Commit f438bcf2 authored by Tails developers's avatar Tails developers
Browse files

Update changelog for 1.1~rc1.

parent 5c0426aa
tails (1.1) UNRELEASED; urgency=medium
tails (1.1~rc1) unstable; urgency=medium
* Dummy entry for next release.
* Security fixes
- Don't allow the desktop user to pass arguments to
tails-upgrade-frontend (Closes: #7410).
- Make persistent file permissions safer (Closes #7443):
* Make the content of /etc/skel non-world-readable. Otherwise,
such files may be copied to /home/amnesia, and in turn to the
persistent volume, with unsafe permissions. That's no big deal
in /home/amnesia (that is itself not world-readable), *but*
the root of the persistent volume has to be world-readable.
* Have activate_custom_mounts create new directories with safe
permissions.
* Set strict permissions on /home/amnesia (Closes: #7463).
* Fix permissions on persistent directories that were created
with unsafe permissions (Closes: #7458).
* Fix files ownership while copying persistence (Closes: #7216).
The previous instructions to copy the persistent data were
creating personal files that belong to root. I don't think
there is a way of preserving the original ownership using
Nautilus (unless doing a "move" instead of a "copy" but that's
not what we are trying to do here).
- Disable FoxyProxy's proxy:// protocol handler (Closes: #7479).
FoxyProxy adds the proxy:// protocol handler, which can be used
to configure the proxy via an URI. A malicious web page can
include (or a malicious exit node can inject) some JavaScript
code to visit such an URI and disable or otherwise change
Iceweasel's proxy settings. While using this to disable
proxying will be dealt with safely by our firewall, this could
be used to defeat stream isolation, although the user must be
tricked into accepting the new proxy settings.
* Bugfixes
- Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In
feature/regular-gnupg-agent, we installed the regular GnuPG
agent so that it is used instead of GNOME keyring's one. This is
not enough on Wheezy, so let's disable the starting of the "gpg"
component of GNOME keyring.
- Prevent iproute2 from being installed from wheezy-backports
(Closes: #7337).
- Remove dselect when purging other unwanted packages. (Closes: #7336)
- Make sure /etc/default/locale exists, with a sensible default
value (Closes: #7333). Before Tails Greeter's PostLogin script
are run, /etc/default/locale does not exist on Wheezy. Our
tails-kexec initscript (and quite a few other scripts we run)
depends on this file to exist. So, let's make sure it exists,
with a sensible default value.
- Create the tails-persistence-setup user with the same UID/GID it
had on Tails/Squeeze. (Closes: #7343) Else, our various checks
for safe access rights on persistence.conf fail.
- Revert back to browsing the offline documentation using Iceweasel
instead of Yelp (Closes: #7390, #7285).
- Make the new NetworkManager configuration directory persistent,
when the old one was, but disable the old one (Closes: #7338).
- The Unsafe Web Browser can now be started while the Windows 8
camouflage feature is activated (Closes: #7329).
-- Tails developers <tails@boum.org> Fri, 30 May 2014 17:03:06 +0200
* Minor improvements
- Various improvements to the Windows 8 camouflage:
* Set iceweasel and pidgin camouflage icons.
* Set claws-mail application icon.
* Set florence tray icon.
* Set gpgApplet tray icon.
* Set volume tray icon.
* Configure Iceweasel camouflage.
* Remove launchers (Closes #7381).
* Make the Unsafe Browser use the Windows 8 camouflage.
- Also install linux-base and linux-compiler-gcc-4.8-x86 from
sid. This way, we can get rid of our linux-compiler-gcc-4.8-x86
3.12, and it makes things a bit more consistent.
- Include the syslinux binary, and its MBR, in the ISO filesystem.
This in turn allows Tails Installer to use this binary and MBR,
which is critical for avoiding problems (such as #7345) on
"Upgrade from ISO".
- Include syslinux.exe for win32 in utils/win32/ on the ISO
filesystem (Closes: #7425).
- Tails Installer:
* Increase font size (Closes: #5673).
* Add consistent marigins in GUI.
* Always reset the target drive's MBR, without asking for
confirmation, after installing or upgrading.
* Install the bootloader using the syslinux binary found on the
target device, once the Live OS has been extracted/copied
there.
- Enable double-clicking to pick entries in the language or
keyboard layout lists in Tails Greeter.
- Install backport of shared-mime-info 1.3 (Closes: #7079).
- Make sanity-check prompts closable in Tails Persistence Setup
(Closes: #7119.
* Automated test suite
- Actually run "Upgrade from ISO" from a USB drive running the old
version. That's what users do, and is buggy.
- Automatically test persistent directories permissions (Closes: #7560).
- Use read-write persistence when testing upgraded USB
installations. Otherwise e.g. the permission fixes won't get
applied, and the subsequent steps testing the permissions will
fail.
- Actually check that the ISO's Tails is installed. The step
"Tails is installed on USB drive $TARGET" only checks that the
*running* Tails is installed on $TARGET, which obviously fails
when doing an upgrade from ISO running an old Tails. That it
worked for the same scenario running the current Tails is just
coincidental.
-- Tails developers <tails@boum.org> Wed, 02 Jul 2014 03:11:43 +0200
tails (1.0.1) unstable; urgency=medium
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment