Commit cc220254 authored by Tails developers's avatar Tails developers
Browse files

Update changelog for 1.1.1.

parent 11178ba2
tails (1.1.1) UNRELEASED; urgency=medium
tails (1.1.1) unstable; urgency=medium
* Dummy entry for next release.
* XXX: Upgrade I2P to 0.9.14.1.
* Security fixes
- Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
(Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
Also import the Tor Browser profile at commit
271b64b889e5c549196c3ee91c888de88148560f from
ttp/tor-browser-24.8.0esr-3.x-1.
- Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
- Upgrade I2P to 0.9.14.1-1~deb7u+1.
- Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
and CVE-2014-4943).
- Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
- Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
- Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
- Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
CVE-2014-4345).
- Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
CVE-2013-3674 and CVE-2014-2263.
- Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
- Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
- Prevent dhclient from sending the hostname over the network
(Closes: #7688).
- Override the hostname provided by the DHCP server (Closes: #7769).
- Add an I2P boot parameter. Without adding "i2p" to the kernel
command line, I2P will not be accessible for the Live user.
- Stricter I2P firewall rules:
* deny I2P from accessing the LAN
* deny I2P from accessing the loopback device, except for select
whitelisted services
* allow I2P access to the Internet
The ACCEPT rules will only be enabled when the string 'i2p' is
passed at the boot prompt. The rules which DENY or REJECT
access for the 'i2psvc' user will always be applied.
- Disable I2P plugins, since it doesn't make much sense without
persistence, and should eliminate some attack vectors.
- Disable I2P's BOB port. No maintained I2P application uses it.
-- Tails developers <tails@boum.org> Wed, 23 Jul 2014 00:49:19 +0200
* Bugfixes
- Fix condition clause in tails-security-check (Closes: #7657).
- Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
- Prevent Tails Installer from updating the system partition
properties on MBR partitions (Closes: #7716).
* Minor improvements
- Upgrade to Torbutton 1.6.12.1.
- Install gnome-user-guide (Closes: #7618).
- Install cups-pk-helper (Closes: #7636).
- Update the SquashFS sort file.
- Compress the SquashFS more aggressively (Closes: #7706).
- I2P: Keep POP3 email on server. The default in the I2P webmail
app was to keep mail on the server, but that setting was changed
recently. This configuration setting (susimail.config) will only
be copied over in I2P 0.9.14 and newer.
- Add a Close button to the Tails Installer launcher window.
* Build system
- Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
- Consistently use the same Debian mirror.
- Disable runtime APT proxy configuration when using APT in
binary_local-hooks (Closes: #7691).
* Automated test suite
- Automatically test hostname leaks (Closes: #7712).
- Move autotest live-config hook to be run last. This way we'll
notice if some earlier live-config hook cancels all hooks by
running the automated test suite since the remote shell won't be
running in that case.
- Test that the I2P boot parameter does what it's supposed to do
(Closes: #7760).
- Start applications by using the GNOME Applications menu instead
of the GNOME Run Dialog (Closes: #5550, #7060).
-- Tails developers <tails@boum.org> Sun, 31 Aug 2014 20:49:28 +0000
tails (1.1) unstable; urgency=medium
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment