tails (1.7~rc1) unstable; urgency=medium * Major new features and changes - Add a technology preview of the Icedove Email client (a rebranded version of Mozilla Thunderbird), including OpenPGP support via the Enigmail add-on, general security and anonymity improvements via the Torbirdy add-on, and complete persitence support (which will be enabled automatically if you already have Claws Mail persistence enabled). Icedove will replace Claws Mail as the supported email client in Tails in a future release. (Closes: #6151, #9498, #10285) - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many improvement of this new Tor major release, the new KeepAliveIsolateSOCKSAuth option allows us to drop the bug15482.patch patch (taken from the Tor Browse bundle) that enabled similar (but inferiour) functionality for *all* SocksPort:s -- now the same circuit is only kept alive for extended periods for the SocksPort used by the Tor Browser. (Closes: #10194, #10308) - Add an option to Tails Greeter which disables networking completely. This is useful when intending to use Tails for offline work only. (Closes: #6811) * Security fixes - Fix CVE-2015-7665, which could lead to a network interface's IP address being exposed through wget. (Closes: #10364) - Prevent a symlink attack on ~/.xsession-errors via tails-debugging-info which could be used by the amnesia user to read the contents of any file, no matter the permissions. (Closes: #10333) * Minor improvements - Restart Tor if bootstrapping stalls for too long when not using pluggable transports. (Closes: #9516) - Install firmware-amd-graphics, and firmware-misc-nonfree instead of firmware-ralink-nonfree, both from Debian Sid. - Update the Tails signing key. (Closes: #10012) * Test suite - Add initial automated tests for Icedove. (Closes: #10332) - Add automated tests of the MAC spoofing feature. (Closes: #6302) - Drop the concept of "background snapshots" and introduce a general system for generating snapshots that can be shared between features. This removes all silly hacks we previously used to "skip" steps, and greatly improves performance and reliability of the whole test suite. (Closes: #6094, #8008) - Flush to the log file in debug_log() so the debugging info can be viewed in real time when monitoring the debug log file. (Closes: #10323) - Force UTF-8 locale in automated test suite. Ruby will default to the system locale, and if it is non-UTF-8, some String-methods will fail when operating on non-ASCII strings. (Closes: #10359) - Escape regexp used to match nick in CTCP replies. Our Pidgin nick's have a 10% chance to include a ^, which will break that regexp. We need to escape all characters in the nick. (Closes: #10219) - Extract TBB languages from the Tails source code. This will ensure that valid locales are tested. As an added bonus, the code is greatly simplified. (Closes: #9897) - Automatically test that tails-debugging-info is not susceptible to the type of symlink attacks fixed by #10333. -- Tails developers Mon, 26 Oct 2015 23:06:59 +0100 tails (1.6) unstable; urgency=medium * Security fixes - Upgrade Tor Browser to 5.0.3. (Closes: #10223) - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7. - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1. - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1. - Upgrade libslp1 to 1.2.1-9+deb7u1. - Upgrade ssl-cert to 1.0.32+deb7u1. * Bugfixes - Fix a corner case for the MAC spoofing panic mode. If panic mode failed to disable the specific device that couldn't be spoofed (by unloading the module) we disable networking. Previously we only stopped NetworkManager. The problem is that NM isn't even started at this time, but will specifically be started when we're done with MAC spoofing. Therefore, let's completely disable NetworkManager so it cannot possibly be started. (Closes: #10160) - Avoid use of uninitialized value in restricted-network-detector. If NetworkManager decides that a wireless connection has timed out before "supplicant connection state" has occued, our idea of the state is `undef`, so it cannot be used in a string comparison. Hence, let's initialize the state to the empty string instead of `undef`. Also fix the state recording. Apparently NetworkManager can say a few different things when it logs the device state transitions. (Closes: #7689) * Minor improvements - Remove workaround for localizing search engine plugins. The workaround has recently become unnecessary, possibly due to the changes made for the seach bar after the Tor Browser was rebased on Firefox 38esr. (Closes: #9146) - Refer to the I2P Browser in the I2P notifications. Instead of some obscure links that won't work in the Tor Browser, where users likely will try them, and which I believe will open them by default. (Closes: #10182) - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to enforce mode. (Closes: #9830) * Test suite - Test that udev-watchdog is monitoring the correct device when booted from USB. (Closes: #9890) - Remove unused 'gksu' step. This causes a false-positive to be found for #5330. (Closes: #9877) - Make --capture capture individual videos for failed scenarios only, and --capture-all to capture videos for all scenarios. (Closes: #10148) - Use the more efficient x264 encoding when capturing videos using the --capture* options. (Closes: #10001) - Make --old-iso default to --iso if omitted. Using the same ISO for the USB upgrade tests most often still does what we want, e.g. test that the current version of Tails being tested has a working Tails installer. Hence this seems like a reasonable default. (Closes: #10147) - Avoid nested FindFailed exceptions in waitAny()/findAny(), and throw a new dedicated FindAnyFailed exception if these fail instead. Rjb::throw doesn't block Ruby's execution until the Java exception has been received by Ruby, so strange things can happen and we must avoid it. (Closes: #9633) - Fix the Download Management page in our browsers. Without the browser.download.panel.shown pref set, the progress being made will not update until after the browser has been restarted. (Closes: #8159) - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter that deals with debugging instead of printing it to STDERR via the `--debug` option (which now has been removed). This gives us the full flexibility of Cucumber's formatter system, e.g. one easy-to-read formatter can print to the terminal, while we get the full debug log printed to a file. (Closes: #9491) - Import logging module in otr-bot.py. Our otr-bot.py does not use logging but the jabberbot library makes logging calls, causing a one-off message “No handlers could be found for logger "jabberbot"” to be printed to the console. This commit effectively prevents logging/outputting anything to the terminal which is at a level lower than CRITICAL. (Closes: 9375) - Force new Tor circuit and reload web site on browser timeouts. (Closes: #10116) - Focus Pidgin's buddy list before trying to access the tools menu. (Closes: #10217) - Optimize IRC test using waitAny. If connecting to IRC fails, such as when OFTC is blocking Tor, waiting 60 seconds to connect while a a Reconnect button is visible is sub-optimal. It would be better to try forcing a new Tor circuit and clicking the reconnect button. (Closes: #9653) - Wait for (and focus if necessary) Pidgin's Certificate windows. (Closes: #10222) -- Tails developers Sun, 20 Sep 2015 17:47:26 +0000 tails (1.5.1) unstable; urgency=medium * Security fixes - Upgrade Tor Browser to 5.0.2. (Closes: #10112) - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1. - Upgrade libnss3 to 2:3.14.5-1+deb7u5. * Bugfixes - Refresh Tor Browser AppArmor profile patch. The old one doesn't apply on top of testing's torbrowser-launcher anymore. * Build system - Make sure Jenkins creates new jobs to build the testing branch after freezes. (Closes: #9925) -- Tails developers Fri, 28 Aug 2015 01:52:14 +0200 tails (1.5) unstable; urgency=medium * Major new features and changes - Move LAN web browsing from Tor Browser to the Unsafe Browser, and forbid access to the LAN from the former. (Closes: #7976) - Install a 32-bit GRUB EFI boot loader. This at least works on some Intel Baytrail systems. (Closes: #8471) * Security fixes - Upgrade Tor Browser to 5.0, and integrate it: · Disable Tiles in all browsers' new tab page. · Don't use geo-specific search engine prefs in our browsers. · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox Marketplace), and the "Share this page" button in the Tool bar. · Generate localized Wikipedia search engine plugin icons so the English and localized versions can be distinguished in the new search bar. (Closes: #9955) - Fix panic mode on MAC spoofing failure. (Closes: #9531) - Deny Tor Browser access to global tmp directories with AppArmor, and give it its own $TMPDIR. (Closes: #9558) - Tails Installer: don't use a predictable file name for the subprocess error log. (Closes: #9349) - Pidgin AppArmor profile: disable the launchpad-integration abstraction, which is too wide-open. - Use aliases so that our AppArmor policy applies to /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as it applies to /. And accordingly: · Upgrade AppArmor packages to 2.9.0-3~bpo70+1. · Install rsyslog from wheezy-backports, since the version from Wheezy conflicts with AppArmor 2.9. · Stop installing systemd for now: the migration work is being done in the feature/jessie branch, and it conflicts with rsyslog from wheezy-backports. · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted. · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules. · Take into account aufs whiteouts in the system_tor profile. · Adjust the Vidalia profile to take into account Live-specific paths. - Upgrade Linux to 3.16.7-ckt11-1+deb8u3. - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6. - Upgrade cups-filters to 1.0.18-2.1+deb7u2. - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2. - Upgrade libexpat1 to 2.1.0-1+deb7u2. - Upgrade libicu48 to 4.8.1.1-12+deb7u3. - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1. - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1. * Bugfixes - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1. * Minor improvements - Tails Installer: let the user know when it has rejected a candidate destination device because it is too small. (Closes: #9130) - Tails Installer: prevent users from trying to "upgrade" a device that contains no Tails, or that was not installed with Tails Installer. (Closes: #5623) - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds support for the OTRv3 protocol and for multiple concurrent connections to the same account. (Closes: #9513) - Skip warning dialog when starting Tor Browser while being offline, in case it is already running. Thanks to Austin English for the patch! (Closes: #7525) - Install the apparmor-profiles package (Closes: #9539), but don't ship a bunch of AppArmor profiles we don't use, to avoid increasing boot time. (Closes: #9757) - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead of patching /etc/apparmor.d/tunables/home. - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which is actually used as the read-write branch of the root filesystem's union mount, is visible. As a consequence: · One can now inspect how much space is used, at a given time, in the read-write branch of the root filesystem's union mount. · We can make sure our AppArmor policy works fine when that filesystem is visible, which is safer in case e.g. live-boot's behavior changes under our feet in the future... or in case these "hidden" files are actually accessible somehow already. * Build system - Add our jenkins-tools repository as a Git submodule, and replace check_po.sh with a symlink pointing to the same script in that submodule. Adjust the automated test suite accordingly. (Closes: #9567) - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In particular the inclusion of the Tor Browser 5.0 series has recently increased the amount of space needed to build Tails. (Closes: #9901) * Test suite - Test that the Tor Browser cannot access LAN resources. - Test that the Unsafe Browser can access the LAN. - Installer: test new behavior when trying to upgrade an empty device, and when attempting to upgrade a non-Tails FAT partition on GPT; also, take into account that all unsupported upgrade scenarios now trigger the same behavior. - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests on failure. (Closes: #9518, #9709) - run_test_suite: remove control chars from log file even when cucumber exits with non-zero. (Closes: #9376) - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667) - Use custom exception when 'execute_successfully' fails. - Retry looking up whois info on transient failure. (Closes: #9668) - Retry wget on transient failure. (Closes: #9715) - Test that Tor Browser cannot access files in /tmp. - Allow running the test suite without ntp installed. There are other means to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate. (Closes: #9651) - Bump timeout in the Totem feature. - Grep memory dump using the --text option. This is necessary with recent versions of grep, such as the one in current Debian sid, otherwise it will count only one occurrence of the pattern we're looking for. (Closes: #9759) - Include execute_successfully's error in the exception, instead of writing it to stdout via puts. (Closes: #9795) - Test that udev-watchdog is actually monitoring the correct device. (Closes: #5560) - IUK: workaround weird Archive::Tar behaviour on current sid. - Test the SocksPort:s given in torrc in the Unsafe Browser. This way we don't get any sneaky errors in case we change them and forget to update this test. - Directly verify AppArmor blocking of the Tor Browser by looking in the audit log: Firefox 38 does no longer provide any graphical feedback when the kernel blocks its access to files the user wants to access. - Update browser-related automated test suite images, and workaround weirdness introduced by the new Tor Browser fonts. - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg via alternate, live-boot generated paths. - Adjust tests to cope with our new AppArmor aliases. - Bump memory allocated to the system under test to 2 GB. (Closes: #9883) -- Tails developers Mon, 10 Aug 2015 19:12:58 +0200 tails (1.4.1) unstable; urgency=medium * Security fixes - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649) - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit isolation bugfix. (Closes: #9560) - AppArmor: deny Tor Browser access to the list of recently used files. (Closes: #9126) - Upgrade OpenSSL to 1.0.1e-2+deb7u17. - Upgrade Linux to 3.16.7-ckt11-1. - Upgrade CUPS to 1.5.3-5+deb7u6. - Upgrade FUSE to 2.9.0-2+deb7u2. - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2. - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2. - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1. * Bugfixes - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413) - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO. (Closes: #9416) - Partially fix the truncated notifications issue. (#7249) * Minor improvements - Disable the hwclock.sh initscript at reboot/shutdown time. This is an additional safety measure to ensure that the hardware clock is not modified. (Closes: #9364) - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller. (Closes: #9417) - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the profile shipped with torbrowser-launcher 0.2.0-1. - Add the jessie/updates APT repo and set appropriate pinning. - Upgrade Electrum to 1.9.8-4~bpo70+1. - Upgrade kernel firmware packages to 0.44. * Build system - Install the Linux kernel from Debian Jessie. (Closes: #9341) - Remove files that are not under version control when building in Jenkins. (Closes: #9406) - Don't modify files in the source tree before having possibly merged the base branch into it. (Closes: #9406) - Make it so eatmydata is actually used during a greater part of the build process. This includes using eatmydata from wheezy-backports. (Closes: #9419, #9523) - release script: adjust to support current Debian sid. * Test suite - Test the system clock sanity check we do at boot. (Closes: #9377) - Remove the impossible "Clock way in the past" scenarios. Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock, these scenarios cannot happen, and since we test that it works they can be safely removed. - Test that the hardware clock is not modified at shutdown. (Closes: #9557) - Pidgin: retry looking for the roadmap URL in the topic. - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli. (Closes: #9317) - Test all OpenPGP keys shipped with Tails. (Closes: #9402) - Check that notification-daemon is running when looking for notifications fails. (Closes: #9332) - Allow using the cucumber formatters however we want. (Closes: #9424) - Enable Spice in the guest, and blacklist the psmouse kernel module, to help with lost mouse events. (Closes: #9425) - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286) - Test that Seahorse is configured to use the correct keyserver. (Closes: #9339) - Always export TMPDIR back to the test suite's shell environment. (Closes: #9479) - Make OpenPGP tests more reliable: · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355) · Retry accessing menus in Seahorse on failure. (Closes: #9344) - Focus the Pidgin conversation window before any attempt to interact with it. (Closes: #9317) - Use convertkey from the (backported to Jessie) Debian package, instead of our own copy of that script. (Closes: #9066) - Make the memory erasure tests more robust (Closes: #9329): · Bump /proc/sys/vm/min_free_kbytes when running fillram. · Actually set oom_adj for the remote shell when running fillram. · Try to be more sure that we OOM kill fillram. · Run fillram as non-root. - Only try to build the storage pool if TailsToasterStorage isn't found. (Closes: #9568) -- Tails developers Sun, 28 Jun 2015 19:46:25 +0200 tails (1.4) unstable; urgency=medium * Major new features - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which introduces many major new features for usability, security and privacy. Unfortunately its per-tab circuit view did not make it into Tails yet since it requires exposing more Tor state to the user running the Tor Browser than we are currently comfortable with. (Closes: #9031, #9369) - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor bundled with the Tor Browser, we patch it so that circuits used for SOCKSAuth streams have their lifetime increased indefinitely while in active use. This currently only affects the Tor Browser in Tails, and should improve the experience on certain web sites that otherwise would switch language or log you out every ten minutes or so when Tor switches circuit. (Closes: #7934) * Security fixes - tor-browser wrapper script: avoid offering avenues to arbitrary code execution to e.g. an exploited Pidgin. AppArmor Ux rules don't sanitize $PATH, which can lead to an exploited application (that's allowed to run this script unconfined, e.g. Pidgin) having this script run arbitrary code, violating that application's confinement. Let's prevent that by setting PATH to a list of directories where only root can write. (Closes: #9370) - Upgrade Linux to 3.16.7-ckt9-3. - Upgrade curl to 7.26.0-1+wheezy13. - Upgrade dpkg to 1.16.16. - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2. - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1. - Upgrade openldap to 2.4.31-2. - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4. - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5. - Upgrade libtasn1-3 to 2.13-2+deb7u2. - Upgrade libx11 to 2:1.5.0-1+deb7u2. - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1. - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4. - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1. - Upgrade ppp to 2.4.5-5.1+deb7u2. * Bugfixes - Disable security warnings when connecting to POP3 and IMAP ports. (Closes: #9327) - Make the Windows 8 browser theme compatible with the Unsafe and I2P browsers. (Closes: #9138) - Hide Torbutton's "Tor Network Settings..." context menu entry. (Closes: #7647) - Upgrade the syslinux packages to support booting Tails on Chromebook C720-2800. (Closes: #9044) - Enable localization in Tails Upgrader. (Closes: #9190) - Make sure the system clock isn't before the build date during early boot. Our live-config hook that imports our signing keys depend on that the system clock isn't before the date when the keys where created. (Closes: #9149) - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent us from getting GNOME's default keyserver in addition to our own. (Closes: #9233) - Prevent Firefox from crashing when Orca is enabled: grant it access to assistive technologies in its Apparmor profile. (Closes: #9261) - Add Jessie APT source. (Closes: #9278) - Fix set_simple_config_key(). If the key already existed in the config file before the call, all other lines would be removed due to the sed option -n and p combo. (Closes: #9122) - Remove illegal instance of local outside of function definition. Together with `set -e` that error has prevented this script from restarting Vidalia, like it should. (Closes: #9328) * Minor improvements - Upgrade I2P to 0.9.19-3~deb7u+1. - Install Tor Browser's bundled Torbutton instead of custom .deb. As of Torbutton 1.9.1.0 everything we need has been upstreamed. - Install Tor Browser's bundled Tor Launcher instead of our in-tree version. With Tor 0.2.6.x our custom patches for the ClientTransportPlugin hacks are not needed any more. (Closes: #7283) - Don't install msmtp and mutt. (Closes: #8727) - Install fonts-linuxlibertine for improved Vietnamese support in LibreOffice. (Closes: #8996) - Remove obsoletete #i2p-help IRC channel from the Pidgin configuration (Closes: #9137) - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan Bliminse for the patch. (Closes: #9069). - Install printer-driver-gutenprint to support more printer models. (Closes: #8994). - Install paperkey for off-line OpenPGP key backup. (Closes: #8957) - Hide the Tor logo in Tor Launcher. (Closes: #8696) - Remove useless log() instance in tails-unblock-network. (Closes: #9034) - Install cdrdao: this enables Brasero to burn combined data/audio CDs and to do byte-to-byte disc copy. - Hide access to the Add-ons manager in the Unsafe Browser. It's currently broken (#9307) but we any way do not want users to install add-ons in the Unsafe Browser. (Closes: #9305) - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327) The default value of this option activates warnings on ports 23,109,110,143. This commit disables the warnings for POP3 and IMAP as these could be equally used in encrypted StartTLS connections. (Closes: #9327) - Completely rework how we localize our browser by generating our branding add-on, and search plugins programatically. This improves the localization for the ar, es, fa, ko, nl, pl, ru, tr, vi and zh_CN locales by localizing the Startpage and Disconnect.me search plugins. Following Tor Browser 4.5's recent switch, we now use Disconnect.me as the default search engine. (Closes: #9309) * Actively set Google as the Unsafe Browser's default search engine. * Build system - Encode in Git which APT suites to include when building Tails. (Closes: #8654) - Clean up the list of packages we install. (Closes: #6073) - Run auto/{build,clean,config} under `set -x' for improved debugging. - Zero-pad our ISO images so their size is divisible by 2048. The data part of an ISO image's sectors is 2048 bytes, which implies that ISO images should always have a size divisible by 2048. Some applications, e.g. VirtualBox, use this as a sanity check, treating ISO images for which this isn't true as garbage. Our isohybrid post-processing does not ensure this, however. Also Output ISO size before/after isohybrid'ing and truncate'ing it. This will help detect if/when truncate is needed at all, so that we can report back to syslinux maintainers more useful information. (Closes: #8891) - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The goal here is to avoid Tor Browser tarballs being deleted by apt-cacher-ng's daily expiration cronjob: they're not listed in any APT repo's index file, so acng will be quite eager to clean them up. * Test suite - Bring dependency checks up-to-date (Closes: #8988). - Adapt test suite to be run on Debian Jessie, which includes removing various Wheezy-specific workarounds, adding a few specific to Jessie, migrating from ffmpeg to libav, and more. (Closes: #8165) - Test that MAT can see that a PDF is dirty (Closes: #9136). - Allow throwing Timeout::Error in try_for() blocks, as well as nested try_for() (Closes: #9189, #9290). - Read test suite configuration files from the features/config/local.d directory. (Closes: #9220) - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of zombie processes from appearing. (Closes: #9139) - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow it to properly clean up. (Closes: #8707) - Split SSH & SFTP configs in the test suite. (Closes: #9257) - Improve how we start subprocesses in the test suite, mostly by bypassing the shell for greater security and robustness (Closes: #9253) - Add Electrum test feature. (Closes #8963) - Test that Tails Installer detects when USB devices are removed. (Closes: #9131) - Test Tails Installer with devices which are too small. (Closes: #9129) - Test that the Report an Error launcher works in German. (Closes: #9143) - Verify that no extensions are installed in the Unsafe Browser using about:support instead of about:addons, which is broken (#9307). (Closes: #9306) - Retry GNOME application menu actions when they glitch. The GNOME application menus seem to have issues with clicks or hovering actions not registering, and hence sometimes submenus are not opened when they should, and sometimes clicks on the final application shortcut are lost. There seems to be a correlation between this and CPU load on the host running the test suite. We workaround this by simply re-trying the last action when it seems to fail. (Closes: #8928) - Work around Seahorse GUI glitchiness (Closes: #9343): * When Seahorse appears to be frozen--apparently due to network issues--it can often be worked around by refreshing the screen or activating a new window. * Open Seahorse's preferences dialog using the mouse. * Access menu entries with the mouse. - Wait for systray icons to finish loading before interacting with the systray. (Closes: #9258) - Test suite configuration: generalize local.d support to *.d. We now load features/config/*.d/*.yml. - Use code blocks in "After Scenario" hooks. This is much simpler to use (and more readable!) compared to hooking functions and arguments like we used to do. - Create filesystem share sources in the temporary directory and make them world-readable. (Closes: #8950) -- Tails developers Mon, 11 May 2015 16:45:04 +0200 tails (1.3.2) unstable; urgency=medium * Security fixes - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR. - Upgrade OpenSSL to 1.0.1e-2+deb7u16. * Bugfixes - Make Florence usable with touchpads by forcing syndaemon to always use the `-t` option, which only disables tapping and scrolling and not mouse movements (Closes: #9011). - Make tails-spoof-mac log the correct macchanger exit code on failure (Closes: #8687). - Tails Installer: · Ignore devices with less than 3.5 GB of storage since they do not fit a Tails installation (Closes: #6538). · Remove devices from the device list as they are unplugged (Closes: #8691). * Minor improvements - Install obfs4proxy 0.0.4-1~tpo1, which adds support for client-mode ScrambleSuit. - Don't start Vidalia if Windows Camouflage is enabled. (Closes: #7400) - I2P Browser: · Remove "Add-ons" from the Tools menu, and hide "Keyboard Shortcuts" and "Take a Tour" since they point to resources on the open Internet (Closes: #7970). · Hide TorButton button from the customize toolbar options, and remove configs whose only purpose was to make Torbutton "green" (Closes: #8893). * Test suite - New tests: · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server" (Closes: #6308). · Verify that Tails' Tor binary has the expected Tor authorities hard coded (Closes: #8960). - Improvements: · Programmatically determine the supported languages when testing the Unsafe Browser (Closes: #8918). · Rename --temp-dir to --tmpdir and make it behave more like mktemp, and honour TMPDIR if set in the environment. (Closes: #8709). - Bugfixes: · Make --temp-dir (now --tmpdir) actually work. -- Tails developers Mon, 30 Mar 2015 16:54:20 +0200 tails (1.3.1) unstable; urgency=medium * Security fixes - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses: · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/ · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/ - Upgrade Linux to 3.16.7-ckt7-1. - Upgrade libxfont to 1:1.4.5-5. - Upgrade OpenSSL to 1.0.1e-2+deb7u15. - Upgrade tcpdump to 4.3.0-1+deb7u2. - Upgrade bsdtar to 3.0.4-3+wheezy1. - Upgrade CUPS to 1.5.3-5+deb7u5. - Upgrade file and libmagic to 5.11-2+deb7u8. - Upgrade GnuPG to 1.4.12-7+deb7u7. - Upgrade libarchive to 3.0.4-3+wheezy1. - Upgrade libav to 6:0.8.17-1. - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1. - Upgrade libgcrypt11 1.5.0-5+deb7u3. - Upgrade libgnutls26 to 2.12.20-8+deb7u3. - Upgrade libgtk2-perl to 2:1.244-1+deb7u1. - Upgrade ICU to 4.8.1.1-12+deb7u2. - Upgrade NSS to 2:3.14.5-1+deb7u4. - Upgrade libssh2 to 1.4.2-1.1+deb7u1. * Bugfixes - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include: · Directory authority changes. · Fix assertion errors that may trigger under high DNS load. · No longer break on HUP with seccomp2 enabled. · and more - please consult the upstream changelog. - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly (Closes: #8964, #6985). Changes include: · Ask about bridges before proxy in wizard. · Hide logo if TOR_HIDE_BROWSER_LOGO set. · Remove firewall prompt from wizard. · Feedback when “Copy Tor Log” is clicked. · Improve behavior if tor exits. · Add option to hide TBB's logo · Change "Tor Browser Bundle" to "Tor Browser" · Update translations from Transifex. - Fix the Tor Launcher killer. (Closes: #9067) - Allow Seahorse to communicate with keyservers when run from Tails OpenPGP Applet. (Closes: #6394) - SSH client: don't proxy connections to 172.17.* to 172.31.*. (Closes: #6558) - Repair config/chroot_local-packages feature, that was broken in Tails 1.3 by 19-install-tor-browser-AppArmor-profile. (Closes: #8910) - language_statistics.sh: count original words instead of translated words. Otherwise we get >100% translation if translated strings are longer than original strings. (Closes: #9016) * Minor improvements - Only ship the new Tails signing key, and have Tails Upgrader stop trusting the old one. Update the documentation and test suite accordingly. (Closes: #8735, #8736, #8882, #8769, #8951) - Polish and harden a bit the WhisperBack configuration (Closes: #8991): · Only allow the `amnesia' user to run tails-debugging info as root with no arguments. · Fix spelling and grammar mistakes, improve phrasing a bit. · Quote variables consistently. * Test suite - New tests: · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user chatroom. (Closes: #8002) · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001) · Check that Pidgin only responds to the expected CTCP requests. (Closes: #8966) · Fetching keys using Seahorse started via the OpenPGP Applet. · Sync'ing keys using Seahorse. - Bugfixes: · Fix a race condition between the remote shell's and Tails Greeter's startup, by making sure the remote shell is ready before we start GDM. (Closes: #8941) · Kill virt-viewer properly. (Closes: #9070) · Make sure the display is stopped on destroy_and_undefine(). Where we had it earlier, it could be skipped if anything else in the block threw an exception. · Fix wrong use of "$@". (Closes: #9071) · Enable the pipefail option in run_test_suite. · Improve the GNOME screenshot test's robustness. (Closes: #8952) - Refactoring: · turn the focus_pidgin_window() helper into a more generic VM.focus_xorg_window() one. · Reorganize the Display class. · Use clearer method to check process status in the Display class. - New developer-oriented features: · Add a --log-to-file option to run_test_suite. (Closes: #8894) · Add helpers for generating random strings. · Make it possible to hook arbitrary calls on scenario end. This is useful for dynamically adding cleanup functions, instead of having to explicitly deal with them in some After hook. -- Tails developers Mon, 23 Mar 2015 12:34:56 +0000 tails (1.3) unstable; urgency=medium * Major new features - Produce the Tails image in hybrid mode (again) so that the same image can be installed both on DVD *and* "hard disks" like USB storage and similar. (Closes: #8510) - Confine the Tor Browser using AppArmor. (Closes: #5525) - Install the Electrum bitcoin client from wheezy-backports, and add a persistence preset for the Live user's bitcoin wallet. If electrum is started without the persistence preset enabled, a warning is shown. (Closes: #6739) * Security fixes - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr) (Closes: #8938). * Bugfixes - Have tor_bootstrap_progress echo 0 if no matching log line is found. (Closes: #8257) - Always pass arguments through wrappers (connect-socks, totem, wget, whois) with "$@". $* doesn't handle arguments with e.g. embedded spaces correctly. (Closes: #8603, #8830) - Upgrade Linux to 3.16.7-ckt4-3. * Minor improvements - Install a custom-built Tor package with Seccomp enabled; enable the Seccomp sandbox when no pluggable transport is used. (Closes: #8174) - Install obfs4proxy instead of obfsproxy, which adds support for the obfs4 Tor pluggable transport. (Closes: #7980) - Install GnuPG v2 and associated tools from wheezy-backports, primarily for its improved support for OpenPGP smartcards. It lives side-by-side with GnuPG v1, which still is the default. (Closes: #6241) - Install ibus-unikey, a Vietnamese input method for IBus. (Closes: #7999) - Install torsocks (2.x) from wheezy-backports. (Closes: #8220) - Install keyringer from Debian Jessie. (Closes: #7752) - Install pulseaudio-utils. - Remove all traces of Polipo: we don't use it anymore. This closes #5379 and #6115 because: * Have APT directly use the Tor SOCKS proxy. (Closes: #8194) * Wrap wget with torsocks. (Closes: #6623) * Wrap Totem to torify it with torsocks. (Closes: #8219) * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND. (Closes: #8680) - Use torsocks for whois and Gobby, instead of torify. - Upgrade I2P to 0.9.18-1~deb7u+1. - Refactor the Unsafe and I2P browser code into a common shell library. A lot of duplicated code is now shared, and the code has been cleaned up and made more reliable. Several optimizations of memory usage and startup time were also implemented. (Closes: #7951) - Invert Exit and About in gpgApplet context menu. This is a short-term workaround for making it harder to exit the application by mistake (e.g. a double right-click). (Closes: #7450) - Implement new touchpad settings. This enables tap-to-click, 2-fingers scrolling, and disable while typing. We don't enable reverse scrolling nor horizontal scrolling. (Closes: #7779) - Include the mount(8) output and live-additional-software.conf in WhisperBack bug reports (Closes: #8719, #8491). - Reduce brightness and saturation of background color. (Closes: #7963) - Have ALSA output sound via PulseAudio by default. This gives us centralized sound volume controls, and... allows to easily, and automatically, test that audio output works from Tor Browser, thanks to the PulseAudio integration into the GNOME sound control center. - Import the new Tails signing key, which we will use for Tails 1.3.1, and have Tails Upgrader trust both it and the "old" (current) Tails signing key. (Closes: #8732) - tails-security-check: error out when passed an invalid CA file. Unfortunately, the underlying HTTPS stack we use here fails open in those case, so we have to check it ourselves. Currently, we check that the file exists, is readable, is a plain file and is not empty. Also support specifying the CA file via an environment variable. This will ease development and bug-fixing quite a bit. - Fix racy code in Tails Installer that sometimes made the automated test suite stall for scenarios installing Tails to USB disks. (Closes: #6092) - Make it possible to use Tails Upgrader to upgrade a Tails installation that has cruft files on the system partition. (Closes: #7678) * Build system - Install syslinux-utils from our builder-wheezy APT repository in Vagrant. We need version 6.03~pre20 to make the Tails ISO image in hybrid mode - Update deb.tails.boum.org apt repo signing key. (Closes: #8747) - Revert "Workaround build failure in lb_source, after creating the ISO." This is not needed anymore given the move to the Tor SOCKS proxy. (Closes: #5307) - Remove the bootstrap stage usage option and disable all live-build caching in Vagrant. It introduces complexity and potential for strange build inconsistencies for a meager reduction in build time. (Closes: #8725) - Hardcode the mirrors used at build and boot time in auto/config. Our stuff will be more consistent, easier to reproduce, and our QA process will be more reliable if we all use the same mirrors at build time as the ones we configure in the ISO. E.g. we won't have issues such as #8715 again. (Closes: #8726) - Don't attempt to retrieve source packages from local-packages so local packages can be installed via config/chroot_local-packages. (Closes: #8756) - Use our own Tor Browser archive when building an ISO. (Closes: #8125) * Test suite - Use libguestfs instead of parted when creating partitions and filsystems, and to check that only the expected files persist. We also switch to qcow2 as the default disk image format everywhere to reduce disk usage, enable us to use snapshots that includes the disks (in the future), and to use the same steps for creating disks in all tests. (Closes: #8673) - Automatically test that Tails ignores persistence volumes stored on non-removable media, and doesn't enable swaps. (Closes: #7822) - Actually make sure that Tails can boot from live systems stored on a hard drive. Running the 'I start Tails from DVD ...' step will override the earlier 'the computer is set to boot from ide drive "live_hd"' step, so let's make the "from DVD" part optional; it will be the default any way. - Make it possible to use an old iso with different persistence presets. (Closes: #8091) - Hide the cursor between steps when navigating the GNOME applications menu. This makes it a bit more robust, again: sometimes the cursor is partially hiding the menu entry we're looking for, hence preventing Sikuli from finding it (in particular when it's "Accessories", since we've just clicked on "Applications" which is nearby). (Closes: #8875) - Ensure that the test will fail if "apt-get X" commands fail. - Test 'Tor is ready' notification in a separate scenario. (Closes: #8714) - Add automated tests for torified wget and whois. This should help us identify future regressions such as #8603 in their torifying wrappers. - Add automated test for opening an URL from Pidgin. - And add automated tests for the Tor Browser's AppArmor sandboxing. - Test that "Report an Error Launcher" opens the support documentation. - Test that the Unsafe Browser: * starts in various locales. * complains when DNS isn't configured. * tears down its chroot on shutdown. * runs as the correct user. * has no plugins or add-ons installed. * has no unexpected bookmarks. * has no proxy configured. - Bump the "I2P router console is ready" timeout in its test to deal with slow Internet connections. - Make the automatic tests of gpgApplet more robust by relying more on graphical elements instead of keyboard shortcuts and static sleep():s. (Closes: #5632) - Make sure that enough disk space is available when creating virtual storage media. (Closes: #8907) - Test that the Unsafe Browser doesn't generate any non-user initiated traffic, and in particular that it doesn't check for upgrades, which is a regression test for #8694. (Closes: #8702) - Various robustness improvements to the Synaptic tests. (Closes: #8742) - Automatically test Git. (Closes: #6307) - Automatically test GNOME Screenshot, which is a regression test for #8087. (Closes: #8688) - Fix a quoting issue with `tails_persistence_enabled?`. (Closes: #8919) - Introduce an improved configuration system that also can store local secrets, like user credentials needed for some tests. (Closes: #6301, #8188) - Actually verify that we successfully set the time in our time syncing tests. (Closes: #5836) - Automatically test Tor. This includes normal functionality and the use pluggable transports, that our Tor enforcement is effective (e.g. only the Tor network or configured bridges are contacted) and that our stream isolation configuration is working. (Closes: #5644, #6305, #7821) -- Tails developers Mon, 23 Feb 2015 17:14:00 +0100 tails (1.2.3) unstable; urgency=medium * Security fixes - Upgrade Linux to 3.16.7-ckt2-1. - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr) (Closes: #8700). - Fail safe by entering panic mode if macchanger exits with an error, since in this situation we have to treat the driver/device state as undefined. Also, we previously just exited the script in this case, not triggering the panic mode and potentially leaking the real MAC address (Closes: #8571). - Disable upgrade checking in the Unsafe Browser. Until now the Unsafe Browser has checked for upgrades of the Tor Browser in the clear (Closes: #8694). * Bugfixes - Fix startup of the Unsafe Browser in some locales (Closes: #8693). - Wait for notification-daemon to run before showing the MAC spoofing panic mode notifications. Without this, the "Network card disabled" notification is sometimes lost when MAC spoofing fails. Unfortunately this only improves the situation, but doesn't fix it completely (see #8685). - Log that we're going to stop NetworkManager before trying to do it in the MAC spoofing scripts. Without this we wouldn't get the log message in case stopping NetworkManager fails (thanks to `set -e`). - Set GNOME Screenshot preferences to save the screenshots in /home/amnesia (Closes: #8087). - Do not suspend to RAM when closing the lid on battery power (Closes: #8071). - Properly update the Tails Installer's status when plugging in a USB drive after it has started (Closes: #8353). - Make rsync compare file contents by using --checksum for more reliable generation of the squashfs filesystem in IUKs. Previously it used the default, which is checking timestamps and file size, but that doesn't play well with the Tor browser files, that have a fixed mtime, which could result in updated files not ending up in the IUK. * Minor improvements - Finish migrating tails-security-check's and tails-iuk's pinning to our website's new X.509 certificate authority (Closes: #8404). * Build system - Update to Vagrant build box tails-builder-20141201. The only change is the removal of a reference to an ISO image which doesn't exist (except on the system that generated the build box) which causes an error for some users (Closes: #7644). - Generate the list of packages used during build, after building with Jenkins (Closes: #8518). This allows tracking their status on the Debian reproducible build front: https://reproducible.debian.net/index_pkg_sets.html#tails * Automated test suite - Check PO files with i18nspector (Closes: #8359). - Fix the expected image of a check.tp.o failure. Previously we looked for the "Sorry. You are not using Tor." text, but it seems it recently changed enough for Sikuli to not find it. To prevent future errors of the same kind we'll look for the crossed-over onion icon instead (Closes: #8533). - Bump timeout when waiting for Tor to re-bootstrap. We have a dreaded issue with timeouts that are multiple of 2 minutes, and then Tor succeeds soon after, so in order to allow for this timeout to be reached twice, and then possibly succeed, let's use N*2 minutes + 30 seconds, with N=2. -- Tails developers Wed, 14 Jan 2015 16:12:26 +0100 tails (1.2.2) unstable; urgency=medium * Bugfixes - Create a CA bundle for Tails Upgrader at ISO build time, and patch Tails Upgrader to use it. Specifically this will make it possible to check for Tails upgrades after our website changes certificate around the 2014 to 2015 transition (Partially fixes #8404). -- Tails developers Mon, 15 Dec 2014 10:05:17 +0100 tails (1.2.1) unstable; urgency=low * Security fixes - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1. - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr). * Bugfixes - Install syslinux-utils, to get isohybrid back (Closes: #8155). - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which includes a patch that restores mouse scrolling in KVM/Spice (Closes: 7426). - Set Torbutton logging preferences to the defaults (Closes: #8160). With the default settings, no site-specific information is logged. - Use the correct stack of rootfs:s for the chroot browsers (Closes: #8152, #8158). After installing incremental upgrades Tails' root filesystem consists of a stack squashfs:s, not only filesystem.squashfs. When not stacking them correct we may end up using the Tor Browser (Firefox) from an older version of Tails, or with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to 1.2, when we migrated from Iceweasel to the Tor Browser. Based on a patch contributed by sanic. - Use the Tor Browser for MIME type that GNOME associates with Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX etc. should be possible again. - Update patch to include all Intel CPU microcodes (Closes: #8189). - AppArmor: allow Pidgin to run Tor Browser unconfined, with scrubbed environment (Closes: #8186). Links opened in Pidgin are now handled by the Tor Browser. - Install all localized Iceweasel search plugins (Closes: #8139). - When generating the boot profile, ignore directories in process_IN_ACCESS as well (Closes: #7925). This allows ut to update the squashfs-ordering again in Tails 1.2.1. - gpgApplet: Don't pass already encoded data to GTK2 (Closes: #7968). It's now possible to clearsign text including non-ASCII characters. - Do not run the PulseAudio initscript, neither at startup nor shutdown (Closes: #8082). * Minor improvements - Upgrade I2P to 0.9.17-1~deb7u+1. - Make GnuPG configuration closer to the best practices one (Closes: #7512). - Have GnuPG directly use the Tor SOCKS port (Closes: #7416). - Remove TrueCrypt support and documentat how to open TrueCrypt volumes using cryptsetup (Closes: #5373). - Install hopenpgp-tools from Debian Jessie. * Build system - Add gettext >= 0.18.3 as a Tails build dependency. We need it for xgettext JavaScript support in feature/jessie. * Automated test suite - Don't click to open a sub-menu in the GNOME applications menu (Closes: #8140). - When testing the Windows camouflage, look for individual systray applets, to avoid relying on their ordering (Closes: #8059). - Focus the Pidgin Buddy List before looking for something happening in it (Closes: #8161). - Remove workaround for showing the TBB's menu bar (Closes #8028). -- Tails developers Tue, 02 Dec 2014 11:34:03 +0100 tails (1.2) unstable; urgency=medium * Major new features - Migrate from Iceweasel to the Tor Browser from the Tor Browser Bundle 4.0 (based on Firefox 31.2.0esr). This fixes the POODLE vulnerability. The installation in Tails is made global (multi-profile), uses the system-wide Tor instance, disables the Tor Browser updater, and keeps the desired deviations previously present in Iceweasel, e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since we run it as a standalone XUL application), among other things. - Install AppArmor's userspace tools and apparmor-profiles-extra from Wheezy Backports, and enable the AppArmor Linux Security Module. This adds Mandatory Access Control for several critical applications in Tails, including Tor, Vidalia, Pidgin, Evince and Totem. - Isolate I2P traffic from the Tor Browser by adding a dedicated I2P Browser. It is set up similarly to the Unsafe Browser, but further disables features that are irrelevant for I2P, like search plugins and the AdBlock Plus addon, while keeping Tor Browser security features like the NoScript and Torbutton addons. - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1. * Security fixes - Disable TCP timestamps (Closes: #6579). * Bugfixes - Remove expired Pidgin certificates (Closes: #7730). - Use sudo instead of gksudo for running tails-upgrade-frontend to make stderr more easily accessible (Closes: #7431). - Run tails-persistence-setup with sudo instead of gksudo to make stderr more easily accessible, and allow the desktop user to pass the --verbose parameter (Closes: #7623). - Disable CUPS in the Unsafe Browser. This will prevent the browser from hanging for several minutes when accidentally pressing CTRL+P or trying to go to File -> Print (Closes: #7771). * Minor improvements - Install Linux 3.16-3 (version 3.16.5-1) from Debian unstable (Closes: #7886, #8100). - Transition away from TrueCrypt: install cryptsetup and friends from wheezy-backports (Closes: #5932), and make it clear that TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739). - Install Monkeysign dependencies for qrcodes scanning. - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install the new syslinux-efi package. - Upgrade I2P to 0.9.15-1~deb7u+1 - Enable Wheezy proposed-updates APT repository and setup APT pinnings to install packages from it. - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x) should make Tor a bit harder to exploit. It is only be enabled when when no special Tor configuration is requested in Tails Greeter due to incompatibility with pluggable transports. - Start I2P automatically when the network connects via a NetworkManager hook, and "i2p" is present on the kernel command line. The router console is no longer opened automatically, but can be accessed through the I2P Browser (Closes: #7732). - Simplify the IPv6 ferm rules (Closes: #7668). - Include persistence.conf in WhisperBack reports (Closes: #7461) - Pin packages from testing to 500, so that they can be upgraded. - Don't set Torbutton environment vars globally (Closes: #5648). - Enable VirtualBox guest additions by default (Closes: #5730). In particular this enables VirtualBox's display management service. - In the Unsafe Browser, hide option for "Tor Browser Health report", and the "Get Addons" section in the Addon manager (Closes: #7952). - Show Pidgin's formatting toolbar (Closes: #7356). Having the formatting toolbar displayed in Pidgin makes the OTR status more explicit by displaying it with words. * Automated test suite - Add --pause-on-fail to ease VM state debugging when tests misbehave. - Add execute_successfully() and assert_vmcommand_success() for added robustness when executing some command in the testing VM. - Use Test::Unit::Assertions instead of our home-made assert(). - Add test for persistent browser bookmarks. - Add basic tests for Pidgin, Totem and Evince, including their AppArmor enforcement. - Factorize some common step pattern into single steps. - Factorize running a command in GNOME Terminal. - Add common steps to copy a file and test for its existence. - Add a wait_and_double_click Sikuli helper method. - Add a VM.file_content method, to avoid repeating ourselves, and use it whenever easily doable. - Drop test that diffs syslinux' exithelp.cfg: we don't ship this file anymore. - In the Unsafe Browser tests, rely on subtle timing less (Closes: #8009). - Use the same logic to determine when Tor is working in the test suite as in Tails itself. The idea is to avoid spamming the Tor control port during bootstrap, since we've seen problems with that already. -- Tails developers Wed, 15 Oct 2014 18:34:50 +0200 tails (1.1.2) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.8.0esr-0+tails3~bpo70+1 (fixes Mozilla#1064636). - Install Linux 3.16-1 from sid (Closes: #7886). - Upgrade file to 5.11-2+deb7u5 (fixes CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 and CVE-2014-3587). - Upgrade curl to 7.26.0-1+wheezy10 (fixes CVE-2014-3613 and CVE-2014-3620). - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u2 (fixes CVE-2014-0591). - Upgrade gnupg to 1.4.12-7+deb7u6 (fixes CVE-2014-5270). - Upgrade apt to 0.9.7.9+deb7u5 (fixes CVE-2014-0487, CVE-2014-0488, CVE-2014-0489, CVE-2014-0490, and CVE-2014-6273.). - Upgrade dbus to 1.6.8-1+deb7u4 (fixes CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638 and CVE-2014-3639). - Upgrade libav-based pacakges to 6:0.8.16-1 (fixes CVE-2013-7020). - Upgrade bash to 4.2+dfsg-0.1+deb7u1 (fixes CVE-2014-6271). -- Tails developers Tue, 23 Sep 2014 23:01:40 -0700 tails (1.1.1) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches). Also import the Tor Browser profile at commit 271b64b889e5c549196c3ee91c888de88148560f from ttp/tor-browser-24.8.0esr-3.x-1. - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117). - Upgrade I2P to 0.9.14.1-1~deb7u+1. - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667 and CVE-2014-4943). - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031). - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741, CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492). - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139). - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and CVE-2014-4345). - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934, CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851, CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672, CVE-2013-3674 and CVE-2014-2263. - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117). - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589). - Prevent dhclient from sending the hostname over the network (Closes: #7688). - Override the hostname provided by the DHCP server (Closes: #7769). - Add an I2P boot parameter. Without adding "i2p" to the kernel command line, I2P will not be accessible for the Live user. - Stricter I2P firewall rules: * deny I2P from accessing the LAN * deny I2P from accessing the loopback device, except for select whitelisted services * allow I2P access to the Internet The ACCEPT rules will only be enabled when the string 'i2p' is passed at the boot prompt. The rules which DENY or REJECT access for the 'i2psvc' user will always be applied. - Disable I2P plugins, since it doesn't make much sense without persistence, and should eliminate some attack vectors. - Disable I2P's BOB port. No maintained I2P application uses it. * Bugfixes - Fix condition clause in tails-security-check (Closes: #7657). - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both. - Prevent Tails Installer from updating the system partition properties on MBR partitions (Closes: #7716). * Minor improvements - Upgrade to Torbutton 1.6.12.1. - Install gnome-user-guide (Closes: #7618). - Install cups-pk-helper (Closes: #7636). - Update the SquashFS sort file. - Compress the SquashFS more aggressively (Closes: #7706). - I2P: Keep POP3 email on server. The default in the I2P webmail app was to keep mail on the server, but that setting was changed recently. This configuration setting (susimail.config) will only be copied over in I2P 0.9.14 and newer. - Add a Close button to the Tails Installer launcher window. * Build system - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736). - Consistently use the same Debian mirror. - Disable runtime APT proxy configuration when using APT in binary_local-hooks (Closes: #7691). * Automated test suite - Automatically test hostname leaks (Closes: #7712). - Move autotest live-config hook to be run last. This way we'll notice if some earlier live-config hook cancels all hooks by running the automated test suite since the remote shell won't be running in that case. - Test that the I2P boot parameter does what it's supposed to do (Closes: #7760). - Start applications by using the GNOME Applications menu instead of the GNOME Run Dialog (Closes: #5550, #7060). -- Tails developers Sun, 31 Aug 2014 20:49:28 +0000 tails (1.1) unstable; urgency=medium * Rebase on Debian Wheezy - Upgrade literally thousands of packages. - Migrate to GNOME3 fallback mode. - Install LibreOffice instead of OpenOffice. - Remove custom LSB logging: Wheezy has fancy colored init logging. * Major new features - UEFI boot support. - Replace the Windows XP camouflage with an experimental Windows 8 camouflage. - Install Linux 3.14.12-1 from Debian unstable. - Bring back VirtualBox guest modules, installed from Wheezy backports. Full functionality is only available when using the 32-bit kernel. * Security fixes - Fix write access to boot medium via udisks (#6172). - Don't allow the desktop user to pass arguments to tails-upgrade-frontend (Closes: #7410). - Make persistent file permissions safer (Closes #7443): * Make the content of /etc/skel non-world-readable. Otherwise, such files may be copied to /home/amnesia, and in turn to the persistent volume, with unsafe permissions. That's no big deal in /home/amnesia (that is itself not world-readable), *but* the root of the persistent volume has to be world-readable. * Have activate_custom_mounts create new directories with safe permissions. * Set strict permissions on /home/amnesia (Closes: #7463). * Fix permissions on persistent directories that were created with unsafe permissions (Closes: #7458). * Fix files ownership while copying persistence (Closes: #7216). The previous instructions to copy the persistent data were creating personal files that belong to root. I don't think there is a way of preserving the original ownership using Nautilus (unless doing a "move" instead of a "copy" but that's not what we are trying to do here). - Disable FoxyProxy's proxy:// protocol handler (Closes: #7479). FoxyProxy adds the proxy:// protocol handler, which can be used to configure the proxy via an URI. A malicious web page can include (or a malicious exit node can inject) some JavaScript code to visit such an URI and disable or otherwise change Iceweasel's proxy settings. While using this to disable proxying will be dealt with safely by our firewall, this could be used to defeat stream isolation, although the user must be tricked into accepting the new proxy settings. - Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1 (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches). - Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699). - Upgrade libav-based packages to 0.8.13-1 (fixes CVE-2014-4609). - Upgrade to libxml2 2.8.0+dfsg1-7+wheezy1 (fixes CVE-2014-0191). - Upgrade to dbus 1.6.8-1+deb7u3 (fixes CVE-2014-3477, CVE-2014-3532 and CVE-2014-3533). * Bugfixes - Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In feature/regular-gnupg-agent, we installed the regular GnuPG agent so that it is used instead of GNOME keyring's one. This is not enough on Wheezy, so let's disable the starting of the "gpg" component of GNOME keyring. - Make sure /etc/default/locale exists, with a sensible default value (Closes: #7333). Before Tails Greeter's PostLogin script are run, /etc/default/locale does not exist on Wheezy. Our tails-kexec initscript (and quite a few other scripts we run) depends on this file to exist. So, let's make sure it exists, with a sensible default value. - Create the tails-persistence-setup user with the same UID/GID it had on Tails/Squeeze. (Closes: #7343) Else, our various checks for safe access rights on persistence.conf fail. - Revert back to browsing the offline documentation using Iceweasel instead of Yelp (Closes: #7390, #7285). - Make the new NetworkManager configuration directory persistent, when the old one was, but disable the old one (Closes: #7338). - Before running tails-upgrade-frontend, chdir to a world-readable place (Closes: #7641). In particular, Archive::Tar::Wrapper, when called by tails-install-iuk, wants to chdir back to the original cwd after it has chdir'd elsewhere to do its job. * Minor improvements - Install seahorse-nautilus, replacing seahorse-plugins (Closes #5516). - Install hledger (custom backport, for now): our accountants need this. - Install stable Scribus instead of scribus-ng. - Install the printer driver for Epson Inkjet that use ESC/P-R. - Install the BookletImposer PDF imposition toolkit. It's tiny, and really helpful e.g. when producing booklets. - Install gtkhash and nautilus-gtkhash (Closes #6763). - Import new version of Tor Launcher: · Now based on upstream Tor Launcher 0.2.5.4. · Tor bug #11772: Proxy Type menu not set correctly · Tor bug #11699: Change &#160 to   in network-settings.dtd · Correctly handle startup paths that contain dot. - Upgrade to Torbutton 1.6.9.0. - Avoid shipping python2.6 in addition to python2.7. - Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in Debian since Squeeze, now is a good time to drop the obsolete 0.4 implementation. - Require a bit less free memory before checking for upgrades with Tails Upgrader. The general goal is to avoid displaying "Not enough memory available to check for upgrades" too often due to over-cautious memory requirements checked in the wrapper. - Make Tails Greeter's help window resolution-aware. Previously it used a static 800x600 which was problematic on lower resolutions, and sub-optimal on higher resolutions. Now it adapts itself according to the screen resolution. - Whisperback now sanitizes attached logs better with respect to DMI data, IPv6 addresses, and serial numbers (Closes #6797, #6798, #6804). - Integrate the new logo in Tails Installer (Closes #7095) - Also install linux-base and linux-compiler-gcc-4.8-x86 from sid. This way, we can get rid of our linux-compiler-gcc-4.8-x86 3.12, and it makes things a bit more consistent. - Include the syslinux binary, and its MBR, in the ISO filesystem. This in turn allows Tails Installer to use this binary and MBR, which is critical for avoiding problems (such as #7345) on "Upgrade from ISO". - Include syslinux.exe for win32 in utils/win32/ on the ISO filesystem (Closes: #7425). - Tails Installer: * Add consistent margins in GUI. * Always reset the target drive's MBR, without asking for confirmation, after installing or upgrading. * Install the bootloader using the syslinux binary found on the target device, once the Live OS has been extracted/copied there. - Enable double-clicking to pick entries in the language or keyboard layout lists in Tails Greeter. - Install backport of shared-mime-info 1.3 (Closes: #7079). - Make sanity-check prompts closable in Tails Persistence Setup (Closes: #7119). - Fix quick search in Tails Greeter's Other languages window (Closes: #5387). - Install systemd. It is not enabled by default, but having it around will help doing the migration work. - Enable AppArmor on the kernel command-line. This is a no-op without the userspace tools and with no profile shipped, but it will make it easier to fix this part of the situation. * Build system - Bump Vagrant builder's memory for RAM builds. Wheezy requires more space to build, and the resulting image is larger. - Fix Vagrant compatibility issue. Some classes' methods/fields have been renamed between Vagrant versions, so we need a simple compatibility layer to support all versions. Without this, it's not possible to issue e.g. a `build` command to an already running (i.e. `vm:up`:ed) Vagrant instance. - Move cpu and mem checks to the `build` task. Previously, when they were checked in `vm:up` *only* when issued while the VM already is up, so these checks weren't run if one issues a `build` when the VM is off. Now we'll fail earlier with a more informative error message, and it looks like a more logical home for them too. - Fix buggy memory checks for RAM building. We have to take into account which state the Vagrant VM is in for determining *where* we check if enough memory is available for a RAM build. If it's off, we check the host; if it's on we check the VM. Previously we always checked the host, which doesn't make sense when the VM is already started. * Automated test suite - Bump the tester VM's RAM by 256 MiB. There is not enough free RAM to run Tails Upgrader with just 1 GiB of RAM after the migration to Wheezy. - Always adjust OOM and memory overcommit settings. The kernel freezes seem to also happen for the amd64 kernel when filling the memory. - Add option to make Sikuli rety on FindFailed. This makes it possible to update manu images for Sikuli in just *one* test suite run, by continuously updating outdated pictures as we go. - Actually run "Upgrade from ISO" from a USB drive running the old version. That's what users do, and is buggy. - Automatically test persistent directories permissions (Closes: #7560). - Use read-write persistence when testing upgraded USB installations. Otherwise e.g. the permission fixes won't get applied, and the subsequent steps testing the permissions will fail. - Actually check that the ISO's Tails is installed. The step "Tails is installed on USB drive $TARGET" only checks that the *running* Tails is installed on $TARGET, which obviously fails when doing an upgrade from ISO running an old Tails. That it worked for the same scenario running the current Tails is just coincidental. - Use OpenJDK 7 to run our test suite (Closes #7175). - Use qemu-system-x86_64 directly, instead of kvm, for running the automated test suite (Closes: #7605). -- Tails developers Sun, 20 Jul 2014 23:16:13 +0200 tails (1.0.1) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.6.0esr-0+tails1~bpo60+1 (Firefox 24.6.0esr + Iceweasel patches + Torbrowser patches). Also import the Tor Browser profile at commit 90ba8fbaf6f23494f1a0e38d63153b3b7e65d3d3 from ttp/tor-browser-24.6.0esr-3.x-1. - Install Linux 3.14 from Debian unstable (fixes CVE-2014-3153 and others). - Install openssl from Squeeze LTS (fixes CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-3470 and CVE-2014-0224). - Install GnuTLS from Squeeze LTS (fixes CVE-2014-3466.). * Minor improvements - Add Squeeze LTS APT sources. It has been given a low pinning priority so explicit pinning must be used to actually install anything from it. - Upgrade Tor to 0.2.4.22-1~d60.squeeze+1. - Upgrade I2P to 0.9.13-1~deb6u+1. -- Tails developers Sun, 08 Jun 2014 19:14:00 +0200 tails (1.0) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1 (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches). - Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1: * Based on 0.2.4.21-1~d60.squeeze+1. * Backport the fix for Tor bug #11464. It adds client-side blacklists for all Tor directory authority keys that was vulnerable to Heartbleed. This protects clients in case attackers were able to compromise a majority of the authority signing and identity keys. * Bugfixes - Disable inbound I2P connections. Tails already restricts incoming connections, but this change tells I2P about it. - Fix link to the system requirements documentation page in the Tails Upgrader error shown when too little RAM is available. * Minor improvements - Upgrade I2P to 0.9.12-2~deb6u+1. - Import TorBrowser profile. This was forgotten in Tails 0.23 and even though we didn't explicitly set those preferences in that release they defaulted to the same values. This future-proofs us in case the defaults would ever change. - Import new custom version of tor-launcher: * Based on upstream Tor Launcher 0.2.5.3. * Improve how Tor Launcher handles incomplete translation. (Tor bug #11483; more future-proof fix for Tails bug #6885) * Remove the bridge settings prompt. (Tor bug #11482; closes Tails bug #6934,) * Always show bridge help button. (Tor bug #11484) - Integrate the new Tails logo into various places: * The website * The boot splash * The "About Tails" dialog * Build system - Use the stable APT suite when building from the stable Git branch (Closes: #7022). * Test suite - Add test for the #7022 fix. -- Tails developers Sun, 27 Apr 2014 19:34:01 +0200 tails (0.23) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.4.0esr-0+tails1~bpo60+1 (Firefox 24.4.0esr + Iceweasel patches + Torbrowser patches). * Major new features - Spoof the network interfaces' MAC address by default (Closes: #5421), as designed on https://tails.boum.org/contribute/design/MAC_address/. - Rework the way to configure how Tor connects to the network (bridges, proxy, fascist firewall): add an option to Tails Greeter, start Tor Launcher when needed (Closes: #5920, #5343). * Bugfixes - Additional software: do not crash when persistence is disabled (Closes: #6440). - Upgrade Pidgin to 2.10.9, that fixes some regressions introduced in the 2.10.8 security update (Closes: #6661). - Wait for Tor to have fully bootstrapped, plus a bit more time, before checking for upgrades (Closes: #6728) and unfixed known security issues. - Disable the Intel Management Engine Interface driver (Closes: #6460). We don't need it in Tails, it might be dangerous, and it causes bugs on various hardware such as systems that reboot when asked to shut down - Add a launcher for the Tails documentation. This makes it available in Windows Camouflage mode (Closes: #5374, #6767). - Remove the obsolete wikileaks.de account from Pidgin (Closes: #6807). * Minor improvements - Upgrade Tor to 0.2.4.21-1~d60.squeeze+1. - Upgrade obfsproxy to 0.2.6-2~~squeeze+1. - Upgrade I2P to 0.9.11-1deb6u1. - Install 64-bit kernel instead of the 686-pae one (Closes: #5456). This is a necessary first step towards UEFI boot support. - Install Monkeysign (in a not-so-functional shape yet). - Disable the autologin text consoles (Closes: #5588). This was one of the blockers before a screen saver can be installed in a meaningful way (#5684). - Don't localize the text consoles anymore: it is broken on Wheezy, the intended users can as well use loadkeys, and we now do not have to trust setupcon to be safe for being run as root by the desktop user. - Make it possible to manually start IBus. - Reintroduce the possibility to switch identities in the Tor Browser, using a filtering proxy in front of the Tor ControlPort to avoid giving full control over Tor to the desktop user (Closes: #6383). - Incremental upgrades improvements: · Drop the Tails Upgrader launcher, to limit users' confusion (Closes: #6513). · Lock down sudo credentials a bit. · Hide debugging information (Closes: #6505). · Include ~/.xsession-errors in WhisperBack bug reports. This captures the Tails Upgrader errors and debugging information. · Report more precisely why an incremental upgrade cannot be done (Closes: #6575). · Various user interface and phrasing improvements. - Don't install the Cookie Monster browser extension (Closes: #6790). - Add a browser bookmark pointing to Tor's Stack Exchange (Closes: #6632). - Remove the preconfigured #tor channel from the Pidgin: apparently, too many Tails users go ask Tails questions there, without making it clear that they are running Tails, hence creating a user-support nightmare (Closes: #6679). - Use (most of) Tor Browser's mozconfig (Closes: #6474). - Rebase the browser on top of iceweasel 24.3.0esr-1, to get the certificate authorities added by Debian back (Closes: #6704). - Give access to the relevant documentation pages from Tails Greeter. - Hide Tails Greeter's password mismatch warning when entry is changed. - Persistent Volume Assistant: · Take into account our installer is now called Tails Installer. · Optimize window height (Closes: #5458). · Display device paths in a more user-friendly way (Closes: #5311). * Build system - Ease updating POT and PO files at release time, and importing translations from Transifex (Closes: #6288, #6207). - Drop custom poedit backport, install it from squeeze-backports-sloppy. - Make ISO and IUK smaller (Closes: #6390, #6425): · Exclude more files from being included in the ISO. · Remove *.pyc later so that they are not recreated. · Truncate log files later so that they are not filled again. · At ISO build time, set mtime to the epoch for large files whose content generally does not change between releases. This forces rsync to compare the actual content of these files, when preparing an IUK, instead of blindly adding it to the IUK merely because the mtime has changed, while the content is the same. - Make local hooks logging consistent. * Test suite - Migrate from JRuby to native Ruby + rjb. - The test suite can now be run on Debian Wheezy + backports. - Fix buggy "persistence is not enabled" step (Closes: #5465). - Use IPv6 private address as of RFC 4193 for the test suite's virtual network. Otherwise dnsmasq from Wheezy complains, as it is not capable of handling public IPv6 addresses. - Delete volumes after each scenario unless tagged @keep_volumes. - Add an anti-test to make sure the memory erasure test works fine. - A *lot* of bugfixes, simplifications and robustness improvements. -- Tails developers Tue, 18 Mar 2014 00:58:50 +0100 tails (0.22.1) unstable; urgency=medium * Security fixes - Upgrade the web browser to 24.3.0esr-0+tails1~bpo60+2 (Firefox 24.3.0esr + Iceweasel patches + Torbrowser patches). - Upgrade NSS to 3.14.5-1~bpo60+1. - Upgrade Pidgin to 2.10.8. - Workaround browser size fingerprinting issue by using small icons in the web browser's navigation toolbar (Closes: #6377). We're actually hit by Tor#9268, and this is the best workaround gk and I were able to find when discussing this on Tor#10095. * Major new features - Check for upgrades availability using Tails Upgrader, and propose to apply an incremental upgrade whenever possible (Closes: #6014). · Run tails-update-frontend at session login time. · Have tails-security-check only report unfixed security issues. · Greatly improve the Tails Upgrader UI and strings phrasing. · Enable startup notification for Tails Upgrader. - Install Linux 3.12 (3.12.6-2) from Debian testing. Unfortunately, this breaks the memory wipe feature on some hardware (#6460), but it fixes quite a few security issues, and improves hardware support. - Update the build system to be compatible with Vagrant 1.2 and 1.3, in addition to the already supported versions (Closes: #6221). Thanks to David Isaac Wolinsky . * Bugfixes - Do not start IBus for languages that don't need it. This fixes the keybindings problems introduced in 0.22 (Closes: #6478). Thanks to WinterFairy. - Disable network.proxy.socks_remote_dns in the Unsafe Browser. Bugfix against 0.22 (Closes: #6479). - Fetch Tor Browser User-Agent from its own prefs, rather than from the obsolete Torbutton ones. Bugfix against 0.22 (Closes: #6477). - Upgrade Vagrant basebox to include up-to-date Debian archive keys (Closes: #6515, #6527). - Do not use a non-working proxy for downloading the Vagrant basebox (Closes: #6514). - Use IE's icon in Windows camouflage mode. Bugfix against 0.22 (Closes: #6536). - Support "upgrading" a partial Tails installation (Closes: #6438) and fix missing confirmation dialog in Tails Installer (Closes: #6437). Thanks to Andres Gomez Ramirez . - Fix browser homepage in Spanish locales (Closes: #6612). * Minor improvements - Tor 0.2.4 is stable! Adapt APT sources accordingly. - Update Tor Browser to 24.2.0esr-1+tails1, that uses its own NSS library instead of the system one. - Update Torbutton to 1.6.5.3. - Do not start Tor Browser automatically, but notify when Tor is ready. Warn the user when they attempt to start Tor Browser before Tor is ready. - Import Tor Browser profile at 3ed5d9511e783deb86835803a6f40e7d5a182a12 from ttp/tor-browser-24.2.0esr-1. - Use http.debian.net for Vagrant builds, instead of the mostly broken (and soon obsolete) cdn.debian.net. - Phrasing and UI improvements in tails-upgrade-frontend. - Style and robustness improvements in tails-security-check. - Make room for upcoming UEFI support in Tails Installer. -- Tails developers Wed, 29 Jan 2014 15:08:13 +0100 tails (0.22) unstable; urgency=medium [Tails developers] * Security fixes - Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues. - Stop migrating persistence configuration and access rights. Instead, disable all persistence configuration files if the mountpoint has wrong access rights (Closes: #6413). - Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting the browser, such as CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606. * Major improvements - Switch to Iceweasel 24 (Closes: #6370). · Resync' (most) Iceweasel prefs with TBB 3.0-beta-1 and get rid of many obsolete or default settings. · Disable WebRTC (Closes: #6468). · Import TorBrowser profile at commit 51bf06502c46ee6c1f587459e8370aef11a3422d from the tor-browser-24.2.0esr-1 branch at https://git.torproject.org/tor-browser.git. - Switch to Torbutton 1.6.5 (Closes: #6371). · Prevent Torbutton from asking users to "upgrade TBB". · Use the same Tor SOCKS port as the TBB (9151) for our web browser. This should be enough to avoid being affected by Tor#8511. · Disable Torbutton 1.6's check for Tor. Unfortunately, the new check.torproject.org breaks the remote Tor check. We cannot use the local Tor check with the control port. So, the shortest and sanest path to fixing the check issue, because the remote Tor check is broken" seems to simply disable this check. Patch submitted upstream as Tor#10216. - Prepare incremental upgrades to be the next default way to upgrade Tails, on point-releases at least. * Bugfixes - Deny X authentication only after Vidalia exits (Closes: #6389). - Disable DPMS screen blanking (Closes: #5617). - Fix checking of the persistent volume's ACL. - Sanitize more IP and MAC addresses in bug reports (Closes: #6391). - Do not fail USB upgrade when the "tmp" directory exists on the destination device. - Tails Installer: list devices with isohybrid Tails installed (Closes: #6462). * Minor improvements - Create a configuration file for additional software if needed (Closes: #6436). - Translations all over the place. - Enable favicons in Iceweasel. - Do not propose to make permanent NoScript exceptions. In Tails, every such thing is temporary, so better only display the menu entry that's about temporarily allowing something. - Clearer warning when deleting persistent volume (thanks to Andres Gomez Ramirez for the patch). - Make wording in Tails Installer more consistent. [ WinterFairy ] * Use IBus instead of SCIM (Closes: #5624, #6206). It makes it possible to input passwords in pinentry for at least Japanese, Chinese and Korean languages. * Add an import-translation script. This automates the importation process of completed translations from Transifex. * Always list optimal keyboard layout in the greeter (Closes: #5741). * Fix on-the-fly translation of the greeter in various languages (Closes: #5469). [ Kytv] * Update I2P to 0.9.8.1 (Closes: #6080, #5889). * Improve I2P configuration: - Disable IPv6 support in a nicer way. - Disable i2cp (allows java clients to communicate from outside the JVM). If this is unset an exception for port 7654 would need to be added to ferm. - Disable "in-network" updates (this is also done in the regular I2P packages). - Disable the outproxies. Access to the Internet is already routed through Tor so these are unnecessary. If end-users have a good reason to go through one of the I2P outproxies they can turn them back on. * Add a couple of default I2P IRC channels to Pidgin. * Allow access to the local 'eepsite' through FoxyProxy. * Add firewall exceptions for the standard I2P ports. -- Tails developers Sat, 30 Nov 2013 16:47:18 +0100 tails (0.21) unstable; urgency=low * Security fixes - Don't grant access to the Tor control port for the desktop user (amnesia). Else, an attacker able to run arbitrary code as this user could obtain the public IP with a get_info command. · Vidalia is now run as a dedicated user. · Remove the amnesia user from the debian-tor group. · Remove the Vidalia launcher in the Applications menu. The Vidalia instance it starts is useless, since it can't connect to the Tor control port. - Don't allow the desktop user to directly change persistence settings. Else, an attacker able to run arbitrary code as this user could leverage this feature to gain persistent root access, as long as persistence is enabled. · Fully rework the persistent filesystem and files ownership and permissions. · Run the Persistent Volume Assistant as a dedicated user, that is granted the relevant udisks and filesystem -level credentials. · At persistence activation time, don't trust existing persistence configuration files, migrate to the new ownership and permissions, migrate every known-safe existing settings and backup what's left. Warn the user when not all persistence settings could be migrated. · Persistent Volume Assistant uses the new ownership and permissions scheme when initializing a new persistent volume, and refuses to read persistence.conf if it, or the parent directory, hasn't the expected permissions. · Make boot medium 'system internal' for udisks with bilibop. Once Tails is based on Wheezy, this will further complete the protection (see #6172 for details). - Update Iceweasel to 17.0.10esr-0+tails2~bpo60+1. - Update Torbutton to 1.5.2-2, including a patch cherry-picked from upstream to make window resizing closer to what the design says. * Major new features - Add a persistence preset for printing settings (Closes: #5686). Reload CUPS configuration after persistence activation. - Support SD card connected through a SDIO host adapter (Closes: #6324). · Rebrand Tails USB installer to Tails installer. · Display devices brand, model and size in the Installer (Closes: #6292). · Ask for confirmation before installing Tails onto a device (Closes: #6293). · Add support for SDIO and MMC block devices to the Tails Installer (Closes: #5744) and the Persistent Volume Assistant (Closes: #6325). · Arm the udev watchdog when booted from SD (plugged in SDIO) too (Closes: #6327). * Minor improvements - Provide a consistent path to the persistent volume mountpoint (Closes: #5854). - Add a KeePassX launcher to the top GNOME panel (Closes: #6290). - Rework bug reporting workflow: point the desktop launcher to the troubleshooting page. - Make /home world-readable at build time, regardless of the Git working copy permissions. This makes the build process more robust against strict umasks. - Add signing capabilities to the tails-build script (Closes: #6267). This is in turn used to sign ISO images built by our Jenkins setup (Closes: #6193). - Simplify the ikiwiki setup and make more pages translatable. - Exclude the version string in GnuPG's ASCII armored output. - Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting data with GnuPG. - Use the same custom Startpage search URL than the TBB. This apparently disables the new broken "family" filter. - Update AdBlock Plus patterns. - Install Linux from Debian testing. (That is, the same version that was shipped in 0.20.1.) * Test suite - Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use. - Adapt tests to match the Control Port access security fix: · Take into account that the amnesia user isn't part of the debian-tor group anymore. · Run as root the checks to see if a process is running: this is required to see other users' processes. -- Tails developers Sat, 26 Oct 2013 23:42:46 +0200 tails (0.20.1) unstable; urgency=low * Major new features - Install Tor 0.2.4.17-rc-1~d60.squeeze+1 from the Tor project's repository. - Install Iceweasel 17.0.9esr with Torbrowser patches. - Install Linux kernel 3.10-3 (version 3.10.11-1) from sid. * Bugfixes - Remount persistence devices read-only at shutdown/reboot time (Closes: #6228). - Greeter: display a warning icon on admin password mismatch and on persistence unlocking failure. Thanks to Andres Gomez Ramirez for the fix! - Don't torsocksify Pidgin. Instead we disable Pidgin's GNOME integration to get the "Global proxy configuration", which we set to use Tor. This fixes the I2P IRC account. - Additional software: fix typo in notification. - Allow installing "Priority: standard" packages that we do not install by default: remove them late in the build process instead of assigning them a -1 APT pinning level. * Minor improvements - Update AdBlock Plus patterns. - Use more unique ISO file name when building from Jenkins. - Additional software: point to the system log on upgrade failure. - Set SOCKS5_USER and SOCKS5_PASSWORD in the connect-socks wrapper (used by Git). Else, Tor 0.2.4's IsolateSOCKSAuth and connect-proxy sometimes play together in some way that makes connect-proxy ask for a password to connect to the SocksPort. SOCKS5_USER and SOCKS5_PASSWORD are passed through unchanged if they were manually set by the user already. - Use our custom connect-socks wrapper for SSH. Else, Tor 0.2.4's IsolateSOCKSAuth and connect-proxy sometimes play together in some way that makes connect-proxy ask for a password to connect to the SocksPort. Note that connect-socks uses the default SocksPort too, so no change here wrt. our connection isolation design. * Localization - Import new translations from Transifex. * Test suite - Fix old ISO checking for consistent error reporting. - Remove custom persistence test from manual test suite. It was removed for the GUI in t-p-s 0.33. -- Tails developers Sun, 15 Sep 2013 15:49:36 +0200 tails (0.20) unstable; urgency=low * Major new features - Install Linux kernel 3.10.3-1 from Debian unstable. - Iceweasel 17.0.8esr + Torbrowser patches. * Bugfixes - Prevent Iceweasel from displaying a warning when leaving HTTPS web sites. - Make Iceweasel use the correct, localized search engine. - Fix Git access to https:// repositories. * Minor improvements - Install Dasher, a predictive text entry tool. - Add a wrapper around TrueCrypt which displays a warning about it soon being deprecated in Tails. - Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP. Many of the other protocols Pidgin support are broken in Tails and haven't got any security auditting. - Disable the pre-defined Pidgin accounts so they do not auto-connect on Pidgin start. - Include information about Alsa in WhisperBack reports. - Explicitly restrict access to ptrace. While this setting was enabled by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1. It's unclear what will happen next, so let's explicitly enable it ourselves. - Do not display dialog when a message is sent in Claws Mail. - Sync iceweasel preferences with the Torbrowser's. * Localization - Many translation updates all over the place. - Merge all Tails-related POT files into one, and make use of intltoolize for better integration with Transifex. -- Tails developers Tue, 30 Jul 2013 14:19:57 +0200 tails (0.19) unstable; urgency=low * Major new features - Install Linux kernel 3.9.5-1 from Debian unstable. Features of particular interest for Tails are the Yama LSM (ptrace scope restrictions) and improved hardware support. As a corollary, install initramfs-tools from there too. - Iceweasel 17.0.7esr + Torbrowser patches. - Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of wireless device. Next steps are described on the todo/protect_against_external_bus_memory_forensics ticket. * Bugfixes - Fix write access to boot medium at the block device level, by installing bilibop-udev. Thanks to quidame for his support. - tails-greeter l10n-related fixes, thanks to winterfairy: · Fix so translations is applied on password mismatch messages. · Separate forward and login buttons and make them translatable. - Fix link to documentation when no sudo password is set. - gpgApplet: partial fix for clipboard emptying after a wrong passphrase was entered. - Workaround aufs bug in Unsafe Browser script. * Minor improvements - Drop GNOME proxy settings: we did not find any use of it we were keen to support, other than two programs (Seahorse, Pidgin) that are now run with torsocks. - Format newly created persistent volumes as ext4. - GnuPG: don't connect to the keyserver specified by the key owner. This feature opens the door to a variety of subtle attacks. - GnuPG: locate keys only from local keyrings. This is probably the default, but better safe than sorry. - Install virt-what from Wheezy. The version from Squeeze does not detect at least Parallels for Mac v.8. - Upgrade live-boot and live-config to the 3.0.x final version from Wheezy. · Remove /live and /lib/live/image compatibility symlinks. · Add /live/overlay -> /lib/live/mount/overlay symlink. The live-boot changes (commit d2b2a461) brought to fix Debian bug #696495 revert some of our previous changes (commit 77dab1cb), and as a result, at the time live-persist runs, no tmpfs is mounted on /live/overlay, which breaks the aufs mount. So, let's just ensure /live/overlay points to a tmpfs. · Really disable policykit and sudo live-config hooks. ... by making it believe they've already been run. This workarounds new live-config's default behavior. * Localization - Many translation updates all over the place. * Test suite - Re-enable previously disabled boot device permissions test. -- Tails developers Wed, 26 Jun 2013 12:36:20 +0200 tails (0.18) unstable; urgency=low * New features - Support obfs3 bridges. - Automatically install a custom list of additional packages chosen by the user at the beginning of every working session, and upgrade them once a network connection is established (technology preview). * Iceweasel - Upgrade to Iceweasel 17.0.6esr-0+tails1~bpo60+1. - Update Torbrowser patches to current maint-2.4 branch (567682b). - Isolate DOM storage to first party URI, and enable DOM storage: don't set dom.storage.enabled anymore, and set Torbutton's disable_domstorage to false. - Isolate the image cache per url bar domain. - Torbutton 1.5.2, and various prefs hacks to fix breakage: · Add .saved version of the Torbutton preferences the TBB also sets. · Set TOR_SOCKS_HOST and TOR_SOCKS_PORT. · Move some prefs (network.proxy.*, extensions.autoDisableScopes, extensions.foxyproxy.last-version) to user.js. Else, with Torbutton 1.5.x, these ones are not taken into account. · Set network.proxy.socks_version. Else we get the meaningless user_pref("network.proxy.socks_version", 9063); in prefs.js after the initial startup. · Set extensions.foxyproxy.socks_remote_dns to true. Else, it overrides the various ways we set network.proxy.socks_remote_dns, which in turn makes Torbutton think it should start in non-Tor mode. · Also pass the TOR_SOCKS_* environment variables to iceweasel when generating the profile: Torbutton behaves differently depending on these variables, so we don't want the initial profile generation to be done without them. In practice, this has no implication that we could see right now, but better safe than sorry. · Import all version overrides from the TBB prefs. Else, the User-Agent sent in the HTTP headers is fine, but real values leak with JavaScript, as demonstrated by ip-check's "Browser type" test. · Move a bunch of settings to user_pref(), that are not applied otherwise. For some, this fixes a regression in 0.18~rc1. For other, the bug was already present in Tails 0.17.2. - HTTPS Everywhere 3.2. - Update prefs to match the TBB's, fix bugs, and take advantage of the latest Torbrowser patches: · Increase pipeline randomization. · Fix @font-face handling of local() fonts. Also disable fallback font rendering. · Explicitly disable SPDY v2 and v3. · Update http pipelining prefs. - Make prefs organization closer to the TBB's: · Remove Torbutton prefs that we set at their default value. · Import Torbutton preferences from the TBB. · Organize iceweasel config files in sections the same way as the TBB. - Cleanup prefs: · Don't set extensions.torbutton.clear_cookies nor extensions.torbutton.saved.share_proxy_settings: we don't care about toggling anymore. · Don't set extensions.torbutton.saved.download_retention nor extensions.torbutton.saved.search_suggest: these settings are not used in Torbutton anymore. - Update unsafe browser prefs mangling accordingly. - Move network.protocol-handler.warn-external.* to user_pref(). Else they're not applied. These prefs are actually ignored by Firefox these days -- the TBB design doc reads "They are set still anyway out of respect for the dead". Let's go on doing the same. - Update extensions.adblockplus.currentVersion. - Fetch xul-ext-https-everywhere (3.2-2) and xul-ext-noscript (2.6.6.1-1) from Debian unstable. They were uploaded there, and accordingly removed from experimental. * Bugfixes - Linux 3.2.41-2+deb7u2. - Fixed swapped filenames of tails-{reboot,shutdown}.desktop. Thanks to Mikko Harhanen for the patch. - Only add ClientTransportPlugin to torrc when bridge mode is enabled. This should bring back support for proxies of type other than obfsproxy. * Minor improvements - Set kernel.dmesg_restrict=1, and make /proc// invisible and restricted for other users. It makes it slightly harder for an attacker to gather information that may allow them to escalate privileges. - Install gnome-screenshot. - Don't disable IPv6 on all network interfaces anymore. It turns out the IPv6 leaks we wanted to fix actually don't exist. - Add a "About Tails" launcher in the System menu. - Install GNOME accessibility themes. - Use 'Getting started...' as the homepage for Tails documentation button. - Stop relying on the obsolete /live/image compatibility symlink. - Disable audio preview in Nautilus. - Wheezy was released => Squeeze is now oldstable. - Pick Tor from deb.torproject.org regardless of the release name they advertise. At some point we needed it, their APT repository still thought that stable == Squeeze. - Add Wheezy APT sources. - Install Linux and related packages from Wheezy. Debian sid just got Linux 3.8, and we don't want to switch to a new kernel yet. - Fetch laptop-mode-tools from Wheezy. Wheezy has the version we've been installing in 0.18~rc1, while a newer one was uploaded to sid in the meantime. - Fetch a few packages from Wheezy instead of unstable. Namely: spice-vdagent, libregexp-common-perl, macchanger, service-wrapper, libservice-wrapper-java and libservice-wrapper-jni. Wheezy has the versions we've been installing for a while, so let's avoid having unstable push a newer one to us uselessly at some point. Note that at the time of this writing, the versions in sid and in Wheezy are the same, so this commit is effectively a no-op as of today: it is merely a safeguard for the future. * Localization - Many translation updates all over the place. * Build process - Make Vagrant's build-tails script support Jenkins too. * Test suite - Fix Unsafe Browser test broken by hidepid. -- Tails developers Mon, 13 May 2013 22:17:38 +0200 tails (0.17.2) unstable; urgency=low * Iceweasel - Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1. - Stop displaying obsolete context menu entries ("Open Tor URL" and friends). * Hardware support - Update Linux to 3.2.41-2 * Bugfixes - Use more reliable OpenPGP keyservers: · use the hkps pool in GnuPG (and import their SSL CA) · use hkp://pool.sks-keyservers.net in Seahorse (as it does not support hkps yet) - Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.) from resetting the system partition's attributes when manipulating the partition table. To this end, backport the relevant bugfix from Wheezy into parted 2.3-5+tails1. This allowed to remove the sgdisk-based workaround in tais-persistence-setup, and to stop installing python-parted. All this is a first needed step to fix todo/make_system_disk_read-only in a future release. * Minor improvements - Disable NoScript's HTML5 media click-to-play for better user experience. * Localization - Tails USB installer: update translations for French, German, Spanish, Finnish, Greek, Italian, Latvian, Dutch, Polish and Chinese. - Tails Greeter: update translations for Farsi, Chinese, French; new translations: Finnish, Norwegian Bokmål, Galician. - tails-persistence-setup: update Farsi and Chinese translations; import new translations for Finnish and Swedish. - WhisperBack: update translations for Arabic, French, German, Greek, Spanish, Korean, Polish, Russian. New translations: Finnish, Chinese. * Build process - Add automated testing framework (Sikuli, Cucumber, libvirt -based) with a bunch of tests. -- Tails developers Sun, 07 Apr 2013 12:17:26 +0200 tails (0.17.1) unstable; urgency=low * Iceweasel - Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1. * Hardware support - Update Linux to 3.2.39-2. It includes the drm and agp subsystems from Linux 3.4.29. - Don't install xserver-xorg-video-rendition backport. xserver-xorg-video-rendition has been removed from squeeze-backports due to an upstream tarball mismatch discover when merging backports into the main Debian archive, and xserver-xorg-video-all still depends on it, so we explicitly install all drivers from -all but -rendition as a (hopefully temporary) workaround. * Minor improvements - Remove Indymedia IRC account, until we ship a version of Pidgin with SASL support, that is when Tails is based on Wheezy. * Build system - Don't ship the wiki's todo and bugs on ISO images. -- Tails developers Thu, 21 Mar 2013 18:54:11 +0100 tails (0.17) unstable; urgency=low * New features - Install the KeePassX password manager, with a configuration and documentation that makes it easy to persist the password database. * Iceweasel - Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1. - Install xul-ext-adblock-plus from squeeze-backports. - Do not allow listing all available fonts. Set browser.display.max_font_attempts and browser.display.max_font_count to enable the Torbrowser Limit-the-number-of-fonts-per-document patch. - Set default spellchecker dictionary to English (USA), and localize it according to locale with our custom branding extension. - Disable the add-ons automatic update feature. - Make the generated profile world-readable. - Remove NoScript click-to-play confirmation. - Sync some prefs set by Torbutton, to be ready when it stops setting these. - Disable navigation timing. - Disable SPDY. It stores state and may have keepalive issues. - More aggressive iceweasel HTTP pipelining settings. - Enable WebGL (as click-to-play only). - Disable network.http.connection-retry-timeout. - Disable full path information for plugins. - Remove NoScript blocks of WebFonts. - Disable DOM storage in Torbutton. Since we don't apply the 0026-Isolate-DOM-storage-to-first-party-URI.patch Torbrowser patch yet, and still disable DOM storage, we need to tell Torbutton not to use it. - Synchronize iceweasel's general.useragent.override with TBB based on FF17. The User-Agent settings are not kept up-to-date anymore in Torbutton, so we have to keep in sync manually with TBB's settings. - Remove obsolete APT pining for Torbutton. It's not maintained in Debian anymore, so we now fetch it from our own APT repository. - Fetch FoxyProxy from Debian experimental and libnspr4-0d from squeeze-backports, for compatibility with Iceweasel 17. - Rebase bookmarks file on top of the default iceweasel 17 one. - Explicitly disable AdBlock Plus "correct typos" feature. This feature connects to http://urlfixer.org/. It is disabled by default in 2.2-1, but let's be careful. * Minor improvements - Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1. Accordingly update the 9980-permissions hook, live-persist, unsafe-browser and boot-profile. Add compatibility symlinks from /live to /lib/live, and from /live/image to /lib/live/mount/medium, to ease the transition. - Check for errors when sourcing live-boot files, e.g. to detect when they have been renamed upstream. - Don't add "quiet" to the kernel command-line ourselves. Else, it appears twice as live-build's lb_binary_syslinux adds it too. Historically, we've been adding it ourselves on top of that because lb_binary_yaboot does not add it, but since we gave up the PowerPC support attempt, we're now only interested in syslinux, so let's make it easier for the general case, e.g. when one wants to remove the "quiet" parameter as suggested by our "Tails does not start" debugging documentation. - Upgrade I2P to 0.9.4. * Bugfixes - Many bugfixes brought by the Debian Squeeze 6.0.7 point-release. - Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail, and brings support for OpenPGP smartcards. - Enable I2P hidden mode. Else, killing I2P ungracefully is bad for the I2P network. - live-persist: move error() function before the first potential usecase. - Add missing executable bit on restart-tor and restart-vidalia. - Add shutdown and reboot launchers to the menu. This workarounds the lack of a shutdown helper applet in camouflage mode. - Remove Pidgin's MXit and Sametime support. ... at least until CVE-2013-0273, CVE-2013-0272 and CVE-2013-0271 are fixed in Debian stable. While we're at it, don't force file removal in these "set -e" build scripts: fail hard, instead of silently ignoring the fact that files may have moved or disappeared. * Hardware support - Install recent Intel and AMD microcode from squeeze-backports, explicitly excluding the iucode-tool package that's not a good idea for Live systems. - Install firmware loader for Qualcomm Gobi USB chipsets. This is needed to have various mobile broadband chipsets work. - Upgrade barry to 0.18.3-5~bpo60+1. This much improved new version supports more hardware & ISP, and does not display dozens of spurious error messages at boot time. * Build system - Remove APT local cache (/Var/cache/apt/{,src}pkgcache.bin). -- Tails developers Sat, 23 Feb 2013 10:37:57 +0100 tails (0.16) unstable; urgency=low * Minor improvements - Replace the too-easy-to-misclick shutdown button with a better "Shutdown Helper" Gnome applet. - Display ~/Persistent in GNOME Places and GtkFileChooser if it is mounted. - Set Unsafe Browser's window title to "Unsafe Browser". - Install ekeyd to support the EntropyKey. - Install font for Sinhala. - Update Poedit to 1.5.4. - Kill Vidalia when restarting Tor. Doing this as early as possible exposes Vidalia's "broken onion" icon to users less. - Hide the persistence setup launchers in kiosk mode. - Add a shell library for Tor functions. These are shared among multiple of our scripts. - Install dictionaries for supported languages. Install hunspell dictionaries when possible, fall back on myspell ones else. * Bugfixes - Disable IPv6 on all network interfaces. This is a workaround for the IPv6 link-local multicast leak that was recently discovered. Tails has no local service that listens on IPv6, so there should be no regression, hopefully, unless one wants to play with OnionCat and VoIP, but those of us should know how to workaround this anyway. - live-persist: Fix variable mismatch, fixing probe white-list. Tails may previously have been able to list GPT partitions labelled "TailsData" on hard drives (!) as valid persistence volumes... - live-persist: Fix --media option when no devices are attached. Earlier, if it was set to e.g. 'removable-usb' and no USB storage was connected, $whitelistdev would be empty, which is interpreted like all devices are ok by the rest of the code. - Fix SCIM in the autostarted web browser: save IM environment variables to a file during Desktop session startup, and export them into the autostarted browser's environment. - Talk of DVD, not of CD, in the shutdown messages. - Make tordate work in bridge mode with an incorrect clock. When using a bridge Tor reports TLS cert lifetime errors (e.g. when the system clock is way off) with severity "info", but when no bridge is used the severity is "warn". tordate/20-time.sh depends on grepping these error messages, so we termporarily increase Tor's logging severity when using bridge mode. If we don't do this tordate will sleep forever, leaving Tor in a non-working state. · White-list root to use Tor's ControlPort. · Add logging for is_clock_way_off(). · Remove Tor's log before time syncing. We depend on grepping stuff from the Tor log (especially for tordate/20-time.sh), so deleting it seems like a Good Thing(TM). · Stop Tor before messing with its log or data dir. - live-persist: limit searched devices the same way as live-boot. If no --media argument is specified, use live-boot's "(live-media|bootfrom)=removable(|-usb)" argument to limit devices searched for a persistent volume. - tails-greeter: do not pass media=removable to live-persist. Now that we have autodetection with kernel command-line, it should not be needed anymore. - Start memlockd after configuring it, instead of starting it before and restarting it after. This avoids running memlockd twice, and prevents other possibly surprising race-conditions. As a consequence, also have tails-sdmem-on-media-removal start after the memlockd service *and* tails-reconfigure-memlockd: to start the watchdog, we need memlockd to be properly configured *and* running. * iceweasel - Set iceweasel homepage to the news section on the Tails website. ... using the localized one when possible. - Hide the iceweasel add-on bar by default. Now that we don't want to ship the Monkeysphere addon anymore, that was the only one displayed in there, we can as well hide the whole bar. - Don't hide the AdBlock-Plus button in the add-on bar anymore. Now that we hide the whole addon bar, we can get rid of this old UX improvement. - Do not install a placeholder (fake) FireGPG iceweasel extension anymore. It was shipped from 0.10 (early 2012) to 0.15 (late November), so the migration period should be over now. - Don't install xul-ext-monkeysphere anymore. The implication of the current keyserver policy are not well understood, Monkeysphere is little used in Tails, and we're not sure anymore it would be our first bet for the web browser profile with no CA. Let's keep the various configuration bits (e.g. FoxyProxy, patching MSVA), though, so that advanced users who are used to have Monkeysphere in Tails just have to install the package. * Build system - Install the "standard" task with tasksel for better consistency in the Tails ISO images built in various environments. - Install p7zip-full. It's a dep by file-roller, but we explicily use it elsewhere, and it's better to be safe than sorry. - Remove pinning of libvpx0 to sid. This package is part of Squeeze, and not from testing/sid. We have been shipping the version from Squeeze for a while. - Remove config/chroot_local-packages/ from .gitignore. The documented way for "external" contributors to add custom packages is to put them in chroot_local-packages, and once we pull we import any such package into our APT repo and rewrite the history appropriately. Also, the ability to add packages in there and not see them in "git status" makes it very easy to build tainted ISO images with non-standard packages, which makes some of us fear can lead to hard to debug situations. - Make it clearer what can and cannot be done in terms of local packages. -- Tails developers Thu, 10 Jan 2013 12:47:42 +0100 tails (0.15) unstable; urgency=low * Major new features - Persistence for browser bookmarks. - Support for obfsproxy bridges. * Minor improvements - Add the Hangul (Korean) Input Method Engine for SCIM. - Add vendor-specific dpkg origin information. This makes dpkg-vendor return correct information. - Install pcscd and libccid from squeeze-backports. This is needed to support, to some extent, some OpenPGP SmartCard readers. - Install HPIJS PPD files and the IJS driver (hpijs). This adds support for some printers, such as Xerox DocumentCenter400. - Optimize fonts display for LCD. - Update TrueCrypt to version 7.1a. * Bugfixes - Do not use pdnsd anymore. It has been orphaned in Debian, has quite some bugs in there, and apparently Tor's DNSPort's own caching is be good enough. - Remove useless iceweasel cookies exceptions. They are useless as per-session cookies are allowed. - Do not run setupcon on X. This call is only needed on the Linux console, no need to annoy the user with a weird "Press enter to activate this console" when the open a root shell in a GNOME Terminal. - Allow the tails-iuk-get-target-file user to connect to the SOCKSPort dedicated for Tails-specific software. - Fix gpgApplet menu display in Windows camouflage mode. - Fix Tor reaching an inactive state if it's restarted in "bridge mode", e.g. during the time sync' process. * Iceweasel - Update iceweasel to 10.0.11esr-1+tails1. - User profile is now generated at build time in order to support persistent bookmarks. - Update HTTPS Everywhere to version 3.0.4. - Update NoScript to version 2.6. - Fix bookmark to I2P router console. - Re-enable Monkeysphere extension to connect to the validation agent. * Localization - The Tails USB installer, tails-persistence-setup and tails-greeter are now translated into Bulgarian. - Update Chinese translation for tails-greeter. - Update Euskadi translation for WhisperBack. * Build system - Custom packages are now retrieved from Tails APT repository instead of bloating the Git repository. - Allow '~' in wiki filenames. This makes it possible to ship update-description files for release candidates. - Document how to create incremental update kit. - Handle release candidates when generating custom APT sources. - Remove pinning for xul-ext-adblock-plus. It is obsolete since we've added this package to our APT repository. -- Tails developers Sun, 25 Nov 2012 12:59:17 +0100 tails (0.14) unstable; urgency=low * Major new features - Enable Tor stream isolation; several new SocksPorts with appropriate Isolate* options have been added for different use cases (i.e. applications). All application's have been reconfigured to use these new SocksPorts, which should increase anonymity by making it more difficulte to correlate traffic from different applications or "online identities". - The web browser now has the anonymity enhancing patches from the TorBrowser applied. - gpgApplet can now handle public-key cryptography. - Install an additional, PAE-enabled kernel with NX-bit support. This kernel is auto-selected when the hardware supports it and will: * provide executable space protection, preventing certain types of buffer overflows from being exploitable. * enable more than 4 GiB of system memory. * make all processors/cores available, including their power-saving functionality. - Add a persistence preset for NetworkManager connections. * Minor improvements - On kexec reboot, make the boot quiet only if debug=wipemem was not enabled. - Update torproject.org's APT repo key. - Update the embedded Tails signing key. - Use symlinks instead of duplicating localized searchplugins. - Rewrite Tails firewall using ferm. Tails firewall was written in very unsophisticated iptables-save/restore format. As more feature creeped in, it started to be quite unreadable. - Optimize VirtualBox modules build at runtime to avoid installing the userspace utils N times. - Drop most of Vidalia's configuration. Our custom lines just caused trouble (with multiple SocksPorts) and the default works well. - Blacklist PC speaker module. On some computers, having the pcspkr module loaded means loud beeps at bootup, shutdown and when using the console. As it draws useless attention to Tails users, it is better to prevent Linux from loading it by default. - Remove all addons from the Unsafe Browser. No addons are essential for the Unsafe Browser's intent. If anything they will modify the network fingerprint compared to a normal Iceweasel install, which is undesirable. - Prevent some unwanted packages to be installed at all, rather than uninstalling them later. This should speed up the build a bit. - Add a symlink from /etc/live/config to /etc/live/config.d. This makes the system compatible with live-config 3.0.4-1, without breaking backward compatibility with various parts of the system that use the old path. - Do not run unecessary scripts during shutdown sequence, to make shutdown faster. - Make live-persist deal with persistent ~/.gconf subdirs so that any options saved therein actually get persistent. - Prevent memlockd unload on shutdown, to make sure that all necessary tools for memory wiping are available when the new kernel has kexec'd. - Patch initscripts headers instead of fiddling with update-rc.d. We now let insserv figure out the correct ordering for the services during startup and shutdown, i.e. use dependency-based boot sequencing. - Remove the last absolute path in our isolinux config, which makes it easier to migrate from isolinux to syslinux (just rename the directory), and hence might make it easier for 3rd party USB installers (like the Universal USB Installer) to support Tails. * Bugfixes - Include `seq` in the ramdisk environment: it is used to wipe more memory. This fixes the long-standing bug about Tails not cleaning all memory on shutdown. - Fix Yelp crashing on internal links - Allow amnesia user to use Tor's TransPort. This firewall exception is necessary for applications that doesn't have in-built SOCKS support and cannot use torsocks. One such example is Claws Mail, which uses tsocks since torsocks makes it leak the hostname. This exception, together with Tor's automatic .onion mapping makes Claws Mail able to use hidden service mail providers again. - Force threads locking support in Python DBus binding. Without this liveusb-creator doesn't work with a PAE-enabled kernel. - Fix localized search plugins for 'es' and 'pt' - Fix live-boot's readahead, which caused an unnecessary pause during boot. - Factorize GCC wanted / available version numbers in VirtualBox modules building hook. This, incidentally, fixes a bug caused by duplication and not updating all instances. - Fix tordate vs. Tor 0.2.3.x. Since 0.2.3.x Tor doesn't download a consensus for clocks that are more than 30 days in the past or 2 days in the future (see commits f4c1fa2 and 87622e4 in Tor's git repo). For such clock skews we set the time to the Tor authority's cert's valid-after date to ensure that a consensus can be downloaded. * Tor - Update to version 0.2.3.24-rc-1~~squeeze+1, a new major version. It's not a stable release, but we have been assured by the Tor developers that this is the right move. - Stop setting custom value for the Tor LongLivedPorts setting. Gobby's port was upstreamed in Tor 0.2.3.x. * Iceweasel - Update to 10.0.10esr-1+tails1, which has all the anonymity enhancing patches from the TorBrowser applied. - Install iceweasel from our own repo, http://deb.tails.boum.org. - Fix Iceweasel's file associations. No more should you be suggested to open a PDF in the GIMP. * htpdate - Use curl instead of wget, and add a --proxy option passed through to curl. - Remove the --fullrequest option, we don't need it anymore. - Remove --dns-timeout option, we don't need it anymore. - Change --proxy handling to support Debian Squeeze's curl. - Clarify what happens if --proxy is not used. - Compute the median of the diffs more correctly. * Hardware support - Update Linux to 3.2.32-1. * Software - Update vidalia to 0.2.20-1+tails1. - Update bundled WhisperBack package to 1.6.2: * Raise the socket library timeout to 120 seconds * Use smtplib's timeout parameter * Fix error output when calling send a 2nd time - Update liveusb-creator to 3.11.6-3. - Update i2p to 0.9.2. - Update tails-persistence-setup to 0.20-1, which should make it possible to install Tails on large (>= 32 GiB) USB drives. - Install console-setup and keyboard-configuration from unstable (required by new initramfs-tools). - Update tails-greeter to 0.7.3: * Import pt_BR translation. * Let langpanel usable during option selection stage * Print less debugging messages by default (below are changes in tails-greeter 0.7.2:) * Use correct test operators. * Generate language codes of available locales at package build time. * Read list of language codes from where we have saved it at package build time. * Drop tails-lang-helper, not used anymore. * Do not compile locales at login time anymore. Tails now ships locales-all. - Import live-config{,-sysvinit} 3.0.8-1. live-config >= 3.0.9-1 has basically nothing useful for us, and it migrates to new paths brought by live-boot 3.0~b7, which we're not ready for yet (see: todo/newer_live-boot). * Localization - Fix Tails specific Iceweasel localization for pt-BR - Add Japanese input system: scim-anthy. - whisperback is now also translated into German, Hebrew, Hungarian, Italian and Korean. - tails-persistence-setup is now also translated into Arabic. - tails-greeter is now also translated into Arabic, Hebrew, Basque, Hungarian, Italian and Chinese. * Build system - Catch more errors in during build time: - Ensure that all local hooks start with 'set -e'. - Fail hard if adduser fails in local hooks. - Fail hard if 'rm' fails in local hooks. - vagrant: Ensure we have the set of Perl packages needed by our Ikiwiki - vagrant: Configure live-build to ship with ftp.us.debian.org. Using cdn.debian.net leads to bad interactions with Tor. - vagrant: Don't use gzip compression when building from a tag, i.e. a release. - vagrant: Optionally use bootstrap stage cache for faster builds via the 'cache' build option. - vagrant: Make sure release builds are clean, i.e. they don't use any potentially dangerous build options. - vagrant: Disable live-build package caching. This build system is meant to use an external caching proxy, so live-build's cache just wastes RAM (for in-memory builds) or disk space. - vagrant: use aufs magic instead of copying source into tmpfs. This reduces the amount of RAM required for building Tails in. - vagrant: Allow in-memory builds when a VM with enough memory is already started. -- Tails developers Sat, 10 Nov 2012 12:34:56 +0000 tails (0.13) unstable; urgency=low * Major new features - Use white-list/principle of least privelege approach for local services. Only users that need a certain local (i.e. hosted on loopback) service (according to our use cases) are granted access to it by our firewall; all other users are denied access. - Ship a first version of the incremental update system. Updates are not currently triggered automatically, but this will allow tests to be done on larger scales. * Minor improvements - Enable four workspaces in the Windows XP camouflage. This allows users to quickly switch to a more innocent looking workspace in case they are working on sensitive data and attract unwanted attention. The workspace switcher applet isn't there, though, since there's no such thing in Windows XP, so switching is only possible via keyboard shortcuts. - Ship with precompiled locales instead of generating them upon login. - Add support for wireless regulation. - Use color for Git output, not intended for machine consumption, written to the terminal. - Have ttdnsd use OpenDNS. Using Google's DNS servers was very glitchy, and rarely succeeded when it should. It can probably be attributed to Google's DNS, which is known to take issue with Tor exits. - Upgrade WhisperBack to 1.6, with many UI improvements and new translations. - Include GDM logs and dmidecode informations in the reports. - Allow to modify language and layout in the "Advanced options" screen of the greeter. - GnuPG: bump cert-digest-algo to SHA512. - Update torproject.org's APT repo key. * Bugfixes - Make Claws Mail save local/POP emails in its dot-directory. The default is to save them at ~/Mail, which isn't included in our current Claws Mail persistence preset. - Fix the System Monitor applet. - Remove broken ttdnsd from the default DNS resolution loop. - Hide the 'TailsData' partition in desktop applications. - Ship unrar-free again, so that the GNOME archive manager knows about it. - Ship with an empty whitelist for Noscript. - Disable FoxyProxy's advertisement on proxy error page. - Fix slow browsing experience for offline documentation. - Raise the socket timeout to 120 seconds in WhisperBack. - Enable the ikiwiki trail plugin for the locally built wiki too. * Iceweasel - Upgrade iceweasel to 10.0.6esr-1 (Extended Support Release) and install it and its dependencies from squeeze-backports. * Hardware support - Upgrade Linux to 3.2.23-1. * Software - Update tor to version 0.2.2.39. - Update Iceweasel to version 10.0.7esr-2. - Update i2p to version 0.9.1. * Build system - vagrant: Install Ikiwiki from Debian unstable. The 'mirrorlist' patches have finally been merged in upstream Ikiwiki. So instead of building Ikiwiki by hand, we can now install the package directly from Debian unstable. - Do not build the ikiwiki forum on the bundled static website copy. -- Tails developers Mon, 17 Sep 2012 15:19:25 +0200 tails (0.12.1) unstable; urgency=low This is a brown paper bag release to fix two major problems introduced in Tails 0.12. * Iceweasel - Upgrade Torbutton to 1.4.6. - Upgrade AdBlock Plus to 2.1. - Update AdBlock Plus patterns. * Hardware support - Upgrade Linux to 3.2.21-3 (linux-image-3.2.0-3-486). * Software - Install MAT from Debian backports, drop custom package. - Install python-pdfrw to re-add PDF support to the MAT. - Upgrade tails-greeter to 0.7.1, which fixes the race condition that broke administration password and locale settings on some systems. * Boot - Remove the Tails specific plymouth theme. The theme interfers heavily with the boot process on some hardware. -- Tails developers Mon, 17 Sep 2012 13:06:03 +0200 tails (0.12) unstable; urgency=low * Major new features - Add the Unsafe Web Browser, which has direct access to the Internet and can be used to login to captive portals. - The (previously experimental, now deemed stable) Windows camouflage can now be enabled via a check box in Tails greeter. * Tor - Upgrade to 0.2.2.37-1~~squeeze+1. * Iceweasel - Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release) and install it and its dependencies from squeeze-backports. - Add a bookmark for the offline Tails documentation. - Update AdBlock patterns. * Persistence - Allow using larger USB drives by increasing the mkfs timeout to 10 minutes. - Tell the user what's going on when the Tails boot device cannot be found. * Hardware support - Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64). * Software - Install rfkill. - Install torsocks. Note that this makes `torify' use `torsocks' instead of `tsocks'. The `tsocks' binary is dropped to avoid problems, but remaining files (the library) are kept since ttdnsd depends on them. - Fetch live-config-sysvinit from sid so that it matches live-config version. - Update virtualbox backports to 4.1.10-dfsg-1~bpo60+1. - Install pciutils (needed by virtualbox-guest-utils). - Install mousetweaks. This is needed to use the mouse accessibility settings in System -> Preferences -> Mouse -> Accessibility. - Install the "hardlink" files deduplicator. - Do not install cryptkeeper anymore. See todo/remove_cryptkeeper for reason. Users of cryptkeeper are encouraged to install cryptkeeper via `apt-get update; apt-get install --yes cryptkeeper`, open their volume and move their to Tails' built-in persistence instead, as a one-time migration. - Upgrade I2P to version 0.9. - Don't install GParted. GNOME Disk Utility has been on par with GParted since Squeeze was released. - Upgrade live-boot to 3.0~a27-1+tails2~1.gbp319fe6. - Upgrade live-config to 3.0~a39-1 and install it from Debian experimental. - Upgrade tails-greeter to 0.7. - Upgrade tails-persistence-setup to 0.17-1. - Install libyaml-libyaml-perl. - Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1. - Fetch python-pdfrw from backports, drop custom package. * Internationalization - The Tails website and documentation now has a (partial) Portuguese translation. * Build system - Tails can now be built without using a HTTP proxy. - Tails can now easily be built by using Vagrant. See the updated contribute/build page for instructions. * Boot - Remove obsolete noswap boot parameter. live-boot now handles swap on an opt-in basis. - The squashfs.sort files generated with boot-profile should now be ok which makes the generate images boot noticeably faster on optical media. See bugs/weird_squashfs.sort_entries for more information. - Set Tails specific syslinux and plymouth themes. - Add NVidia KMS video drivers to the initrd in order to show our shiny new plymouth theme on more systems. -- Tails developers Mon, 11 Jun 2012 13:37:00 +0200 tails (0.11) unstable; urgency=low * Major new features - Do not grant the desktop user root credentials by default. - A graphical boot menu (tails-greeter 0.6.3) allows choosing among many languages, and setting an optional sudoer password. - Support opt-in targeted persistence · tails-persistence-setup 0.14-1 · live-boot 3.0~a25-1+tails1~5.gbp48d06c · live-config 3.0~a35-1 - USB installer: liveusb-creator 3.11.6-1 * iceweasel - Install iceweasel 10.0.4esr-1 (Extended Support Release). Let's stop tracking a too fast moving target. Debian Wheezy will ship ESR versions. - Install needed dependencies from squeeze-backports. - Search plugins: · Remove bing. bing appeared due to our upgrading iceweasel. Removing it makes things consistent with the way they have been until now, that is: let's keep only the general search engines we've been asked to add, plus Google, and a few specialized ones. · Replace Debian-provided DuckDuckGo search plugin with the "HTML SSL" one, version 20110219. This is the non-JavaScript, SSL, POST flavour. · Add ixquick.com. · Install localized search engines in the correct place. No need to copy them around at boot time anymore. · Remove Scroogle. RIP. - Enable TLS false start, like the TBB does since December. - Adblock Plus: don't count and save filter hits, supress first run dialog. - Install neither the GreaseMonkey add-on, nor any GreaseMonkey script. YouTube's HTML5 opt-in program is over. HTML5 video support is now autodetected and used. * Vidalia - Upgrade to 0.2.17-1+tails1: drop Do-not-warn-about-Tor-version.patch, applied upstream. - Set SkipVersionCheck=true. Thanks to chiiph for implementing this upstream (needs Vidalia 0.2.16+). * Internationalization - Install all available iceweasel l10n packages. - Remove syslinux language choosing menu. tails-greeter allows choosing a non-English language. - Add fonts for Hebrew, Thai, Khmer, Lao and Korean languages. - Add bidi support. - Setup text console at profile time. Context: Tails runs with text console autologin on. These consoles now wait, using a "Press enter to activate this console" message, for the user. When they press enter in there, they should have chosen their preferred keyboard layout in tails-greeter by now. Then, we run setupcon. As a result, the resulting shell is properly localized, and setupcon sets the correct keyboard layout, both according to the preferences expressed by the user in tails-greeter. - Don't use localepurge, don't remove any Scribus translations anymore, don't localize environment at live-config time: tails-greeter allows us to support many, many more languages. * Hardware support - Linux 3.2.15-1 (linux-image-3.2.0-2-amd64). - Fix low sound level on MacBook5,2. - Disable laptop-mode-tools automatic modules. This modules set often needs some amount of hardware-specific tweaking to work properly. This makes them rather not well suited for a Live system. * Software - Install GNOME keyring. This is needed so that NetworkManager remembers the WEP/WPA secrets for the time of a Tails session. Initialize GNOME keyring at user creation time. - Install usbutils to have the lsusb command. - Install the Traverso multitrack audio recorder and editor. * Miscellaneous - GNOME Terminal: keep 8192 scrollback lines instead of the smallish default. - Replaced tails-wifi initscript with laptop-mode-tools matching feature. - Disable gdomap service. - Fetch klibc-utils and libklibc from sid. The last initramfs-tools depends on these. - Set root password to "root" if debug=root is passed on the kernel cmdline. Allow setting root password on kernel cmdline via rootpw=. Looks like we implemented this feature twice. - Append a space on the kernel command line. This eases manually adding more options. - Rename sudoers.d snippets to match naming scheme. Sudo credentials that shall be unconditionally granted to the Tails default user are named zzz_*, to make sure they are applied. - WhisperBack: also include /var/log/live-persist and /var/lib/gdm3/tails.persistence. - Add a wrapper to torify whois. - Rework the VirtualBox guest modules building hook to support multiple kernels. - Consistently wait for nm-applet when waiting for user session to come up. Waiting for gnome-panel or notification-daemon worked worse. - Don't start the NetworkManager system service via init. Some Tails NM hooks need the user to be logged in to run properly. That's why tails-greeter starts NetworkManager at PostLogin time. - Also lock /bin/echo into memory. For some reason, kexec-load needs it. - Pidgin: don't use the OFTC hidden service anymore. It proved to be quite unreliable, being sometimes down for days. - Do not display storage volumes on Desktop, by disabling /apps/nautilus/desktop/volumes_visible GConf entry. Enabling that GConf setting avoids displaying the bind-mounted persistent directories on the Desktop, and reduces user confusion. It also is a first step towards a bigger UI change: GNOME3 does not manage the Desktop anymore, so volume icons and other Desktop icons are meant to disappear anyway. It implies we'll have to move all Desktop icons elsewhere. Let's start this move now: this will smooth the UI change Wheezy will carry for our users, by applying some of it progressively. * Build system - Don't build hybrid ISO images anymore. They boot less reliably on a variety of hardware, and are made less useful by us shipping a USB installer from now on. - Append .conf to live-config configuration filenames: live-config >3.0~a36-1 only takes into account files named *.conf in there. Accordingly update scripts that source these files. - Remove long-obsolete home-refresh script and its configuration. * Virtualization support - Support Spice and QXL: install the Spice agent from Debian sid, install xserver-xorg-video-qxl from squeeze-backports. -- Tails developers Tue, 17 Apr 2012 14:54:00 +0200 tails (0.10.2) unstable; urgency=low * Iceweasel - Update to 10.0.2-1. - Disable HTTPS-Everywhere's SSL Observatory (plus first-run pop-up). - Revert "FoxyProxy: don't enclose regexps between ^ and $." Currently "http://www.i2p2.de" (and everything similar) is captured by the I2P filter, which is incorrect. It seems isMultiLine="false" does *not* make RE into ^RE$ any longer. - Remove file:// from NoScript's exception lists. This will fix the JavaScript toggles in the local copy of the documentation. - Update AdBlock patterns. * Software - Upgrade I2P to 0.8.13. - Install libvpx0 from sid. - Fetch klibc-utils and libklibc from sid. The last initramfs-tools depends on these. * Hardware support - Upgrade Linux kernel to 3.2.7-1. - Install firmware-libertas. This adds support for wireless network cards with Marvell Libertas 8xxx chips supported by the libertas_cs, libertas_sdio, libertas_spi, libertas_tf_usb, mwl8k and usb8xxx drivers. * Miscellaneous - Revert "Set time to middle of [valid-after, fresh-until] from consensus." This reverts commit 18d23a500b9412b4b0fbe4e38a9398eb1a3eadef. With this vmid clocks that are E minutes back in time may cause issues (temporary Tor outages) after consensus updates that happen at the (60-E):th minute or later during any hour. Full analysis: https://mailman.boum.org/pipermail/tails-dev/2012-January/000873.html - Add the default user to the vboxsf group. This will allow the user to get full access to automounted VirtualBox shared folders as they are mounted with guid vboxsf and rwx group permissions. -- Tails developers Thu, 01 Mar 2012 20:26:21 +0100 tails (0.10.1) unstable; urgency=low * Iceweasel - Make Startpage the default web search engine. Scroogle does not look reliable enough these days. * Software - Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation). - Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI). * Hardware support - Upgrade Linux kernel to 3.2.1-2 * Time synchronization Serious rework that should fix most, if not all, of the infamous time-sync' related bugs some Tails users have experienced recently. - Make htpdate more resilient by using three server pools, and allowing some failure ratio. - Set time from Tor's unverified-consensus if needed. - Set time to middle of [valid-after, fresh-until] from consensus. - Many robustness, performance and fingerprinting-resistance improvements. - Display time-sync' notification much earlier. * Miscellaneous - Fix access to "dumb" git:// protocol by using a connect-socks wrapper as GIT_PROXY_COMMAND. - SSH client: fix access to SSH servers on the Internet by correcting Host / ProxyCommand usage. - Pidgin: use OFTC hidden service to workaround Tor blocking. - Claws Mail: disable draft autosaving. When composing PGP encrypted email, drafts are saved back to the server in plaintext. This includes both autosaved and manually saved drafts. - tails-security-check-wrapper: avoid eating all memory when offline. -- Tails developers Sat, 28 Jan 2012 10:00:31 +0100 tails (0.10) unstable; urgency=low * Tor: upgrade to 0.2.2.35-1. * Iceweasel - Install Iceweasel 9.0 from the Debian Mozilla team's APT repository. - Update Torbutton to 1.4.5.1-1. - Support viewing any YouTube video that is available in HTML5 format: install xul-ext-greasemonkey and the "Permanently Enable HTML5 on YouTube" GreaseMonkey script. - Stop using Polipo in Iceweasel. Its SOCKS support was fixed. - Install from Debian sid the iceweasel extensions we ship, for compatibility with FF9. - Use Scroogle (any languages) instead of Scroogle (English only) when booted in English. Many users choose English because their own language is not supported yet; let's not hide them search results in their own language. - Install Iceweasel language packs from Debian unstable: unfortunately they are not shipped on the mozilla.debian.net repository. - Install the NoScript Firefox extension; configure it the same way as the TBB does. - Disable third-party cookies. They can be used to track users, which is bad. Besides, this is what TBB has been doing for years. - FoxyProxy: allow direct connections to RFC1918 IPs. * Do not transparent proxy outgoing Internet connections through Tor. - Torify the SSH client using connect-proxy to all IPs but RFC1918 ones. - Torify APT using Polipo HTTP. - Torify wget in wgetrc. - Torify gobby clients using torsocks. It does not support proxies yet. - Torify tails-security-check using LWP::UserAgent's SOCKS proxy support. - Fix enabling of GNOME's HTTP proxy. * Software - Upgrade Vidalia to 0.2.15-1+tails1. · New upstream release. · Do not warn about Tor version. - Upgrade MAT to 0.2.2-1~bpo60+1. - Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1, built against the ABI of X.Org backports. - Upgrade I2P to 0.8.11 using KillYourTV's Squeeze packages; additionally, fix its start script that was broken by the tordate merge. - Install unar (The Unarchiver) instead of the non-free unrar. - Install Nautilus Wipe instead of custom Nautilus scripts. * Hardware support - Upgrade Linux kernel to 3.1.6-1. - Upgrade to X.Org from squeeze-backports. - Install more, and more recent b43 firmwares. - Upgrade barry to 0.15-1.2~bpo60+1. * Internationalization - Add basic language support for Russian, Farsi and Vietnamese. - Install some Indic fonts. - Install some Russian fonts. - Add Alt+Shift shortcut to switch keyboard layout. * Miscellaneous - Support booting in "Windows XP -like camouflage mode": · Install homebrewn local .debs for a Windows XP look-alike Gnome theme. · Add the "Windows XP Bliss" desktop wallpaper. · Added a script that's sets up Gnome to look like Microsoft Windows XP. · Add Windows XP "camouflage" icons for some programs. · Make Iceweasel use the IE icon when Windows XP camouflage is enabled. · Add special launcher icons for the Windows XP theme so that they're not too big. - Decrease Florence focus zoom to 1.2. - Do not fetch APT translation files. Running apt-get update is heavy enough. - Add MSN support thanks to msn-pecan. - Add custom SSH client configuration: · Prefer strong ciphers and MACs. · Enable maximum compression level.  · Explicitly disable X11 forwarding. · Connect as root by default, to prevent fingerprinting when username was not specified. - Replace flawed FireGPG with a home-made GnuPG encryption applet; install a feature-stripped FireGPG that redirects users to the documentation, and don't run Seahorse applet anymore. - Enable Seahorse's GnuPG agent. - Blank screen when lid is closed, rather than shutting down the system. The shutdown "feature" has caused data losses for too many people, it seems. There are many other ways a Tails system can be shut down in a hurry these days. - Import Tails signing key into the keyring. - Fix bug in the Pidgin nick generation that resulted in the nick "XXX_NICK_XXX" once out of twenty. - Pre-configure the #tor IRC discussion channel in Pidgin. - Fix "technology preview" of bridge support: it was broken by tordate merge. - Install dependencies of our USB installer to ease its development. - Make vidalia NM hook sleep only if Vidalia is already running. - Reintroduce the htpdate notification, telling users when it's safe to use Tor Hidden Services. - htpdate: omit -f argument to not download full pages. - htpdate: write success file even when not within {min,max}adjust. Otherwise htpdate will not "succeed" when the time diff is 0 (i.e. the clock was already correct) so the success file cannot be used as an indicator that the system time now is correct, which arguably is its most important purpose. * Build system - Name built images according to git tag. -- Tails developers Wed, 04 Jan 2012 09:56:38 +0100 tails (0.9) unstable; urgency=low * Tor - Upgrade to 0.2.2.34 (fixes CVE-2011-2768, CVE-2011-2769). * Iceweasel - Upgrade to 3.5.16-11 (fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650). - Upgrade FireGPG to 0.8-1+tails2: notify users that the FireGPG Text Editor is the only safe place for performing cryptographic operations, and make it impossible to do otherwise. Other ways open up several severe attacks through JavaScript (e.g. leaking plaintext when decrypting, signing messages written by the attacker). - Install Cookie Monster extension instead of CS Lite. - Always ask where to save files. - Upgrade Torbutton to 1.4.4.1-1, which includes support for the in-browser "New identity" feature. * Software - Install MAT, the metadata anonymisation toolkit. - Upgrade TrueCrypt to 7.1. - Upgrade WhisperBack to 1.5~rc1 (leads the user by the hand if an error occurs while sending the bugreport, proposes to save it after 2 faild attempts, numerous bugfixes). - Linux: upgrade to linux-image-3.0.0-2-486 (version 3.0.0-6); fixes a great number of bugs and security issues. * Miscellaneous - Fully rework date and time setting system. - Remove the htp user firewall exception. - Saner keyboard layouts for Arabic and Russian. - Use Plymouth text-only splash screen at boot time. - Color the init scripts output. - Suppress Tor's warning about applications doing their own DNS lookups. This is totally safe due to our Tor enforcement. - Disable hdparm boot-time service. We only want hdparm so that laptop-mode-tools can use it. - Run Claws Mail using torify. It's not as good as if Claws Mail supported SOCKS proxies itself, but still better than relying on the transparent netfilter torification. - Install HPLIP and hpcups for better printing support. * Erase memory at shutdown - Run many sdmem instances at once. In hope of erasing more memory until we come up with a proper fix for [[bugs/sdmem_does_not_clear_all_memory]]. - Kill gdm3 instead of using its initscript on brutal shutdown. - Use absolute path to eject for more robust memory wipe on boot medium removal. * Space savings - Exclude kernel and initramfs from being put into the SquashFS. Those files are already shipped where they are needed, that is in the ISO filesystem. Adapt kexec and memlockd bits. - Do not ship the GNOME icon theme cache. - Do not ship .pyc files. - Do not ship NEWS.Debian.gz files. * Build system - Re-implement hook that modifies syslinux config to make future development easier. -- Tails developers Tue, 01 Nov 2011 13:26:38 +0100 tails (0.8.1) unstable; urgency=low * Iceweasel - Update to 3.5.16-10 (fixes DSA-2313-1). - FireGPG: force crypto action results to appear in a new window, otherwise JavaScript can steal decrypted plaintext. Advice: always use FireGPG's text editor when writing text you want to encrypt. If you write it in a textbox the plaintext can be stolen through JavaScript before it is encrypted in the same way. - Update HTTPS Everywhere extension to 1.0.3-1. - Stop using the small version of the Tor check page. The small version incorrectly tells Tails users to upgrade their Torbrowser, which has confused some users. * Software - Update Linux to 3.0.0-2 (fixes DSA-2310-1, CVE-2011-2905, CVE-2011-2909, CVE-2011-2723, CVE-2011-2699, CVE-2011-1162, CVE-2011-1161). - Update usb-modeswitch to 1.1.9-2~bpo60+1 and usb-modeswitch-data to 20110805-1~bpo60+1 from Debian backports. This adds support for a few devices such as Pantech UMW190 CDMA modem. - Install libregexp-common-perl 2011041701-3 from Debian unstable. This fixes the bug: [[bugs/msva_does_not_use_configured_keyserver]]. - Install hdparm so the hard drives can be spinned down in order to save battery power. - Install barry-util for better BlackBerry integration. - Debian security upgrades: OpenOffice.org (DSA-2315-1), openjdk-6 (DSA-2311-1), policykit-1 (DSA-2319-1) * Protecting against memory recovery - Set more appropriate Linux VM config before wiping memory. These parameters should make the wipe process more robust and efficient. -- Tails developers Sun, 16 Oct 2011 11:31:18 +0200 tails (0.8) unstable; urgency=low * Rebase on the Debian Squeeze 6.0.2.1 point-release. * Tor - Update to 0.2.2.33-1. - Disabled ControlPort in favour of ControlSocket. - Add port 6523 (Gobby) to Tor's LongLivedPorts list. * I2P - Update to 0.8.8. - Start script now depends on HTP since I2P breaks if the clock jumps or is too skewed during bootstrap. * Iceweasel - Update to 3.5.16-9 (fixes CVE-2011-2374, CVE-2011-2376, CVE-2011-2365, CVE-2011-2373, CVE-2011-2371, CVE-2011-0083, CVE-2011-2363, CVE-2011-0085, CVE-2011-2362, CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984, CVE-2011-2983). - Enable HTTP pipelining (like TBB). - Update HTTPS Everywhere extension to 1.0.1-1 from Debian unstable. - Suppress FoxyProxy update prompts. - Prevent FoxyProxy from "phoning home" after a detected upgrade. - Fixed a bunch of buggy regular expressions in FoxyProxy's configuration. See [[bugs/exploitable_typo_in_url_regex?]] for details. Note that none of these issues are critical due to the transparent proxy. - Add DuckDuckGo SSL search engine. * Torbutton - Update to torbutton 1.4.3-1 from Debian unstable. - Don't show Torbutton status in the status bar as it's now displayed in the toolbar instead. * Pidgin - More random looking nicks in pidgin. - Add IRC account on chat.wikileaks.de:9999. * HTP - Upgrade htpdate script (taken from Git 7797fe9) that allows setting wget's --dns-timeout option. * Software - Update Linux to 3.0.0-1. -686 is now deprecated in favour of -486 and -686-pae; the world is not ready for -pae yet, so we now ship -486. - Update OpenSSL to 0.9.8o-4squeeze2 (fixes CVE-2011-1945 (revoke compromised DigiNotar certificates), CVE-2011-1945). - Update Vidalia to 0.2.14-1+tails1 custom package. - Install accessibility tools: - gnome-mag: screen magnifier - gnome-orca: text-to-speech - Replace the onBoard virtual keyboard with Florence. - Install the PiTIVi non-linear audio/video editor. - Install ttdnsd. - Install tor-arm. - Install lzma. * Arbitrary DNS queries - Tor can not handle all types of DNS queries, so if the Tor resolver fails we fallback to ttdnsd. This is now possible with Tor 0.2.2.x, since we fixed Tor bug #3369. * Hardware support - Install ipheth-utils for iPhone tethering. - Install xserver-xorg-input-vmmouse (for mouse integration with the host OS in VMWare and KVM). - Install virtualbox-ose 4.x guest packages from Debian backports. * Miscellaneous - Switch gpg to use keys.indymedia.org's hidden service, without SSL. The keys.indymedia.org SSL certificate is now self-signed. The hidden service gives a good enough way to authenticate the server and encrypts the connection, and just removes the certificates management issue. - The squashfs is now compressed using XZ which reduces the image size quite drastically. - Remove Windows autorun.bat and autorun.inf. These files did open a static copy of our website, which is not accessible any longer. * Build system - Use the Git branch instead of the Debian version into the built image's filename. - Allow replacing efficient XZ compression with quicker gzip. - Build and install documentation into the chroot (-> filesystem.squashfs). Rationale: our static website cannot be copied to a FAT32 filesystem due to filenames being too long. This means the documentation cannot be browsed offline from outside Tails. However, our installer creates GPT hidden partitions, so the doc would not be browseable from outside Tails anyway. The only usecase we really break by doing so is browsing the documentation while running a non-Tails system, from a Tails CD. -- Tails developers Thu, 09 Sep 2011 11:31:18 +0200 tails (0.7.2) unstable; urgency=high * Iceweasel - Disable Torbutton's external application launch warning. ... which advises using Tails. Tails *is* running Tails. - FoxyProxy: install from Debian instead of the older one we previously shipped. * Software - haveged: install an official Debian backport instead of a custom backport. - unrar: install the version from Debian's non-free repository. Users report unrar-free does not work well enough. -- Tails developers Sun, 12 Jun 2011 15:34:56 +0200 tails (0.7.1) unstable; urgency=high * Vidalia: new 0.2.12-2+tails1 custom package. * Iceweasel - Don't show Foxyproxy's status / icon in FF statusbar to prevent users from accidentaly / unconsciously put their anonymity at risk. - "amnesia branding" extension: bump Iceweasel compatibility to 4.0 to ease development of future releases. * Software - Upgrade Linux kernel to Debian's 2.6.32-33: fixes tons of bugs, including the infamous missing mouse cursor one. Oh, and it closes a few security holes at well. - Install unrar-free. - Do not install pppoeconf (superseeded by NetworkManager). - Upgrade macchanger to Debian testing package to ease development of future Tails releases. - Debian security upgrades: x11-xserver-utils (DSA-2213-1), isc-dhcp (DSA-2216-1), libmodplug (DSA-2226-1), openjdk-6 (DSA-2224-1). * Protecting against memory recovery - Add Italian translation for tails-kexec. Thanks to Marco A. Calamari. - Make it clear what it may mean if the system does not power off automatically. - Use kexec's --reset-vga option that might fix display corruption issues on some hardware. * WhisperBack (encrypted bug reporting software) - Upgrade WhisperBack to 1.4.1: localizes the documentation wiki's URL, uses WebKit to display the bug reporting help page, now is usable on really small screens. - Extract wiki's supported languages at build time, save this information to /etc/amnesia/environment, source this file into the Live user's environment so that WhisperBack 1.4+ can make good use of it. * Miscellaneous - Fix boot in Chinese. - Install mobile-broadband-provider-info for better 3G support. - Add back GNOME system icons to menus. - tails-security-check: avoid generating double-slashes in the Atom feeds URL. - Remove "vga=788" boot parameter which breaks the boot on some hardware. - Remove now useless "splash" boot parameter. - Fix a bunch of i386-isms. - Pass the noswap option to the kernel. This does not change actual Tails behaviour but prevents users from unnecessarily worrying because of the "Activating swap" boot message. - Make use of check.torproject.org's Arabic version. * Build system - Enable squeeze-backports. It is now ready and will be used soon. - Install eatmydata in the chroot. - Convert ikiwiki setup files to YAML. -- Tails developers Fri, 29 Apr 2011 17:14:53 +0200 tails (0.7) unstable; urgency=low * Hardware support - Install foomatic-filters-ppds to support more printers. - Give the default user the right to manage printers. * Software - Deinstall unwanted packages newly pulled by recent live-build. -- Tails developers Wed, 06 Apr 2011 22:58:51 +0200 tails (0.7~rc2) unstable; urgency=low ** SNAPSHOT build @824f39248a08f9e190146980fb1eb0e55d483d71 ** * Rebase on Debian Squeeze 6.0.1 point-release. * Vidalia: new 0.2.10-3+tails5 custom package.. * Hardware support - Install usb-modeswitch and modemmanager to support mobile broadband devices such as 3G USB dongles. Thanks to Marco A. Calamari for the suggestion. * Misc - Website relocated to https://tails.boum.org/ => adapt various places. - Configure keyboard layout accordingly to the chosen language for Italian and Portuguese. -- Tails developers Fri, 25 Mar 2011 15:44:25 +0100 tails (0.7~rc1) UNRELEASED; urgency=low ** SNAPSHOT build @98987f111fc097a699b526eeaef46bc75be5290a ** * Rebase on Debian Squeeze. * T(A)ILS has been renamed to Tails. * Protecting against memory recovery New, safer way to wipe memory on shutdown which is now also used when the boot media is physically removed. * Tor - Update to 0.2.1.30-1. * Iceweasel - Add HTTPS Everywhere 0.9.4 extension. - Better preserve Anonymity Set: spoof US English Browser and timezone the same way as the Tor Browser Bundle, disable favicons and picture iconification. - Install AdBlock Plus extension from Debian. - Add Tor-related bookmarks. - Support FTP, thanks to FoxyProxy. - Update AdBlock patterns. - Disable geolocation and the offline cache. * Software - Update Vidalia to 0.2.10-3+tails4. - Install gnome-disk-utility (Palimpsest) and Seahorse plugins. - Add opt-in i2p support with Iceweasel integration through FoxyProxy. - onBoard: fix "really quits when clicking the close window icon" bug. - Optionally install TrueCrypt at boot time. - Install laptop-mode-tools for better use of battery-powered hardware. - Replace xsane with simple-scan which is part of GNOME and way easier to use. - Upgrade WhisperBack to 1.3.1 (bugfixes, French translation). - Install scribus-ng instead of scribus. It is far less buggy in Squeeze. * Firewall - Drop incoming packets by default. - Forbid queries to DNS resolvers on the LAN. - Set output policy to drop (defense-in-depth). * Hardware support - Install Atheros and Broadcom wireless firmwares. - Install libsane-hpaio and sane-utils, respectively needed for multi-function peripherals and some SCSI scanners. * live-boot 2.0.15-1+tails1.35f1a14 - Cherry-pick our fromiso= bugfixes from upstream 3.x branch. * Miscellaneous - Many tiny user interface improvements. - More robust HTP time synchronization wrt. network failures. Also, display the logs when the clock synchronization fails. - Disable GNOME automatic media mounting and opening to protect against a class of attacks that was recently put under the spotlights. Also, this feature was breaking the "no trace is left on local storage devices unless explicitly asked" part of Tails specification. - Make configuration more similar to the Tor Browser Bundle's one. - GnuPG: default to stronger digest algorithms. - Many more or less proper hacks to get the built image size under 700MB. - Compress the initramfs using LZMA for faster boot. * Build system - Run lb build inside eatmydata fsync-less environment to greatly improve build time. -- Tails developers Fri, 11 Mar 2011 15:52:19 +0100 tails (0.6.2) unstable; urgency=high * Tor: upgrade to 0.2.1.29 (fixes CVE-2011-0427). * Software - Upgrade Linux kernel, dpkg, libc6, NSS, OpenSSL, libxml2 (fixes various security issues). - Upgrade Claws Mail to 3.7.6 (new backport). - Install Liferea, tcpdump and tcpflow. * Seahorse: use hkp:// transport as it does not support hkps://. * FireGPG: use hkps:// to connect to the configured keyserver. * Build system: take note of the Debian Live tools versions being used to make next point-release process faster. * APT: don't ship package indices. -- T(A)ILS developers Wed, 19 Jan 2011 16:59:43 +0100 tails (0.6.1) unstable; urgency=low * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676) * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues) * FireGPG: use the same keyserver as the one configured in gpg.conf. * Seahorse: use same keyserver as in gpg.conf. * HTP: display the logs when the clock synchronization fails. * Update HTP configuration: www.google.com now redirects to encrypted.google.com. * Use the light version of the "Are you using Tor?" webpage. * Update AdBlock patterns. -- T(A)ILS developers Fri, 24 Dec 2010 13:28:29 +0100 tails (0.6) unstable; urgency=low * Releasing 0.6. * New OpenPGP signing-only key. Details are on the website: https://amnesia.boum.org/GnuPG_key/ * Iceweasel - Fixed torbutton has migrated to testing, remove custom package. * HTP - Query ssl.scroogle.org instead of lists.debian.org. - Don't run when the interface that has gone up is the loopback one. * Nautilus scripts - Add shortcut to securely erase free space in a partition. - The nautilus-wipe shortcut user interface is now translatable. * Misc - Really fix virtualization warning display. - More accurate APT pinning. - Disable Debian sid APT source again since a fixed live-config has migrated to Squeeze since then. * live-boot: upgrade to 2.0.8-1+tails1.13926a - Sometimes fixes the smem at shutdown bug. - Now possible to create a second partition on the USB stick T(A)ILS is running from. * Hardware support - Support RT2860 wireless chipsets by installing firmware-ralink from Debian Backports. - Install firmware-linux-nonfree from backports. - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at build time. * Build system - Install live-build and live-helper from Squeeze. - Update SquashFS sort file. -- T(A)ILS developers Wed, 20 Oct 2010 19:53:17 +0200 tails (0.6~rc3) UNRELEASED; urgency=low ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d ** * Iceweasel - Autostart Iceweasel with the GNOME session. This workarounds the "Iceweasel first page is not loaded" bug. * HTP - Upgrade htpdate script (taken from Git 7797fe9). * Misc - Disable ssh-agent auto-starting with X session: gnome-keyring is more user-friendly. - Fix virtualization warning display. - Boot profile hook: write desktop file to /etc/skel. * Build system - Convert build system to live-build 2.0.1. - APT: fetch live-build and live-helper from Debian Live snapshots. - Remove dependency on live-build functions in chroot_local-hooks. This makes the build environment more robust and less dependent on live-build internals. - Remove hand-made rcS.d/S41tails-wifi: a hook now does this. - Measure time used by the lh build command. - Fix boot profile hook. - Boot profiling: wait a bit more: the current list does not include /usr/sbin/tor. -- T(A)ILS developers Sat, 02 Oct 2010 23:06:46 +0200 tails (0.6~rc2) UNRELEASED; urgency=low ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 ** * Iceweasel - Refreshed AdBlock patterns (20100926). - Set network.dns.disableIPv6 to true (untested yet) - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug, disable extensions.torbutton.spoof_english again. * Software - WhisperBack: upgrade to 1.3~beta3 (main change: let the user provide optional email address and OpenPGP key). - Remove mc. - Update haveged backport to 0.9-3~amnesia+lenny1. - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs in persistency and smem-on-shutdown. - Update custom htpdate script. Taken from commit d778a6094cb3 in our custom Git repository: fixes setting of date/time. * Build system - Bugfix: failed builds are now (hopefully) detected. - Fix permissions on files in /etc/apt/ that are preserved in the image. - Install version 2.0~a21-1 of live-build and live-helper in the image. We are too late in the release process to upgrade to current Squeeze version (2.0~a29-1). * Misc - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement. -- T(A)ILS developers Wed, 29 Sep 2010 19:23:17 +0200 tails (0.6~1.gbpef2878) UNRELEASED; urgency=low ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa ** * Hardware support - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1) from backports.org. This should support far more hardware and especially a lot of wireless adapters. - Add firmware for RTL8192 wireless adapters. - Enable power management on all wireless interfaces on boot. * Software - Install inkscape. - Install poedit. - Install gfshare and ssss: two complementary implementations of Shamir's Secret Sharing. - Install tor-geoipdb. - Remove dialog, mc and xterm. * Iceweasel - Set extensions.torbutton.spoof_english to its default true value in order to workaround a security issue: https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/ * Monkeysphere - Install the Iceweasel extension. - Use a hkps:// keyserver. * GnuPG - Install gnupg from backports.org so that hkps:// is supported. - Use a hkps:// keyserver. - Proxy traffic via polipo. - Prefer up-to-date digests and ciphers. * Vidalia: rebased our custom package against 0.2.10. * Build system - Built images are now named like this: tails-i386-lenny-0.5-20100925.iso - Use live-helper support for isohybrid options instead of doing the conversion ourselves. The default binary image type we build is now iso-hybrid. - Remove .deb built by m-a after they have been installed. - Setup custom GConf settings at build time rather than at boot time. - Move $HOME files to /etc/skel and let adduser deal with permissions. - Convert to live-boot / live-config / live-build 2.x branches. - Replaced our custom live-initramfs with a custom live-boot package; included version is 2.0.5-1+tails2.6797e8 from our Git repository: git clone git://git.immerda.ch/tails_live-boot.git - Install live-config* from the live-snapshots Lenny repository. Rationale: live-config binary packages differ depending on the target distribution, so that using Squeeze's live-config does not produce fully-working Lenny images. - Rename custom scripts, packages lists and syslinux menu entries from the amnesia-* namespace to the tails-* one. * HTP - Use (authenticated) HTP instead of NTP. - The htpdate script that is used comes from commit 43f5f83c0 in our custom repository: git://git.immerda.ch/tails_htp.git - Start Tor and Vidalia only once HTP is done. * Misc - Fix IPv6 firewall restore file. It was previously not used at all. - Use ftp.us.debian.org instead of the buggy GeoIP-powered cdn.debian.net. - Gedit: don't autocreate backup copies. - Build images with syslinux>=4.01 that has better isohybrid support. - amnesia-security-check: got rid of the dependency on File::Slurp. - Take into account the migration of backports.org to backports.debian.org. - Make GnuPG key import errors fatal on boot. - Warn the user when T(A)ILS is running inside a virtual machine. - DNS cache: forget automapped .onion:s on Tor restart. * Documentation: imported Incognito's walkthrough, converted to Markdown, started the needed adaptation work. -- T(A)ILS developers Sun, 26 Sep 2010 11:06:50 +0200 tails (0.5) unstable; urgency=low * The project has merged efforts with Incognito. It is now to be called "The (Amnesic) Incognito Live System". In short: T(A)ILS. * Community - Created the amnesia-news mailing-list. - Added a forum to the website. - Created a chatroom on IRC: #tails on irc.oftc.net * Fixed bugs - Workaround nasty NetworkManager vs. Tor bug that often prevented the system to connect to the Tor network: restart Tor and Vidalia when a network interface goes up. - onBoard now autodetects the keyboard layout... at least once some keys have been pressed. - New windows don't open in background anymore, thanks to a patched Metacity. - Memory wiping at shutdown is now lightning fast, and does not prevent the computer to halt anymore. - GNOME panel icons are right-aligned again. - Fixed permissions on APT config files. - Repaired mouse integration when running inside VirtualBox. * Iceweasel - Torbutton: redirect to Scroogle when presented a Google captcha. - Revamped bookmarks . moved T(A)ILS own website to the personal toolbar . moved webmail links (that are expected to be more than 3 soon) to a dedicated folder. - Don't show AdBlock Plus icon in the toolbar. - Adblock Plus: updated patterns, configured to only update subscriptions once a year. Which means never, hopefully, as users do update their Live system on a regular basis, don't they? * Vidalia: rebased our custom package against 0.2.8. * Claws Mail - Install Claws Mail from backports.org to use the X.509 CA certificates provided by Debian. - Enable PGP modules with basic configuration: . Automatically check signatures. . Use gpg-agent to manage passwords. . Display warning on start-up if GnuPG doesn't work. - Set the IO timeout to 120s (i.e. the double of the default 60s). * Pidgin - Automatically connect to irc.oftc.net with a randomized nickname, so as not to advertize the use of T(A)ILS; this nickname is made of: . a random firstname picked from the 2000 most registered by the U.S. social security administration in the 70s; . two random digits. Good old irc.indymedia.org is still configured - with same nickname - but is not enabled by default anymore. - Disabled MSN support, that is far too often affected by security flaws. * Build $HOME programmatically - Migrated all GConf settings, including the GNOME panel configuration, to XML files that are loaded at boot time. - Configure iceweasel profile skeleton in /etc/iceweasel. A brand new profile is setup from this skeleton once iceweasel is started after boot. . build sqlite files at build time from plain SQL. . FireGPG: hard-code current firegpg version at build time to prevent the extension to think it was just updated. . stop shipping binary NSS files. These were here only to install CaCert's certificate, that is actually shipped by Debian's patched libnss. * Build system - Updated Debian Live snapshots APT repository URL. - Purge all devel packages at the end of the chroot configuration. - Make sure the hook that fixes permissions runs last. - Remove unwanted Iceweasel search plugins at build time. * Misc - Added a progress bar for boot time file readahead. - Readahead more (~37MB) stuff in foreground at boot time. - Make the APT pinning persist in the Live image. - localepurge: keep locales for all supported languages, don't bother when installing new packages. - Removed syslinux help menu: these help pages are either buggy or not understandable by non-geeks. - Fixed Windows autorun. - Disable a few live-initramfs scripts to improve boot time. - Firewall: forbid any IPv6 communication with the outside. - Virtualization support: install open-vm-tools. - WhisperBack: updated to 1.2.1, add a random bug ID to the sent mail subject. - Prompt for CD removal on shutdown, not for USB device. * live-initramfs: new package built from our Git (e2890a04ff) repository. - Merged upstream changes up to 1.177.2-1. - New noprompt=usb feature. - Fix buggy memory wiping and shutdown. - Really reboot when asked, rather than shutting down the system. * onBoard - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1). - Added an entry in the Applications menu. * Software - Install vim-nox with basic configuration - Install pwgen - Install monkeysphere and msva-perl - Replaced randomsound with haveged as an additional source of entropy. * Hardware support - Build ralink rt2570 wifi modules. - Build rt2860 wifi modules from Squeeze. This supports the RT2860 wireless adapter, found particularly in the ASUS EeePC model 901 and above. - Build broadcom-sta-source wifi modules. - Bugfix: cpufreq modules were not properly added to /etc/modules. - Use 800x600 mode on boot rather than 1024x768 for compatibility with smaller displays. -- amnesia Fri, 30 Apr 2010 16:14:13 +0200 amnesia (0.4.2) unstable; urgency=low New release, mainly aimed at fixing live-initramfs security issue (Debian bug #568750), with an additional set of small enhancements as a bonus. * live-initramfs: new custom package built from our own live-initramfs Git repository (commit 8b96e5a6cf8abc) - based on new 1.173.1-1 upstream release - fixed live-media=removable behaviour so that filesystem images found on non-removable storage are really never used (Debian bug #568750) * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1) * APT: consistently use the GeoIP-powered cdn.debian.net * Software: make room so that {alpha, future} Squeeze images fit on 700MB CD-ROM - only install OpenOffice.org's calc, draw, impress, math and writer components - removed OpenOffice.org's English hyphenation and thesaurus - removed hunspell, wonder why it was ever added * Boot - explicitly disable persistence, better safe than sorry - removed compulsory 15s timeout, live-initramfs knows how to wait for the Live media to be ready * Build system: don't cache rootfs anymore -- amnesia Sun, 07 Feb 2010 18:28:16 +0100 amnesia (0.4.1) unstable; urgency=low * Brown paper bag bugfix release: have amnesia-security-check use entries publication time, rather than update time... else tagging a security issue as fixed, after releasing a new version, make this issue be announced to every user of this new, fixed version. -- amnesia Sat, 06 Feb 2010 03:58:41 +0100 amnesia (0.4) unstable; urgency=low * We now only build and ship "Hybrid" ISO images, which can be either burnt on CD-ROM or dd'd to a USB stick or hard disk. * l10n: we now build and ship multilingual images; initially supported (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it, pt, es - install Iceweasel's and OpenOffice.org's l10n packages for every supported language - stop installing localized help for OpenOffice.org, we can't afford it for enough languages - when possible, Iceweasel's homepage and default search engine are localized - added Iceweasel's "any language" Scroogle SSL search engine - when the documentation icon is clicked, display the local wiki in currently used language, if available - the Nautilus wipe script is now translatable - added gnome-keyboard-applet to the Gnome panel * software - replaced Icedove with claws mail, in a bit rough way; see https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best practices and configuration advices - virtual keyboard: install onBoard instead of kvkbd - Tor controller: install Vidalia instead of TorK - install only chosen parts of Gnome, rather than gnome-desktop-environment - do not install xdialog, which is unused and not in Squeeze - stop installing grub as it breaks Squeeze builds (see Debian bug #467620) - install live-helper from snapshots repository into the Live image * Iceweasel - do not install the NoScript extension anymore: it is not strictly necessary but bloodily annoying * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting. - added dependency on python-gnutls - install the SMTP hidden relay's certificate * amnesia-security-check: new program that tells users that the amnesia version they are running is affected by security flaws, and which ones they are; this program is run at Gnome session startup, after sleeping 2 minutes to let Tor a chance to initialize. Technical details: - Perl - uses the Desktop Notifications framework - fetches the security atom feed from the wiki - verifies the server certificate against its known CA - tries fetching the localized feed; if it fails, fetch the default (English) feed * live-initramfs: new custom package built from our own live-initramfs Git repository (commit 40e957c4b89099e06421) - at shutdown time, ask the user to unplug the CD / USB stick, then run smem, wait for it to finish, then attempt to immediately halt * build system - bumped dependency on live-helper to >= 2.0a6 and adapted our config - generate hybrid ISO images by default, when installed syslinux is recent enough - stop trying to support building several images in a row, it is still broken and less needed now that we ship hybrid ISO images - scripts/config: specify distribution when initializing defaults - updated Debian Live APT repository's signing key * PowerPC - disable virtualbox packages installing and module building on !i386 && !amd64, as PowerPC is not a supported guest architecture - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb * Squeeze - rough beginnings of a scratch Squeeze branch, currently unsupported - install gobby-infinote * misc - updated GnuPG key with up-to-date signatures - more improvements on boot time from CD - enhanced the wipe in Nautilus UI (now asks for confirmation and reports success or failure) - removed the "restart Tor" launcher from the Gnome panel -- amnesia Fri, 05 Feb 2010 22:28:04 +0100 amnesia (0.3) unstable; urgency=low * software: removed openvpn, added - Audacity - cups - Git - Gobby - GParted - lvm2 (with disabled initscript as it slows-down too much the boot in certain circumstances) - NetworkManager 0.7 (from backports.org) to support non-DHCP networking - ntfsprogs - randomsound to enhance the kernel's random pool * Tor - install the latest stable release from deb.torproject.org - ifupdown script now uses SIGHUP signal rather than a whole tor restart, so that in the middle of it vidalia won't start it's own tor - configure Gnome proxy to use Tor * iceweasel - adblockplus: upgraded to 1.0.2 - adblockplus: subscribe to US and DE EasyList extensions, updated patterns - firegpg is now installed from Debian Squeeze rather than manually; current version is then 0.7.10 - firegpg: use better keyserver ... namely pool.sks-keyservers.net - added bookmark to Amnesia's own website - use a custom "amnesiabranding" extension to localize the default search engine and homepage depending on the current locale - updated noscript whitelist - disable overriden homepage redirect on iceweasel upgrade * pidgin - nicer default configuration with verified irc.indymedia.org's SSL cert - do not parse incoming messages for formatting - hide formatting toolbar * hardware compatibility - b43-fwcutter - beginning of support for the ppc architecture - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel modules * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git repository - securely erases RAM on shutdown using smem - fixes the noprompt bug when running from USB - disables local swap partitions usage, wrongly enabled by upstream * fully support for running as a guest system in VirtualBox - install guest utils and X11 drivers - build virtualbox-ose kernel modules at image build time * documentation - new (translatable) wiki, using ikiwiki, with integrated bugs and todo tracking system a static version of the wiki is included in generated images and linked from the Desktop * build system - adapt for live-helper 2.0, and depend on it - get amnesia version from debian/changelog - include the full version in ISO volume name - save .list, .packages and .buildlog - scripts/clean: cleanup any created dir in binary_local-includes - updated Debian Live snapshot packages repository URL and signing key - remove duplicated apt/preferences file, the live-helper bug has been fixed * l10n: beginning of support for --language=en * misc - improved boot time on CD by ordering files in the squashfs in the order they are used during boot - added a amnesia-version script to built images, that outputs the current image's version - added a amnesia-debug script that prepares a tarball with information that could be useful for developpers - updated Amnesia GnuPG key to a new 4096R one - set time with NTP when a network interface is brought up - import amnesia's GnuPG pubkey into the live session user's keyring - do not ask DHCP for a specific hostname - install localepurge, only keep en, fr, de and es locales, which reduces the generated images' size by 100MB - added a hook to replace /sbin/swapon with a script that only runs /bin/true - moved networking hooks responsibility from ifupdown to NetworkManager -- amnesia Thu, 26 Nov 2009 11:17:08 +0100 amnesia (0.2) unstable; urgency=low * imported /home/amnesia, then: - more user-friendly shell, umask 077 - updated panel, added launcher to restart Tor - mv $HOME/bin/* /usr/local/bin/ - removed metacity sessions - removed gstreamer's registry, better keep this dynamically updated - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated - removed .gnome/gnome-vfs/.trash_entry_cache - removed kconf_update log - removed and excluded Epiphany configuration (not installed) - cleanup .kde * iceweasel - enable caching in RAM - explicitly disable ssl v2, and enable ssl v3 + tls - removed prefs for the non-installed webdeveloper - removed the SSL Blacklist extension (not so useful, licensing issues) - deep profile directory cleanup - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled AddBlock Plus and CS Lite to allow upgrading them - updated pluginreg.dat and localstore.rdf - moved some settings to user.js - made cookie/JavaScript whitelists more consistent - force httpS on whitelisted sites - NoScript: marked google and gmail as untrusted - some user interface tweaks, mainly for NoScript - FireGPG: disable the buggy auto-detection feature, the link to firegpg's homepage in generated pgp messages and the GMail interface (which won't work without JavaScript anyway) - updated blocklist.xml - removed and excluded a bunch of files in the profile directory * icedove: clean the profile directory up just like we did for iceweasel * software: install msmtp and mutt * home-refresh - use rsync rather than tar * documentation - various fixes - reviewed pidgin-otr security (see TODO) * build system - stop calling home-refresh in lh_build - include home-refresh in generated images - gitignore update - fix permissions on local includes at build time - updated scripts/{build,clean} wrt. new $HOME handling - scripts/{build,config}: stop guessing BASEDIR, we must be run from the root of the source directory anyway - stop storing /etc/amnesia/version in Git, delete it at clean time * release - converted Changelog to the Debian format and location, updated build scripts accordingly - added a README symlink at the root of the source directory - basic debian/ directory (not working for building packages yet, but at least we can now use git-dch) - added debian/gbp.conf with our custom options for git-dch - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used by developpers' scripts - added ./release script: a wrapper around git-dch, git-commit and git-tag -- amnesia Tue, 23 Jun 2009 14:42:03 +0200 amnesia (0.1) UNRELEASED; urgency=low * Forked Privatix 9.03.15, by Markus Mandalka: http://mandalka.name/privatix/index.html.en Everything has since been rewritten or so heavily changed that nothing remains from the original code... apart of a bunch of Gnome settings. * hardware support: - install a bunch of non-free wifi firmwares - install xsane and add the live user to the scanner group - install aircrack-ng - install xserver-xorg-video-geode on i386 (eCafe support) - install xserver-xorg-video-all - install firmware-linux from backports.org - install system-config-printer - added instructions in README.eCAFE to support the Hercules eCAFE EC-800 netbook * APT: - configure pinning to support installing chosen packages from squeeze; the APT source for testing is hardcoded in chroot_sources/, since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks - give backports.org priority 200, so that we track upgrades of packages installed from there * release: include the Changelog and TODO in the generated images, in the /usr/share/doc/amnesia/ directory * software: install gnomebaker when building Gnome-based live OS, to easily clone myself when running from CD * build system - build i386 images when the build host is amd64 - added a version file: /etc/amnesia/version - use snapshot live-* packages inside the images - setup timezone depending on the chosen build locale - rely on standard live-initramfs adduser to do our user setup (including sudo vs. Gnome/KDE, etc.) - stop "supporting" KDE - allow building several images at once - migrated most of lh_config invocations to scripts/config - append "noprompt" so that halting/rebooting work with splashy - moved our own variables to config/amnesia, using the namespace $AMNESIA_* * iceweasel - default search engine is now Scroogle SSL, configured to search pages in French language; the English one is also installed - never ask to save passwords or forms content - configured the torbutton extension to use polipo - installed the CACert root certificate - installed the SSL Blacklist extension and the blacklist data - installed the FireGPG extension - installed the CS Lite extension - installed the NoScript extension - NoScript, CS Lite: replaced the default whitelists with a list of trusted, non-commercial Internet Service Providers - configure extensions (add to prefs.js): user_pref("extensions.torbutton.startup", true); user_pref("extensions.torbutton.startup_state", 1); user_pref("extensions.torbutton.tor_enabled", true); user_pref("noscript.notify.hide", true); user_pref("capability.policy.maonoscript.sites", "about: about:blank about:certerror about:config about:credits about:neterror about:plugins about:privatebrowsing about:sessionrestore chrome: resource:"); user_pref("extensions.firegpg.no_updates", true); - install the NoScript plugin from Debian squeeze - delete urlclassifier3.sqlite on $HOME refresh: as we disabled "safebrowsing", this huge file is of no use - torbutton: install newer version from Squeeze * linux: removed non-686 kernel flavours when building i386 images * compatibility: append "live-media=removable live-media-timeout=15", to prevent blindly booting another debian-live installed on the hard disk * software: added - gnome-app-install - iwconfig - cryptkeeper: Gnome system tray applet to encrypt files with EncFS - kvkbd: virtual keyboard (installed from backports.org) - sshfs (and added live user to the fuse group) - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g - scribus * Tor - enable the transparent proxy, the DNS resolver, and the control port - save authentication cookie to /tmp/control_auth_cookie, so that the live user can use Tork and co. - autostart Tork with Gnome - Tork: installed, disabled most notifications and startup tips - added a restart tor hook to if-up.d (used by Network Manager as well), so that Tor does work immediately even if the network cable was plugged late in/after the boot process * $HOME - added a nautilus-script to wipe files and directories - bash with working completion for the live user * polipo: install and configure this HTTP proxy to forward requests through Tor * DNS: install and configure pdnsd to forward any DNS request through the Tor resolver * firewall: force every outgoing TCP connection through the Tor transparent proxy, discard any outgoing UDP connection * misc - set syslinux timeout to 4 seconds - use splashy for more user-friendly boot/halt sequences -- amnesia Sat, 20 Jun 2009 21:09:15 +0200