- Tails developers <tails@boum.org>  Sun, 31 Aug 2014 20:49:28 +0000

 tails (1.1) unstable; urgency=medium