1. 26 Feb, 2018 3 commits
  2. 23 Feb, 2018 1 commit
    • bertagaz's avatar
      Ship systemd from stretch-backports. · bf317f15
      bertagaz authored
      Install systemd v236, required to get the meek_lite PT to work, and have
      the unsafe browser and the Tor launcher applications do clearnet DNS
      resolution. This is required to get systemd's `BindReadOnlyPaths`
      directive introduced in commit 4fc2cd47.
      
      Refs: #8243, #8775
      bf317f15
  3. 14 Feb, 2018 1 commit
    • intrigeri's avatar
      Install Intel processor microcode firmware from stretch-backports (refs: #15173). · 20b79c23
      intrigeri authored
      The maintainer of intel-microcode in Debian carefully uploads to
      stretch-backports updates he thinks are safe for stable users. For example,
      right now stretch-backports has 3.20171117.1~bpo9+1 which is the latest
      available version that's not affected by the many regressions introduced by
      3.20180108.1.
      
      This commit does *not* currently give us IBRS/IBPB/STIPB microcode support for
      Spectre variant 2 mitigation: the currently available firmware with that support
      is too buggy. Instead, it:
      
       - updates microcode firmware to the latest good enough version, which usually
         brings important bugfixes;
       - paves the way for us to get this mitigation whenever it is ready in a form
         that the maintainer of intel-microcode in Debian thinks can be safely pushed
         to Debian stable users.
      20b79c23
  4. 05 Feb, 2018 1 commit
  5. 30 Jan, 2018 1 commit
  6. 16 Jan, 2018 1 commit
  7. 11 Jan, 2018 1 commit
    • intrigeri's avatar
      Install amd64-microcode and intel-microcode from sid (refs: #15148). · 9e6aec2c
      intrigeri authored
      On the short term, this allows us to get the mitigation against
      Spectre (CVE-2017-5715).
      
      While this could be done via our freeze exception mechanism, instead I chose to
      bump APT snapshots and add APT pinning to install these packages from sid for
      the foreseeable future: keeping CPU microcode up-to-date has become an important
      factor in securing systems these days and such security updates land faster in
      sid than anywhere else in Debian.
      9e6aec2c
  8. 06 Jan, 2018 2 commits
  9. 05 Jan, 2018 2 commits
  10. 03 Jan, 2018 1 commit
    • Loic Dachary's avatar
      Add pdf-redact-tools to tails pre-installed software · 520acf91
      Loic Dachary authored
      While there's definitely some overlap between pdf-redact-tools and
      MAT's mission, the UX and functionality pdf-redact-tools provides
      would not really fit in MAT.
      
      It complements MAT functions and is useful to journalists working
      with sensitive documents.
      
      refs: #15052
      520acf91
  11. 02 Jan, 2018 2 commits
  12. 08 Dec, 2017 1 commit
  13. 06 Nov, 2017 1 commit
  14. 13 Sep, 2017 1 commit
  15. 21 Aug, 2017 1 commit
  16. 14 Aug, 2017 1 commit
  17. 03 Aug, 2017 1 commit
  18. 29 Jul, 2017 1 commit
  19. 04 Jul, 2017 1 commit
    • anonym's avatar
      Temporarily prioritize deb.t.b.o over deb.tp.o. · 0e8ef1fe
      anonym authored
      So we install 0.3.0.9-1~d90.stretch+1 (from deb.t.b.o) instead of
      0.3.0.9-1~d99.buster+1 (from deb.tp.o, or rather our snapshot of it
      which incorrectly has this Debian buster version of the package,
      refs: #13413).
      
      Will-fix: #13253
      0e8ef1fe
  20. 27 May, 2017 1 commit
  21. 15 May, 2017 1 commit
  22. 08 Mar, 2017 2 commits
  23. 05 Mar, 2017 2 commits
  24. 04 Mar, 2017 1 commit
  25. 09 Jan, 2017 1 commit
  26. 06 Jan, 2017 1 commit
  27. 01 Jan, 2017 1 commit
  28. 21 Dec, 2016 4 commits
  29. 20 Dec, 2016 2 commits