1 tails (2.4~rc1) unstable; urgency=medium
3 * Major new features and changes
4 - Upgrade Tor Browser to 6.0 based on Firefox 45.2. (Closes:
6 - Enable Icedove's automatic configuration wizard. We patch the
7 wizard to only use secure protocols when probing, and only
8 accept secure protocols, while keeping the improvements done by
9 TorBirdy in its own non-automatic configuration wizard. (Closes:
13 - Enable Packetization Layer Path MTU Discovery for IPv4. If any
14 system on the path to the remote host has a MTU smaller than the
15 standard Ethernet one, then Tails will receive an ICMP packet
16 asking it to send smaller packets. Our firewall will drop such
17 ICMP packets to the floor, and then the TCP connection won't
18 work properly. This can happen to any TCP connection, but so far
19 it's been reported as breaking obfs4 for actual users. Thanks to
20 Yawning for the help! (Closes: #9268)
21 - Make Tails Upgrader ship other locales than English. (Closes:
25 - Icedove improvements:
26 * Stop patching in our default into Torbirdy. We've upstreamed
27 some parts, and the rest we set with pref branch overrides in
28 /etc/xul-ext/torbirdy.js. (Closes: #10905)
29 * Use hkps keyserver in Engimail. (Closes: #10906)
30 * Default to POP if persistence is enabled, IMAP is
32 * Disable remote email account creation in Icedove. (Closes:
34 - Firewall hardening (Closes: #11391):
35 * Don't accept RELATED packets. This enables quite a lot of code
36 in the kernel that we don't need. Let's reduce the attack
38 * Restrict debian-tor user to NEW TCP syn packets. It doesn't
39 need to do more, so let's do a little bit of security in
41 * Disable netfilter's nf_conntrack_helper.
42 * Fix disabling of automatic conntrack helper assignment.
44 * Set various kernel boot options: slab_nomerge slub_debug=FZ
45 mce=0 vsyscall=none. (Closes: #11143)
46 * Remove the kernel .map files. These are only useful for kernel
47 debugging and slightly make things easier for malware, perhaps
48 and otherwise just occupy disk space. Also stop exposing
49 kernel memory addresses through /proc etc. (Closes: #10951)
50 - Drop zenity hacks to "focus" the negative answer. Jessie's
51 zenity introduced the --default-cancel option, finally!
53 - Drop useless APT pinning for Linux.
54 - Remove gnome-tweak-tool. (Closes: #11237)
55 - Install python-dogtail, to enable accessibility technologies in
56 our automated test suite (see below). (Part of: #10721)
57 - Install libdrm and mesa from jessie-backports. (Closes: #11303)
58 - Remove hledger. (Closes: #11346)
59 - Don't pre-configure the #tails chan on the default OFTC account.
61 - Install onioncircuits from jessie-backports. (Closes: #11443)
62 - Remove nmh. (Closes: #10477)
63 - Drop Debian experimental APT source: we don't use it.
64 - Use APT codenames (e.g. "stretch") instead of suites, to be
65 compatible with our tagged APT snapshots.
66 - Drop module-assistant hook and its cleanup. We've not been using
68 - Remove 'Reboot' and 'Power Off' entries from Applications →
69 System Tools. (Closes: #11075)
70 - Pin our custom APT repo to the same level as Debian ones, and
71 explicitly pin higher the packages we want to pull from our custom
72 APT repo, when needed.
73 - config/chroot_local-hooks/59-libdvd-pkg: verify libdvdcss
74 package installation. (Closes: #11420)
75 - Make Tails Upgrader use our new mirror pool design. (Closes:
79 - Use a freezable APT repo when building Tails. This is a first
80 step towards reproducible builds, and improves our QA and
81 development processes by making our builds more predictable. For
82 details, see: https://tails.boum.org/contribute/APT_repository/
83 - There has been a massive amount of improvements to the
84 Vagrant-based build system, and now it could be considered the
85 de-facto build system for Tails! Improvements and fixes include:
86 * Migrate Vagrant to use libvirt/KVM instead of
87 Virtualbox. (Closes: #6354)
88 * Make apt-get stuff non-interactive while provisioning.
89 Because there is no interaction, so that will results in
91 * Bump disk space (=> RAM for RAM builds) needed to build with
92 Vagrant. Since the Jessie migration it seems impossible to
93 keep this low enough to fit in 8 GiB or RAM. For this reason
94 we also drop the space optimization where we build inside a
95 crazy aufs stack; now we just build in a tmpfs.
96 * Clean up apt-cacher-ng cache on vm:provision to save disk
98 * Add convenient Rake task for SSH:ing into the builder VM:
100 * Add rake task for generating a new Vagrant base box.
101 * Automatically provision the VM on build to keep things up-to-date.
102 * Don't enable extproxy unless explicitly given as an
103 option. Previously it would automatically be enabled when
104 `http_proxy` is set in the environment, unlike what is
105 documented. This will hopefully lead to fewer surprises for users
106 who e.g. point http_proxy to a torified polipo, or similar.
107 * Re-fetch tags when running build-tails with Vagrant. That
108 should fix an annoyance related to #7182 that I frequently
109 encounter: when I, as the RM, rebuild the release image the
110 second time from the force-updated tag, the build system would
111 not have the force-updated tag. (Closes: #7182)
112 * Make sure we use the intended locale in the Tails builder VM.
113 Since we communicate via SSH, and e.g. Debian forward the
114 locale env vars by default, we have to take some steps
115 ensuring we do not do that.
116 - Pull monkeysphere from stretch to avoid failing to install under
117 eatmydata. Patch submitted by Cyril Brulebois <cyril@debamax.com>.
120 - Add wrapper around dogtail (inside Tails) for "remote" usage in
121 the automated test suite. This provides a simple interface for
122 generating dogtail python code, sending it to the guest, and
123 executing it, and should allow us to write more robust tests
124 leveraging assistive technologies. (Closes: #10721)
125 - A few previously sikuli-based tests has been migrated to use
126 dogtail instead, e.g. GNOME Applications menu interaction.
127 - Add a test for re-configuring an existing persistent volume.
128 This is a regression test for #10809. (Closes: #10834)
129 - Use a simulated Tor network provided by Chutney in the automated
130 test suite. The main motivation here is improved robustness --
131 since the "Tor network" we now use will exit from the host
132 running the automated test suite, we won't have to deal with Tor
133 network blocking, or unreliable circuits. Performance should
134 also be improved. (Closes: #9521)
135 - Drop the usage of Tor Check in our tests. It doesn't make sense
136 now when we use Chutney since that always means it will report
137 that Tor is not being used.
138 - Stop testing obsolete pluggable transports.
139 - Completely rewrite the firewall leak detector to something more
140 flexible and expressive.
141 - Run tcpdump with --immediate-mode for the network sniffer. With
142 this option, "packets are delivered to tcpdump as soon as they
143 arrive, rather than being buffered for efficiency" which is
144 required to make the sniffing work reliable the way we use it.
145 - Remove most scenarios testing "tordate". It just isn't working
146 well in Tails, so we shouldn't expect the tests to actually work
147 all of the time. (Closes: #10440)
149 -- Tails developers <tails@boum.org> Wed, 25 May 2016 18:24:57 +0200
151 tails (2.3.1) UNRELEASED; urgency=medium
155 -- anonym <anonym@riseup.net> Tue, 26 Apr 2016 18:41:16 +0200
157 tails (2.3) unstable; urgency=medium
160 - Upgrade Tor Browser to 5.5.5. (Fixes: #11362)
161 - Upgrade icedove to 38.7.0-1~deb8u1
162 - Upgrade git to 1:2.1.4-2.1+deb8u2
163 - Upgrade libgd3 to 2.1.0-5+deb8u1
164 - Upgrade pidgin-otr to 4.0.1-1+deb8u1
165 - Upgrade srtp to 1.4.5~20130609~dfsg-1.1+deb8u1
166 - Upgrade imagemagick to 8:6.8.9.9-5+deb8u1
167 - Upgrade samba to 2:4.2.10+dfsg-0+deb8u2
168 - Upgrade openssh to 1:6.7p1-5+deb8u2
171 - Refresh Tor Browser's AppArmor profile patch against the one from
172 torbrowser-launcher 0.2.4-1. (Fixes: #11264)
173 - Pull monkeysphere from stretch to avoid failing to install under
174 eatmydata. (Fixes: #11170)
175 - Start gpg-agent with no-grab option due to issues with pinentry and
176 GNOME's top bar. (Fixes: #11038)
177 - Tails Installer: Update error message to match new name of 'Clone
178 & Install'. (Fixes: #11238)
180 * Cope with a missing geoipdb. (Fixes: #11203)
181 * Make both panes of the window scrollable. (Fixes #11192)
182 - WhisperBack: Workaround socks bug. When the Tor fails to connect to
183 the host, WisperBack used to display a ValueError. This is caused by
184 a socks bug that is solved in upstream's master but not in Tails.
185 This commit workarounds this bug Unclear error message in WhisperBack
186 when failing to connect to the server. (Fixes: #11136)
189 - Upgrade to Debian 8.4, a Debian point release with many minor upgrades
190 and fixes to various packages . (Fixes: #11232)
191 - Upgrade I2P to 0.9.25. (Fixes: #11363)
192 - Pin pinentry-gtk2 to jessie-backports. The new version allows pasting
193 passwords from the clipboard. (Fixes: #11239)
194 - config/chroot_local-hooks/59-libdvd-pkg: cleanup /usr/src/libdvd-pkg.
196 - Make the Tor Status "disconnected" icon more contrasted with the
197 "connected" one. (Fixes: #11199)
200 - Add UTF-8 support to OTR Bot. (Fixes: #10866)
201 - Don't explicitly depend on openjdk-7-jre or any JRE for that
202 matter. Sikuli will pull in a suitable one, so depending on one
203 ourselves is only risks causing trouble. (Fixes: #11335)
205 -- Tails developers <tails@boum.org> Mon, 25 Apr 2016 14:12:22 +0200
207 tails (2.2.1) unstable; urgency=medium
210 - Upgrade Tor Browser to 5.5.4. (Closes: #11254)
211 - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u6
212 - Upgrade libotr to 4.1.0-2+deb8u1
213 - Upgrade samba-related packages to 2:4.1.17+dfsg-2+deb8u2.
214 - Upgrade libgraphite2 to 1.3.6-1~deb8u1.
216 -- Tails developers <tails@boum.org> Thu, 17 Mar 2016 15:03:52 +0100
218 tails (2.2) unstable; urgency=medium
220 * Major new features and changes
221 - Replace Vidalia (which has been unmaintained for years) with:
223 * the Tor Status GNOME Shell extension, which adds a System Status
224 icon indicating whether Tor is ready or not.
225 * Onion Circuits, a simple Tor circuit monitoring tool.
228 - Upgrade Tor Browser to 5.5.3 (Closes: #11189).
229 - Upgrade Linux to 3.16.7-ckt20-1+deb8u4.
230 - Upgrade cpio to 2.11+dfsg-4.1+deb8u1.
231 - Upgrade glibc to 2.19-18+deb8u3.
232 - Upgrade libav to 6:11.6-1~deb8u1.
233 - Upgrade libgraphite2 to 1.3.5-1~deb8u1.
234 - Upgrade libjasper1 to 1.900.1-debian1-2.4+deb8u1.
235 - Upgrade libreoffice to 4.3.3-2+deb8u3.
236 - Upgrade libssh2 to 1.4.3-4.1+deb8u1.
237 - Upgrade openssl to 1.0.1k-3+deb8u4.
238 - Upgrade perl to 5.20.2-3+deb8u4.
239 - Upgrade python-imaging, python-pil to 2.6.1-2 2.6.1-2+deb8u2.
242 - Hide "Laptop Mode Tools Configuration" menu entry. We don't
243 support configuring l-m-t in Tails, and it doesn't work out of
244 the box. (Closes: #11074)
246 * Actually write a string when saving bug report to
247 disk. (Closes: #11133)
248 * Add missing argument to OpenPGP dialog so the optional OpenPGP
249 key can be added again. (Closes: #11033)
252 - Upgrade I2P to 0.9.24-1~deb8u+1.
253 - Add support for viewing DRM protected DVD videos using
254 libdvdcss2. Patch series submitted by Austin English
255 <austinenglish@gmail.com>. (Closes: #7674)
256 - Automatically save KeePassX database after every change by default.
258 - Implement Tor stream isolation for WhisperBack
259 - Delete unused tor-tsocks-mua.conf previously used by Claws
260 Mail. (Closes: #10904)
261 - Add set -u to all gettext:ized shell scripts. In gettext-base <
262 1.8.2, like the one we had in Wheezy, gettext.sh references the
263 environment variable ZSH_VERSION, which we do not set. This has
264 prevented us from doing `set -u` without various hacks. (Closes:
266 - Also set -e in some shell scripts which lacked it for no good
268 - Make Git verify the integrity of transferred objects. (Closes:
270 - Remove LAlt+Shift and LShift+RShift keyboard layout toggling
271 shortcuts. (Closes: #10913, #11042)
274 - Reorder the execution of feature to decrease peak disk
275 usage. (Closes: #10503)
276 - Paste into the GTK file chooser, instead of typing. (Closes:
278 - Pidgin: wait a bit for text to have stopped scrolling before we
279 click on it. (Closes: #10783)
280 - Fix step that runs commands in GNOME Terminal, that was broken
281 on Jessie when a Terminal is running already. (Closes: #11176)
282 - Let ruby-rjb guess JAVA_HOME instead fixing on one jvm
283 version. (Closes: #11190)
286 - Upgrade build system to Debian Jessie. This includes migrating to a
287 new Vagrant basebox based on Debian Jessie.
288 - Rakefile: print git status when there are uncommitted
289 changes. Patch submitted by Austin English
290 <austinenglish@gmail.com>. (Closes: #11108)
291 - .gitignore: add .rake_tasks~. Patch submitted by Austin English
292 <austinenglish@gmail.com>. (Closes: #11134)
293 - config/amnesia: use --show-field over sed filtering. Patch
294 submitted by Chris Lamb <lamby@debian.org>.
295 - Umount and clean up leftover temporary directories from old
296 builds. (Closes: #10772)
298 -- Tails developers <tails@boum.org> Mon, 07 Mar 2016 18:09:50 +0100
300 tails (2.0.1) unstable; urgency=medium
302 * Major new features and changes
303 - Enable the Tor Browser's font fingerprinting protection
304 (Closes: #11000). We do it for all browsers (including
305 the Unsafe Browser and I2P Browser mainly to avoid making our
306 automated test suite overly complex. This implied to set an appropriate
307 working directory when launching the Tor Browser, to accommodate for
308 the assumptions it makes about this.
311 - Upgrade Tor Browser to 5.5.2 (Closes: #11105).
314 - Repair 32-bit UEFI support (Closes: #11007); bugfix on 2.0.
315 - Add libgnome2-bin to installed packages list to provide gnome-open,
316 which fixes URL handling at least in KeePassX, Electrum and Icedove
317 (Closes: #11031); bugfix on 2.0. Thanks to segfault for the patch!
320 - Refactor and de-duplicate the chrooted browsers' configuration:
321 prefs.js, userChrome.css (Closes: #9896).
322 - Make the -profile Tor Launcher workaround simpler (Closes: #7943).
323 - Move Torbutton environment configuration to the tor-browser script,
324 instead of polluting the default system environment with it.
325 - Refresh patch against the Tor Browser AppArmor profile
327 - Propagate Tor Launcher options via the wrapper.
328 - Move tor-launcher script to /usr/local/bin.
329 - Move tor-launcher-standalone to /usr/local/lib.
330 - Move Tor Launcher env configuration closer to the place where it is used,
331 for simplicity's sake.
334 - Mass update browser and Tor Launcher related images due to font change,
335 caused by Tor Browser 5.5's font fingerprinting protection
336 (Closes: #11097). And then, use separate PrintToFile.png for the browsers,
337 and Evince, since it cannot be shared anymore.
338 - Adjust to the refactored chrooted browsers configuration handling.
339 - Test that Tor Launcher uses the correct Tor Browser libraries.
340 - Allow more slack when verifying that the date that was set.
341 - Bump a bit the timeout used when waiting for the remote shell.
342 - Bump timeout for the process to disappear, when closing Evince.
343 - Bump timeout when saving persistence configuration.
344 - Bump timeout for bootstrapping I2P.
347 - Remove no longer relevant places.sqlite cleanup procedure.
349 -- Tails developers <tails@boum.org> Fri, 12 Feb 2016 13:00:15 +0000
351 tails (2.0) unstable; urgency=medium
353 * Major new features and changes
354 - Upgrade to Debian 8 (Jessie).
355 - Migrate to GNOME Shell in Classic mode.
356 - Use systemd as PID 1, and convert all custom initscripts to systemd units.
357 - Remove the Windows camouflage feature: our call for help to port
358 it to GNOME Shell (issued in January, 2015) was unsuccessful.
359 - Remove Claws Mail: Icedove is now the default email client
361 - Upgrade Tor Browser to 5.5 (Closes: #10858, #10983).
364 - Minimally sandbox many services with systemd's namespacing features.
365 - Upgrade Linux to 3.16.7-ckt20-1+deb8u3.
366 - Upgrade Git to 1:2.1.4-2.1+deb8u1.
367 - Upgrade Perl to 5.20.2-3+deb8u3.
368 - Upgrade bind9-related packages to 1:9.9.5.dfsg-9+deb8u5.
369 - Upgrade FUSE to 2.9.3-15+deb8u2.
370 - Upgrade isc-dhcp-client tot 4.3.1-6+deb8u2.
371 - Upgrade libpng12-0 to 1.2.50-2+deb8u2.
372 - Upgrade OpenSSH client to 1:6.7p1-5+deb8u1.
375 - Restore the logo in the "About Tails" dialog.
376 - Don't tell the user that "Tor is ready" before htpdate is done
378 - Upgrader wrapper: make the check for free memory more accurate
379 (Closes: #10540, #8263).
380 - Allow the desktop user, when active, to configure printers;
381 fixes regression introduced in Tails 1.1 (Closes: #8443).
382 - Close Vidalia before we restart Tor. Otherwise Vidalia will be running
383 and showing errors while we make sure that Tor bootstraps, which could
385 - Allow Totem to read DVDs, by installing apparmor-profiles-extra
386 from jessie-backports (Closes: #9990).
387 - Make memory erasure on shutdown more robust (Closes: #9707, #10487):
388 · don't forcefully overcommit memory
389 · don't kill the allocating task
390 · make sure the kernel doesn't starve from memory
391 · make parallel sdmem handling faster and more robust
392 - Don't offer the option, in Tor Browser, to open a downloaded file with
393 an external application (Closes: #9285). Our AppArmor confinement was
394 blocking most such actions anyway, resulting in poor UX; bugfix on 1.3.
395 Accordingly, remove the now-obsolete exception we had in the Tor
396 Browser AppArmor profile, that allowed executing seahorse-tool.
397 - Fix performance issue in Tails Upgrader, that made it very slow to apply
398 an automatic upgrade; bugfix on 1.7 (Closes: #10757).
399 - Use our wrapper script to start Icedove from the GNOME menus.
400 - Make it possible to localize our Icedove wrapper script.
401 - List Icedove persistence option in the same position where Claws Mail
402 used to be, in the persistent volume assistant (Closes: #10832).
403 - Fix Electrum by installing the version from Debian Testing
404 (Closes: #10754). We need version >=2.5.4-2, see #9713;
405 bugfix on 2.0~beta1. And, explicitly install python-qt4 to enable
406 Electrum's GUI: it's a Recommends, and we're not pulling it ourselves
407 via other means anymore.
408 - Restore default file associations (Closes: #10798);
410 - Update 'nopersistent' boot parameter to 'nopersistence'; bugfix on 0.12
411 (Closes: #10831). Thanks to live-media=removable, this had no security
413 - Repair dotfiles persistence feature, by adding a symlink from
414 /lib/live/mount/persistence to /live/persistence; bugfix on 2.0~beta1
416 - Fix ability to re-configure an existing persistent volume using
417 the GUI; bugfix on 2.0~beta1 (Closes: #10809).
418 - Associate armored OpenPGP public keys named *.key with Seahorse,
419 to workaround https://bugs.freedesktop.org/show_bug.cgi?id=93656;
420 bugfix on 1.1 (Closes: #10889).
421 - Update the list of enabled GNOME Shell extensions, which might fix
422 the "GNOME Shell sometimes leaves Classic mode" bug seen in 2.0~beta1:
423 · Remove obsolete "Alternative Status Menu", that is not shipped
425 · Explicitly enable the GNOME Shell extensions that build
427 - Make _get_tg_setting() compatible with set -u (Closes: #10785).
428 - laptop-mode-tools: don't control autosuspend. Some USB input
429 devices don't support autosuspend. This change might help fix
430 #10850, but even if it doesn't, it makes sense to me that we
431 don't let laptop-mode-tools fiddle with this on a Live system
432 (Closes (for now): #10850).
435 - Remove obsolete code from various places.
437 · hide all windows while logging in
438 · resize and re-position the panel when the screen size grows
439 · PostLogin: log into the Journal instead of a dedicated log file
440 · use localectl to set the system locale and keyboard mapping
441 · delete the Live user's password if no administration password is set
443 · port to GDBus greeter interface, and adjust to other GDM
446 · port to UDisks2, and from Qt4 to GTK3
447 · adapt to work on other GNU/Linux operating systems than Tails
448 · clean up enough upstream code and packaging bits to make it
449 deserve being uploaded to Debian
450 · rename everything from liveusb-creator to tails-installer
451 - Port tails-perl5lib to GTK3 and UDisks2. In passing, do some minor
452 refactoring and a GUI improvement.
453 - Persistent Volume Assistant:
454 · port to GTK3 and UDisks2
455 · handle errors when deleting persistent volume (Closes: #8435)
456 · remove obsolete workarounds
457 - Don't install UDisks v1.
458 - Adapt custom udev and polkit rules to UDisks v2 (Closes: #9054, #9270).
459 - Adjust import-translations' post-import step for Tails Installer,
460 to match how its i18n system works nowadays.
461 - Use socket activation for CUPS, to save some boot time.
462 - Set memlockd.service's OOMScoreAdjust to -1000.
463 - Don't bother creating /var/lib/live in tails-detect-virtualization.
464 If it does not exist at this point, we have bigger and more
466 - Simplify the virtualization detection & reporting system, and do it
467 as a non-root user with systemd-detect-virt rather than virt-what.
468 - Replace rsyslog with the systemd Journal (Closes: #8320), and adjust
469 WhisperBack's logs handling accordingly.
470 - Drop tails-save-im-environment.
471 It's not been used since we stopped automatically starting the web browser.
472 - Add a hook that aborts the build if any *.orig file is found. Such files
473 appear mainly when a patch of ours is fuzzy. In most cases they are no big
474 deal, but in some cases they end up being taken into account
476 - Replace the tor+http shim with apt-transport-tor (Closes: #8198).
477 - Install gnome-tweak-tool.
478 - Don't bother testing if we're using dependency based boot.
479 - Drop workaround to start spice-vdagent in GDM (Closes: #8025).
480 This has been fixed in Jessie proper.
481 - Don't install ipheth-utils anymore. It seems to be obsolete
482 in current desktop environments.
483 - Stop installing the buggy unrar-free, superseded in Jessie (Closes: #5838)
484 - Drop all custom fontconfig configuration, and configure fonts rendering
486 - Drop zenity patch (zenity-fix-whitespacing-box-sizes.diff),
487 that was applied upstream.
488 - Install libnet-dbus-perl (currently 1.1.0) from jessie-backports,
489 it brings new features we need.
490 - Have the security check and the upgrader wait for Tor having bootstrapped
491 with systemd unit ordering.
492 - Get rid of tails-security-check's wrapper.
493 Its only purpose was to wait for Tor to have bootstrapped,
494 which is now done via systemd.
495 - Don't allow the amnesia and tails-upgrade-frontend users to run
496 tor-has-bootstrapped as root with sudo. They don't need it anymore,
497 thanks to using systemd for starting relevant units only once Tor
499 - Install python-nautilus, that enables MAT's context menu item in Nautilus.
501 - Configure GDM with a snippet file instead of patching its
502 greeter.dconf-defaults.
504 · port to Python 3 and GObject Introspection (Closes: #7755)
505 · migrate from the gnutls module to the ssl one
506 · use PGP/MIME for better attachments handling
507 · migrate from the gnupginterface module to the gnupg one
508 · natively support SOCKS ⇒ don't wrap with torsocks anymore
510 · don't try to include the obsolete .xession-errors in bug reports
512 - chroot-browser.sh: don't use static DISPLAY.
513 - Simplify debugging:
514 · don't hide the emergency shutdown's stdout
515 · tails-unblock-network: trace commands so that they end up in the Journal
516 - Configure the console codeset at ISO build time, instead of setting it
517 to a constant via the Greeter's PostLogin.default.
518 - Order the AppArmor policy compiling in a way that is less of a blocker
520 - Include the major KMS modules in the initramfs. This helps seamless
521 transition to X.Org when booting, and back to text mode on shutdown,
522 can help for proper graphics hardware reinitialization post-kexec,
523 and should improve GNOME Shell support in some virtual machines.
524 - Always show the Universal Access menu icon in the GNOME panel.
525 - Drop notification for not-migrated-yet persistence configuration,
526 and persistence settings disabled due to wrong access rights.
527 That migration happened more two years ago.
528 - Remove the restricted network detector, that has been broken for too long;
529 see #10560 for next steps (Closes: #8328).
530 - Remove unsupported, never completed kiosk mode support.
531 - clock_gettime_monotonic: use Perl's own function to get the integer part,
532 instead of forking out to sed.
533 - Don't (try to) disable lvm2 initscripts anymore. Both the original reason
534 and the implementation are obsolete on Jessie.
535 - Lower potential for confusion (#8443), by removing system-config-printer.
536 One GUI to configure printers is enough (Closes: #8505).
537 - Add "set -u" to tails-unblock-network.
538 - Add a systemd target whose completion indicates that Tor has bootstrapped,
539 and use it everywhere sensible (Closes: #9393).
540 - Disable udev's 75-persistent-net-generator.rules, to preventing races
541 between MAC spoofing and interface naming.
542 - Replace patch against NetworkManager.conf with drop-in files.
543 - Replace resolvconf with simpler NetworkManager and dhclient configuration.
545 - Replace patching of the gdomap, i2p, hdparm, tor and ttdnsd initscripts
546 with 'systemctl disable' (Closes: #9881).
547 - Replace patches that wrapped apps with torsocks with dynamic patching with
548 a hook, to ease maintenance. Also, patch D-Bus services as needed
550 - Notify the user if running Tails inside non-free virtualization software
551 that does not try to hide its nature (Closes: #5315).
552 Thanks to Austin English <austinenglish@gmail.com> for the patch.
553 - Declare htpdate.service as being needed for time-sync.target, to ensure
554 that "services where correct time is essential should be ordered after
556 - Convert some of the X session startup programs to `systemd --user' units.
557 - Let the Pidgin wrapper pass through additional command-line arguments
559 - Move out of the $PATH a bunch of programs that users should generally
560 not run directly: connect-socks, end-profile, getTorBrowserUserAgent,
561 generate-tor-browser-profile, kill-boot-profile, tails-spoof-mac,
562 tails-set-wireless-devices-state, tails-configure-keyboard,
563 do_not_ever_run_me, boot-profile, tails-unblock-network,
564 tor-controlport-filter, tails-virt-notify-user, tails-htp-notify-user,
565 udev-watchdog-wrapper (Closes: #10658)
566 - Upgrade I2P to 0.9.23-2~deb8u+1.
567 - Disable I2P's time syncing support.
568 - Install Torbirdy from official Jessie backports, instead of from
569 our own APT repository (Closes: #10804).
570 - Make GNOME Disks' passphrase strength checking new feature work,
571 by installing cracklib-runtime (Closes: #10862).
572 - Add support for Japanese in Tor Browser.
573 - Install xserver-xorg-video-intel from Jessie Backports (currently:
574 2.99.917-2~bpo8+1). This adds support for recent chips such as
575 Intel Broadwell's HD Graphics (Closes: #10841).
576 - Improve a little bit post-Greeter network unblocking:
577 · Sleep a bit longer between deleting the blacklist, and triggering udev;
578 this might help cure #9012.
579 · Increase logging, so that we get more information next time someone
581 · Touch /etc/modprobe.d/ after deleting the blacklist; this might help,
582 in case all this is caused by some aufs bug.
583 - Enable and use the Debian jessie-proposed-updates APT repository,
584 anticipating on the Jessie 8.3 point-release (Closes: #10897).
585 - Upgrade most firmware packages to 20160110-1.
586 - Upgrade Intel CPU microcodes to 3.20151106.1~deb8u1.
587 - Disable IPv6 for the default wired connection, so that
588 NetworkManager does not spam the logs with IPv6 router
589 solicitation failure. Note that this does not fix the problem
590 for other connections (Partially closes: #10939).
593 - Adapt to the new desktop environment and applications' look.
594 - Adapt new changed nmcli syntax and output.
595 - New NetworkManager connection files must be manually loaded in Jessie.
596 - Adapt to new pkexec behavior.
597 - Adapt to how we now disable networking.
598 - Use sysctl instead of echo:ing into /proc/sys.
599 - Use oom_score_adj instead of the older oom_adj.
600 - Adapt everything depending on logs to the use of the Journal.
602 - Check that the system partition is an EFI System Partition.
603 - Add ldlinux.c32 to the list of bootloader files that are expected
604 to be modified when we run syslinux (Closes: #9053).
605 - Use apt(8) instead of apt-get(8).
606 - Don't hide the cursor after opening the GNOME apps menu.
607 - Convert the remote shell to into a systemd native service and a Python 3,
608 script that uses the sd_notify facility (Closes: #9057). Also, set its
609 OOM score adjustment value via its unit file, and not from the test suite.
610 - Adjust to match where screenshots are saved nowadays.
611 - Check that all system units have started (Closes: #8262)
612 - Simplify the "too small device" test.
613 - Spawn `poweroff' and `halt' in the background, and don't wait for them
614 to return: anything else would be racy vs. the remote shell's stopping.
615 - Bump video memory allocated to the system under test, to fix out of video
617 - When configuring the CPU to lack PAE support, use a qemu32 CPU instead
618 of a Pentium one: the latter makes GNOME Shell crash.
619 See #8778 for details about how Mesa's CPU features detection has
620 room for improvement.
621 - Adjust free(1) output parsing for Jessie.
622 - vm-execute: rename --type option to --spawn.
623 - Add method to set the X.Org clipboard, and install its dependency
625 - Paste URLs in one go, to work around issue with lost key presses
626 in the browser (Closes: #10467).
627 - Reliably wait for Synaptic's search button to fade in.
628 - Take into account that the sticky bit is not set on block devices
630 - Ensure that we can use a NetworkManager connection stored in persistence
632 - Use a stricter regexp when extracting logs for dropped packets.
633 - Clone the host CPU for the test suite guests (Closes: #8778).
634 - Run ping as root (aufs does not support file capabilities so we don't
635 get cap_net_raw+ep, and if built on a filesystem that does support
636 file capabilities, then /bin/ping is not setupd root).
637 - Escape regexp special characters when constructing the firewall log
638 parsing regexp, and pass -P to grep, since Ruby uses PCRE.
639 - Adjust is_persistent?() helper to findmnt changes in Jessie.
640 - Rework in depth how we measure pattern coverage in memory, with more
641 reliable Linux OOM and VM settings, fundamental improvements
642 in what exactly we measure, and custom OOM adjutments for fillram
643 processes (Closes: #9705).
644 - Use blkid instead of parted to determine the filesystem type.
645 - Use --kiosk mode instead of --fullscreen in virt-viewer, to remove
646 the tiny border of the in-viewer menu.
647 - Remove now redundant desktop screenshot directory scenario.
648 - Adapt GNOME notification handling for Debian Jessie (Closes: #8782)
649 - Disable screen blanking in the automated test suite, which occasionally
650 breaks some test cases (Closes: #10403).
651 - Move upgrade scenarios to the feature dedicated to them.
652 - Don't make libvirt storage volumes executable.
653 - Refactor the PAUSE_ON_FAIL functionality, so that we can use `pause()`
654 as a breakpoint when debugging.
655 - Drop non-essential Totem test that is mostly a duplicate, and too painful
656 to be worth automating on Jessie.
657 - Retry Totem HTTPS test with a new Tor circuit on failure.
658 - Replace iptables status regexp-based parser with a new XML-based
659 status analyzer: the previous implementation could not be adjusted
660 to the new ip6tables' output (Closes: #9704).
661 - Don't reboot in one instance when it is not needed.
662 - Optimize memory erasure anti-test: block the boot to save CPU on the host.
663 - Update I2P tests for Jessie, and generally make them more robust.
664 - Update Electrum tests for 2.5.4-2 (Closes: #10758).
665 - Add workaround for libvirt vs. guestfs permissions issue, to allow
666 running the test suite on current Debian sid.
667 - Fix buggy code, that happened to work by mistake, in the Seahorse
668 test cases; bugfix on 1.8.
669 - Update test suite images due to CSS change on Tails' website.
670 - Adapt Tor Browser tests to work with the 5.5 series.
671 - Automatically test downloading files in Tor Browser.
672 - Remove obsolete scenario, that tested opening a downloaded file with
673 an external application, which we do not support anymore.
674 - Improve robustness of the "Tails OpenPGP keys" scenario (Closes: #10378).
675 - Automatically test the "Diable all networking" feature (Closes: #10430).
676 - Automatically test that SSH works over LAN (Closes: #9087).
677 - Bump some statuc sleeps to fix a few race conditions (Closes: #5330).
678 - Automatically test that an emergency shutdown triggers on boot
679 medium removal (Closes: #5472).
680 - Make the AppArmor checks actually detect errors (Closes: #10926).
683 - Bump amount of disk space needed to build Tails with Vagrant.
684 The addition of the Japanese Tor Browser tarball made us reach
685 the limit of the previous value.
687 * Adjustments for Debian 8 (Jessie) with no or very little user-visible impact
688 - Free the fixed UIDs/GIDs we need before creating the corresponding users.
689 - Replace the real gnome-backgrounds with a fake, equivs generated one
690 (Closes: #8055). Jessie's gnome-shell depends on gnome-backgrounds,
691 which is too fat to ship considering we're not using it.
692 - AppArmor: adjust CUPS profile to support our Live system environment
694 · Mangle lib/live/mount/overlay/... as usual for aufs.
695 · Pass the the attach_disconnected flag, that's needed for compatibility
697 - Make sure we don't ship geoclue* (Closes: #7949).
698 - Drop deprecated GDM configuration file.
699 - Don't add the Live user to the deprecated 'fuse' group.
700 - Drop hidepid mount option for /proc (Closes: #8256). In its current,
701 simplistic form it cannot be supported by systemd.
702 - Don't manually load acpi-cpufreq at boot time. It fails to load
703 whenever no device it supports is present, which makes the
704 systemd-modules-load.service fail. These days, the kernel
705 should just automatically load such modules when they are needed.
706 - Drop sysvinit-specific (sensigs.omit.d) tweaks for memlockd.
707 - Disable the GDM unit file's Restart=always, that breaks our "emergency
708 shutdown on boot medium removal" feature.
709 - Update the implementation of the memory erasure on shutdown feature:
710 · check for rebooting state using systemctl, instead of the obsolete
711 $RUNLEVEL (Closes: #8306)
712 · the kexec-load initscript normally silently exits unless systemd is
713 currently running a reboot job. This is not the case when the emergency
714 shutdown has been triggered, so we removed this check
715 · migrate tails-kexec to the /lib/systemd/system-shutdown/ facility
716 · don't (try to) switch to tty1 on emergency shutdown: it apparently
717 requires data that we haven't locked into memory, and then it blocks
718 the whole emergency shutdown process
719 - Display a slightly darker version of the desktop wallpaper on the screen
720 saver, instead of the default flashy "Debian 8" branding (Closes: #9038).
721 - Disable software autorun from external media.
722 - Disable a few unneeded D-Bus services. Some of these services are
723 automatically started (via D-Bus activation) when GNOME Shell tries
724 to use them. The only "use" I've seen for them, except eating
725 precious RAM, is to display "No appointment today" in the calendar pop-up.
727 - Prevent NetworkManager services from starting at boot time
728 (Closes: #8313). We start them ourselves after changing the MAC address.
729 - Unfuzzy all patches (Closes: #8268) and drop a few obsolete ones.
730 - Adapt IBus configuration for Jessie (Closes: #8270), i.e. merge the two
731 places where we configure keyboard layout and input methods: both are now
732 configured in the same place in Jessie's GNOME.
733 - Migrate panel launchers to the favorite apps list (Closes: #7992).
734 - Drop pre-GNOME Shell menu tweaks.
735 - Hide "Log out" button in the GNOME Shell menu (Closes: #8364).
736 - Add a custom shutdown-helper GNOME Shell extension (Closes: #8302, #5684
737 and #5878) that removes the press-Alt-to-turn-shutdown-button-into-Suspend
738 functionality from the GNOME user menu, and makes Restart and Shutdown
739 immediate, without further user interaction. Accordingly remove our custom
740 Shutdown Helper panel applet (#8302).
741 - Drop GNOME Panel configuration, now deprecated.
742 - Disable GNOME Shell's screen lock feature.
743 We're not there yet (see #5684).
744 - Disable GNOME Shell screen locker's user switch feature.
745 - Explicitly install libany-moose-perl (Closes: #8051).
746 It's needed by our OpenPGP applet. On Wheezy, this package was pulled
747 by some other dependency. This is not the case anymore on Jessie.
748 - Don't install notification-daemon nor gnome-mag: GNOME Shell has taken
749 over this functionality (Closes: #7481).
750 - Don't install ntfsprogs: superseded on Jessie.
751 - Don't install barry-util: not part of Jessie.
752 - Link udev-watchdog dynamically, and lock it plus its dependencies
754 - Migrate from gdm-simple-greeter to a custom gdm-tails session
756 - Update Plymouth installation and configuration:
757 · install the plymouth packages via chroot_local-hooks: lb 2.x's "standard"
758 packages list pulls console-common in, which plymouth now conflicts with
759 · don't patch the plymouth initscript anymore, that was superseded
760 by native systemd unit files
761 · mask the plymouth-{halt,kexec,poweroff,reboot,shutdown} services,
762 to prevent them from occupying the active TTY with an (empty) splash
763 screen on shutdown/reboot, that would hide the messages we want to show
764 to the user via tails-kexec (Closes: #9032)
765 - Migrate GNOME keyboard layout settings from libgnomekbd to input-sources
767 - Explicitly install syslinux-efi, that we need and is not automatically
768 pulled by anything else anymore.
769 - Workaround #7248 for GDM: use a solid blue background picture,
770 instead of a solid color fill, in the Greeter session.
771 - De-install gcc-4.8-base and gcc-4.9 at the end of the ISO build process.
772 - Revert the "Wrap syndaemon to always use -t" Wheezy-specific workaround.
773 - htpdate: run date(1) in a Jessie-compatible (and nicer) way.
774 - Remove obsolete dconf screenshot settings and the corresponding test.
775 - Drop our patched python-dbus{,-dev} package (Closes: #9177).
776 - live-persist: stop overriding live-boot's functions, we now have
777 a recent enough blkid.
778 - Adjust sdmem initramfs bits for Jessie:
779 · Directly call poweroff instead of halt -p.
780 · Don't pass -n to poweroff and reboot, it's not supported anymore.
781 - Wrap text in the Unsafe Browser startup warning dialog
782 (Jessie's zenity does not wrap it itself).
783 - Associate application/pgp-keys with Seahorse's "Import Key" application
785 - Install topIcons GNOME Shell extension (v28), to work around the fact
786 that a few of the applets we use hijack the notification area.
787 - "cd /" to fix permissions issue at tails-persistence-setup startup
789 - Install gstreamer1.0-libav, so that Totem can play H264-encoded videos.
790 - Adjust APT sources configuration:
791 · remove explicit jessie and jessie-updates sources:
792 automatically added by live-build
794 · add jessie-backports
795 - Firewall: white-list access to the accessibility daemon (Closes: #8075).
796 - Adjust to changed desktop notification behavior and supported feature set
798 · pass the DBUS_SESSION_BUS_ADDRESS used by the GNOME session
800 · update waiting for a notification handler: gnome-panel and nm-applet
801 are obsolete, GNOME Shell is now providing this facility, so instead
802 wait for a process that starts once GNOME Shell is ready, namely
803 ibus-daemon (Closes: #8685)
804 · port tails-warn-about-disabled-persistence and tails-virt-notify-user
805 to notification actions (instead of hyperlinks), and make the latter
806 transient; to this end, add support to Desktop::Notify for "hints"
807 and notification actions
808 · tails-security-check: use a dialog box instead of desktop notifications
809 · MAC spoofing failure notification: remove the link to the documentation;
810 it was broken on Tails/Wheezy already, see #10559 for next steps
811 - Don't explicitly install gnome-panel nor gnome-menus, so that they go away
812 whenever the Greeter does not pull them in anymore.
813 - Install gkbd-capplet, that provides gkbd-keyboard-display (Closes: #8363).
814 - Install Tor 0.2.7 from deb.torproject.org: we don't need to rebuild it
815 ourselves for seccomp support anymore.
816 - Wrap Seahorse with torsocks when it is started as a D-Bus service too
818 - Rename the AppArmor profile for Tor, so it applies to the system-wide
819 Tor service we run (Closes: #10528).
820 - Essentially revert ALSA state handling to how it was pre-Jessie, so that
821 mixer levels are unmuted and sanitized at boot time (Closes: #7591).
822 - Pass --yes to apt-get when installing imagemagick.
823 - Make removable devices, that we support installing Tails to, user writable:
824 Tails Installer requires raw block device access to such devices
825 (Closes: #8273). Similarly, allow the amnesia user, when active, to open
826 non-system devices for writing with udisks2. This is roughly udisks2's
827 equivalent of having direct write access to raw block storage devices.
828 Here too, Tails Installer uses this functionality.
829 - Disable networkd to prevent any risk of DNS leaks it might cause; and
830 disable timesyncd, as we have our own time synchronization mechanism.
831 They are not enabled by default in Jessie, but may be in Stretch,
832 so let's be explicit about it.
833 - Mask hwclock-save.service, to avoid sync'ing the system clock
834 to the hardware clock on shutdown (Closes: #9363).
835 - apparmor-adjust-cupsd-profile.diff: adjust to parse fine on Jessie
837 - Explicitly use tor@default.service when it's the one we mean.
838 - Refactor GNOME/X env exporting to Tails' shell library, and grab
839 more of useful bits of the desktop session environment.
840 Then, use the result in the test suite's remote shell.
841 - Stop tweaking /etc/modules. It's 2015, the kernel should load these things
842 automatically (Closes: #10609).
843 - Have systemd hardening let Tor modify its configuration (needed by Tor
844 Launcher), and start obfs4proy (Closes: #10696, #10724).
845 - Bump extensions.adblockplus.currentVersion and
846 extensions.enigmail.configuredVersion to match what we currently get
848 - I2P: switch from 'service' to 'systemctl' where possible.
850 -- Tails developers <tails@boum.org> Mon, 25 Jan 2016 18:06:33 +0100
852 tails (1.8.2) unstable; urgency=medium
855 - Upgrade Tor Browser to 5.0.7.
856 - Upgrade Linux to 3.16.7-ckt20-1+deb8u2.
857 - Upgrade foomatic-filters to 4.0.17-1+deb7u1.
858 - Upgrade git to 1:1.7.10.4-1+wheezy2.
859 - Upgrade Icedove to 38.5.0-1~deb7u1.
860 - Upgrade libxml2-related packages to 2.8.0+dfsg1-7+wheezy5.
861 - Upgrade OpenSSL-related packages to 1.0.1e-2+deb7u19.
862 - Upgrade libsmbclient to 2:3.6.6-6+deb7u6.
864 -- Tails developers <tails@boum.org> Sat, 09 Jan 2016 16:27:27 +0100
866 tails (1.8.1) unstable; urgency=medium
869 - Upgrade Tor Browser to 5.0.6.
870 - Upgrade Linux to 3.16.7-ckt20-1+deb8u1
871 - Upgrade gdkpixbuf to 2.26.1-1+deb7u3
872 - Upgrade bind9 tools to 1:9.8.4.dfsg.P1-6+nmu2+deb7u8
875 - Fix time synchronization in bridge mode by refreshing our patch
876 against Tor's AppArmor profile.
878 -- Tails developers <tails@boum.org> Fri, 18 Dec 2015 19:05:18 +0000
880 tails (1.8) unstable; urgency=medium
883 - Upgrade Tor to 0.2.7.6-1~d70.wheezy+1+tails1.
884 - Upgrade Tor Browser to 5.0.5. (Closes: #10751)
885 - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u5.
886 - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u6.
887 - Upgrade Linux to 3.16.7-ckt11-1+deb8u6.
888 - Upgrade wpasupplicant to 1.0-3+deb7u3.
889 - Upgrade libpng12-0 to 1.2.49-1+deb7u1.
890 - Upgrade openjdk-7 to 7u91-2.6.3-1~deb7u1.
891 - Upgrade libnspr4 to 2:4.9.2-1+deb7u3
892 - Upgrade dpkg to 1.16.17.
893 - Upgrade gnutls26 to 2.12.20-8+deb7u4.
894 - Upgrade Icedove to 1:38.0.1-1~deb7u1.
895 - Upgrade OpenSSL to 1.0.1e-2+deb7u18.
898 - Upgrade to Electrum 2.5.4-2~d70.wheezy+1+tails1. Now Electrum
899 should work again. Note that the documentation has not been
900 adapted to the slight changes in the Electrum account setup
904 - Upgrade I2P to 0.9.23-2~deb7u+1.
905 - Rebase our patch against the Tor Browser AppArmor profile on top
906 of the one shipped in torbrowser-launcher 0.2.1-2.
907 - Warn if the claws-mail persistence is enabled and contains a
908 Claws Mail configuration when starting icedove. (Closes: #10458)
909 - Replace the Claws Mail GNOME launcher with Icedove. (Closes:
911 - Remove the Claws Mail persistence feature from the Persistence
912 Assistant. (Closes: #10742)
915 - Simplify ISO image naming rules by using the base rule we use
916 for Jenkins all the time, except when building from a tag
917 (i.e. building a release). (Closes: #10349)
920 - Lower the waiting time for USB installation in the test suite.
921 So far we were waiting up to one hour, which is just the same as
922 our Jenkins inactivity timeout, so in practice when Tails
923 Installer fails and displays an error message, instead of
924 reporting that the job failed (which is the point of the
925 exercise) we abort the job due to this timeout which
926 communicates less clearly that there's probably a bug. (Closes:
928 - Remove the check for the sound icon in the systray in the
929 Windows Camouflage tests. (Closes: #10493)
930 - Retry running whois when "LIMIT EXCEEDED" is in its output for
931 increased robustness. (Closes: #10523)
932 - Make Seahorse tests more robust. (Closes: #9095, #10501)
933 - Make the handling of Pidgin's account manager more robust.
936 -- Tails developers <tails@boum.org> Mon, 14 Dec 2015 23:07:19 +0100
938 tails (1.7) unstable; urgency=medium
940 * Major new features and changes
941 - Upgrade Tor Browser to 5.0.4. (Closes: #10456)
942 - Add a technology preview of the Icedove Email client (a
943 rebranded version of Mozilla Thunderbird), including OpenPGP
944 support via the Enigmail add-on, general security and anonymity
945 improvements via the Torbirdy add-on, and complete persistence
946 support (which will be enabled automatically if you already have
947 Claws Mail persistence enabled). Icedove will replace Claws Mail
948 as the supported email client in Tails in a future
949 release. (Closes: #6151, #9498, #10285)
950 - Upgrade Tor to 0.2.7.4-rc-1~d70.wheezy+1+tails1. Among the many
951 improvement of this new Tor major release, the new
952 KeepAliveIsolateSOCKSAuth option allows us to drop the
953 bug15482.patch patch (taken from the Tor Browse bundle) that
954 enabled similar (but inferior) functionality for *all*
955 SocksPort:s -- now the same circuit is only kept alive for
956 extended periods for the SocksPort used by the Tor
957 Browser. (Closes: #10194, #10308)
958 - Add an option to Tails Greeter which disables networking
959 completely. This is useful when intending to use Tails for
960 offline work only. (Closes: #6811)
963 - Fix CVE-2015-7665, which could lead to a network interface's IP
964 address being exposed through wget. (Closes: #10364)
965 - Prevent a symlink attack on ~/.xsession-errors via
966 tails-debugging-info which could be used by the amnesia user to
967 read the contents of any file, no matter the
968 permissions. (Closes: #10333)
969 - Upgrade libfreetype6 to 2.4.9-1.1+deb7u2.
970 - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u2.
971 - Upgrade Linux to 3.16.7-ckt11-1+deb8u5.
972 - Upgrade openjdk-7 packages to 7u85-2.6.1-6~deb7u1.
973 - Upgrade unzip to 6.0-8+deb7u4.
976 - Add a temporary workaround for an issue in our code which checks
977 whether i2p has bootstrapped, which (due to some recent change
978 in either I2P or Java) could make it appear it had finished
979 prematurely. (Closes: #10185)
980 - Fix a logical bug in the persistence preset migration code while
981 real-only persistence is enabled. (Closes: #10431)
984 - Rework the wordings of the various installation and upgrade
985 options available in Tails installer in Wheezy. (Closes: #9672)
986 - Restart Tor if bootstrapping stalls for too long when not using
987 pluggable transports. (Closes: #9516)
988 - Install firmware-amd-graphics, and firmware-misc-nonfree instead
989 of firmware-ralink-nonfree, both from Debian Sid.
990 - Update the Tails signing key. (Closes: #10012)
991 - Update the Tails APT repo signing key. (Closes: #10419)
992 - Install the nmh package. (Closes: #10457)
993 - Explicitly run "sync" at the end of the Tails Upgrader's upgrade
994 process, and pass the "sync" option when remounting the system
995 partition as read-write. This might help with some issues we've
996 seen, such as #10239, and possibly for #8449 as well.
999 - Add initial automated tests for Icedove. (Closes: #10332)
1000 - Add automated tests of the MAC spoofing feature. (Closes: #6302)
1001 - Drop the concept of "background snapshots" and introduce a general
1002 system for generating snapshots that can be shared between
1003 features. This removes all silly hacks we previously used to
1004 "skip" steps, and greatly improves performance and reliability
1005 of the whole test suite. (Closes: #6094, #8008)
1006 - Flush to the log file in debug_log() so the debugging info can
1007 be viewed in real time when monitoring the debug log
1008 file. (Closes: #10323)
1009 - Force UTF-8 locale in automated test suite. Ruby will default to
1010 the system locale, and if it is non-UTF-8, some String-methods
1011 will fail when operating on non-ASCII strings. (Closes: #10359)
1012 - Escape regexp used to match nick in CTCP replies. Our Pidgin
1013 nick's have a 10% chance to include a ^, which will break that
1014 regexp. We need to escape all characters in the nick. (Closes:
1016 - Extract TBB languages from the Tails source code. This will
1017 ensure that valid locales are tested. As an added bonus, the
1018 code is greatly simplified. (Closes: #9897)
1019 - Automatically test that tails-debugging-info is not susceptible
1020 to the type of symlink attacks fixed by #10333.
1021 - Save all test suite artifacts in a dedicated directory with more
1022 useful infromation encoded in the path. This makes it easier to
1023 see which artifacts belongs to which failed scenario and which
1024 run. (Closes: #10151)
1025 - Log all useful information via Cucumber's formatters instead of
1026 printing to stderr, which is not included when logging to file
1027 via `--out`. (Closes: #10342)
1028 - Continue running the automated test suite's vnc server even if
1029 the client disconnects. (Closes: #10345)
1030 - Add more automatic tests for I2P. (Closes: #6406)
1031 - Bump the Tor circuit retry count to 10. (Closes: #10375)
1032 - Clean up dependencies: (Closes: #10208)
1037 -- Tails developers <tails@boum.org> Tue, 03 Nov 2015 01:09:41 +0100
1039 tails (1.6) unstable; urgency=medium
1042 - Upgrade Tor Browser to 5.0.3. (Closes: #10223)
1043 - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u7.
1044 - Upgrade liblcms1 to 1.19.dfsg2-1.2+deb7u1.
1045 - Upgrade libldap-2.4-2 to 2.4.31-2+deb7u1.
1046 - Upgrade libslp1 to 1.2.1-9+deb7u1.
1047 - Upgrade ssl-cert to 1.0.32+deb7u1.
1050 - Fix a corner case for the MAC spoofing panic mode. If panic mode
1051 failed to disable the specific device that couldn't be spoofed
1052 (by unloading the module) we disable networking. Previously we
1053 only stopped NetworkManager. The problem is that NM isn't even
1054 started at this time, but will specifically be started when
1055 we're done with MAC spoofing. Therefore, let's completely
1056 disable NetworkManager so it cannot possibly be
1057 started. (Closes: #10160)
1058 - Avoid use of uninitialized value in restricted-network-detector.
1059 If NetworkManager decides that a wireless connection has timed
1060 out before "supplicant connection state" has occued, our idea of
1061 the state is `undef`, so it cannot be used in a string
1062 comparison. Hence, let's initialize the state to the empty
1063 string instead of `undef`. Also fix the state
1064 recording. Apparently NetworkManager can say a few different
1065 things when it logs the device state transitions. (Closes:
1068 * Minor improvements
1069 - Remove workaround for localizing search engine plugins. The
1070 workaround has recently become unnecessary, possibly due to the
1071 changes made for the seach bar after the Tor Browser was rebased
1072 on Firefox 38esr. (Closes: #9146)
1073 - Refer to the I2P Browser in the I2P notifications. Instead of
1074 some obscure links that won't work in the Tor Browser, where
1075 users likely will try them, and which I believe will open them
1076 by default. (Closes: #10182)
1077 - Upgrade I2P to 0.9.22. Also set the I2P apparmor profile to
1078 enforce mode. (Closes: #9830)
1081 - Test that udev-watchdog is monitoring the correct device when
1082 booted from USB. (Closes: #9890)
1083 - Remove unused 'gksu' step. This causes a false-positive to be
1084 found for #5330. (Closes: #9877)
1085 - Make --capture capture individual videos for failed scenarios
1086 only, and --capture-all to capture videos for all scenarios.
1088 - Use the more efficient x264 encoding when capturing videos using
1089 the --capture* options. (Closes: #10001)
1090 - Make --old-iso default to --iso if omitted. Using the same ISO
1091 for the USB upgrade tests most often still does what we want,
1092 e.g. test that the current version of Tails being tested has a
1093 working Tails installer. Hence this seems like a reasonable
1094 default. (Closes: #10147)
1095 - Avoid nested FindFailed exceptions in waitAny()/findAny(), and
1096 throw a new dedicated FindAnyFailed exception if these fail
1097 instead. Rjb::throw doesn't block Ruby's execution until the
1098 Java exception has been received by Ruby, so strange things can
1099 happen and we must avoid it. (Closes: #9633)
1100 - Fix the Download Management page in our browsers. Without the
1101 browser.download.panel.shown pref set, the progress being made
1102 will not update until after the browser has been restarted.
1104 - Add a 'pretty_debug' (with an alias: 'debug') Cucumber formatter
1105 that deals with debugging instead of printing it to STDERR via
1106 the `--debug` option (which now has been removed). This gives us
1107 the full flexibility of Cucumber's formatter system, e.g. one
1108 easy-to-read formatter can print to the terminal, while we get
1109 the full debug log printed to a file. (Closes: #9491)
1110 - Import logging module in otr-bot.py. Our otr-bot.py does not use
1111 logging but the jabberbot library makes logging calls, causing a
1112 one-off message “No handlers could be found for logger
1113 "jabberbot"” to be printed to the console. This commit
1114 effectively prevents logging/outputting anything to the terminal
1115 which is at a level lower than CRITICAL. (Closes: 9375)
1116 - Force new Tor circuit and reload web site on browser
1117 timeouts. (Closes: #10116)
1118 - Focus Pidgin's buddy list before trying to access the tools
1119 menu. (Closes: #10217)
1120 - Optimize IRC test using waitAny. If connecting to IRC fails,
1121 such as when OFTC is blocking Tor, waiting 60 seconds to connect
1122 while a a Reconnect button is visible is sub-optimal. It would
1123 be better to try forcing a new Tor circuit and clicking the
1124 reconnect button. (Closes: #9653)
1125 - Wait for (and focus if necessary) Pidgin's Certificate windows.
1128 -- Tails developers <tails@boum.org> Sun, 20 Sep 2015 17:47:26 +0000
1130 tails (1.5.1) unstable; urgency=medium
1133 - Upgrade Tor Browser to 5.0.2. (Closes: #10112)
1134 - Upgrade gdk-pixbuf packages to 2.26.1-1+deb7u1.
1135 - Upgrade libnss3 to 2:3.14.5-1+deb7u5.
1138 - Refresh Tor Browser AppArmor profile patch. The old one doesn't
1139 apply on top of testing's torbrowser-launcher anymore.
1142 - Make sure Jenkins creates new jobs to build the testing branch
1143 after freezes. (Closes: #9925)
1145 -- Tails developers <tails@boum.org> Fri, 28 Aug 2015 01:52:14 +0200
1147 tails (1.5) unstable; urgency=medium
1149 * Major new features and changes
1150 - Move LAN web browsing from Tor Browser to the Unsafe Browser,
1151 and forbid access to the LAN from the former. (Closes: #7976)
1152 - Install a 32-bit GRUB EFI boot loader. This at least works
1153 on some Intel Baytrail systems. (Closes: #8471)
1156 - Upgrade Tor Browser to 5.0, and integrate it:
1157 · Disable Tiles in all browsers' new tab page.
1158 · Don't use geo-specific search engine prefs in our browsers.
1159 · Hide Tools -> Set Up Sync, Tools -> Apps (that links to the Firefox
1160 Marketplace), and the "Share this page" button in the Tool bar.
1161 · Generate localized Wikipedia search engine plugin icons so the
1162 English and localized versions can be distinguished in the new
1163 search bar. (Closes: #9955)
1164 - Fix panic mode on MAC spoofing failure. (Closes: #9531)
1165 - Deny Tor Browser access to global tmp directories with AppArmor,
1166 and give it its own $TMPDIR. (Closes: #9558)
1167 - Tails Installer: don't use a predictable file name for the subprocess
1168 error log. (Closes: #9349)
1169 - Pidgin AppArmor profile: disable the launchpad-integration abstraction,
1170 which is too wide-open.
1171 - Use aliases so that our AppArmor policy applies to
1172 /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as
1173 it applies to /. And accordingly:
1174 · Upgrade AppArmor packages to 2.9.0-3~bpo70+1.
1175 · Install rsyslog from wheezy-backports, since the version from Wheezy
1176 conflicts with AppArmor 2.9.
1177 · Stop installing systemd for now: the migration work is being done in
1178 the feature/jessie branch, and it conflicts with rsyslog from
1180 · Drop apparmor-adjust-user-tmp-abstraction.diff: obsoleted.
1181 · apparmor-adjust-tor-profile.diff: simplify and de-duplicate rules.
1182 · Take into account aufs whiteouts in the system_tor profile.
1183 · Adjust the Vidalia profile to take into account Live-specific paths.
1184 - Upgrade Linux to 3.16.7-ckt11-1+deb8u3.
1185 - Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
1186 - Upgrade cups-filters to 1.0.18-2.1+deb7u2.
1187 - Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
1188 - Upgrade libexpat1 to 2.1.0-1+deb7u2.
1189 - Upgrade libicu48 to 4.8.1.1-12+deb7u3.
1190 - Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
1191 - Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.
1194 - Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+tails1.
1196 * Minor improvements
1197 - Tails Installer: let the user know when it has rejected a candidate
1198 destination device because it is too small. (Closes: #9130)
1199 - Tails Installer: prevent users from trying to "upgrade" a device
1200 that contains no Tails, or that was not installed with Tails Installer.
1202 - Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds
1203 support for the OTRv3 protocol and for multiple concurrent connections
1204 to the same account. (Closes: #9513)
1205 - Skip warning dialog when starting Tor Browser while being offline,
1206 in case it is already running. Thanks to Austin English for the patch!
1208 - Install the apparmor-profiles package (Closes: #9539), but don't ship
1209 a bunch of AppArmor profiles we don't use, to avoid increasing
1210 boot time. (Closes: #9757)
1211 - Ship a /etc/apparmor.d/tunables/home.d/tails snippet, instead
1212 of patching /etc/apparmor.d/tunables/home.
1213 - live-boot: don't mount tmpfs twice on /live/overlay, so that the one which
1214 is actually used as the read-write branch of the root filesystem's union
1215 mount, is visible. As a consequence:
1216 · One can now inspect how much space is used, at a given time, in the
1217 read-write branch of the root filesystem's union mount.
1218 · We can make sure our AppArmor policy works fine when that filesystem
1219 is visible, which is safer in case e.g. live-boot's behavior changes
1220 under our feet in the future... or in case these "hidden" files are
1221 actually accessible somehow already.
1224 - Add our jenkins-tools repository as a Git submodule, and replace
1225 check_po.sh with a symlink pointing to the same script in that submodule.
1226 Adjust the automated test suite accordingly. (Closes: #9567)
1227 - Bump amount of RAM needed for Vagrant RAM builds to 7.5 GiB. In
1228 particular the inclusion of the Tor Browser 5.0 series has recently
1229 increased the amount of space needed to build Tails. (Closes: #9901)
1232 - Test that the Tor Browser cannot access LAN resources.
1233 - Test that the Unsafe Browser can access the LAN.
1234 - Installer: test new behavior when trying to upgrade an empty device, and
1235 when attempting to upgrade a non-Tails FAT partition on GPT; also, take
1236 into account that all unsupported upgrade scenarios now trigger
1238 - Request a new Tor circuit and re-run the Seahorse and GnuPG CLI tests
1239 on failure. (Closes: #9518, #9709)
1240 - run_test_suite: remove control chars from log file even when cucumber
1241 exits with non-zero. (Closes: #9376)
1242 - Add compatibility with cucumber 2.0 and Debian Stretch. (Closes: #9667)
1243 - Use custom exception when 'execute_successfully' fails.
1244 - Retry looking up whois info on transient failure. (Closes: #9668)
1245 - Retry wget on transient failure. (Closes: #9715)
1246 - Test that Tor Browser cannot access files in /tmp.
1247 - Allow running the test suite without ntp installed. There are other means
1248 to have an accurate host system clock, e.g. systemd-timesyncd and tlsdate.
1250 - Bump timeout in the Totem feature.
1251 - Grep memory dump using the --text option. This is necessary with recent
1252 versions of grep, such as the one in current Debian sid, otherwise it
1253 will count only one occurrence of the pattern we're looking for.
1255 - Include execute_successfully's error in the exception, instead
1256 of writing it to stdout via puts. (Closes: #9795)
1257 - Test that udev-watchdog is actually monitoring the correct device.
1259 - IUK: workaround weird Archive::Tar behaviour on current sid.
1260 - Test the SocksPort:s given in torrc in the Unsafe Browser.
1261 This way we don't get any sneaky errors in case we change them and
1262 forget to update this test.
1263 - Directly verify AppArmor blocking of the Tor Browser by looking in
1264 the audit log: Firefox 38 does no longer provide any graphical feedback
1265 when the kernel blocks its access to files the user wants to access.
1266 - Update browser-related automated test suite images, and workaround
1267 weirdness introduced by the new Tor Browser fonts.
1268 - Test that Pidgin, Tor Browser, Totem and Evince cannot access ~/.gnupg
1269 via alternate, live-boot generated paths.
1270 - Adjust tests to cope with our new AppArmor aliases.
1271 - Bump memory allocated to the system under test to 2 GB. (Closes: #9883)
1273 -- Tails developers <tails@boum.org> Mon, 10 Aug 2015 19:12:58 +0200
1275 tails (1.4.1) unstable; urgency=medium
1278 - Upgrade Tor Browser to 4.5.3, based on Firefox 31.8.0 ESR. (Closes: #9649)
1279 - Upgrade Tor to 0.2.6.9-1~d70.wheezy+1+tails2, which includes a circuit
1280 isolation bugfix. (Closes: #9560)
1281 - AppArmor: deny Tor Browser access to the list of recently used files.
1283 - Upgrade OpenSSL to 1.0.1e-2+deb7u17.
1284 - Upgrade Linux to 3.16.7-ckt11-1.
1285 - Upgrade CUPS to 1.5.3-5+deb7u6.
1286 - Upgrade FUSE to 2.9.0-2+deb7u2.
1287 - Upgrade libsqlite3-0 to 3.7.13-1+deb7u2.
1288 - Upgrade ntfs-3g and ntfsprogs to 1:2012.1.15AR.5-2.1+deb7u2.
1289 - Upgrade p7zip-full to 9.20.1~dfsg.1-4+deb7u1.
1292 - Fix automatic upgrades in Windows Camouflage mode. (Closes: #9413)
1293 - Don't ship the snakeoil SSL key pair generated by ssl-cert in the ISO.
1295 - Partially fix the truncated notifications issue. (#7249)
1297 * Minor improvements
1298 - Disable the hwclock.sh initscript at reboot/shutdown time.
1299 This is an additional safety measure to ensure that the hardware clock
1300 is not modified. (Closes: #9364)
1301 - Stop shipping /var/cache/man/*, to make ISOs and IUKs smaller.
1303 - Update torbrowser-AppArmor-profile.patch to apply cleanly on top of the
1304 profile shipped with torbrowser-launcher 0.2.0-1.
1305 - Add the jessie/updates APT repo and set appropriate pinning.
1306 - Upgrade Electrum to 1.9.8-4~bpo70+1.
1307 - Upgrade kernel firmware packages to 0.44.
1310 - Install the Linux kernel from Debian Jessie. (Closes: #9341)
1311 - Remove files that are not under version control when building in Jenkins.
1313 - Don't modify files in the source tree before having possibly merged
1314 the base branch into it. (Closes: #9406)
1315 - Make it so eatmydata is actually used during a greater part of the build
1316 process. This includes using eatmydata from wheezy-backports.
1317 (Closes: #9419, #9523)
1318 - release script: adjust to support current Debian sid.
1321 - Test the system clock sanity check we do at boot. (Closes: #9377)
1322 - Remove the impossible "Clock way in the past" scenarios.
1323 Thanks to config/chroot_local-includes/lib/live/config/0001-sane-clock,
1324 these scenarios cannot happen, and since we test that it works they
1325 can be safely removed.
1326 - Test that the hardware clock is not modified at shutdown. (Closes: #9557)
1327 - Pidgin: retry looking for the roadmap URL in the topic.
1328 - Avoid showing Pidgin's tooltips during test, potentially confusing Sikuli.
1330 - Test all OpenPGP keys shipped with Tails. (Closes: #9402)
1331 - Check that notification-daemon is running when looking for notifications
1332 fails. (Closes: #9332)
1333 - Allow using the cucumber formatters however we want. (Closes: #9424)
1334 - Enable Spice in the guest, and blacklist the psmouse kernel module,
1335 to help with lost mouse events. (Closes: #9425)
1336 - Automate testing Torbutton's 'New Identity' feature. (Closes: #9286)
1337 - Test that Seahorse is configured to use the correct keyserver.
1339 - Always export TMPDIR back to the test suite's shell environment.
1341 - Make OpenPGP tests more reliable:
1342 · Retry accessing the OpenPGP applet menus on failure. (Closes: #9355)
1343 · Retry accessing menus in Seahorse on failure. (Closes: #9344)
1344 - Focus the Pidgin conversation window before any attempt to interact
1345 with it. (Closes: #9317)
1346 - Use convertkey from the (backported to Jessie) Debian package,
1347 instead of our own copy of that script. (Closes: #9066)
1348 - Make the memory erasure tests more robust (Closes: #9329):
1349 · Bump /proc/sys/vm/min_free_kbytes when running fillram.
1350 · Actually set oom_adj for the remote shell when running fillram.
1351 · Try to be more sure that we OOM kill fillram.
1352 · Run fillram as non-root.
1353 - Only try to build the storage pool if TailsToasterStorage isn't found.
1356 -- Tails developers <tails@boum.org> Sun, 28 Jun 2015 19:46:25 +0200
1358 tails (1.4) unstable; urgency=medium
1360 * Major new features
1361 - Upgrade Tor Browser to 4.5.1, based on Firefox 31.7.0 ESR, which
1362 introduces many major new features for usability, security and
1363 privacy. Unfortunately its per-tab circuit view did not make it
1364 into Tails yet since it requires exposing more Tor state to the
1365 user running the Tor Browser than we are currently comfortable
1366 with. (Closes: #9031, #9369)
1367 - Upgrade Tor to 0.2.6.7-1~d70.wheezy+1+tails2. Like in the Tor
1368 bundled with the Tor Browser, we patch it so that circuits used
1369 for SOCKSAuth streams have their lifetime increased indefinitely
1370 while in active use. This currently only affects the Tor Browser
1371 in Tails, and should improve the experience on certain web sites
1372 that otherwise would switch language or log you out every ten
1373 minutes or so when Tor switches circuit. (Closes: #7934)
1376 - tor-browser wrapper script: avoid offering avenues to arbitrary
1377 code execution to e.g. an exploited Pidgin. AppArmor Ux rules
1378 don't sanitize $PATH, which can lead to an exploited application
1379 (that's allowed to run this script unconfined, e.g. Pidgin)
1380 having this script run arbitrary code, violating that
1381 application's confinement. Let's prevent that by setting PATH to
1382 a list of directories where only root can write. (Closes: #9370)
1383 - Upgrade Linux to 3.16.7-ckt9-3.
1384 - Upgrade curl to 7.26.0-1+wheezy13.
1385 - Upgrade dpkg to 1.16.16.
1386 - Upgrade gstreamer0.10-plugins-bad to 0.10.23-7.1+deb7u2.
1387 - Upgrade libgd2-xpm to 2.0.36~rc1~dfsg-6.1+deb7u1.
1388 - Upgrade openldap to 2.4.31-2.
1389 - Upgrade LibreOffice to 1:3.5.4+dfsg2-0+deb7u4.
1390 - Upgrade libruby1.9.1 to 1.9.3.194-8.1+deb7u5.
1391 - Upgrade libtasn1-3 to 2.13-2+deb7u2.
1392 - Upgrade libx11 to 2:1.5.0-1+deb7u2.
1393 - Upgrade libxml-libxml-perl to 2.0001+dfsg-1+deb7u1.
1394 - Upgrade libxml2 to 2.8.0+dfsg1-7+wheezy4.
1395 - Upgrade OpenJDK to 7u79-2.5.5-1~deb7u1.
1396 - Upgrade ppp to 2.4.5-5.1+deb7u2.
1399 - Disable security warnings when connecting to POP3 and IMAP ports.
1401 - Make the Windows 8 browser theme compatible with the Unsafe and I2P
1402 browsers. (Closes: #9138)
1403 - Hide Torbutton's "Tor Network Settings..." context menu entry.
1405 - Upgrade the syslinux packages to support booting Tails on
1406 Chromebook C720-2800. (Closes: #9044)
1407 - Enable localization in Tails Upgrader. (Closes: #9190)
1408 - Make sure the system clock isn't before the build date during
1409 early boot. Our live-config hook that imports our signing keys
1410 depend on that the system clock isn't before the date when the
1411 keys where created. (Closes: #9149)
1412 - Set GNOME's OpenPGP keys via desktop.gnome.crypto.pgp to prevent
1413 us from getting GNOME's default keyserver in addition to our
1414 own. (Closes: #9233)
1415 - Prevent Firefox from crashing when Orca is enabled: grant
1416 it access to assistive technologies in its Apparmor
1417 profile. (Closes: #9261)
1418 - Add Jessie APT source. (Closes: #9278)
1419 - Fix set_simple_config_key(). If the key already existed in the
1420 config file before the call, all other lines would be removed
1421 due to the sed option -n and p combo. (Closes: #9122)
1422 - Remove illegal instance of local outside of function definition.
1423 Together with `set -e` that error has prevented this script from
1424 restarting Vidalia, like it should. (Closes: #9328)
1426 * Minor improvements
1427 - Upgrade I2P to 0.9.19-3~deb7u+1.
1428 - Install Tor Browser's bundled Torbutton instead of custom .deb.
1429 As of Torbutton 1.9.1.0 everything we need has been upstreamed.
1430 - Install Tor Browser's bundled Tor Launcher instead of our
1431 in-tree version. With Tor 0.2.6.x our custom patches for the
1432 ClientTransportPlugin hacks are not needed any more. (Closes:
1434 - Don't install msmtp and mutt. (Closes: #8727)
1435 - Install fonts-linuxlibertine for improved Vietnamese support in
1436 LibreOffice. (Closes: #8996)
1437 - Remove obsoletete #i2p-help IRC channel from the Pidgin
1438 configuration (Closes: #9137)
1439 - Add Gedit shortcut to gpgApplet's context menu. Thanks to Ivan
1440 Bliminse for the patch. (Closes: #9069).
1441 - Install printer-driver-gutenprint to support more printer
1442 models. (Closes: #8994).
1443 - Install paperkey for off-line OpenPGP key backup. (Closes: #8957)
1444 - Hide the Tor logo in Tor Launcher. (Closes: #8696)
1445 - Remove useless log() instance in tails-unblock-network. (Closes:
1447 - Install cdrdao: this enables Brasero to burn combined data/audio
1448 CDs and to do byte-to-byte disc copy.
1449 - Hide access to the Add-ons manager in the Unsafe Browser. It's
1450 currently broken (#9307) but we any way do not want users to
1451 install add-ons in the Unsafe Browser. (Closes: #9305)
1452 - Disable warnings on StartTLS for POP3 and IMAP (Will-fix: #9327)
1453 The default value of this option activates warnings on ports
1454 23,109,110,143. This commit disables the warnings for POP3 and
1455 IMAP as these could be equally used in encrypted StartTLS
1456 connections. (Closes: #9327)
1457 - Completely rework how we localize our browser by generating our
1458 branding add-on, and search plugins programatically. This
1459 improves the localization for the ar, es, fa, ko, nl, pl, ru,
1460 tr, vi and zh_CN locales by localizing the Startpage and
1461 Disconnect.me search plugins. Following Tor Browser 4.5's recent
1462 switch, we now use Disconnect.me as the default search
1463 engine. (Closes: #9309)
1464 * Actively set Google as the Unsafe Browser's default search
1468 - Encode in Git which APT suites to include when building Tails.
1470 - Clean up the list of packages we install. (Closes: #6073)
1471 - Run auto/{build,clean,config} under `set -x' for improved
1473 - Zero-pad our ISO images so their size is divisible by 2048.
1474 The data part of an ISO image's sectors is 2048 bytes, which
1475 implies that ISO images should always have a size divisible
1476 by 2048. Some applications, e.g. VirtualBox, use this as a sanity
1477 check, treating ISO images for which this isn't true as garbage.
1478 Our isohybrid post-processing does not ensure this,
1479 however. Also Output ISO size before/after isohybrid'ing and
1480 truncate'ing it. This will help detect if/when truncate is
1481 needed at all, so that we can report back to syslinux
1482 maintainers more useful information. (Closes: #8891)
1483 - Vagrant: raise apt-cacher-ng's ExTreshold preference to 50. The
1484 goal here is to avoid Tor Browser tarballs being deleted by
1485 apt-cacher-ng's daily expiration cronjob: they're not listed in
1486 any APT repo's index file, so acng will be quite eager to clean
1490 - Bring dependency checks up-to-date (Closes: #8988).
1491 - Adapt test suite to be run on Debian Jessie, which includes
1492 removing various Wheezy-specific workarounds, adding a few
1493 specific to Jessie, migrating from ffmpeg to libav, and
1494 more. (Closes: #8165)
1495 - Test that MAT can see that a PDF is dirty (Closes: #9136).
1496 - Allow throwing Timeout::Error in try_for() blocks, as well as
1497 nested try_for() (Closes: #9189, #9290).
1498 - Read test suite configuration files from the features/config/local.d
1499 directory. (Closes: #9220)
1500 - Kill virt-viewer with SIGTERM, not SIGINT, to prevent hordes of
1501 zombie processes from appearing. (Closes: #9139)
1502 - Kill Xvfb with SIGTERM, not SIGKILL, on test suite exit to allow
1503 it to properly clean up. (Closes: #8707)
1504 - Split SSH & SFTP configs in the test suite. (Closes: #9257)
1505 - Improve how we start subprocesses in the test suite, mostly by
1506 bypassing the shell for greater security and robustness (Closes:
1508 - Add Electrum test feature. (Closes #8963)
1509 - Test that Tails Installer detects when USB devices are
1510 removed. (Closes: #9131)
1511 - Test Tails Installer with devices which are too small. (Closes:
1513 - Test that the Report an Error launcher works in German. (Closes:
1515 - Verify that no extensions are installed in the Unsafe Browser
1516 using about:support instead of about:addons, which is broken
1517 (#9307). (Closes: #9306)
1518 - Retry GNOME application menu actions when they glitch. The
1519 GNOME application menus seem to have issues with clicks or
1520 hovering actions not registering, and hence sometimes submenus
1521 are not opened when they should, and sometimes clicks on the
1522 final application shortcut are lost. There seems to be a
1523 correlation between this and CPU load on the host running the
1524 test suite. We workaround this by simply re-trying the last
1525 action when it seems to fail. (Closes: #8928)
1526 - Work around Seahorse GUI glitchiness (Closes: #9343):
1527 * When Seahorse appears to be frozen--apparently due to network
1528 issues--it can often be worked around by refreshing the screen
1529 or activating a new window.
1530 * Open Seahorse's preferences dialog using the mouse.
1531 * Access menu entries with the mouse.
1532 - Wait for systray icons to finish loading before interacting with
1533 the systray. (Closes: #9258)
1534 - Test suite configuration: generalize local.d support to *.d. We
1535 now load features/config/*.d/*.yml.
1536 - Use code blocks in "After Scenario" hooks. This is much simpler
1537 to use (and more readable!) compared to hooking functions and
1538 arguments like we used to do.
1539 - Create filesystem share sources in the temporary directory and
1540 make them world-readable. (Closes: #8950)
1542 -- Tails developers <tails@boum.org> Mon, 11 May 2015 16:45:04 +0200
1544 tails (1.3.2) unstable; urgency=medium
1547 - Upgrade Tor Browser to 4.0.6, based on Firefox 31.6.0 ESR.
1548 - Upgrade OpenSSL to 1.0.1e-2+deb7u16.
1551 - Make Florence usable with touchpads by forcing syndaemon to
1552 always use the `-t` option, which only disables tapping and
1553 scrolling and not mouse movements (Closes: #9011).
1554 - Make tails-spoof-mac log the correct macchanger exit code on
1555 failure (Closes: #8687).
1557 · Ignore devices with less than 3.5 GB of storage since they
1558 do not fit a Tails installation (Closes: #6538).
1559 · Remove devices from the device list as they are unplugged
1562 * Minor improvements
1563 - Install obfs4proxy 0.0.4-1~tpo1, which adds support for
1564 client-mode ScrambleSuit.
1565 - Don't start Vidalia if Windows Camouflage is enabled. (Closes:
1568 · Remove "Add-ons" from the Tools menu, and hide "Keyboard
1569 Shortcuts" and "Take a Tour" since they point to resources on
1570 the open Internet (Closes: #7970).
1571 · Hide TorButton button from the customize toolbar options, and
1572 remove configs whose only purpose was to make Torbutton "green"
1577 · Test non-LAN SSH, and SFTP via GNOME's "Connect to Server"
1579 · Verify that Tails' Tor binary has the expected Tor authorities
1580 hard coded (Closes: #8960).
1582 · Programmatically determine the supported languages when testing
1583 the Unsafe Browser (Closes: #8918).
1584 · Rename --temp-dir to --tmpdir and make it behave more like
1585 mktemp, and honour TMPDIR if set in the environment. (Closes:
1588 · Make --temp-dir (now --tmpdir) actually work.
1590 -- Tails developers <tails@boum.org> Mon, 30 Mar 2015 16:54:20 +0200
1592 tails (1.3.1) unstable; urgency=medium
1595 - Upgrade Tor Browser to 4.0.5, based on Firefox 31.5.3 ESR. This addresses:
1596 · https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
1597 · https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
1598 - Upgrade Linux to 3.16.7-ckt7-1.
1599 - Upgrade libxfont to 1:1.4.5-5.
1600 - Upgrade OpenSSL to 1.0.1e-2+deb7u15.
1601 - Upgrade tcpdump to 4.3.0-1+deb7u2.
1602 - Upgrade bsdtar to 3.0.4-3+wheezy1.
1603 - Upgrade CUPS to 1.5.3-5+deb7u5.
1604 - Upgrade file and libmagic to 5.11-2+deb7u8.
1605 - Upgrade GnuPG to 1.4.12-7+deb7u7.
1606 - Upgrade libarchive to 3.0.4-3+wheezy1.
1607 - Upgrade libav to 6:0.8.17-1.
1608 - Upgrade FreeType 2 to 2.4.9-1.1+deb7u1.
1609 - Upgrade libgcrypt11 1.5.0-5+deb7u3.
1610 - Upgrade libgnutls26 to 2.12.20-8+deb7u3.
1611 - Upgrade libgtk2-perl to 2:1.244-1+deb7u1.
1612 - Upgrade ICU to 4.8.1.1-12+deb7u2.
1613 - Upgrade NSS to 2:3.14.5-1+deb7u4.
1614 - Upgrade libssh2 to 1.4.2-1.1+deb7u1.
1617 - Upgrade Tor to 0.2.5.11-1~d70.wheezy+1+tails1. Changes include:
1618 · Directory authority changes.
1619 · Fix assertion errors that may trigger under high DNS load.
1620 · No longer break on HUP with seccomp2 enabled.
1621 · and more - please consult the upstream changelog.
1622 - Upgrade Tor Launcher to 0.2.7.2, and update the test suite accordingly
1623 (Closes: #8964, #6985). Changes include:
1624 · Ask about bridges before proxy in wizard.
1625 · Hide logo if TOR_HIDE_BROWSER_LOGO set.
1626 · Remove firewall prompt from wizard.
1627 · Feedback when “Copy Tor Log” is clicked.
1628 · Improve behavior if tor exits.
1629 · Add option to hide TBB's logo
1630 · Change "Tor Browser Bundle" to "Tor Browser"
1631 · Update translations from Transifex.
1632 - Fix the Tor Launcher killer. (Closes: #9067)
1633 - Allow Seahorse to communicate with keyservers when run from Tails
1634 OpenPGP Applet. (Closes: #6394)
1635 - SSH client: don't proxy connections to 172.17.* to 172.31.*.
1637 - Repair config/chroot_local-packages feature, that was broken in Tails 1.3
1638 by 19-install-tor-browser-AppArmor-profile. (Closes: #8910)
1639 - language_statistics.sh: count original words instead of translated words.
1640 Otherwise we get >100% translation if translated strings are longer than
1641 original strings. (Closes: #9016)
1643 * Minor improvements
1644 - Only ship the new Tails signing key, and have Tails Upgrader stop trusting
1645 the old one. Update the documentation and test suite accordingly.
1646 (Closes: #8735, #8736, #8882, #8769, #8951)
1647 - Polish and harden a bit the WhisperBack configuration (Closes: #8991):
1648 · Only allow the `amnesia' user to run tails-debugging info as root
1650 · Fix spelling and grammar mistakes, improve phrasing a bit.
1651 · Quote variables consistently.
1655 · Chatting over XMPP in Pidgin, both peer-to-peer and in a multi-user
1656 chatroom. (Closes: #8002)
1657 · Chatting with OTR enabled over XMPP in Pidgin. (Closes: #8001)
1658 · Check that Pidgin only responds to the expected CTCP requests.
1660 · Fetching keys using Seahorse started via the OpenPGP Applet.
1661 · Sync'ing keys using Seahorse.
1663 · Fix a race condition between the remote shell's and Tails Greeter's
1664 startup, by making sure the remote shell is ready before we start
1665 GDM. (Closes: #8941)
1666 · Kill virt-viewer properly. (Closes: #9070)
1667 · Make sure the display is stopped on destroy_and_undefine().
1668 Where we had it earlier, it could be skipped if anything else in the
1669 block threw an exception.
1670 · Fix wrong use of "$@". (Closes: #9071)
1671 · Enable the pipefail option in run_test_suite.
1672 · Improve the GNOME screenshot test's robustness. (Closes: #8952)
1674 · turn the focus_pidgin_window() helper into a more generic
1675 VM.focus_xorg_window() one.
1676 · Reorganize the Display class.
1677 · Use clearer method to check process status in the Display class.
1678 - New developer-oriented features:
1679 · Add a --log-to-file option to run_test_suite. (Closes: #8894)
1680 · Add helpers for generating random strings.
1681 · Make it possible to hook arbitrary calls on scenario end. This is useful
1682 for dynamically adding cleanup functions, instead of having
1683 to explicitly deal with them in some After hook.
1685 -- Tails developers <tails@boum.org> Mon, 23 Mar 2015 12:34:56 +0000
1687 tails (1.3) unstable; urgency=medium
1689 * Major new features
1690 - Produce the Tails image in hybrid mode (again) so that the same
1691 image can be installed both on DVD *and* "hard disks" like USB
1692 storage and similar. (Closes: #8510)
1693 - Confine the Tor Browser using AppArmor. (Closes: #5525)
1694 - Install the Electrum bitcoin client from wheezy-backports, and
1695 add a persistence preset for the Live user's bitcoin wallet. If
1696 electrum is started without the persistence preset enabled, a
1697 warning is shown. (Closes: #6739)
1700 - Upgrade Tor Browser to 4.0.4 (based on Firefox 31.5.0esr)
1704 - Have tor_bootstrap_progress echo 0 if no matching log line is
1705 found. (Closes: #8257)
1706 - Always pass arguments through wrappers (connect-socks, totem,
1707 wget, whois) with "$@". $* doesn't handle arguments with
1708 e.g. embedded spaces correctly. (Closes: #8603, #8830)
1709 - Upgrade Linux to 3.16.7-ckt4-3.
1711 * Minor improvements
1712 - Install a custom-built Tor package with Seccomp enabled;
1713 enable the Seccomp sandbox when no pluggable transport is used.
1715 - Install obfs4proxy instead of obfsproxy, which adds support for
1716 the obfs4 Tor pluggable transport. (Closes: #7980)
1717 - Install GnuPG v2 and associated tools from wheezy-backports,
1718 primarily for its improved support for OpenPGP smartcards. It
1719 lives side-by-side with GnuPG v1, which still is the
1720 default. (Closes: #6241)
1721 - Install ibus-unikey, a Vietnamese input method for IBus. (Closes:
1723 - Install torsocks (2.x) from wheezy-backports. (Closes: #8220)
1724 - Install keyringer from Debian Jessie. (Closes: #7752)
1725 - Install pulseaudio-utils.
1726 - Remove all traces of Polipo: we don't use it anymore. This
1727 closes #5379 and #6115 because:
1728 * Have APT directly use the Tor SOCKS proxy. (Closes: #8194)
1729 * Wrap wget with torsocks. (Closes: #6623)
1730 * Wrap Totem to torify it with torsocks. (Closes: #8219)
1731 * Torify Git with tsocks, instead of setting GIT_PROXY_COMMAND.
1733 - Use torsocks for whois and Gobby, instead of torify.
1734 - Upgrade I2P to 0.9.18-1~deb7u+1.
1735 - Refactor the Unsafe and I2P browser code into a common shell
1736 library. A lot of duplicated code is now shared, and the code
1737 has been cleaned up and made more reliable. Several
1738 optimizations of memory usage and startup time were also
1739 implemented. (Closes: #7951)
1740 - Invert Exit and About in gpgApplet context menu. This is a
1741 short-term workaround for making it harder to exit the
1742 application by mistake (e.g. a double right-click). (Closes:
1744 - Implement new touchpad settings. This enables tap-to-click,
1745 2-fingers scrolling, and disable while typing. We don't enable
1746 reverse scrolling nor horizontal scrolling. (Closes: #7779)
1747 - Include the mount(8) output and live-additional-software.conf in
1748 WhisperBack bug reports (Closes: #8719, #8491).
1749 - Reduce brightness and saturation of background color. (Closes:
1751 - Have ALSA output sound via PulseAudio by default. This gives us
1752 centralized sound volume controls, and... allows to easily, and
1753 automatically, test that audio output works from Tor Browser,
1754 thanks to the PulseAudio integration into the GNOME sound
1756 - Import the new Tails signing key, which we will use for Tails
1757 1.3.1, and have Tails Upgrader trust both it and the "old"
1758 (current) Tails signing key. (Closes: #8732)
1759 - tails-security-check: error out when passed an invalid CA file.
1760 Unfortunately, the underlying HTTPS stack we use here fails open
1761 in those case, so we have to check it ourselves. Currently, we
1762 check that the file exists, is readable, is a plain file and is
1763 not empty. Also support specifying the CA file via an
1764 environment variable. This will ease development and bug-fixing
1766 - Fix racy code in Tails Installer that sometimes made the
1767 automated test suite stall for scenarios installing Tails
1768 to USB disks. (Closes: #6092)
1769 - Make it possible to use Tails Upgrader to upgrade a Tails
1770 installation that has cruft files on the system partition.
1774 - Install syslinux-utils from our builder-wheezy APT repository in
1775 Vagrant. We need version 6.03~pre20 to make the Tails ISO image
1777 - Update deb.tails.boum.org apt repo signing key. (Closes: #8747)
1778 - Revert "Workaround build failure in lb_source, after creating
1779 the ISO." This is not needed anymore given the move to the Tor
1780 SOCKS proxy. (Closes: #5307)
1781 - Remove the bootstrap stage usage option and disable all
1782 live-build caching in Vagrant. It introduces complexity and
1783 potential for strange build inconsistencies for a meager
1784 reduction in build time. (Closes: #8725)
1785 - Hardcode the mirrors used at build and boot time in auto/config.
1786 Our stuff will be more consistent, easier to reproduce, and our
1787 QA process will be more reliable if we all use the same mirrors
1788 at build time as the ones we configure in the ISO. E.g. we won't
1789 have issues such as #8715 again. (Closes: #8726)
1790 - Don't attempt to retrieve source packages from local-packages so
1791 local packages can be installed via
1792 config/chroot_local-packages. (Closes: #8756)
1793 - Use our own Tor Browser archive when building an ISO. (Closes:
1797 - Use libguestfs instead of parted when creating partitions and
1798 filsystems, and to check that only the expected files
1799 persist. We also switch to qcow2 as the default disk image
1800 format everywhere to reduce disk usage, enable us to use
1801 snapshots that includes the disks (in the future), and to use
1802 the same steps for creating disks in all tests. (Closes: #8673)
1803 - Automatically test that Tails ignores persistence volumes stored
1804 on non-removable media, and doesn't enable swaps. (Closes:
1806 - Actually make sure that Tails can boot from live systems stored
1807 on a hard drive. Running the 'I start Tails from DVD ...' step
1808 will override the earlier 'the computer is set to boot from ide
1809 drive "live_hd"' step, so let's make the "from DVD" part
1810 optional; it will be the default any way.
1811 - Make it possible to use an old iso with different persistence
1812 presets. (Closes: #8091)
1813 - Hide the cursor between steps when navigating the GNOME
1814 applications menu. This makes it a bit more robust, again:
1815 sometimes the cursor is partially hiding the menu entry we're
1816 looking for, hence preventing Sikuli from finding it (in
1817 particular when it's "Accessories", since we've just clicked on
1818 "Applications" which is nearby). (Closes: #8875)
1819 - Ensure that the test will fail if "apt-get X" commands fail.
1820 - Test 'Tor is ready' notification in a separate scenario. (Closes:
1822 - Add automated tests for torified wget and whois. This should
1823 help us identify future regressions such as #8603 in their
1825 - Add automated test for opening an URL from Pidgin.
1826 - And add automated tests for the Tor Browser's AppArmor
1828 - Test that "Report an Error Launcher" opens the support
1830 - Test that the Unsafe Browser:
1831 * starts in various locales.
1832 * complains when DNS isn't configured.
1833 * tears down its chroot on shutdown.
1834 * runs as the correct user.
1835 * has no plugins or add-ons installed.
1836 * has no unexpected bookmarks.
1837 * has no proxy configured.
1838 - Bump the "I2P router console is ready" timeout in its test to
1839 deal with slow Internet connections.
1840 - Make the automatic tests of gpgApplet more robust by relying
1841 more on graphical elements instead of keyboard shortcuts and
1842 static sleep():s. (Closes: #5632)
1843 - Make sure that enough disk space is available when creating
1844 virtual storage media. (Closes: #8907)
1845 - Test that the Unsafe Browser doesn't generate any non-user
1846 initiated traffic, and in particular that it doesn't check for
1847 upgrades, which is a regression test for #8694. (Closes: #8702)
1848 - Various robustness improvements to the Synaptic tests. (Closes:
1850 - Automatically test Git. (Closes: #6307)
1851 - Automatically test GNOME Screenshot, which is a regression test
1852 for #8087. (Closes: #8688)
1853 - Fix a quoting issue with `tails_persistence_enabled?`. (Closes:
1855 - Introduce an improved configuration system that also can store
1856 local secrets, like user credentials needed for some
1857 tests. (Closes: #6301, #8188)
1858 - Actually verify that we successfully set the time in our time
1859 syncing tests. (Closes: #5836)
1860 - Automatically test Tor. This includes normal functionality and
1861 the use pluggable transports, that our Tor enforcement is
1862 effective (e.g. only the Tor network or configured bridges are
1863 contacted) and that our stream isolation configuration is
1864 working. (Closes: #5644, #6305, #7821)
1866 -- Tails developers <tails@boum.org> Mon, 23 Feb 2015 17:14:00 +0100
1868 tails (1.2.3) unstable; urgency=medium
1871 - Upgrade Linux to 3.16.7-ckt2-1.
1872 - Upgrade Tor Browser to 4.0.3 (based on Firefox 31.4.0esr)
1874 - Fail safe by entering panic mode if macchanger exits with an
1875 error, since in this situation we have to treat the
1876 driver/device state as undefined. Also, we previously just
1877 exited the script in this case, not triggering the panic mode
1878 and potentially leaking the real MAC address (Closes: #8571).
1879 - Disable upgrade checking in the Unsafe Browser. Until now the
1880 Unsafe Browser has checked for upgrades of the Tor Browser in
1881 the clear (Closes: #8694).
1884 - Fix startup of the Unsafe Browser in some locales (Closes: #8693).
1885 - Wait for notification-daemon to run before showing the MAC
1886 spoofing panic mode notifications. Without this, the "Network
1887 card disabled" notification is sometimes lost when MAC spoofing
1888 fails. Unfortunately this only improves the situation, but
1889 doesn't fix it completely (see #8685).
1890 - Log that we're going to stop NetworkManager before trying to do
1891 it in the MAC spoofing scripts. Without this we wouldn't get the
1892 log message in case stopping NetworkManager fails (thanks to
1894 - Set GNOME Screenshot preferences to save the screenshots in
1895 /home/amnesia (Closes: #8087).
1896 - Do not suspend to RAM when closing the lid on battery power
1898 - Properly update the Tails Installer's status when plugging in a
1899 USB drive after it has started (Closes: #8353).
1900 - Make rsync compare file contents by using --checksum for more
1901 reliable generation of the squashfs filesystem in
1902 IUKs. Previously it used the default, which is checking
1903 timestamps and file size, but that doesn't play well with the
1904 Tor browser files, that have a fixed mtime, which could result
1905 in updated files not ending up in the IUK.
1907 * Minor improvements
1908 - Finish migrating tails-security-check's and tails-iuk's pinning
1909 to our website's new X.509 certificate authority (Closes: #8404).
1912 - Update to Vagrant build box tails-builder-20141201. The only
1913 change is the removal of a reference to an ISO image which
1914 doesn't exist (except on the system that generated the build
1915 box) which causes an error for some users (Closes: #7644).
1916 - Generate the list of packages used during build, after building
1917 with Jenkins (Closes: #8518). This allows tracking their status
1918 on the Debian reproducible build front:
1919 https://reproducible.debian.net/index_pkg_sets.html#tails
1921 * Automated test suite
1922 - Check PO files with i18nspector (Closes: #8359).
1923 - Fix the expected image of a check.tp.o failure. Previously we
1924 looked for the "Sorry. You are not using Tor." text, but it
1925 seems it recently changed enough for Sikuli to not find it. To
1926 prevent future errors of the same kind we'll look for the
1927 crossed-over onion icon instead (Closes: #8533).
1928 - Bump timeout when waiting for Tor to re-bootstrap. We have a
1929 dreaded issue with timeouts that are multiple of 2 minutes, and
1930 then Tor succeeds soon after, so in order to allow for this
1931 timeout to be reached twice, and then possibly succeed, let's
1932 use N*2 minutes + 30 seconds, with N=2.
1934 -- Tails developers <tails@boum.org> Wed, 14 Jan 2015 16:12:26 +0100
1936 tails (1.2.2) unstable; urgency=medium
1939 - Create a CA bundle for Tails Upgrader at ISO build time, and
1940 patch Tails Upgrader to use it. Specifically this will make it
1941 possible to check for Tails upgrades after our website changes
1942 certificate around the 2014 to 2015 transition (Partially fixes
1945 -- Tails developers <tails@boum.org> Mon, 15 Dec 2014 10:05:17 +0100
1947 tails (1.2.1) unstable; urgency=low
1950 - Upgrade Linux to 3.16.0-4, i.e. 3.16.7-1.
1951 - Install Tor Browser 4.0.2 (based on Firefox 31.3.0esr).
1954 - Install syslinux-utils, to get isohybrid back (Closes: #8155).
1955 - Update xserver-xorg-input-evdev to 1:2.7.0-1+tails1 which
1956 includes a patch that restores mouse scrolling in KVM/Spice
1958 - Set Torbutton logging preferences to the defaults (Closes:
1959 #8160). With the default settings, no site-specific information is
1961 - Use the correct stack of rootfs:s for the chroot browsers (Closes:
1962 #8152, #8158). After installing incremental upgrades Tails' root
1963 filesystem consists of a stack squashfs:s, not only
1964 filesystem.squashfs. When not stacking them correct we may end up
1965 using the Tor Browser (Firefox) from an older version of Tails, or
1966 with no Tor Browser at all, as in the upgrade from Tails 1.1.2 to
1967 1.2, when we migrated from Iceweasel to the Tor Browser. Based on
1968 a patch contributed by sanic.
1969 - Use the Tor Browser for MIME type that GNOME associates with
1970 Iceweasel (Closes: #8153). Open URLs from Claws Mail, KeePassX
1971 etc. should be possible again.
1972 - Update patch to include all Intel CPU microcodes (Closes: #8189).
1973 - AppArmor: allow Pidgin to run Tor Browser unconfined, with
1974 scrubbed environment (Closes: #8186). Links opened in Pidgin are
1975 now handled by the Tor Browser.
1976 - Install all localized Iceweasel search plugins (Closes: #8139).
1977 - When generating the boot profile, ignore directories in
1978 process_IN_ACCESS as well (Closes: #7925). This allows ut to
1979 update the squashfs-ordering again in Tails 1.2.1.
1980 - gpgApplet: Don't pass already encoded data to GTK2 (Closes:
1981 #7968). It's now possible to clearsign text including non-ASCII
1983 - Do not run the PulseAudio initscript, neither at startup nor
1984 shutdown (Closes: #8082).
1986 * Minor improvements
1987 - Upgrade I2P to 0.9.17-1~deb7u+1.
1988 - Make GnuPG configuration closer to the best practices one
1990 - Have GnuPG directly use the Tor SOCKS port (Closes: #7416).
1991 - Remove TrueCrypt support and documentat how to open TrueCrypt
1992 volumes using cryptsetup (Closes: #5373).
1993 - Install hopenpgp-tools from Debian Jessie.
1996 - Add gettext >= 0.18.3 as a Tails build dependency. We need it for
1997 xgettext JavaScript support in feature/jessie.
1999 * Automated test suite
2000 - Don't click to open a sub-menu in the GNOME applications menu
2002 - When testing the Windows camouflage, look for individual systray
2003 applets, to avoid relying on their ordering (Closes: #8059).
2004 - Focus the Pidgin Buddy List before looking for something
2005 happening in it (Closes: #8161).
2006 - Remove workaround for showing the TBB's menu bar (Closes #8028).
2008 -- Tails developers <tails@boum.org> Tue, 02 Dec 2014 11:34:03 +0100
2010 tails (1.2) unstable; urgency=medium
2012 * Major new features
2013 - Migrate from Iceweasel to the Tor Browser from the Tor Browser
2014 Bundle 4.0 (based on Firefox 31.2.0esr). This fixes the POODLE
2016 The installation in Tails is made global (multi-profile), uses
2017 the system-wide Tor instance, disables the Tor Browser updater,
2018 and keeps the desired deviations previously present in Iceweasel,
2019 e.g. we install the AdBlock Plus add-on, but not Tor Launcher (since
2020 we run it as a standalone XUL application), among other things.
2021 - Install AppArmor's userspace tools and apparmor-profiles-extra
2022 from Wheezy Backports, and enable the AppArmor Linux Security
2023 Module. This adds Mandatory Access Control for several critical
2024 applications in Tails, including Tor, Vidalia, Pidgin, Evince
2026 - Isolate I2P traffic from the Tor Browser by adding a dedicated
2027 I2P Browser. It is set up similarly to the Unsafe Browser,
2028 but further disables features that are irrelevant for I2P, like
2029 search plugins and the AdBlock Plus addon, while keeping Tor Browser
2030 security features like the NoScript and Torbutton addons.
2031 - Upgrade Tor to 0.2.5.8-rc-1~d70.wheezy+1.
2034 - Disable TCP timestamps (Closes: #6579).
2037 - Remove expired Pidgin certificates (Closes: #7730).
2038 - Use sudo instead of gksudo for running tails-upgrade-frontend to
2039 make stderr more easily accessible (Closes: #7431).
2040 - Run tails-persistence-setup with sudo instead of gksudo to make
2041 stderr more easily accessible, and allow the desktop user to
2042 pass the --verbose parameter (Closes: #7623).
2043 - Disable CUPS in the Unsafe Browser. This will prevent the
2044 browser from hanging for several minutes when accidentally
2045 pressing CTRL+P or trying to go to File -> Print (Closes: #7771).
2047 * Minor improvements
2048 - Install Linux 3.16-3 (version 3.16.5-1) from Debian
2049 unstable (Closes: #7886, #8100).
2050 - Transition away from TrueCrypt: install cryptsetup and friends
2051 from wheezy-backports (Closes: #5932), and make it clear that
2052 TrueCrypt will be removed in Tails 1.2.1 (Closes: #7739).
2053 - Install Monkeysign dependencies for qrcodes scanning.
2054 - Upgrade syslinux to 3:6.03~pre20+dfsg-2~bpo70+1, and install
2055 the new syslinux-efi package.
2056 - Upgrade I2P to 0.9.15-1~deb7u+1
2057 - Enable Wheezy proposed-updates APT repository and setup APT
2058 pinnings to install packages from it.
2059 - Enable Tor's syscall sandbox. This feature (new in 0.2.5.x)
2060 should make Tor a bit harder to exploit. It is only be enabled
2061 when when no special Tor configuration is requested in Tails
2062 Greeter due to incompatibility with pluggable transports.
2063 - Start I2P automatically when the network connects via a
2064 NetworkManager hook, and "i2p" is present on the kernel command
2065 line. The router console is no longer opened automatically, but
2066 can be accessed through the I2P Browser (Closes: #7732).
2067 - Simplify the IPv6 ferm rules (Closes: #7668).
2068 - Include persistence.conf in WhisperBack reports (Closes: #7461)
2069 - Pin packages from testing to 500, so that they can be upgraded.
2070 - Don't set Torbutton environment vars globally (Closes: #5648).
2071 - Enable VirtualBox guest additions by default (Closes: #5730). In
2072 particular this enables VirtualBox's display management service.
2073 - In the Unsafe Browser, hide option for "Tor Browser Health
2074 report", and the "Get Addons" section in the Addon manager
2076 - Show Pidgin's formatting toolbar (Closes: #7356). Having the
2077 formatting toolbar displayed in Pidgin makes the OTR status more
2078 explicit by displaying it with words.
2080 * Automated test suite
2081 - Add --pause-on-fail to ease VM state debugging when tests
2083 - Add execute_successfully() and assert_vmcommand_success() for
2084 added robustness when executing some command in the testing VM.
2085 - Use Test::Unit::Assertions instead of our home-made assert().
2086 - Add test for persistent browser bookmarks.
2087 - Add basic tests for Pidgin, Totem and Evince, including their
2088 AppArmor enforcement.
2089 - Factorize some common step pattern into single steps.
2090 - Factorize running a command in GNOME Terminal.
2091 - Add common steps to copy a file and test for its existence.
2092 - Add a wait_and_double_click Sikuli helper method.
2093 - Add a VM.file_content method, to avoid repeating ourselves, and
2094 use it whenever easily doable.
2095 - Drop test that diffs syslinux' exithelp.cfg: we don't ship this
2097 - In the Unsafe Browser tests, rely on subtle timing less (Closes:
2099 - Use the same logic to determine when Tor is working in the test
2100 suite as in Tails itself. The idea is to avoid spamming the Tor
2101 control port during bootstrap, since we've seen problems with
2104 -- Tails developers <tails@boum.org> Wed, 15 Oct 2014 18:34:50 +0200
2106 tails (1.1.2) unstable; urgency=medium
2109 - Upgrade the web browser to 24.8.0esr-0+tails3~bpo70+1
2110 (fixes Mozilla#1064636).
2111 - Install Linux 3.16-1 from sid (Closes: #7886).
2112 - Upgrade file to 5.11-2+deb7u5 (fixes CVE-2014-0207,
2113 CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479,
2114 CVE-2014-3480, CVE-2014-3487, CVE-2014-3538 and CVE-2014-3587).
2115 - Upgrade curl to 7.26.0-1+wheezy10 (fixes CVE-2014-3613 and
2117 - Upgrade bind9-based packages to 1:9.8.4.dfsg.P1-6+nmu2+deb7u2
2118 (fixes CVE-2014-0591).
2119 - Upgrade gnupg to 1.4.12-7+deb7u6 (fixes CVE-2014-5270).
2120 - Upgrade apt to 0.9.7.9+deb7u5 (fixes CVE-2014-0487,
2121 CVE-2014-0488, CVE-2014-0489, CVE-2014-0490, and
2123 - Upgrade dbus to 1.6.8-1+deb7u4 (fixes CVE-2014-3635,
2124 CVE-2014-3636, CVE-2014-3637, CVE-2014-3638 and CVE-2014-3639).
2125 - Upgrade libav-based pacakges to 6:0.8.16-1 (fixes
2127 - Upgrade bash to 4.2+dfsg-0.1+deb7u1 (fixes CVE-2014-6271).
2129 -- Tails developers <tails@boum.org> Tue, 23 Sep 2014 23:01:40 -0700
2131 tails (1.1.1) unstable; urgency=medium
2134 - Upgrade the web browser to 24.8.0esr-0+tails1~bpo70+1
2135 (Firefox 24.8.0esr + Iceweasel patches + Torbrowser patches).
2136 Also import the Tor Browser profile at commit
2137 271b64b889e5c549196c3ee91c888de88148560f from
2138 ttp/tor-browser-24.8.0esr-3.x-1.
2139 - Upgrade Tor to 0.2.4.23-2~d70.wheezy+1 (fixes CVE-2014-5117).
2140 - Upgrade I2P to 0.9.14.1-1~deb7u+1.
2141 - Upgrade Linux to 3.14.15-2 (fixes CVE-2014-3534, CVE-2014-4667
2143 - Upgrade CUPS-based packages to 1.5.3-5+deb7u4 (fixes
2144 CVE-2014-3537, CVE-2014-5029, CVE-2014-5030 and CVE-2014-5031).
2145 - Upgrade libnss3 to 2:3.14.5-1+deb7u1 (fixes CVE-2013-1741,
2146 CVE-2013-5606, CVE-2014-1491 and CVE-2014-1492).
2147 - Upgrade openssl to 1.0.1e-2+deb7u12 (fixes CVE-2014-3505,
2148 CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509,
2149 CVE-2014-3510, CVE-2014-3511, CVE-2014-3512 and CVE-2014-5139).
2150 - Upgrade krb5-based packages to 1.10.1+dfsg-5+deb7u2 (fixes
2151 CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344 and
2153 - Upgrade libav-based packages to 6:0.8.15-1 (fixes CVE-2011-3934,
2154 CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851,
2155 CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672,
2156 CVE-2013-3674 and CVE-2014-2263.
2157 - Upgrade libgpgme11 to 1.2.0-1.4+deb7u1 (fixes CVE-2014-5117).
2158 - Upgrade python-imaging to 1.1.7-4+deb7u1 (fixes CVE-2014-3589).
2159 - Prevent dhclient from sending the hostname over the network
2161 - Override the hostname provided by the DHCP server (Closes: #7769).
2162 - Add an I2P boot parameter. Without adding "i2p" to the kernel
2163 command line, I2P will not be accessible for the Live user.
2164 - Stricter I2P firewall rules:
2165 * deny I2P from accessing the LAN
2166 * deny I2P from accessing the loopback device, except for select
2167 whitelisted services
2168 * allow I2P access to the Internet
2169 The ACCEPT rules will only be enabled when the string 'i2p' is
2170 passed at the boot prompt. The rules which DENY or REJECT
2171 access for the 'i2psvc' user will always be applied.
2172 - Disable I2P plugins, since it doesn't make much sense without
2173 persistence, and should eliminate some attack vectors.
2174 - Disable I2P's BOB port. No maintained I2P application uses it.
2177 - Fix condition clause in tails-security-check (Closes: #7657).
2178 - Don't ship OpenJDK 6: I2P prefers v7, and we don't need both.
2179 - Prevent Tails Installer from updating the system partition
2180 properties on MBR partitions (Closes: #7716).
2182 * Minor improvements
2183 - Upgrade to Torbutton 1.6.12.1.
2184 - Install gnome-user-guide (Closes: #7618).
2185 - Install cups-pk-helper (Closes: #7636).
2186 - Update the SquashFS sort file.
2187 - Compress the SquashFS more aggressively (Closes: #7706).
2188 - I2P: Keep POP3 email on server. The default in the I2P webmail
2189 app was to keep mail on the server, but that setting was changed
2190 recently. This configuration setting (susimail.config) will only
2191 be copied over in I2P 0.9.14 and newer.
2192 - Add a Close button to the Tails Installer launcher window.
2195 - Migrate Vagrant basebox to Debian Wheezy (Closes #7133, #6736).
2196 - Consistently use the same Debian mirror.
2197 - Disable runtime APT proxy configuration when using APT in
2198 binary_local-hooks (Closes: #7691).
2200 * Automated test suite
2201 - Automatically test hostname leaks (Closes: #7712).
2202 - Move autotest live-config hook to be run last. This way we'll
2203 notice if some earlier live-config hook cancels all hooks by
2204 running the automated test suite since the remote shell won't be
2205 running in that case.
2206 - Test that the I2P boot parameter does what it's supposed to do
2208 - Start applications by using the GNOME Applications menu instead
2209 of the GNOME Run Dialog (Closes: #5550, #7060).
2211 -- Tails developers <tails@boum.org> Sun, 31 Aug 2014 20:49:28 +0000
2213 tails (1.1) unstable; urgency=medium
2215 * Rebase on Debian Wheezy
2216 - Upgrade literally thousands of packages.
2217 - Migrate to GNOME3 fallback mode.
2218 - Install LibreOffice instead of OpenOffice.
2219 - Remove custom LSB logging: Wheezy has fancy colored init
2222 * Major new features
2223 - UEFI boot support.
2224 - Replace the Windows XP camouflage with an experimental Windows 8
2226 - Install Linux 3.14.12-1 from Debian unstable.
2227 - Bring back VirtualBox guest modules, installed from Wheezy
2228 backports. Full functionality is only available when using the
2232 - Fix write access to boot medium via udisks (#6172).
2233 - Don't allow the desktop user to pass arguments to
2234 tails-upgrade-frontend (Closes: #7410).
2235 - Make persistent file permissions safer (Closes #7443):
2236 * Make the content of /etc/skel non-world-readable. Otherwise,
2237 such files may be copied to /home/amnesia, and in turn to the
2238 persistent volume, with unsafe permissions. That's no big deal
2239 in /home/amnesia (that is itself not world-readable), *but*
2240 the root of the persistent volume has to be world-readable.
2241 * Have activate_custom_mounts create new directories with safe
2243 * Set strict permissions on /home/amnesia (Closes: #7463).
2244 * Fix permissions on persistent directories that were created
2245 with unsafe permissions (Closes: #7458).
2246 * Fix files ownership while copying persistence (Closes: #7216).
2247 The previous instructions to copy the persistent data were
2248 creating personal files that belong to root. I don't think
2249 there is a way of preserving the original ownership using
2250 Nautilus (unless doing a "move" instead of a "copy" but that's
2251 not what we are trying to do here).
2252 - Disable FoxyProxy's proxy:// protocol handler (Closes: #7479).
2253 FoxyProxy adds the proxy:// protocol handler, which can be used
2254 to configure the proxy via an URI. A malicious web page can
2255 include (or a malicious exit node can inject) some JavaScript
2256 code to visit such an URI and disable or otherwise change
2257 Iceweasel's proxy settings. While using this to disable
2258 proxying will be dealt with safely by our firewall, this could
2259 be used to defeat stream isolation, although the user must be
2260 tricked into accepting the new proxy settings.
2261 - Upgrade the web browser to 24.7.0esr-0+tails1~bpo70+1
2262 (Firefox 24.7.0esr + Iceweasel patches + Torbrowser patches).
2263 - Upgrade to Linux 3.14.12-1 (fixes CVE-2014-4699).
2264 - Upgrade libav-based packages to 0.8.13-1 (fixes CVE-2014-4609).
2265 - Upgrade to libxml2 2.8.0+dfsg1-7+wheezy1 (fixes CVE-2014-0191).
2266 - Upgrade to dbus 1.6.8-1+deb7u3 (fixes CVE-2014-3477,
2267 CVE-2014-3532 and CVE-2014-3533).
2270 - Disable GNOME keyring's GnuPG functionality. (Closes: #7330) In
2271 feature/regular-gnupg-agent, we installed the regular GnuPG
2272 agent so that it is used instead of GNOME keyring's one. This is
2273 not enough on Wheezy, so let's disable the starting of the "gpg"
2274 component of GNOME keyring.
2275 - Make sure /etc/default/locale exists, with a sensible default
2276 value (Closes: #7333). Before Tails Greeter's PostLogin script
2277 are run, /etc/default/locale does not exist on Wheezy. Our
2278 tails-kexec initscript (and quite a few other scripts we run)
2279 depends on this file to exist. So, let's make sure it exists,
2280 with a sensible default value.
2281 - Create the tails-persistence-setup user with the same UID/GID it
2282 had on Tails/Squeeze. (Closes: #7343) Else, our various checks
2283 for safe access rights on persistence.conf fail.
2284 - Revert back to browsing the offline documentation using Iceweasel
2285 instead of Yelp (Closes: #7390, #7285).
2286 - Make the new NetworkManager configuration directory persistent,
2287 when the old one was, but disable the old one (Closes: #7338).
2288 - Before running tails-upgrade-frontend, chdir to a world-readable
2289 place (Closes: #7641). In particular, Archive::Tar::Wrapper,
2290 when called by tails-install-iuk, wants to chdir back to the
2291 original cwd after it has chdir'd elsewhere to do its job.
2293 * Minor improvements
2294 - Install seahorse-nautilus, replacing seahorse-plugins (Closes #5516).
2295 - Install hledger (custom backport, for now): our accountants need this.
2296 - Install stable Scribus instead of scribus-ng.
2297 - Install the printer driver for Epson Inkjet that use ESC/P-R.
2298 - Install the BookletImposer PDF imposition toolkit. It's tiny,
2299 and really helpful e.g. when producing booklets.
2300 - Install gtkhash and nautilus-gtkhash (Closes #6763).
2301 - Import new version of Tor Launcher:
2302 · Now based on upstream Tor Launcher 0.2.5.4.
2303 · Tor bug #11772: Proxy Type menu not set correctly
2304 · Tor bug #11699: Change &#160 to   in network-settings.dtd
2305 · Correctly handle startup paths that contain dot.
2306 - Upgrade to Torbutton 1.6.9.0.
2307 - Avoid shipping python2.6 in addition to python2.7.
2308 - Don't install Gobby 0.4 anymore. Gobby 0.5 has been available in
2309 Debian since Squeeze, now is a good time to drop the obsolete
2311 - Require a bit less free memory before checking for upgrades with
2312 Tails Upgrader. The general goal is to avoid displaying "Not
2313 enough memory available to check for upgrades" too often due to
2314 over-cautious memory requirements checked in the wrapper.
2315 - Make Tails Greeter's help window resolution-aware. Previously it
2316 used a static 800x600 which was problematic on lower resolutions,
2317 and sub-optimal on higher resolutions. Now it adapts itself
2318 according to the screen resolution.
2319 - Whisperback now sanitizes attached logs better with respect to
2320 DMI data, IPv6 addresses, and serial numbers (Closes #6797,
2322 - Integrate the new logo in Tails Installer (Closes #7095)
2323 - Also install linux-base and linux-compiler-gcc-4.8-x86 from
2324 sid. This way, we can get rid of our linux-compiler-gcc-4.8-x86
2325 3.12, and it makes things a bit more consistent.
2326 - Include the syslinux binary, and its MBR, in the ISO filesystem.
2327 This in turn allows Tails Installer to use this binary and MBR,
2328 which is critical for avoiding problems (such as #7345) on
2330 - Include syslinux.exe for win32 in utils/win32/ on the ISO
2331 filesystem (Closes: #7425).
2333 * Add consistent margins in GUI.
2334 * Always reset the target drive's MBR, without asking for
2335 confirmation, after installing or upgrading.
2336 * Install the bootloader using the syslinux binary found on the
2337 target device, once the Live OS has been extracted/copied
2339 - Enable double-clicking to pick entries in the language or
2340 keyboard layout lists in Tails Greeter.
2341 - Install backport of shared-mime-info 1.3 (Closes: #7079).
2342 - Make sanity-check prompts closable in Tails Persistence Setup
2344 - Fix quick search in Tails Greeter's Other languages window
2346 - Install systemd. It is not enabled by default, but having it
2347 around will help doing the migration work.
2348 - Enable AppArmor on the kernel command-line. This is a no-op
2349 without the userspace tools and with no profile shipped, but it
2350 will make it easier to fix this part of the situation.
2353 - Bump Vagrant builder's memory for RAM builds. Wheezy requires
2354 more space to build, and the resulting image is larger.
2355 - Fix Vagrant compatibility issue. Some classes' methods/fields
2356 have been renamed between Vagrant versions, so we need a simple
2357 compatibility layer to support all versions. Without this, it's
2358 not possible to issue e.g. a `build` command to an already
2359 running (i.e. `vm:up`:ed) Vagrant instance.
2360 - Move cpu and mem checks to the `build` task. Previously, when
2361 they were checked in `vm:up` *only* when issued while the VM
2362 already is up, so these checks weren't run if one issues a
2363 `build` when the VM is off. Now we'll fail earlier with a more
2364 informative error message, and it looks like a more logical home
2366 - Fix buggy memory checks for RAM building. We have to take into
2367 account which state the Vagrant VM is in for determining *where*
2368 we check if enough memory is available for a RAM build. If it's
2369 off, we check the host; if it's on we check the VM. Previously
2370 we always checked the host, which doesn't make sense when the VM
2373 * Automated test suite
2374 - Bump the tester VM's RAM by 256 MiB. There is not enough free
2375 RAM to run Tails Upgrader with just 1 GiB of RAM after the
2376 migration to Wheezy.
2377 - Always adjust OOM and memory overcommit settings. The kernel
2378 freezes seem to also happen for the amd64 kernel when filling
2380 - Add option to make Sikuli rety on FindFailed. This makes it
2381 possible to update manu images for Sikuli in just *one* test
2382 suite run, by continuously updating outdated pictures as we go.
2383 - Actually run "Upgrade from ISO" from a USB drive running the old
2384 version. That's what users do, and is buggy.
2385 - Automatically test persistent directories permissions (Closes: #7560).
2386 - Use read-write persistence when testing upgraded USB
2387 installations. Otherwise e.g. the permission fixes won't get
2388 applied, and the subsequent steps testing the permissions will
2390 - Actually check that the ISO's Tails is installed. The step
2391 "Tails is installed on USB drive $TARGET" only checks that the
2392 *running* Tails is installed on $TARGET, which obviously fails
2393 when doing an upgrade from ISO running an old Tails. That it
2394 worked for the same scenario running the current Tails is just
2396 - Use OpenJDK 7 to run our test suite (Closes #7175).
2397 - Use qemu-system-x86_64 directly, instead of kvm, for running the
2398 automated test suite (Closes: #7605).
2400 -- Tails developers <tails@boum.org> Sun, 20 Jul 2014 23:16:13 +0200
2402 tails (1.0.1) unstable; urgency=medium
2405 - Upgrade the web browser to 24.6.0esr-0+tails1~bpo60+1
2406 (Firefox 24.6.0esr + Iceweasel patches + Torbrowser patches).
2407 Also import the Tor Browser profile at commit
2408 90ba8fbaf6f23494f1a0e38d63153b3b7e65d3d3 from
2409 ttp/tor-browser-24.6.0esr-3.x-1.
2410 - Install Linux 3.14 from Debian unstable (fixes CVE-2014-3153 and
2412 - Install openssl from Squeeze LTS (fixes CVE-2014-0076,
2413 CVE-2014-0195, CVE-2014-0221, CVE-2014-3470 and CVE-2014-0224).
2414 - Install GnuTLS from Squeeze LTS (fixes CVE-2014-3466.).
2416 * Minor improvements
2417 - Add Squeeze LTS APT sources. It has been given a low pinning
2418 priority so explicit pinning must be used to actually install
2420 - Upgrade Tor to 0.2.4.22-1~d60.squeeze+1.
2421 - Upgrade I2P to 0.9.13-1~deb6u+1.
2423 -- Tails developers <tails@boum.org> Sun, 08 Jun 2014 19:14:00 +0200
2425 tails (1.0) unstable; urgency=medium
2428 - Upgrade the web browser to 24.5.0esr-0+tails1~bpo60+1
2429 (Firefox 24.5.0esr + Iceweasel patches + Torbrowser patches).
2430 - Upgrade Tor to 0.2.4.21-1+tails1~d60.squeeze+1:
2431 * Based on 0.2.4.21-1~d60.squeeze+1.
2432 * Backport the fix for Tor bug #11464. It adds client-side blacklists for
2433 all Tor directory authority keys that was vulnerable to Heartbleed.
2434 This protects clients in case attackers were able to compromise a
2435 majority of the authority signing and identity keys.
2438 - Disable inbound I2P connections. Tails already restricts incoming
2439 connections, but this change tells I2P about it.
2440 - Fix link to the system requirements documentation page in the Tails
2441 Upgrader error shown when too little RAM is available.
2443 * Minor improvements
2444 - Upgrade I2P to 0.9.12-2~deb6u+1.
2445 - Import TorBrowser profile. This was forgotten in Tails 0.23 and even
2446 though we didn't explicitly set those preferences in that release
2447 they defaulted to the same values. This future-proofs us in case the
2448 defaults would ever change.
2449 - Import new custom version of tor-launcher:
2450 * Based on upstream Tor Launcher 0.2.5.3.
2451 * Improve how Tor Launcher handles incomplete translation.
2452 (Tor bug #11483; more future-proof fix for Tails bug #6885)
2453 * Remove the bridge settings prompt. (Tor bug #11482; closes Tails
2455 * Always show bridge help button. (Tor bug #11484)
2456 - Integrate the new Tails logo into various places:
2459 * The "About Tails" dialog
2462 - Use the stable APT suite when building from the stable Git branch
2466 - Add test for the #7022 fix.
2468 -- Tails developers <tails@boum.org> Sun, 27 Apr 2014 19:34:01 +0200
2470 tails (0.23) unstable; urgency=medium
2473 - Upgrade the web browser to 24.4.0esr-0+tails1~bpo60+1
2474 (Firefox 24.4.0esr + Iceweasel patches + Torbrowser patches).
2476 * Major new features
2477 - Spoof the network interfaces' MAC address by default (Closes: #5421),
2478 as designed on https://tails.boum.org/contribute/design/MAC_address/.
2479 - Rework the way to configure how Tor connects to the network
2480 (bridges, proxy, fascist firewall): add an option to Tails Greeter,
2481 start Tor Launcher when needed (Closes: #5920, #5343).
2484 - Additional software: do not crash when persistence is disabled
2486 - Upgrade Pidgin to 2.10.9, that fixes some regressions introduced
2487 in the 2.10.8 security update (Closes: #6661).
2488 - Wait for Tor to have fully bootstrapped, plus a bit more time,
2489 before checking for upgrades (Closes: #6728) and unfixed known
2491 - Disable the Intel Management Engine Interface driver (Closes: #6460).
2492 We don't need it in Tails, it might be dangerous, and it causes bugs
2493 on various hardware such as systems that reboot when asked to shut down
2494 - Add a launcher for the Tails documentation. This makes it available
2495 in Windows Camouflage mode (Closes: #5374, #6767).
2496 - Remove the obsolete wikileaks.de account from Pidgin (Closes: #6807).
2498 * Minor improvements
2499 - Upgrade Tor to 0.2.4.21-1~d60.squeeze+1.
2500 - Upgrade obfsproxy to 0.2.6-2~~squeeze+1.
2501 - Upgrade I2P to 0.9.11-1deb6u1.
2502 - Install 64-bit kernel instead of the 686-pae one (Closes: #5456).
2503 This is a necessary first step towards UEFI boot support.
2504 - Install Monkeysign (in a not-so-functional shape yet).
2505 - Disable the autologin text consoles (Closes: #5588). This was one of
2506 the blockers before a screen saver can be installed
2507 in a meaningful way (#5684).
2508 - Don't localize the text consoles anymore: it is broken on Wheezy,
2509 the intended users can as well use loadkeys, and we now do not have
2510 to trust setupcon to be safe for being run as root by the desktop user.
2511 - Make it possible to manually start IBus.
2512 - Reintroduce the possibility to switch identities in the Tor Browser,
2513 using a filtering proxy in front of the Tor ControlPort to avoid giving
2514 full control over Tor to the desktop user (Closes: #6383).
2515 - Incremental upgrades improvements:
2516 · Drop the Tails Upgrader launcher, to limit users' confusion
2518 · Lock down sudo credentials a bit.
2519 · Hide debugging information (Closes: #6505).
2520 · Include ~/.xsession-errors in WhisperBack bug reports.
2521 This captures the Tails Upgrader errors and debugging information.
2522 · Report more precisely why an incremental upgrade cannot be done
2524 · Various user interface and phrasing improvements.
2525 - Don't install the Cookie Monster browser extension (Closes: #6790).
2526 - Add a browser bookmark pointing to Tor's Stack Exchange (Closes: #6632).
2527 - Remove the preconfigured #tor channel from the Pidgin: apparently,
2528 too many Tails users go ask Tails questions there, without making
2529 it clear that they are running Tails, hence creating a user-support
2530 nightmare (Closes: #6679).
2531 - Use (most of) Tor Browser's mozconfig (Closes: #6474).
2532 - Rebase the browser on top of iceweasel 24.3.0esr-1, to get
2533 the certificate authorities added by Debian back (Closes: #6704).
2534 - Give access to the relevant documentation pages from Tails Greeter.
2535 - Hide Tails Greeter's password mismatch warning when entry is changed.
2536 - Persistent Volume Assistant:
2537 · Take into account our installer is now called Tails Installer.
2538 · Optimize window height (Closes: #5458).
2539 · Display device paths in a more user-friendly way (Closes: #5311).
2542 - Ease updating POT and PO files at release time, and importing translations
2543 from Transifex (Closes: #6288, #6207).
2544 - Drop custom poedit backport, install it from squeeze-backports-sloppy.
2545 - Make ISO and IUK smaller (Closes: #6390, #6425):
2546 · Exclude more files from being included in the ISO.
2547 · Remove *.pyc later so that they are not recreated.
2548 · Truncate log files later so that they are not filled again.
2549 · At ISO build time, set mtime to the epoch for large files whose content
2550 generally does not change between releases. This forces rsync
2551 to compare the actual content of these files, when preparing an IUK,
2552 instead of blindly adding it to the IUK merely because the mtime
2553 has changed, while the content is the same.
2554 - Make local hooks logging consistent.
2557 - Migrate from JRuby to native Ruby + rjb.
2558 - The test suite can now be run on Debian Wheezy + backports.
2559 - Fix buggy "persistence is not enabled" step (Closes: #5465).
2560 - Use IPv6 private address as of RFC 4193 for the test suite's virtual
2561 network. Otherwise dnsmasq from Wheezy complains, as it is not capable
2562 of handling public IPv6 addresses.
2563 - Delete volumes after each scenario unless tagged @keep_volumes.
2564 - Add an anti-test to make sure the memory erasure test works fine.
2565 - A *lot* of bugfixes, simplifications and robustness improvements.
2567 -- Tails developers <tails@boum.org> Tue, 18 Mar 2014 00:58:50 +0100
2569 tails (0.22.1) unstable; urgency=medium
2572 - Upgrade the web browser to 24.3.0esr-0+tails1~bpo60+2
2573 (Firefox 24.3.0esr + Iceweasel patches + Torbrowser patches).
2574 - Upgrade NSS to 3.14.5-1~bpo60+1.
2575 - Upgrade Pidgin to 2.10.8.
2576 - Workaround browser size fingerprinting issue by using small icons
2577 in the web browser's navigation toolbar (Closes: #6377).
2578 We're actually hit by Tor#9268, and this is the best workaround gk
2579 and I were able to find when discussing this on Tor#10095.
2581 * Major new features
2582 - Check for upgrades availability using Tails Upgrader, and propose
2583 to apply an incremental upgrade whenever possible (Closes: #6014).
2584 · Run tails-update-frontend at session login time.
2585 · Have tails-security-check only report unfixed security issues.
2586 · Greatly improve the Tails Upgrader UI and strings phrasing.
2587 · Enable startup notification for Tails Upgrader.
2588 - Install Linux 3.12 (3.12.6-2) from Debian testing. Unfortunately,
2589 this breaks the memory wipe feature on some hardware (#6460), but
2590 it fixes quite a few security issues, and improves hardware support.
2591 - Update the build system to be compatible with Vagrant 1.2 and 1.3,
2592 in addition to the already supported versions (Closes: #6221).
2593 Thanks to David Isaac Wolinsky <isaac.wolinsky@gmail.com>.
2596 - Do not start IBus for languages that don't need it. This fixes
2597 the keybindings problems introduced in 0.22 (Closes: #6478).
2598 Thanks to WinterFairy.
2599 - Disable network.proxy.socks_remote_dns in the Unsafe Browser.
2600 Bugfix against 0.22 (Closes: #6479).
2601 - Fetch Tor Browser User-Agent from its own prefs, rather than from
2602 the obsolete Torbutton ones. Bugfix against 0.22 (Closes: #6477).
2603 - Upgrade Vagrant basebox to include up-to-date Debian archive keys
2604 (Closes: #6515, #6527).
2605 - Do not use a non-working proxy for downloading the Vagrant basebox
2607 - Use IE's icon in Windows camouflage mode.
2608 Bugfix against 0.22 (Closes: #6536).
2609 - Support "upgrading" a partial Tails installation (Closes: #6438)
2610 and fix missing confirmation dialog in Tails Installer (Closes: #6437).
2611 Thanks to Andres Gomez Ramirez <andres.gomez@cern.ch>.
2612 - Fix browser homepage in Spanish locales (Closes: #6612).
2614 * Minor improvements
2615 - Tor 0.2.4 is stable! Adapt APT sources accordingly.
2616 - Update Tor Browser to 24.2.0esr-1+tails1, that uses its own NSS
2617 library instead of the system one.
2618 - Update Torbutton to 1.6.5.3.
2619 - Do not start Tor Browser automatically, but notify when Tor is ready.
2620 Warn the user when they attempt to start Tor Browser before Tor is ready.
2621 - Import Tor Browser profile at
2622 3ed5d9511e783deb86835803a6f40e7d5a182a12 from ttp/tor-browser-24.2.0esr-1.
2623 - Use http.debian.net for Vagrant builds, instead of the mostly broken
2624 (and soon obsolete) cdn.debian.net.
2625 - Phrasing and UI improvements in tails-upgrade-frontend.
2626 - Style and robustness improvements in tails-security-check.
2627 - Make room for upcoming UEFI support in Tails Installer.
2629 -- Tails developers <tails@boum.org> Wed, 29 Jan 2014 15:08:13 +0100
2631 tails (0.22) unstable; urgency=medium
2635 - Upgrade to Iceweasel 24.2.0esr that fixes a few serious security issues.
2636 - Stop migrating persistence configuration and access rights. Instead,
2637 disable all persistence configuration files if the mountpoint has wrong
2638 access rights (Closes: #6413).
2639 - Upgrade to NSS 3.15.3 that fixes a few serious security issues affecting
2640 the browser, such as CVE-2013-1741, CVE-2013-5605 and CVE-2013-5606.
2642 * Major improvements
2643 - Switch to Iceweasel 24 (Closes: #6370).
2644 · Resync' (most) Iceweasel prefs with TBB 3.0-beta-1 and get rid
2645 of many obsolete or default settings.
2646 · Disable WebRTC (Closes: #6468).
2647 · Import TorBrowser profile at commit
2648 51bf06502c46ee6c1f587459e8370aef11a3422d from the tor-browser-24.2.0esr-1
2649 branch at https://git.torproject.org/tor-browser.git.
2650 - Switch to Torbutton 1.6.5 (Closes: #6371).
2651 · Prevent Torbutton from asking users to "upgrade TBB".
2652 · Use the same Tor SOCKS port as the TBB (9151) for our web browser.
2653 This should be enough to avoid being affected by Tor#8511.
2654 · Disable Torbutton 1.6's check for Tor.
2655 Unfortunately, the new check.torproject.org breaks the remote Tor
2656 check. We cannot use the local Tor check with the control port. So,
2657 the shortest and sanest path to fixing the check issue, because the
2658 remote Tor check is broken" seems to simply disable this check.
2659 Patch submitted upstream as Tor#10216.
2660 - Prepare incremental upgrades to be the next default way to upgrade Tails,
2661 on point-releases at least.
2664 - Deny X authentication only after Vidalia exits (Closes: #6389).
2665 - Disable DPMS screen blanking (Closes: #5617).
2666 - Fix checking of the persistent volume's ACL.
2667 - Sanitize more IP and MAC addresses in bug reports (Closes: #6391).
2668 - Do not fail USB upgrade when the "tmp" directory exists on the
2670 - Tails Installer: list devices with isohybrid Tails installed
2673 * Minor improvements
2674 - Create a configuration file for additional software if needed
2676 - Translations all over the place.
2677 - Enable favicons in Iceweasel.
2678 - Do not propose to make permanent NoScript exceptions.
2679 In Tails, every such thing is temporary, so better only display the menu
2680 entry that's about temporarily allowing something.
2681 - Clearer warning when deleting persistent volume (thanks to Andres Gomez
2682 Ramirez <andres.gomez@cern.ch> for the patch).
2683 - Make wording in Tails Installer more consistent.
2686 * Use IBus instead of SCIM (Closes: #5624, #6206).
2687 It makes it possible to input passwords in pinentry for at least Japanese,
2688 Chinese and Korean languages.
2689 * Add an import-translation script.
2690 This automates the importation process of completed translations
2692 * Always list optimal keyboard layout in the greeter (Closes: #5741).
2693 * Fix on-the-fly translation of the greeter in various languages
2697 * Update I2P to 0.9.8.1 (Closes: #6080, #5889).
2698 * Improve I2P configuration:
2699 - Disable IPv6 support in a nicer way.
2700 - Disable i2cp (allows java clients to communicate from outside the JVM). If
2701 this is unset an exception for port 7654 would need to be added to ferm.
2702 - Disable "in-network" updates (this is also done in the regular I2P
2704 - Disable the outproxies. Access to the Internet is already routed through
2705 Tor so these are unnecessary. If end-users have a good reason to go
2706 through one of the I2P outproxies they can turn them back on.
2707 * Add a couple of default I2P IRC channels to Pidgin.
2708 * Allow access to the local 'eepsite' through FoxyProxy.
2709 * Add firewall exceptions for the standard I2P ports.
2711 -- Tails developers <tails@boum.org> Sat, 30 Nov 2013 16:47:18 +0100
2713 tails (0.21) unstable; urgency=low
2716 - Don't grant access to the Tor control port for the desktop user
2717 (amnesia). Else, an attacker able to run arbitrary code as this user
2718 could obtain the public IP with a get_info command.
2719 · Vidalia is now run as a dedicated user.
2720 · Remove the amnesia user from the debian-tor group.
2721 · Remove the Vidalia launcher in the Applications menu.
2722 The Vidalia instance it starts is useless, since it can't connect
2723 to the Tor control port.
2724 - Don't allow the desktop user to directly change persistence settings.
2725 Else, an attacker able to run arbitrary code as this user could
2726 leverage this feature to gain persistent root access, as long as
2727 persistence is enabled.
2728 · Fully rework the persistent filesystem and files ownership
2730 · Run the Persistent Volume Assistant as a dedicated user, that is
2731 granted the relevant udisks and filesystem -level credentials.
2732 · At persistence activation time, don't trust existing persistence
2733 configuration files, migrate to the new ownership and permissions,
2734 migrate every known-safe existing settings and backup what's left.
2735 Warn the user when not all persistence settings could be migrated.
2736 · Persistent Volume Assistant uses the new ownership and permissions
2737 scheme when initializing a new persistent volume, and refuses to
2738 read persistence.conf if it, or the parent directory, hasn't the
2739 expected permissions.
2740 · Make boot medium 'system internal' for udisks with bilibop.
2741 Once Tails is based on Wheezy, this will further complete the
2742 protection (see #6172 for details).
2743 - Update Iceweasel to 17.0.10esr-0+tails2~bpo60+1.
2744 - Update Torbutton to 1.5.2-2, including a patch cherry-picked from
2745 upstream to make window resizing closer to what the design says.
2747 * Major new features
2748 - Add a persistence preset for printing settings (Closes: #5686).
2749 Reload CUPS configuration after persistence activation.
2750 - Support SD card connected through a SDIO host adapter (Closes: #6324).
2751 · Rebrand Tails USB installer to Tails installer.
2752 · Display devices brand, model and size in the Installer
2754 · Ask for confirmation before installing Tails onto a device
2756 · Add support for SDIO and MMC block devices to the Tails Installer
2757 (Closes: #5744) and the Persistent Volume Assistant (Closes: #6325).
2758 · Arm the udev watchdog when booted from SD (plugged in SDIO) too
2761 * Minor improvements
2762 - Provide a consistent path to the persistent volume mountpoint
2764 - Add a KeePassX launcher to the top GNOME panel (Closes: #6290).
2765 - Rework bug reporting workflow: point the desktop launcher to
2766 the troubleshooting page.
2767 - Make /home world-readable at build time, regardless of the Git
2768 working copy permissions. This makes the build process more robust
2769 against strict umasks.
2770 - Add signing capabilities to the tails-build script (Closes: #6267).
2771 This is in turn used to sign ISO images built by our Jenkins setup
2773 - Simplify the ikiwiki setup and make more pages translatable.
2774 - Exclude the version string in GnuPG's ASCII armored output.
2775 - Prefer stronger ciphers (AES256,AES192,AES,CAST5) when encrypting
2777 - Use the same custom Startpage search URL than the TBB.
2778 This apparently disables the new broken "family" filter.
2779 - Update AdBlock Plus patterns.
2780 - Install Linux from Debian testing.
2781 (That is, the same version that was shipped in 0.20.1.)
2784 - Look for "/tmp/.X11-unix/X${1#:}" too when detecting displays in use.
2785 - Adapt tests to match the Control Port access security fix:
2786 · Take into account that the amnesia user isn't part of the debian-tor
2788 · Run as root the checks to see if a process is running: this
2789 is required to see other users' processes.
2791 -- Tails developers <tails@boum.org> Sat, 26 Oct 2013 23:42:46 +0200
2793 tails (0.20.1) unstable; urgency=low
2795 * Major new features
2796 - Install Tor 0.2.4.17-rc-1~d60.squeeze+1 from the Tor project's repository.
2797 - Install Iceweasel 17.0.9esr with Torbrowser patches.
2798 - Install Linux kernel 3.10-3 (version 3.10.11-1) from sid.
2801 - Remount persistence devices read-only at shutdown/reboot time
2803 - Greeter: display a warning icon on admin password mismatch and on
2804 persistence unlocking failure. Thanks to Andres Gomez Ramirez
2805 <andres.gomez@cern.ch> for the fix!
2806 - Don't torsocksify Pidgin.
2807 Instead we disable Pidgin's GNOME integration to get the "Global proxy
2808 configuration", which we set to use Tor. This fixes the I2P IRC account.
2809 - Additional software: fix typo in notification.
2810 - Allow installing "Priority: standard" packages that we do not install
2811 by default: remove them late in the build process instead of assigning
2812 them a -1 APT pinning level.
2814 * Minor improvements
2815 - Update AdBlock Plus patterns.
2816 - Use more unique ISO file name when building from Jenkins.
2817 - Additional software: point to the system log on upgrade failure.
2818 - Set SOCKS5_USER and SOCKS5_PASSWORD in the connect-socks wrapper (used
2819 by Git). Else, Tor 0.2.4's IsolateSOCKSAuth and connect-proxy
2820 sometimes play together in some way that makes connect-proxy ask for
2821 a password to connect to the SocksPort. SOCKS5_USER and
2822 SOCKS5_PASSWORD are passed through unchanged if they were manually set
2823 by the user already.
2824 - Use our custom connect-socks wrapper for SSH. Else, Tor 0.2.4's
2825 IsolateSOCKSAuth and connect-proxy sometimes play together in some way
2826 that makes connect-proxy ask for a password to connect to the
2827 SocksPort. Note that connect-socks uses the default SocksPort too, so
2828 no change here wrt. our connection isolation design.
2831 - Import new translations from Transifex.
2834 - Fix old ISO checking for consistent error reporting.
2835 - Remove custom persistence test from manual test suite.
2836 It was removed for the GUI in t-p-s 0.33.
2838 -- Tails developers <tails@boum.org> Sun, 15 Sep 2013 15:49:36 +0200
2840 tails (0.20) unstable; urgency=low
2842 * Major new features
2843 - Install Linux kernel 3.10.3-1 from Debian unstable.
2844 - Iceweasel 17.0.8esr + Torbrowser patches.
2847 - Prevent Iceweasel from displaying a warning when leaving HTTPS web sites.
2848 - Make Iceweasel use the correct, localized search engine.
2849 - Fix Git access to https:// repositories.
2851 * Minor improvements
2852 - Install Dasher, a predictive text entry tool.
2853 - Add a wrapper around TrueCrypt which displays a warning about it soon
2854 being deprecated in Tails.
2855 - Remove Pidgin libraries for all protocols but IRC and Jabber/XMPP.
2856 Many of the other protocols Pidgin support are broken in Tails and
2857 haven't got any security auditting.
2858 - Disable the pre-defined Pidgin accounts so they do not auto-connect
2860 - Include information about Alsa in WhisperBack reports.
2861 - Explicitly restrict access to ptrace. While this setting was enabled
2862 by default in Debian's Linux 3.9.6-1, it will later disabled in 3.9.7-1.
2863 It's unclear what will happen next, so let's explicitly enable it ourselves.
2864 - Do not display dialog when a message is sent in Claws Mail.
2865 - Sync iceweasel preferences with the Torbrowser's.
2868 - Many translation updates all over the place.
2869 - Merge all Tails-related POT files into one, and make use of intltoolize
2870 for better integration with Transifex.
2872 -- Tails developers <tails@boum.org> Tue, 30 Jul 2013 14:19:57 +0200
2874 tails (0.19) unstable; urgency=low
2876 * Major new features
2877 - Install Linux kernel 3.9.5-1 from Debian unstable.
2878 Features of particular interest for Tails are the Yama LSM
2879 (ptrace scope restrictions) and improved hardware support.
2880 As a corollary, install initramfs-tools from there too.
2881 - Iceweasel 17.0.7esr + Torbrowser patches.
2882 - Unblock Bluetooth, Wi-Fi, WWAN and WiMAX; block every other type of
2883 wireless device. Next steps are described on the
2884 todo/protect_against_external_bus_memory_forensics ticket.
2887 - Fix write access to boot medium at the block device level,
2888 by installing bilibop-udev. Thanks to quidame for his support.
2889 - tails-greeter l10n-related fixes, thanks to winterfairy:
2890 · Fix so translations is applied on password mismatch messages.
2891 · Separate forward and login buttons and make them translatable.
2892 - Fix link to documentation when no sudo password is set.
2893 - gpgApplet: partial fix for clipboard emptying after a wrong passphrase
2895 - Workaround aufs bug in Unsafe Browser script.
2897 * Minor improvements
2898 - Drop GNOME proxy settings: we did not find any use of it we were keen
2899 to support, other than two programs (Seahorse, Pidgin) that are now run
2901 - Format newly created persistent volumes as ext4.
2902 - GnuPG: don't connect to the keyserver specified by the key owner.
2903 This feature opens the door to a variety of subtle attacks.
2904 - GnuPG: locate keys only from local keyrings.
2905 This is probably the default, but better safe than sorry.
2906 - Install virt-what from Wheezy.
2907 The version from Squeeze does not detect at least Parallels for Mac v.8.
2908 - Upgrade live-boot and live-config to the 3.0.x final version from Wheezy.
2909 · Remove /live and /lib/live/image compatibility symlinks.
2910 · Add /live/overlay -> /lib/live/mount/overlay symlink.
2911 The live-boot changes (commit d2b2a461) brought to fix Debian bug
2912 #696495 revert some of our previous changes (commit 77dab1cb), and as
2913 a result, at the time live-persist runs, no tmpfs is mounted on
2914 /live/overlay, which breaks the aufs mount. So, let's just ensure
2915 /live/overlay points to a tmpfs.
2916 · Really disable policykit and sudo live-config hooks.
2917 ... by making it believe they've already been run.
2918 This workarounds new live-config's default behavior.
2921 - Many translation updates all over the place.
2924 - Re-enable previously disabled boot device permissions test.
2926 -- Tails developers <tails@boum.org> Wed, 26 Jun 2013 12:36:20 +0200
2928 tails (0.18) unstable; urgency=low
2931 - Support obfs3 bridges.
2932 - Automatically install a custom list of additional packages chosen by
2933 the user at the beginning of every working session, and upgrade them
2934 once a network connection is established (technology preview).
2937 - Upgrade to Iceweasel 17.0.6esr-0+tails1~bpo60+1.
2938 - Update Torbrowser patches to current maint-2.4 branch (567682b).
2939 - Isolate DOM storage to first party URI, and enable DOM storage:
2940 don't set dom.storage.enabled anymore, and set Torbutton's
2941 disable_domstorage to false.
2942 - Isolate the image cache per url bar domain.
2943 - Torbutton 1.5.2, and various prefs hacks to fix breakage:
2944 · Add .saved version of the Torbutton preferences the TBB also sets.
2945 · Set TOR_SOCKS_HOST and TOR_SOCKS_PORT.
2946 · Move some prefs (network.proxy.*, extensions.autoDisableScopes,
2947 extensions.foxyproxy.last-version) to user.js.
2948 Else, with Torbutton 1.5.x, these ones are not taken into account.
2949 · Set network.proxy.socks_version.
2950 Else we get the meaningless user_pref("network.proxy.socks_version", 9063);
2951 in prefs.js after the initial startup.
2952 · Set extensions.foxyproxy.socks_remote_dns to true.
2953 Else, it overrides the various ways we set network.proxy.socks_remote_dns,
2954 which in turn makes Torbutton think it should start in non-Tor mode.
2955 · Also pass the TOR_SOCKS_* environment variables to iceweasel when
2956 generating the profile: Torbutton behaves differently depending on
2957 these variables, so we don't want the initial profile generation to be
2958 done without them. In practice, this has no implication that we could
2959 see right now, but better safe than sorry.
2960 · Import all version overrides from the TBB prefs.
2961 Else, the User-Agent sent in the HTTP headers is fine, but real
2962 values leak with JavaScript, as demonstrated by ip-check's "Browser
2964 · Move a bunch of settings to user_pref(), that are not applied otherwise.
2965 For some, this fixes a regression in 0.18~rc1.
2966 For other, the bug was already present in Tails 0.17.2.
2967 - HTTPS Everywhere 3.2.
2968 - Update prefs to match the TBB's, fix bugs, and take advantage of the latest
2970 · Increase pipeline randomization.
2971 · Fix @font-face handling of local() fonts.
2972 Also disable fallback font rendering.
2973 · Explicitly disable SPDY v2 and v3.
2974 · Update http pipelining prefs.
2975 - Make prefs organization closer to the TBB's:
2976 · Remove Torbutton prefs that we set at their default value.
2977 · Import Torbutton preferences from the TBB.
2978 · Organize iceweasel config files in sections the same way as the TBB.
2980 · Don't set extensions.torbutton.clear_cookies nor
2981 extensions.torbutton.saved.share_proxy_settings:
2982 we don't care about toggling anymore.
2983 · Don't set extensions.torbutton.saved.download_retention nor
2984 extensions.torbutton.saved.search_suggest:
2985 these settings are not used in Torbutton anymore.
2986 - Update unsafe browser prefs mangling accordingly.
2987 - Move network.protocol-handler.warn-external.* to user_pref().
2988 Else they're not applied.
2989 These prefs are actually ignored by Firefox these days -- the TBB
2990 design doc reads "They are set still anyway out of respect for the
2991 dead". Let's go on doing the same.
2992 - Update extensions.adblockplus.currentVersion.
2993 - Fetch xul-ext-https-everywhere (3.2-2) and xul-ext-noscript (2.6.6.1-1)
2994 from Debian unstable. They were uploaded there, and accordingly removed
2998 - Linux 3.2.41-2+deb7u2.
2999 - Fixed swapped filenames of tails-{reboot,shutdown}.desktop.
3000 Thanks to Mikko Harhanen for the patch.
3001 - Only add ClientTransportPlugin to torrc when bridge mode is enabled.
3002 This should bring back support for proxies of type other than obfsproxy.
3004 * Minor improvements
3005 - Set kernel.dmesg_restrict=1, and make /proc/<pid>/ invisible
3006 and restricted for other users. It makes it slightly harder for an attacker
3007 to gather information that may allow them to escalate privileges.
3008 - Install gnome-screenshot.
3009 - Don't disable IPv6 on all network interfaces anymore.
3010 It turns out the IPv6 leaks we wanted to fix actually don't exist.
3011 - Add a "About Tails" launcher in the System menu.
3012 - Install GNOME accessibility themes.
3013 - Use 'Getting started...' as the homepage for Tails documentation button.
3014 - Stop relying on the obsolete /live/image compatibility symlink.
3015 - Disable audio preview in Nautilus.
3016 - Wheezy was released => Squeeze is now oldstable.
3017 - Pick Tor from deb.torproject.org regardless of the release name they
3018 advertise. At some point we needed it, their APT repository still thought
3019 that stable == Squeeze.
3020 - Add Wheezy APT sources.
3021 - Install Linux and related packages from Wheezy.
3022 Debian sid just got Linux 3.8, and we don't want to switch to a new kernel
3024 - Fetch laptop-mode-tools from Wheezy.
3025 Wheezy has the version we've been installing in 0.18~rc1,
3026 while a newer one was uploaded to sid in the meantime.
3027 - Fetch a few packages from Wheezy instead of unstable.
3028 Namely: spice-vdagent, libregexp-common-perl, macchanger, service-wrapper,
3029 libservice-wrapper-java and libservice-wrapper-jni.
3030 Wheezy has the versions we've been installing for a while, so let's
3031 avoid having unstable push a newer one to us uselessly at some point.
3032 Note that at the time of this writing, the versions in sid and in Wheezy
3033 are the same, so this commit is effectively a no-op as of today: it is
3034 merely a safeguard for the future.
3037 - Many translation updates all over the place.
3040 - Make Vagrant's build-tails script support Jenkins too.
3043 - Fix Unsafe Browser test broken by hidepid.
3045 -- Tails developers <tails@boum.org> Mon, 13 May 2013 22:17:38 +0200
3047 tails (0.17.2) unstable; urgency=low
3050 - Upgrade to Iceweasel 17.0.5esr-0+tails2~bpo60+1.
3051 - Stop displaying obsolete context menu entries ("Open Tor URL" and friends).
3054 - Update Linux to 3.2.41-2
3057 - Use more reliable OpenPGP keyservers:
3058 · use the hkps pool in GnuPG (and import their SSL CA)
3059 · use hkp://pool.sks-keyservers.net in Seahorse (as it does not support
3061 - Keep udisks users (GNOME Disk Utility, tails-persistence-setup, etc.)
3062 from resetting the system partition's attributes when manipulating the
3063 partition table. To this end, backport the relevant bugfix from Wheezy
3064 into parted 2.3-5+tails1. This allowed to remove the sgdisk-based
3065 workaround in tais-persistence-setup, and to stop installing
3066 python-parted. All this is a first needed step to fix
3067 todo/make_system_disk_read-only in a future release.
3069 * Minor improvements
3070 - Disable NoScript's HTML5 media click-to-play for better user experience.
3073 - Tails USB installer: update translations for French, German, Spanish,
3074 Finnish, Greek, Italian, Latvian, Dutch, Polish and Chinese.
3075 - Tails Greeter: update translations for Farsi, Chinese, French;
3076 new translations: Finnish, Norwegian Bokmål, Galician.
3077 - tails-persistence-setup: update Farsi and Chinese translations;
3078 import new translations for Finnish and Swedish.
3079 - WhisperBack: update translations for Arabic, French, German, Greek,
3080 Spanish, Korean, Polish, Russian. New translations: Finnish, Chinese.
3083 - Add automated testing framework (Sikuli, Cucumber, libvirt -based)
3084 with a bunch of tests.
3086 -- Tails developers <amnesia@boum.org> Sun, 07 Apr 2013 12:17:26 +0200
3088 tails (0.17.1) unstable; urgency=low
3091 - Upgrade to Iceweasel 17.0.4esr-0+tails1~bpo60+1.
3094 - Update Linux to 3.2.39-2.
3095 It includes the drm and agp subsystems from Linux 3.4.29.
3096 - Don't install xserver-xorg-video-rendition backport.
3097 xserver-xorg-video-rendition has been removed from squeeze-backports
3098 due to an upstream tarball mismatch discover when merging backports
3099 into the main Debian archive, and xserver-xorg-video-all still depends
3100 on it, so we explicitly install all drivers from -all but -rendition
3101 as a (hopefully temporary) workaround.
3103 * Minor improvements
3104 - Remove Indymedia IRC account, until we ship a version of Pidgin
3105 with SASL support, that is when Tails is based on Wheezy.
3108 - Don't ship the wiki's todo and bugs on ISO images.
3110 -- Tails developers <amnesia@boum.org> Thu, 21 Mar 2013 18:54:11 +0100
3112 tails (0.17) unstable; urgency=low
3115 - Install the KeePassX password manager, with a configuration and
3116 documentation that makes it easy to persist the password database.
3119 - Upgrade to Iceweasel 17.0.3esr-1+tails1~bpo60+1.
3120 - Install xul-ext-adblock-plus from squeeze-backports.
3121 - Do not allow listing all available fonts.
3122 Set browser.display.max_font_attempts and browser.display.max_font_count
3123 to enable the Torbrowser Limit-the-number-of-fonts-per-document patch.
3124 - Set default spellchecker dictionary to English (USA),
3125 and localize it according to locale with our custom branding extension.
3126 - Disable the add-ons automatic update feature.
3127 - Make the generated profile world-readable.
3128 - Remove NoScript click-to-play confirmation.
3129 - Sync some prefs set by Torbutton, to be ready when it stops setting these.
3130 - Disable navigation timing.
3131 - Disable SPDY. It stores state and may have keepalive issues.
3132 - More aggressive iceweasel HTTP pipelining settings.
3133 - Enable WebGL (as click-to-play only).
3134 - Disable network.http.connection-retry-timeout.
3135 - Disable full path information for plugins.
3136 - Remove NoScript blocks of WebFonts.
3137 - Disable DOM storage in Torbutton.
3138 Since we don't apply the 0026-Isolate-DOM-storage-to-first-party-URI.patch
3139 Torbrowser patch yet, and still disable DOM storage, we need to tell
3140 Torbutton not to use it.
3141 - Synchronize iceweasel's general.useragent.override with TBB based on FF17.
3142 The User-Agent settings are not kept up-to-date anymore in Torbutton, so
3143 we have to keep in sync manually with TBB's settings.
3144 - Remove obsolete APT pining for Torbutton.
3145 It's not maintained in Debian anymore, so we now fetch it from our own
3147 - Fetch FoxyProxy from Debian experimental and libnspr4-0d from
3148 squeeze-backports, for compatibility with Iceweasel 17.
3149 - Rebase bookmarks file on top of the default iceweasel 17 one.
3150 - Explicitly disable AdBlock Plus "correct typos" feature.
3151 This feature connects to http://urlfixer.org/.
3152 It is disabled by default in 2.2-1, but let's be careful.
3154 * Minor improvements
3155 - Upgrade to live-boot 3.0~b11-1 and live-config 3.0.12-1.
3156 Accordingly update the 9980-permissions hook, live-persist,
3157 unsafe-browser and boot-profile.
3158 Add compatibility symlinks from /live to /lib/live, and from /live/image
3159 to /lib/live/mount/medium, to ease the transition.
3160 - Check for errors when sourcing live-boot files, e.g. to detect when
3161 they have been renamed upstream.
3162 - Don't add "quiet" to the kernel command-line ourselves.
3163 Else, it appears twice as live-build's lb_binary_syslinux adds it too.
3164 Historically, we've been adding it ourselves on top of that because
3165 lb_binary_yaboot does not add it, but since we gave up the PowerPC support
3166 attempt, we're now only interested in syslinux, so let's make it easier
3167 for the general case, e.g. when one wants to remove the "quiet" parameter
3168 as suggested by our "Tails does not start" debugging documentation.
3169 - Upgrade I2P to 0.9.4.
3172 - Many bugfixes brought by the Debian Squeeze 6.0.7 point-release.
3173 - Use the regular GnuPG agent + pinentry-gtk2 instead of Seahorse
3174 as a GnuPG agent. This fixes usage of OpenPGP in Claws Mail,
3175 and brings support for OpenPGP smartcards.
3176 - Enable I2P hidden mode.
3177 Else, killing I2P ungracefully is bad for the I2P network.
3178 - live-persist: move error() function before the first potential usecase.
3179 - Add missing executable bit on restart-tor and restart-vidalia.
3180 - Add shutdown and reboot launchers to the menu.
3181 This workarounds the lack of a shutdown helper applet in camouflage mode.
3182 - Remove Pidgin's MXit and Sametime support.
3183 ... at least until CVE-2013-0273, CVE-2013-0272 and CVE-2013-0271 are
3184 fixed in Debian stable. While we're at it, don't force file removal in
3185 these "set -e" build scripts: fail hard, instead of silently ignoring
3186 the fact that files may have moved or disappeared.
3189 - Install recent Intel and AMD microcode from squeeze-backports,
3190 explicitly excluding the iucode-tool package that's not a good idea
3192 - Install firmware loader for Qualcomm Gobi USB chipsets.
3193 This is needed to have various mobile broadband chipsets work.
3194 - Upgrade barry to 0.18.3-5~bpo60+1.
3195 This much improved new version supports more hardware & ISP,
3196 and does not display dozens of spurious error messages at boot time.
3199 - Remove APT local cache (/Var/cache/apt/{,src}pkgcache.bin).
3201 -- Tails developers <amnesia@boum.org> Sat, 23 Feb 2013 10:37:57 +0100
3203 tails (0.16) unstable; urgency=low
3205 * Minor improvements
3206 - Replace the too-easy-to-misclick shutdown button with a better
3207 "Shutdown Helper" Gnome applet.
3208 - Display ~/Persistent in GNOME Places and GtkFileChooser if it is mounted.
3209 - Set Unsafe Browser's window title to "Unsafe Browser".
3210 - Install ekeyd to support the EntropyKey.
3211 - Install font for Sinhala.
3212 - Update Poedit to 1.5.4.
3213 - Kill Vidalia when restarting Tor.
3214 Doing this as early as possible exposes Vidalia's "broken onion" icon
3216 - Hide the persistence setup launchers in kiosk mode.
3217 - Add a shell library for Tor functions.
3218 These are shared among multiple of our scripts.
3219 - Install dictionaries for supported languages.
3220 Install hunspell dictionaries when possible,
3221 fall back on myspell ones else.
3224 - Disable IPv6 on all network interfaces.
3225 This is a workaround for the IPv6 link-local multicast leak that was recently
3226 discovered. Tails has no local service that listens on IPv6, so there should be
3227 no regression, hopefully, unless one wants to play with OnionCat and VoIP,
3228 but those of us should know how to workaround this anyway.
3229 - live-persist: Fix variable mismatch, fixing probe white-list.
3230 Tails may previously have been able to list GPT partitions labelled
3231 "TailsData" on hard drives (!) as valid persistence volumes...
3232 - live-persist: Fix --media option when no devices are attached.
3233 Earlier, if it was set to e.g. 'removable-usb' and no USB storage was
3234 connected, $whitelistdev would be empty, which is interpreted like
3235 all devices are ok by the rest of the code.
3236 - Fix SCIM in the autostarted web browser: save IM environment variables
3237 to a file during Desktop session startup, and export them into the
3238 autostarted browser's environment.
3239 - Talk of DVD, not of CD, in the shutdown messages.
3240 - Make tordate work in bridge mode with an incorrect clock.
3241 When using a bridge Tor reports TLS cert lifetime errors (e.g. when
3242 the system clock is way off) with severity "info", but when no bridge
3243 is used the severity is "warn". tordate/20-time.sh depends on grepping
3244 these error messages, so we termporarily increase Tor's logging
3245 severity when using bridge mode. If we don't do this tordate will
3246 sleep forever, leaving Tor in a non-working state.
3247 · White-list root to use Tor's ControlPort.
3248 · Add logging for is_clock_way_off().
3249 · Remove Tor's log before time syncing.
3250 We depend on grepping stuff from the Tor log (especially for
3251 tordate/20-time.sh), so deleting it seems like a Good Thing(TM).
3252 · Stop Tor before messing with its log or data dir.
3253 - live-persist: limit searched devices the same way as live-boot.
3254 If no --media argument is specified, use live-boot's
3255 "(live-media|bootfrom)=removable(|-usb)" argument to limit devices
3256 searched for a persistent volume.
3257 - tails-greeter: do not pass media=removable to live-persist.
3258 Now that we have autodetection with kernel command-line,
3259 it should not be needed anymore.
3260 - Start memlockd after configuring it,
3261 instead of starting it before and restarting it after.
3262 This avoids running memlockd twice, and prevents other possibly
3263 surprising race-conditions.
3264 As a consequence, also have tails-sdmem-on-media-removal start after the
3265 memlockd service *and* tails-reconfigure-memlockd: to start the watchdog,
3266 we need memlockd to be properly configured *and* running.
3269 - Set iceweasel homepage to the news section on the Tails website.
3270 ... using the localized one when possible.
3271 - Hide the iceweasel add-on bar by default.
3272 Now that we don't want to ship the Monkeysphere addon anymore,
3273 that was the only one displayed in there, we can as well hide the whole bar.
3274 - Don't hide the AdBlock-Plus button in the add-on bar anymore. Now that
3275 we hide the whole addon bar, we can get rid of this old
3277 - Do not install a placeholder (fake) FireGPG iceweasel extension anymore.
3278 It was shipped from 0.10 (early 2012) to 0.15 (late November),
3279 so the migration period should be over now.
3280 - Don't install xul-ext-monkeysphere anymore.
3281 The implication of the current keyserver policy are not well
3282 understood, Monkeysphere is little used in Tails, and we're not sure
3283 anymore it would be our first bet for the web browser profile with no
3284 CA. Let's keep the various configuration bits (e.g. FoxyProxy,
3285 patching MSVA), though, so that advanced users who are used to have
3286 Monkeysphere in Tails just have to install the package.
3289 - Install the "standard" task with tasksel for better consistency in the
3290 Tails ISO images built in various environments.
3291 - Install p7zip-full. It's a dep by file-roller, but we explicily use it
3292 elsewhere, and it's better to be safe than sorry.
3293 - Remove pinning of libvpx0 to sid.
3294 This package is part of Squeeze, and not from testing/sid.
3295 We have been shipping the version from Squeeze for a while.
3296 - Remove config/chroot_local-packages/ from .gitignore.
3297 The documented way for "external" contributors to add custom packages
3298 is to put them in chroot_local-packages, and once we pull we import
3299 any such package into our APT repo and rewrite the
3300 history appropriately.
3301 Also, the ability to add packages in there and not see them in "git
3302 status" makes it very easy to build tainted ISO images with
3303 non-standard packages, which makes some of us fear can lead to hard to
3305 - Make it clearer what can and cannot be done in terms of local packages.
3307 -- Tails developers <amnesia@boum.org> Thu, 10 Jan 2013 12:47:42 +0100
3309 tails (0.15) unstable; urgency=low
3311 * Major new features
3312 - Persistence for browser bookmarks.
3313 - Support for obfsproxy bridges.
3315 * Minor improvements
3316 - Add the Hangul (Korean) Input Method Engine for SCIM.
3317 - Add vendor-specific dpkg origin information. This makes dpkg-vendor
3318 return correct information.
3319 - Install pcscd and libccid from squeeze-backports. This is needed to
3320 support, to some extent, some OpenPGP SmartCard readers.
3321 - Install HPIJS PPD files and the IJS driver (hpijs).
3322 This adds support for some printers, such as Xerox DocumentCenter400.
3323 - Optimize fonts display for LCD.
3324 - Update TrueCrypt to version 7.1a.
3327 - Do not use pdnsd anymore. It has been orphaned in Debian, has quite
3328 some bugs in there, and apparently Tor's DNSPort's own caching is
3330 - Remove useless iceweasel cookies exceptions. They are useless as
3331 per-session cookies are allowed.
3332 - Do not run setupcon on X. This call is only needed on the Linux
3333 console, no need to annoy the user with a weird "Press enter to
3334 activate this console" when the open a root shell in a GNOME
3336 - Allow the tails-iuk-get-target-file user to connect to the SOCKSPort
3337 dedicated for Tails-specific software.
3338 - Fix gpgApplet menu display in Windows camouflage mode.
3339 - Fix Tor reaching an inactive state if it's restarted in "bridge mode",
3340 e.g. during the time sync' process.
3343 - Update iceweasel to 10.0.11esr-1+tails1.
3344 - User profile is now generated at build time in order to support persistent
3346 - Update HTTPS Everywhere to version 3.0.4.
3347 - Update NoScript to version 2.6.
3348 - Fix bookmark to I2P router console.
3349 - Re-enable Monkeysphere extension to connect to the validation agent.
3352 - The Tails USB installer, tails-persistence-setup and tails-greeter
3353 are now translated into Bulgarian.
3354 - Update Chinese translation for tails-greeter.
3355 - Update Euskadi translation for WhisperBack.
3358 - Custom packages are now retrieved from Tails APT repository instead
3359 of bloating the Git repository.
3360 - Allow '~' in wiki filenames. This makes it possible to ship
3361 update-description files for release candidates.
3362 - Document how to create incremental update kit.
3363 - Handle release candidates when generating custom APT sources.
3364 - Remove pinning for xul-ext-adblock-plus.
3365 It is obsolete since we've added this package to our APT repository.
3367 -- Tails developers <amnesia@boum.org> Sun, 25 Nov 2012 12:59:17 +0100
3369 tails (0.14) unstable; urgency=low
3371 * Major new features
3372 - Enable Tor stream isolation; several new SocksPorts with
3373 appropriate Isolate* options have been added for different use
3374 cases (i.e. applications). All application's have been
3375 reconfigured to use these new SocksPorts, which should increase
3376 anonymity by making it more difficulte to correlate traffic from
3377 different applications or "online identities".
3378 - The web browser now has the anonymity enhancing patches from the
3380 - gpgApplet can now handle public-key cryptography.
3381 - Install an additional, PAE-enabled kernel with NX-bit
3382 support. This kernel is auto-selected when the hardware supports
3384 * provide executable space protection, preventing certain types of
3385 buffer overflows from being exploitable.
3386 * enable more than 4 GiB of system memory.
3387 * make all processors/cores available, including their
3388 power-saving functionality.
3389 - Add a persistence preset for NetworkManager connections.
3391 * Minor improvements
3392 - On kexec reboot, make the boot quiet only if debug=wipemem was not
3394 - Update torproject.org's APT repo key.
3395 - Update the embedded Tails signing key.
3396 - Use symlinks instead of duplicating localized searchplugins.
3397 - Rewrite Tails firewall using ferm. Tails firewall was written in
3398 very unsophisticated iptables-save/restore format. As more feature
3399 creeped in, it started to be quite unreadable.
3400 - Optimize VirtualBox modules build at runtime to avoid installing the
3401 userspace utils N times.
3402 - Drop most of Vidalia's configuration. Our custom lines just caused
3403 trouble (with multiple SocksPorts) and the default works well.
3404 - Blacklist PC speaker module. On some computers, having the pcspkr
3405 module loaded means loud beeps at bootup, shutdown and when using
3406 the console. As it draws useless attention to Tails users, it is
3407 better to prevent Linux from loading it by default.
3408 - Remove all addons from the Unsafe Browser. No addons are essential
3409 for the Unsafe Browser's intent. If anything they will modify the
3410 network fingerprint compared to a normal Iceweasel install, which
3412 - Prevent some unwanted packages to be installed at all, rather than
3413 uninstalling them later. This should speed up the build a bit.
3414 - Add a symlink from /etc/live/config to /etc/live/config.d. This
3415 makes the system compatible with live-config 3.0.4-1, without
3416 breaking backward compatibility with various parts of the system
3417 that use the old path.
3418 - Do not run unecessary scripts during shutdown sequence, to make
3420 - Make live-persist deal with persistent ~/.gconf subdirs so that
3421 any options saved therein actually get persistent.
3422 - Prevent memlockd unload on shutdown, to make sure that all
3423 necessary tools for memory wiping are available when the new
3425 - Patch initscripts headers instead of fiddling with update-rc.d. We
3426 now let insserv figure out the correct ordering for the services
3427 during startup and shutdown, i.e. use dependency-based boot
3429 - Remove the last absolute path in our isolinux config, which makes
3430 it easier to migrate from isolinux to syslinux (just rename the
3431 directory), and hence might make it easier for 3rd party USB
3432 installers (like the Universal USB Installer) to support Tails.
3435 - Include `seq` in the ramdisk environment: it is used to wipe more
3436 memory. This fixes the long-standing bug about Tails not cleaning
3437 all memory on shutdown.
3438 - Fix Yelp crashing on internal links
3439 - Allow amnesia user to use Tor's TransPort. This firewall exception
3440 is necessary for applications that doesn't have in-built SOCKS
3441 support and cannot use torsocks. One such example is Claws Mail,
3442 which uses tsocks since torsocks makes it leak the hostname. This
3443 exception, together with Tor's automatic .onion mapping makes
3444 Claws Mail able to use hidden service mail providers again.
3445 - Force threads locking support in Python DBus binding. Without this
3446 liveusb-creator doesn't work with a PAE-enabled kernel.
3447 - Fix localized search plugins for 'es' and 'pt'
3448 - Fix live-boot's readahead, which caused an unnecessary pause
3450 - Factorize GCC wanted / available version numbers in VirtualBox
3451 modules building hook. This, incidentally, fixes a bug caused by
3452 duplication and not updating all instances.
3453 - Fix tordate vs. Tor 0.2.3.x. Since 0.2.3.x Tor doesn't download a
3454 consensus for clocks that are more than 30 days in the past or 2
3455 days in the future (see commits f4c1fa2 and 87622e4 in Tor's git
3456 repo). For such clock skews we set the time to the Tor authority's
3457 cert's valid-after date to ensure that a consensus can be
3461 - Update to version 0.2.3.24-rc-1~~squeeze+1, a new major
3462 version. It's not a stable release, but we have been assured by
3463 the Tor developers that this is the right move.
3464 - Stop setting custom value for the Tor LongLivedPorts
3465 setting. Gobby's port was upstreamed in Tor 0.2.3.x.
3468 - Update to 10.0.10esr-1+tails1, which has all the anonymity enhancing
3469 patches from the TorBrowser applied.
3470 - Install iceweasel from our own repo, http://deb.tails.boum.org.
3471 - Fix Iceweasel's file associations. No more should you be suggested
3472 to open a PDF in the GIMP.
3475 - Use curl instead of wget, and add a --proxy option passed through
3477 - Remove the --fullrequest option, we don't need it anymore.
3478 - Remove --dns-timeout option, we don't need it anymore.
3479 - Change --proxy handling to support Debian Squeeze's curl.
3480 - Clarify what happens if --proxy is not used.
3481 - Compute the median of the diffs more correctly.
3484 - Update Linux to 3.2.32-1.
3487 - Update vidalia to 0.2.20-1+tails1.
3488 - Update bundled WhisperBack package to 1.6.2:
3489 * Raise the socket library timeout to 120 seconds
3490 * Use smtplib's timeout parameter
3491 * Fix error output when calling send a 2nd time
3492 - Update liveusb-creator to 3.11.6-3.
3493 - Update i2p to 0.9.2.
3494 - Update tails-persistence-setup to 0.20-1, which should make it
3495 possible to install Tails on large (>= 32 GiB) USB drives.
3496 - Install console-setup and keyboard-configuration from unstable
3497 (required by new initramfs-tools).
3498 - Update tails-greeter to 0.7.3:
3499 * Import pt_BR translation.
3500 * Let langpanel usable during option selection stage
3501 * Print less debugging messages by default
3502 (below are changes in tails-greeter 0.7.2:)
3503 * Use correct test operators.
3504 * Generate language codes of available locales at package build
3506 * Read list of language codes from where we have saved it at
3508 * Drop tails-lang-helper, not used anymore.
3509 * Do not compile locales at login time anymore. Tails now ships
3511 - Import live-config{,-sysvinit} 3.0.8-1. live-config >= 3.0.9-1
3512 has basically nothing useful for us, and it migrates to new paths
3513 brought by live-boot 3.0~b7, which we're not ready for yet (see:
3514 todo/newer_live-boot).
3517 - Fix Tails specific Iceweasel localization for pt-BR
3518 - Add Japanese input system: scim-anthy.
3519 - whisperback is now also translated into German, Hebrew, Hungarian,
3521 - tails-persistence-setup is now also translated into Arabic.
3522 - tails-greeter is now also translated into Arabic, Hebrew, Basque,
3523 Hungarian, Italian and Chinese.
3526 - Catch more errors in during build time:
3527 - Ensure that all local hooks start with 'set -e'.
3528 - Fail hard if adduser fails in local hooks.
3529 - Fail hard if 'rm' fails in local hooks.
3530 - vagrant: Ensure we have the set of Perl packages needed by our
3532 - vagrant: Configure live-build to ship with ftp.us.debian.org.
3533 Using cdn.debian.net leads to bad interactions with Tor.
3534 - vagrant: Don't use gzip compression when building from a tag, i.e.
3536 - vagrant: Optionally use bootstrap stage cache for faster builds
3537 via the 'cache' build option.
3538 - vagrant: Make sure release builds are clean, i.e. they don't use
3539 any potentially dangerous build options.
3540 - vagrant: Disable live-build package caching. This build system is
3541 meant to use an external caching proxy, so live-build's cache just
3542 wastes RAM (for in-memory builds) or disk space.
3543 - vagrant: use aufs magic instead of copying source into tmpfs.
3544 This reduces the amount of RAM required for building Tails in.
3545 - vagrant: Allow in-memory builds when a VM with enough memory is
3548 -- Tails developers <amnesia@boum.org> Sat, 10 Nov 2012 12:34:56 +0000
3550 tails (0.13) unstable; urgency=low
3552 * Major new features
3553 - Use white-list/principle of least privelege approach for local services.
3554 Only users that need a certain local (i.e. hosted on loopback) service
3555 (according to our use cases) are granted access to it by our firewall;
3556 all other users are denied access.
3557 - Ship a first version of the incremental update system. Updates are not
3558 currently triggered automatically, but this will allow tests to be done
3561 * Minor improvements
3562 - Enable four workspaces in the Windows XP camouflage. This allows
3563 users to quickly switch to a more innocent looking workspace in case
3564 they are working on sensitive data and attract unwanted attention.
3565 The workspace switcher applet isn't there, though, since there's no
3566 such thing in Windows XP, so switching is only possible via keyboard
3568 - Ship with precompiled locales instead of generating them upon login.
3569 - Add support for wireless regulation.
3570 - Use color for Git output, not intended for machine consumption,
3571 written to the terminal.
3572 - Have ttdnsd use OpenDNS. Using Google's DNS servers was very
3573 glitchy, and rarely succeeded when it should. It can probably be
3574 attributed to Google's DNS, which is known to take issue with Tor
3576 - Upgrade WhisperBack to 1.6, with many UI improvements and new translations.
3577 - Include GDM logs and dmidecode informations in the reports.
3578 - Allow to modify language and layout in the "Advanced options" screen
3580 - GnuPG: bump cert-digest-algo to SHA512.
3581 - Update torproject.org's APT repo key.
3584 - Make Claws Mail save local/POP emails in its dot-directory. The
3585 default is to save them at ~/Mail, which isn't included in our
3586 current Claws Mail persistence preset.
3587 - Fix the System Monitor applet.
3588 - Remove broken ttdnsd from the default DNS resolution loop.
3589 - Hide the 'TailsData' partition in desktop applications.
3590 - Ship unrar-free again, so that the GNOME archive manager knows about
3592 - Ship with an empty whitelist for Noscript.
3593 - Disable FoxyProxy's advertisement on proxy error page.
3594 - Fix slow browsing experience for offline documentation.
3595 - Raise the socket timeout to 120 seconds in WhisperBack.
3596 - Enable the ikiwiki trail plugin for the locally built wiki too.
3599 - Upgrade iceweasel to 10.0.6esr-1 (Extended Support Release) and install it
3600 and its dependencies from squeeze-backports.
3603 - Upgrade Linux to 3.2.23-1.
3606 - Update tor to version 0.2.2.39.
3607 - Update Iceweasel to version 10.0.7esr-2.
3608 - Update i2p to version 0.9.1.
3611 - vagrant: Install Ikiwiki from Debian unstable. The 'mirrorlist'
3612 patches have finally been merged in upstream Ikiwiki. So instead of
3613 building Ikiwiki by hand, we can now install the package directly
3614 from Debian unstable.
3615 - Do not build the ikiwiki forum on the bundled static website copy.
3617 -- Tails developers <amnesia@boum.org> Mon, 17 Sep 2012 15:19:25 +0200
3619 tails (0.12.1) unstable; urgency=low
3621 This is a brown paper bag release to fix two major problems introduced in
3625 - Upgrade Torbutton to 1.4.6.
3626 - Upgrade AdBlock Plus to 2.1.
3627 - Update AdBlock Plus patterns.
3630 - Upgrade Linux to 3.2.21-3 (linux-image-3.2.0-3-486).
3633 - Install MAT from Debian backports, drop custom package.
3634 - Install python-pdfrw to re-add PDF support to the MAT.
3635 - Upgrade tails-greeter to 0.7.1, which fixes the race condition that
3636 broke administration password and locale settings on some systems.
3639 - Remove the Tails specific plymouth theme. The theme interfers heavily with
3640 the boot process on some hardware.
3642 -- Tails developers <amnesia@boum.org> Mon, 17 Sep 2012 13:06:03 +0200
3644 tails (0.12) unstable; urgency=low
3646 * Major new features
3647 - Add the Unsafe Web Browser, which has direct access to the Internet and
3648 can be used to login to captive portals.
3649 - The (previously experimental, now deemed stable) Windows camouflage can now
3650 be enabled via a check box in Tails greeter.
3653 - Upgrade to 0.2.2.37-1~~squeeze+1.
3656 - Upgrade iceweasel to 10.0.5esr-1 (Extended Support Release) and install it
3657 and its dependencies from squeeze-backports.
3658 - Add a bookmark for the offline Tails documentation.
3659 - Update AdBlock patterns.
3662 - Allow using larger USB drives by increasing the mkfs timeout to 10 minutes.
3663 - Tell the user what's going on when the Tails boot device cannot be found.
3666 - Upgrade Linux to 3.2.20-1 (linux-image-3.2.0-2-amd64).
3670 - Install torsocks. Note that this makes `torify' use `torsocks' instead of
3671 `tsocks'. The `tsocks' binary is dropped to avoid problems, but remaining
3672 files (the library) are kept since ttdnsd depends on them.
3673 - Fetch live-config-sysvinit from sid so that it matches live-config version.
3674 - Update virtualbox backports to 4.1.10-dfsg-1~bpo60+1.
3675 - Install pciutils (needed by virtualbox-guest-utils).
3676 - Install mousetweaks. This is needed to use the mouse accessibility settings
3677 in System -> Preferences -> Mouse -> Accessibility.
3678 - Install the "hardlink" files deduplicator.
3679 - Do not install cryptkeeper anymore. See todo/remove_cryptkeeper for reason.
3680 Users of cryptkeeper are encouraged to install cryptkeeper via `apt-get
3681 update; apt-get install --yes cryptkeeper`, open their volume and move
3682 their to Tails' built-in persistence instead, as a one-time migration.
3683 - Upgrade I2P to version 0.9.
3684 - Don't install GParted. GNOME Disk Utility has been on par with GParted
3685 since Squeeze was released.
3686 - Upgrade live-boot to 3.0~a27-1+tails2~1.gbp319fe6.
3687 - Upgrade live-config to 3.0~a39-1 and install it from Debian experimental.
3688 - Upgrade tails-greeter to 0.7.
3689 - Upgrade tails-persistence-setup to 0.17-1.
3690 - Install libyaml-libyaml-perl.
3691 - Upgrade MAT, the metadata anonymisation toolkit, 0.3.2-1~bpo60+1.
3692 - Fetch python-pdfrw from backports, drop custom package.
3694 * Internationalization
3695 - The Tails website and documentation now has a (partial) Portuguese
3699 - Tails can now be built without using a HTTP proxy.
3700 - Tails can now easily be built by using Vagrant. See the updated
3701 contribute/build page for instructions.
3704 - Remove obsolete noswap boot parameter. live-boot now handles swap on an
3706 - The squashfs.sort files generated with boot-profile should now be ok which
3707 makes the generate images boot noticeably faster on optical media. See
3708 bugs/weird_squashfs.sort_entries for more information.
3709 - Set Tails specific syslinux and plymouth themes.
3710 - Add NVidia KMS video drivers to the initrd in order to show our shiny new
3711 plymouth theme on more systems.
3713 -- Tails developers <amnesia@boum.org> Mon, 11 Jun 2012 13:37:00 +0200
3715 tails (0.11) unstable; urgency=low
3717 * Major new features
3718 - Do not grant the desktop user root credentials by default.
3719 - A graphical boot menu (tails-greeter 0.6.3) allows choosing among
3720 many languages, and setting an optional sudoer password.
3721 - Support opt-in targeted persistence
3722 · tails-persistence-setup 0.14-1
3723 · live-boot 3.0~a25-1+tails1~5.gbp48d06c
3724 · live-config 3.0~a35-1
3725 - USB installer: liveusb-creator 3.11.6-1
3728 - Install iceweasel 10.0.4esr-1 (Extended Support Release).
3729 Let's stop tracking a too fast moving target.
3730 Debian Wheezy will ship ESR versions.
3731 - Install needed dependencies from squeeze-backports.
3734 bing appeared due to our upgrading iceweasel.
3735 Removing it makes things consistent with the way they have been
3736 until now, that is: let's keep only the general search engines
3737 we've been asked to add, plus Google, and a few specialized ones.
3738 · Replace Debian-provided DuckDuckGo search plugin with the "HTML SSL"
3739 one, version 20110219. This is the non-JavaScript, SSL, POST flavour.
3741 · Install localized search engines in the correct place.
3742 No need to copy them around at boot time anymore.
3743 · Remove Scroogle. RIP.
3744 - Enable TLS false start, like the TBB does since December.
3745 - Adblock Plus: don't count and save filter hits, supress first run dialog.
3746 - Install neither the GreaseMonkey add-on, nor any GreaseMonkey script.
3747 YouTube's HTML5 opt-in program is over.
3748 HTML5 video support is now autodetected and used.
3751 - Upgrade to 0.2.17-1+tails1: drop Do-not-warn-about-Tor-version.patch,
3753 - Set SkipVersionCheck=true.
3754 Thanks to chiiph for implementing this upstream (needs Vidalia 0.2.16+).
3756 * Internationalization
3757 - Install all available iceweasel l10n packages.
3758 - Remove syslinux language choosing menu.
3759 tails-greeter allows choosing a non-English language.
3760 - Add fonts for Hebrew, Thai, Khmer, Lao and Korean languages.
3762 - Setup text console at profile time.
3763 Context: Tails runs with text console autologin on.
3764 These consoles now wait, using a "Press enter to activate this console"
3765 message, for the user. When they press enter in there, they should have chosen
3766 their preferred keyboard layout in tails-greeter by now. Then, we run setupcon.
3767 As a result, the resulting shell is properly localized, and setupcon
3768 sets the correct keyboard layout, both according to the preferences expressed by
3769 the user in tails-greeter.
3770 - Don't use localepurge, don't remove any Scribus translations anymore,
3771 don't localize environment at live-config time:
3772 tails-greeter allows us to support many, many more languages.
3775 - Linux 3.2.15-1 (linux-image-3.2.0-2-amd64).
3776 - Fix low sound level on MacBook5,2.
3777 - Disable laptop-mode-tools automatic modules. This modules set often
3778 needs some amount of hardware-specific tweaking to work properly.
3779 This makes them rather not well suited for a Live system.
3782 - Install GNOME keyring.
3783 This is needed so that NetworkManager remembers the WEP/WPA secrets
3784 for the time of a Tails session. Initialize GNOME keyring at user
3786 - Install usbutils to have the lsusb command.
3787 - Install the Traverso multitrack audio recorder and editor.
3790 - GNOME Terminal: keep 8192 scrollback lines instead of the smallish
3792 - Replaced tails-wifi initscript with laptop-mode-tools matching feature.
3793 - Disable gdomap service.
3794 - Fetch klibc-utils and libklibc from sid.
3795 The last initramfs-tools depends on these.
3796 - Set root password to "root" if debug=root is passed on the
3797 kernel cmdline. Allow setting root password on kernel cmdline via
3798 rootpw=. Looks like we implemented this feature twice.
3799 - Append a space on the kernel command line. This eases manually adding
3801 - Rename sudoers.d snippets to match naming scheme.
3802 Sudo credentials that shall be unconditionally granted to the Tails
3803 default user are named zzz_*, to make sure they are applied.
3804 - WhisperBack: also include /var/log/live-persist and
3805 /var/lib/gdm3/tails.persistence.
3806 - Add a wrapper to torify whois.
3807 - Rework the VirtualBox guest modules building hook to support
3809 - Consistently wait for nm-applet when waiting for user session to come up.
3810 Waiting for gnome-panel or notification-daemon worked worse.
3811 - Don't start the NetworkManager system service via init.
3812 Some Tails NM hooks need the user to be logged in to run properly.
3813 That's why tails-greeter starts NetworkManager at PostLogin time.
3814 - Also lock /bin/echo into memory. For some reason, kexec-load needs it.
3815 - Pidgin: don't use the OFTC hidden service anymore.
3816 It proved to be quite unreliable, being sometimes down for days.
3817 - Do not display storage volumes on Desktop, by disabling
3818 /apps/nautilus/desktop/volumes_visible GConf entry. Enabling that
3819 GConf setting avoids displaying the bind-mounted persistent
3820 directories on the Desktop, and reduces user confusion. It also is
3821 a first step towards a bigger UI change: GNOME3 does not manage the
3822 Desktop anymore, so volume icons and other Desktop icons are meant to
3823 disappear anyway. It implies we'll have to move all Desktop icons
3824 elsewhere. Let's start this move now: this will smooth the UI change
3825 Wheezy will carry for our users, by applying some of it progressively.
3828 - Don't build hybrid ISO images anymore. They boot less reliably on
3829 a variety of hardware, and are made less useful by us shipping
3830 a USB installer from now on.
3831 - Append .conf to live-config configuration filenames:
3832 live-config >3.0~a36-1 only takes into account files named *.conf
3833 in there. Accordingly update scripts that source these files.
3834 - Remove long-obsolete home-refresh script and its configuration.
3836 * Virtualization support
3837 - Support Spice and QXL: install the Spice agent from Debian sid,
3838 install xserver-xorg-video-qxl from squeeze-backports.
3840 -- Tails developers <amnesia@boum.org> Tue, 17 Apr 2012 14:54:00 +0200
3842 tails (0.10.2) unstable; urgency=low
3845 - Update to 10.0.2-1.
3846 - Disable HTTPS-Everywhere's SSL Observatory (plus first-run pop-up).
3847 - Revert "FoxyProxy: don't enclose regexps between ^ and $."
3848 Currently "http://www.i2p2.de" (and everything similar) is captured by
3849 the I2P filter, which is incorrect. It seems isMultiLine="false" does
3850 *not* make RE into ^RE$ any longer.
3851 - Remove file:// from NoScript's exception lists.
3852 This will fix the JavaScript toggles in the local copy of the documentation.
3853 - Update AdBlock patterns.
3856 - Upgrade I2P to 0.8.13.
3857 - Install libvpx0 from sid.
3858 - Fetch klibc-utils and libklibc from sid.
3859 The last initramfs-tools depends on these.
3862 - Upgrade Linux kernel to 3.2.7-1.
3863 - Install firmware-libertas.
3864 This adds support for wireless network cards with Marvell Libertas
3865 8xxx chips supported by the libertas_cs, libertas_sdio, libertas_spi,
3866 libertas_tf_usb, mwl8k and usb8xxx drivers.
3869 - Revert "Set time to middle of [valid-after, fresh-until] from consensus."
3870 This reverts commit 18d23a500b9412b4b0fbe4e38a9398eb1a3eadef.
3871 With this vmid clocks that are E minutes back in time may cause issues
3872 (temporary Tor outages) after consensus updates that happen at the
3873 (60-E):th minute or later during any hour. Full analysis:
3874 https://mailman.boum.org/pipermail/tails-dev/2012-January/000873.html
3875 - Add the default user to the vboxsf group.
3876 This will allow the user to get full access to automounted VirtualBox
3877 shared folders as they are mounted with guid vboxsf and rwx group
3880 -- Tails developers <amnesia@boum.org> Thu, 01 Mar 2012 20:26:21 +0100
3882 tails (0.10.1) unstable; urgency=low
3885 - Make Startpage the default web search engine. Scroogle does not look
3886 reliable enough these days.
3889 - Upgrade WhisperBack to 1.5.1 (update link to bug reporting documentation).
3890 - Update MAT to 0.2.2-2~bpo60+1 (fixes a critical bug in the GUI).
3893 - Upgrade Linux kernel to 3.2.1-2
3895 * Time synchronization
3896 Serious rework that should fix most, if not all, of the infamous
3897 time-sync' related bugs some Tails users have experienced recently.
3898 - Make htpdate more resilient by using three server pools, and
3899 allowing some failure ratio.
3900 - Set time from Tor's unverified-consensus if needed.
3901 - Set time to middle of [valid-after, fresh-until] from consensus.
3902 - Many robustness, performance and fingerprinting-resistance improvements.
3903 - Display time-sync' notification much earlier.
3906 - Fix access to "dumb" git:// protocol by using a connect-socks wrapper
3907 as GIT_PROXY_COMMAND.
3908 - SSH client: fix access to SSH servers on the Internet by correcting
3909 Host / ProxyCommand usage.
3910 - Pidgin: use OFTC hidden service to workaround Tor blocking.
3911 - Claws Mail: disable draft autosaving.
3912 When composing PGP encrypted email, drafts are saved back to
3913 the server in plaintext. This includes both autosaved and manually
3915 - tails-security-check-wrapper: avoid eating all memory when offline.
3917 -- Tails developers <amnesia@boum.org> Sat, 28 Jan 2012 10:00:31 +0100
3919 tails (0.10) unstable; urgency=low
3921 * Tor: upgrade to 0.2.2.35-1.
3924 - Install Iceweasel 9.0 from the Debian Mozilla team's APT repository.
3925 - Update Torbutton to 1.4.5.1-1.
3926 - Support viewing any YouTube video that is available in HTML5 format:
3927 install xul-ext-greasemonkey and the "Permanently Enable HTML5 on
3928 YouTube" GreaseMonkey script.
3929 - Stop using Polipo in Iceweasel. Its SOCKS support was fixed.
3930 - Install from Debian sid the iceweasel extensions we ship,
3931 for compatibility with FF9.
3932 - Use Scroogle (any languages) instead of Scroogle (English only) when
3933 booted in English. Many users choose English because their own
3934 language is not supported yet; let's not hide them search results in
3936 - Install Iceweasel language packs from Debian unstable:
3937 unfortunately they are not shipped on the mozilla.debian.net repository.
3938 - Install the NoScript Firefox extension; configure it the same way as
3940 - Disable third-party cookies.
3941 They can be used to track users, which is bad. Besides, this is what
3942 TBB has been doing for years.
3943 - FoxyProxy: allow direct connections to RFC1918 IPs.
3945 * Do not transparent proxy outgoing Internet connections through Tor.
3946 - Torify the SSH client using connect-proxy to all IPs but RFC1918 ones.
3947 - Torify APT using Polipo HTTP.
3948 - Torify wget in wgetrc.
3949 - Torify gobby clients using torsocks. It does not support proxies yet.
3950 - Torify tails-security-check using LWP::UserAgent's SOCKS proxy support.
3951 - Fix enabling of GNOME's HTTP proxy.
3954 - Upgrade Vidalia to 0.2.15-1+tails1.
3955 · New upstream release.
3956 · Do not warn about Tor version.
3957 - Upgrade MAT to 0.2.2-1~bpo60+1.
3958 - Upgrade VirtualBox guest software to 4.1.6-dfsg-2~bpo60+1,
3959 built against the ABI of X.Org backports.
3960 - Upgrade I2P to 0.8.11 using KillYourTV's Squeeze packages;
3961 additionally, fix its start script that was broken by the tordate merge.
3962 - Install unar (The Unarchiver) instead of the non-free unrar.
3963 - Install Nautilus Wipe instead of custom Nautilus scripts.
3966 - Upgrade Linux kernel to 3.1.6-1.
3967 - Upgrade to X.Org from squeeze-backports.
3968 - Install more, and more recent b43 firmwares.
3969 - Upgrade barry to 0.15-1.2~bpo60+1.
3971 * Internationalization
3972 - Add basic language support for Russian, Farsi and Vietnamese.
3973 - Install some Indic fonts.
3974 - Install some Russian fonts.
3975 - Add Alt+Shift shortcut to switch keyboard layout.
3978 - Support booting in "Windows XP -like camouflage mode":
3979 · Install homebrewn local .debs for a Windows XP look-alike Gnome theme.
3980 · Add the "Windows XP Bliss" desktop wallpaper.
3981 · Added a script that's sets up Gnome to look like Microsoft Windows XP.
3982 · Add Windows XP "camouflage" icons for some programs.
3983 · Make Iceweasel use the IE icon when Windows XP camouflage is enabled.
3984 · Add special launcher icons for the Windows XP theme so that they're
3986 - Decrease Florence focus zoom to 1.2.
3987 - Do not fetch APT translation files. Running apt-get update is heavy enough.
3988 - Add MSN support thanks to msn-pecan.
3989 - Add custom SSH client configuration:
3990 · Prefer strong ciphers and MACs.
3991 · Enable maximum compression level.
3992 · Explicitly disable X11 forwarding.
3993 · Connect as root by default, to prevent fingerprinting when username
3995 - Replace flawed FireGPG with a home-made GnuPG encryption applet;
3996 install a feature-stripped FireGPG that redirects users to
3997 the documentation, and don't run Seahorse applet anymore.
3998 - Enable Seahorse's GnuPG agent.
3999 - Blank screen when lid is closed, rather than shutting down the system.
4000 The shutdown "feature" has caused data losses for too many people, it seems.
4001 There are many other ways a Tails system can be shut down in a hurry
4003 - Import Tails signing key into the keyring.
4004 - Fix bug in the Pidgin nick generation that resulted in the nick
4005 "XXX_NICK_XXX" once out of twenty.
4006 - Pre-configure the #tor IRC discussion channel in Pidgin.
4007 - Fix "technology preview" of bridge support: it was broken by tordate merge.
4008 - Install dependencies of our USB installer to ease its development.
4009 - Make vidalia NM hook sleep only if Vidalia is already running.
4010 - Reintroduce the htpdate notification, telling users when it's safe
4011 to use Tor Hidden Services.
4012 - htpdate: omit -f argument to not download full pages.
4013 - htpdate: write success file even when not within {min,max}adjust.
4014 Otherwise htpdate will not "succeed" when the time diff is 0 (i.e.
4015 the clock was already correct) so the success file cannot be used
4016 as an indicator that the system time now is correct, which arguably
4017 is its most important purpose.
4020 - Name built images according to git tag.
4022 -- Tails developers <tails@boum.org> Wed, 04 Jan 2012 09:56:38 +0100
4024 tails (0.9) unstable; urgency=low
4027 - Upgrade to 0.2.2.34 (fixes CVE-2011-2768, CVE-2011-2769).
4030 - Upgrade to 3.5.16-11 (fixes CVE-2011-3647, CVE-2011-3648, CVE-2011-3650).
4031 - Upgrade FireGPG to 0.8-1+tails2: notify users that the FireGPG Text
4032 Editor is the only safe place for performing cryptographic operations,
4033 and make it impossible to do otherwise. Other ways open up several
4034 severe attacks through JavaScript (e.g. leaking plaintext when
4035 decrypting, signing messages written by the attacker).
4036 - Install Cookie Monster extension instead of CS Lite.
4037 - Always ask where to save files.
4038 - Upgrade Torbutton to 1.4.4.1-1, which includes support for the in-browser
4039 "New identity" feature.
4042 - Install MAT, the metadata anonymisation toolkit.
4043 - Upgrade TrueCrypt to 7.1.
4044 - Upgrade WhisperBack to 1.5~rc1 (leads the user by the hand if an error
4045 occurs while sending the bugreport, proposes to save it after 2 faild
4046 attempts, numerous bugfixes).
4047 - Linux: upgrade to linux-image-3.0.0-2-486 (version 3.0.0-6); fixes
4048 a great number of bugs and security issues.
4051 - Fully rework date and time setting system.
4052 - Remove the htp user firewall exception.
4053 - Saner keyboard layouts for Arabic and Russian.
4054 - Use Plymouth text-only splash screen at boot time.
4055 - Color the init scripts output.
4056 - Suppress Tor's warning about applications doing their own DNS lookups.
4057 This is totally safe due to our Tor enforcement.
4058 - Disable hdparm boot-time service.
4059 We only want hdparm so that laptop-mode-tools can use it.
4060 - Run Claws Mail using torify.
4061 It's not as good as if Claws Mail supported SOCKS proxies itself,
4062 but still better than relying on the transparent netfilter torification.
4063 - Install HPLIP and hpcups for better printing support.
4065 * Erase memory at shutdown
4066 - Run many sdmem instances at once.
4067 In hope of erasing more memory until we come up with a proper fix for
4068 [[bugs/sdmem_does_not_clear_all_memory]].
4069 - Kill gdm3 instead of using its initscript on brutal shutdown.
4070 - Use absolute path to eject for more robust memory wipe on boot medium removal.
4073 - Exclude kernel and initramfs from being put into the SquashFS.
4074 Those files are already shipped where they are needed, that is in the ISO
4075 filesystem. Adapt kexec and memlockd bits.
4076 - Do not ship the GNOME icon theme cache.
4077 - Do not ship .pyc files.
4078 - Do not ship NEWS.Debian.gz files.
4081 - Re-implement hook that modifies syslinux config to make future
4084 -- Tails developers <amnesia@boum.org> Tue, 01 Nov 2011 13:26:38 +0100
4086 tails (0.8.1) unstable; urgency=low
4089 - Update to 3.5.16-10 (fixes DSA-2313-1).
4090 - FireGPG: force crypto action results to appear in a new window, otherwise
4091 JavaScript can steal decrypted plaintext. Advice: always use FireGPG's
4092 text editor when writing text you want to encrypt. If you write it in a
4093 textbox the plaintext can be stolen through JavaScript before it is
4094 encrypted in the same way.
4095 - Update HTTPS Everywhere extension to 1.0.3-1.
4096 - Stop using the small version of the Tor check page. The small version
4097 incorrectly tells Tails users to upgrade their Torbrowser, which has
4098 confused some users.
4101 - Update Linux to 3.0.0-2 (fixes DSA-2310-1, CVE-2011-2905, CVE-2011-2909,
4102 CVE-2011-2723, CVE-2011-2699, CVE-2011-1162, CVE-2011-1161).
4103 - Update usb-modeswitch to 1.1.9-2~bpo60+1 and usb-modeswitch-data to
4104 20110805-1~bpo60+1 from Debian backports. This adds support for a few
4105 devices such as Pantech UMW190 CDMA modem.
4106 - Install libregexp-common-perl 2011041701-3 from Debian unstable. This
4107 fixes the bug: [[bugs/msva_does_not_use_configured_keyserver]].
4108 - Install hdparm so the hard drives can be spinned down in order to save
4110 - Install barry-util for better BlackBerry integration.
4111 - Debian security upgrades: OpenOffice.org (DSA-2315-1), openjdk-6
4112 (DSA-2311-1), policykit-1 (DSA-2319-1)
4114 * Protecting against memory recovery
4115 - Set more appropriate Linux VM config before wiping memory. These
4116 parameters should make the wipe process more robust and efficient.
4118 -- Tails developers <amnesia@boum.org> Sun, 16 Oct 2011 11:31:18 +0200
4120 tails (0.8) unstable; urgency=low
4122 * Rebase on the Debian Squeeze 6.0.2.1 point-release.
4125 - Update to 0.2.2.33-1.
4126 - Disabled ControlPort in favour of ControlSocket.
4127 - Add port 6523 (Gobby) to Tor's LongLivedPorts list.
4131 - Start script now depends on HTP since I2P breaks if the clock jumps or is
4132 too skewed during bootstrap.
4135 - Update to 3.5.16-9 (fixes CVE-2011-2374, CVE-2011-2376, CVE-2011-2365,
4136 CVE-2011-2373, CVE-2011-2371, CVE-2011-0083, CVE-2011-2363, CVE-2011-0085,
4137 CVE-2011-2362, CVE-2011-2982, CVE-2011-2981, CVE-2011-2378, CVE-2011-2984,
4139 - Enable HTTP pipelining (like TBB).
4140 - Update HTTPS Everywhere extension to 1.0.1-1 from Debian unstable.
4141 - Suppress FoxyProxy update prompts.
4142 - Prevent FoxyProxy from "phoning home" after a detected upgrade.
4143 - Fixed a bunch of buggy regular expressions in FoxyProxy's configuration.
4144 See [[bugs/exploitable_typo_in_url_regex?]] for details. Note that none of
4145 these issues are critical due to the transparent proxy.
4146 - Add DuckDuckGo SSL search engine.
4149 - Update to torbutton 1.4.3-1 from Debian unstable.
4150 - Don't show Torbutton status in the status bar as it's now displayed in the
4154 - More random looking nicks in pidgin.
4155 - Add IRC account on chat.wikileaks.de:9999.
4158 - Upgrade htpdate script (taken from Git 7797fe9) that allows setting wget's
4159 --dns-timeout option.
4162 - Update Linux to 3.0.0-1. -686 is now deprecated in favour of -486 and
4163 -686-pae; the world is not ready for -pae yet, so we now ship -486.
4164 - Update OpenSSL to 0.9.8o-4squeeze2 (fixes CVE-2011-1945 (revoke
4165 compromised DigiNotar certificates), CVE-2011-1945).
4166 - Update Vidalia to 0.2.14-1+tails1 custom package.
4167 - Install accessibility tools:
4168 - gnome-mag: screen magnifier
4169 - gnome-orca: text-to-speech
4170 - Replace the onBoard virtual keyboard with Florence.
4171 - Install the PiTIVi non-linear audio/video editor.
4176 * Arbitrary DNS queries
4177 - Tor can not handle all types of DNS queries, so if the Tor resolver fails
4178 we fallback to ttdnsd. This is now possible with Tor 0.2.2.x, since we
4179 fixed Tor bug #3369.
4182 - Install ipheth-utils for iPhone tethering.
4183 - Install xserver-xorg-input-vmmouse (for mouse integration with the host OS
4185 - Install virtualbox-ose 4.x guest packages from Debian backports.
4188 - Switch gpg to use keys.indymedia.org's hidden service, without SSL.
4189 The keys.indymedia.org SSL certificate is now self-signed. The hidden
4190 service gives a good enough way to authenticate the server and encrypts
4191 the connection, and just removes the certificates management issue.
4192 - The squashfs is now compressed using XZ which reduces the image size quite
4194 - Remove Windows autorun.bat and autorun.inf. These files did open a static
4195 copy of our website, which is not accessible any longer.
4198 - Use the Git branch instead of the Debian version into the built image's
4200 - Allow replacing efficient XZ compression with quicker gzip.
4201 - Build and install documentation into the chroot (-> filesystem.squashfs).
4202 Rationale: our static website cannot be copied to a FAT32 filesystem due
4203 to filenames being too long. This means the documentation cannot be
4204 browsed offline from outside Tails. However, our installer creates GPT
4205 hidden partitions, so the doc would not be browseable from outside Tails
4206 anyway. The only usecase we really break by doing so is browsing the
4207 documentation while running a non-Tails system, from a Tails CD.
4209 -- Tails developers <amnesia@boum.org> Thu, 09 Sep 2011 11:31:18 +0200
4211 tails (0.7.2) unstable; urgency=high
4214 - Disable Torbutton's external application launch warning.
4215 ... which advises using Tails. Tails *is* running Tails.
4216 - FoxyProxy: install from Debian instead of the older one we previously
4220 - haveged: install an official Debian backport instead of a custom backport.
4221 - unrar: install the version from Debian's non-free repository.
4222 Users report unrar-free does not work well enough.
4224 -- Tails developers <amnesia@boum.org> Sun, 12 Jun 2011 15:34:56 +0200
4226 tails (0.7.1) unstable; urgency=high
4228 * Vidalia: new 0.2.12-2+tails1 custom package.
4231 - Don't show Foxyproxy's status / icon in FF statusbar to prevent users
4232 from accidentaly / unconsciously put their anonymity at risk.
4233 - "amnesia branding" extension: bump Iceweasel compatibility to 4.0 to ease
4234 development of future releases.
4237 - Upgrade Linux kernel to Debian's 2.6.32-33: fixes tons of bugs,
4238 including the infamous missing mouse cursor one. Oh, and it closes
4239 a few security holes at well.
4240 - Install unrar-free.
4241 - Do not install pppoeconf (superseeded by NetworkManager).
4242 - Upgrade macchanger to Debian testing package to ease development of
4243 future Tails releases.
4244 - Debian security upgrades: x11-xserver-utils (DSA-2213-1), isc-dhcp
4245 (DSA-2216-1), libmodplug (DSA-2226-1), openjdk-6 (DSA-2224-1).
4247 * Protecting against memory recovery
4248 - Add Italian translation for tails-kexec. Thanks to Marco A. Calamari.
4249 - Make it clear what it may mean if the system does not power off
4251 - Use kexec's --reset-vga option that might fix display corruption issues
4254 * WhisperBack (encrypted bug reporting software)
4255 - Upgrade WhisperBack to 1.4.1:
4256 localizes the documentation wiki's URL,
4257 uses WebKit to display the bug reporting help page,
4258 now is usable on really small screens.
4259 - Extract wiki's supported languages at build time, save this
4260 information to /etc/amnesia/environment, source this file into the
4261 Live user's environment so that WhisperBack 1.4+ can make good use
4265 - Fix boot in Chinese.
4266 - Install mobile-broadband-provider-info for better 3G support.
4267 - Add back GNOME system icons to menus.
4268 - tails-security-check: avoid generating double-slashes in the Atom
4270 - Remove "vga=788" boot parameter which breaks the boot on some hardware.
4271 - Remove now useless "splash" boot parameter.
4272 - Fix a bunch of i386-isms.
4273 - Pass the noswap option to the kernel. This does not change actual Tails
4274 behaviour but prevents users from unnecessarily worrying because of
4275 the "Activating swap" boot message.
4276 - Make use of check.torproject.org's Arabic version.
4279 - Enable squeeze-backports. It is now ready and will be used soon.
4280 - Install eatmydata in the chroot.
4281 - Convert ikiwiki setup files to YAML.
4283 -- Tails developers <amnesia@boum.org> Fri, 29 Apr 2011 17:14:53 +0200
4285 tails (0.7) unstable; urgency=low
4288 - Install foomatic-filters-ppds to support more printers.
4289 - Give the default user the right to manage printers.
4292 - Deinstall unwanted packages newly pulled by recent live-build.
4294 -- Tails developers <amnesia@boum.org> Wed, 06 Apr 2011 22:58:51 +0200
4296 tails (0.7~rc2) unstable; urgency=low
4298 ** SNAPSHOT build @824f39248a08f9e190146980fb1eb0e55d483d71 **
4300 * Rebase on Debian Squeeze 6.0.1 point-release.
4302 * Vidalia: new 0.2.10-3+tails5 custom package..
4305 - Install usb-modeswitch and modemmanager to support mobile broadband
4306 devices such as 3G USB dongles. Thanks to Marco A. Calamari for the
4310 - Website relocated to https://tails.boum.org/ => adapt various places.
4311 - Configure keyboard layout accordingly to the chosen language for
4312 Italian and Portuguese.
4314 -- Tails developers <amnesia@boum.org> Fri, 25 Mar 2011 15:44:25 +0100
4316 tails (0.7~rc1) UNRELEASED; urgency=low
4318 ** SNAPSHOT build @98987f111fc097a699b526eeaef46bc75be5290a **
4320 * Rebase on Debian Squeeze.
4322 * T(A)ILS has been renamed to Tails.
4324 * Protecting against memory recovery
4325 New, safer way to wipe memory on shutdown which is now also used when
4326 the boot media is physically removed.
4329 - Update to 0.2.1.30-1.
4332 - Add HTTPS Everywhere 0.9.4 extension.
4333 - Better preserve Anonymity Set: spoof US English Browser and timezone
4334 the same way as the Tor Browser Bundle, disable favicons and picture
4336 - Install AdBlock Plus extension from Debian.
4337 - Add Tor-related bookmarks.
4338 - Support FTP, thanks to FoxyProxy.
4339 - Update AdBlock patterns.
4340 - Disable geolocation and the offline cache.
4343 - Update Vidalia to 0.2.10-3+tails4.
4344 - Install gnome-disk-utility (Palimpsest) and Seahorse plugins.
4345 - Add opt-in i2p support with Iceweasel integration through FoxyProxy.
4346 - onBoard: fix "really quits when clicking the close window icon" bug.
4347 - Optionally install TrueCrypt at boot time.
4348 - Install laptop-mode-tools for better use of battery-powered hardware.
4349 - Replace xsane with simple-scan which is part of GNOME and way easier
4351 - Upgrade WhisperBack to 1.3.1 (bugfixes, French translation).
4352 - Install scribus-ng instead of scribus. It is far less buggy in Squeeze.
4355 - Drop incoming packets by default.
4356 - Forbid queries to DNS resolvers on the LAN.
4357 - Set output policy to drop (defense-in-depth).
4360 - Install Atheros and Broadcom wireless firmwares.
4361 - Install libsane-hpaio and sane-utils, respectively needed for
4362 multi-function peripherals and some SCSI scanners.
4364 * live-boot 2.0.15-1+tails1.35f1a14
4365 - Cherry-pick our fromiso= bugfixes from upstream 3.x branch.
4368 - Many tiny user interface improvements.
4369 - More robust HTP time synchronization wrt. network failures.
4370 Also, display the logs when the clock synchronization fails.
4371 - Disable GNOME automatic media mounting and opening to protect against
4372 a class of attacks that was recently put under the spotlights.
4373 Also, this feature was breaking the "no trace is left on local
4374 storage devices unless explicitly asked" part of Tails specification.
4375 - Make configuration more similar to the Tor Browser Bundle's one.
4376 - GnuPG: default to stronger digest algorithms.
4377 - Many more or less proper hacks to get the built image size under 700MB.
4378 - Compress the initramfs using LZMA for faster boot.
4381 - Run lb build inside eatmydata fsync-less environment to greatly improve
4384 -- Tails developers <amnesia@boum.org> Fri, 11 Mar 2011 15:52:19 +0100
4386 tails (0.6.2) unstable; urgency=high
4388 * Tor: upgrade to 0.2.1.29 (fixes CVE-2011-0427).
4390 - Upgrade Linux kernel, dpkg, libc6, NSS, OpenSSL, libxml2 (fixes various
4392 - Upgrade Claws Mail to 3.7.6 (new backport).
4393 - Install Liferea, tcpdump and tcpflow.
4394 * Seahorse: use hkp:// transport as it does not support hkps://.
4395 * FireGPG: use hkps:// to connect to the configured keyserver.
4396 * Build system: take note of the Debian Live tools versions being used
4397 to make next point-release process faster.
4398 * APT: don't ship package indices.
4400 -- T(A)ILS developers <amnesia@boum.org> Wed, 19 Jan 2011 16:59:43 +0100
4402 tails (0.6.1) unstable; urgency=low
4404 * Tor: upgrade to 0.1.28 (fixes CVE-2010-1676)
4405 * Software: upgrade NSS, Xulrunner, glibc (fixes various security issues)
4406 * FireGPG: use the same keyserver as the one configured in gpg.conf.
4407 * Seahorse: use same keyserver as in gpg.conf.
4408 * HTP: display the logs when the clock synchronization fails.
4409 * Update HTP configuration: www.google.com now redirects to
4410 encrypted.google.com.
4411 * Use the light version of the "Are you using Tor?" webpage.
4412 * Update AdBlock patterns.
4414 -- T(A)ILS developers <amnesia@boum.org> Fri, 24 Dec 2010 13:28:29 +0100
4416 tails (0.6) unstable; urgency=low
4420 * New OpenPGP signing-only key. Details are on the website:
4421 https://amnesia.boum.org/GnuPG_key/
4424 - Fixed torbutton has migrated to testing, remove custom package.
4427 - Query ssl.scroogle.org instead of lists.debian.org.
4428 - Don't run when the interface that has gone up is the loopback one.
4431 - Add shortcut to securely erase free space in a partition.
4432 - The nautilus-wipe shortcut user interface is now translatable.
4435 - Really fix virtualization warning display.
4436 - More accurate APT pinning.
4437 - Disable Debian sid APT source again since a fixed live-config has
4438 migrated to Squeeze since then.
4440 * live-boot: upgrade to 2.0.8-1+tails1.13926a
4441 - Sometimes fixes the smem at shutdown bug.
4442 - Now possible to create a second partition on the USB stick T(A)ILS is
4446 - Support RT2860 wireless chipsets by installing firmware-ralink from
4448 - Install firmware-linux-nonfree from backports.
4449 - Fix b43 wireless chipsets by having b43-fwcutter extract firmwares at
4453 - Install live-build and live-helper from Squeeze.
4454 - Update SquashFS sort file.
4456 -- T(A)ILS developers <amnesia@boum.org> Wed, 20 Oct 2010 19:53:17 +0200
4458 tails (0.6~rc3) UNRELEASED; urgency=low
4460 ** SNAPSHOT build @a3ebb6c775d83d1a1448bc917a9f0995df93e44d **
4463 - Autostart Iceweasel with the GNOME session. This workarounds the
4464 "Iceweasel first page is not loaded" bug.
4467 - Upgrade htpdate script (taken from Git 7797fe9).
4470 - Disable ssh-agent auto-starting with X session: gnome-keyring is
4472 - Fix virtualization warning display.
4473 - Boot profile hook: write desktop file to /etc/skel.
4476 - Convert build system to live-build 2.0.1.
4477 - APT: fetch live-build and live-helper from Debian Live snapshots.
4478 - Remove dependency on live-build functions in chroot_local-hooks.
4479 This makes the build environment more robust and less dependent on
4480 live-build internals.
4481 - Remove hand-made rcS.d/S41tails-wifi: a hook now does this.
4482 - Measure time used by the lh build command.
4483 - Fix boot profile hook.
4484 - Boot profiling: wait a bit more: the current list does not include
4487 -- T(A)ILS developers <amnesia@boum.org> Sat, 02 Oct 2010 23:06:46 +0200
4489 tails (0.6~rc2) UNRELEASED; urgency=low
4491 ** SNAPSHOT build @c0ca0760ff577a1e797cdddf0e95c5d62a986ec8 **
4494 - Refreshed AdBlock patterns (20100926).
4495 - Set network.dns.disableIPv6 to true (untested yet)
4496 - Torbutton: install patched 1.2.5-1+tails1 to fix the User-Agent bug,
4497 disable extensions.torbutton.spoof_english again.
4500 - WhisperBack: upgrade to 1.3~beta3 (main change: let the user provide
4501 optional email address and OpenPGP key).
4503 - Update haveged backport to 0.9-3~amnesia+lenny1.
4504 - Update live-boot custom packages (2.0.6-1+tails1.6797e8): fixes bugs
4505 in persistency and smem-on-shutdown.
4506 - Update custom htpdate script. Taken from commit d778a6094cb3 in our
4507 custom Git repository: fixes setting of date/time.
4510 - Bugfix: failed builds are now (hopefully) detected.
4511 - Fix permissions on files in /etc/apt/ that are preserved in the image.
4512 - Install version 2.0~a21-1 of live-build and live-helper in the image.
4513 We are too late in the release process to upgrade to current Squeeze
4514 version (2.0~a29-1).
4517 - Pidgin/OTR: disable the automatic OTR initiation and OTR requirement.
4519 -- T(A)ILS developers <amnesia@boum.org> Wed, 29 Sep 2010 19:23:17 +0200
4521 tails (0.6~1.gbpef2878) UNRELEASED; urgency=low
4523 ** SNAPSHOT build @ef28782a0bf58004397b5fd303f938cc7d11ddaa **
4526 - Use a 2.6.32 kernel: linux-image-2.6.32-bpo.5-686 (2.6.32-23~bpo50+1)
4527 from backports.org. This should support far more hardware and
4528 especially a lot of wireless adapters.
4529 - Add firmware for RTL8192 wireless adapters.
4530 - Enable power management on all wireless interfaces on boot.
4535 - Install gfshare and ssss: two complementary implementations
4536 of Shamir's Secret Sharing.
4537 - Install tor-geoipdb.
4538 - Remove dialog, mc and xterm.
4541 - Set extensions.torbutton.spoof_english to its default true value
4542 in order to workaround a security issue:
4543 https://amnesia.boum.org/security/Iceweasel_exposes_a_rare_User-Agent/
4546 - Install the Iceweasel extension.
4547 - Use a hkps:// keyserver.
4550 - Install gnupg from backports.org so that hkps:// is supported.
4551 - Use a hkps:// keyserver.
4552 - Proxy traffic via polipo.
4553 - Prefer up-to-date digests and ciphers.
4555 * Vidalia: rebased our custom package against 0.2.10.
4558 - Built images are now named like this:
4559 tails-i386-lenny-0.5-20100925.iso
4560 - Use live-helper support for isohybrid options instead of doing the
4561 conversion ourselves. The default binary image type we build is now
4563 - Remove .deb built by m-a after they have been installed.
4564 - Setup custom GConf settings at build time rather than at boot time.
4565 - Move $HOME files to /etc/skel and let adduser deal with permissions.
4566 - Convert to live-boot / live-config / live-build 2.x branches.
4567 - Replaced our custom live-initramfs with a custom live-boot package;
4568 included version is 2.0.5-1+tails2.6797e8 from our Git repository:
4569 git clone git://git.immerda.ch/tails_live-boot.git
4570 - Install live-config* from the live-snapshots Lenny repository.
4571 Rationale: live-config binary packages differ depending on the target
4572 distribution, so that using Squeeze's live-config does not produce
4573 fully-working Lenny images.
4574 - Rename custom scripts, packages lists and syslinux menu entries from
4575 the amnesia-* namespace to the tails-* one.
4578 - Use (authenticated) HTP instead of NTP.
4579 - The htpdate script that is used comes from commit 43f5f83c0 in our
4580 custom repository: git://git.immerda.ch/tails_htp.git
4581 - Start Tor and Vidalia only once HTP is done.
4584 - Fix IPv6 firewall restore file. It was previously not used at all.
4585 - Use ftp.us.debian.org instead of the buggy GeoIP-powered
4587 - Gedit: don't autocreate backup copies.
4588 - Build images with syslinux>=4.01 that has better isohybrid support.
4589 - amnesia-security-check: got rid of the dependency on File::Slurp.
4590 - Take into account the migration of backports.org to backports.debian.org.
4591 - Make GnuPG key import errors fatal on boot.
4592 - Warn the user when T(A)ILS is running inside a virtual machine.
4593 - DNS cache: forget automapped .onion:s on Tor restart.
4595 * Documentation: imported Incognito's walkthrough, converted to
4596 Markdown, started the needed adaptation work.
4598 -- T(A)ILS developers <amnesia@boum.org> Sun, 26 Sep 2010 11:06:50 +0200
4600 tails (0.5) unstable; urgency=low
4602 * The project has merged efforts with Incognito.
4603 It is now to be called "The (Amnesic) Incognito Live System".
4607 - Created the amnesia-news mailing-list.
4608 - Added a forum to the website.
4609 - Created a chatroom on IRC: #tails on irc.oftc.net
4612 - Workaround nasty NetworkManager vs. Tor bug that often
4613 prevented the system to connect to the Tor network: restart Tor and Vidalia
4614 when a network interface goes up.
4615 - onBoard now autodetects the keyboard layout... at least once some
4616 keys have been pressed.
4617 - New windows don't open in background anymore, thanks to
4619 - Memory wiping at shutdown is now lightning fast, and does not prevent
4620 the computer to halt anymore.
4621 - GNOME panel icons are right-aligned again.
4622 - Fixed permissions on APT config files.
4623 - Repaired mouse integration when running inside VirtualBox.
4626 - Torbutton: redirect to Scroogle when presented a Google captcha.
4627 - Revamped bookmarks
4628 . moved T(A)ILS own website to the personal toolbar
4629 . moved webmail links (that are expected to be more than 3 soon)
4630 to a dedicated folder.
4631 - Don't show AdBlock Plus icon in the toolbar.
4632 - Adblock Plus: updated patterns, configured to only update subscriptions
4633 once a year. Which means never, hopefully, as users do update their
4634 Live system on a regular basis, don't they?
4636 * Vidalia: rebased our custom package against 0.2.8.
4639 - Install Claws Mail from backports.org to use the X.509 CA
4640 certificates provided by Debian.
4641 - Enable PGP modules with basic configuration:
4642 . Automatically check signatures.
4643 . Use gpg-agent to manage passwords.
4644 . Display warning on start-up if GnuPG doesn't work.
4645 - Set the IO timeout to 120s (i.e. the double of the default 60s).
4648 - Automatically connect to irc.oftc.net with a randomized nickname,
4649 so as not to advertize the use of T(A)ILS; this nickname is made of:
4650 . a random firstname picked from the 2000 most registered by the U.S.
4651 social security administration in the 70s;
4652 . two random digits.
4653 Good old irc.indymedia.org is still configured - with same nickname -
4654 but is not enabled by default anymore.
4655 - Disabled MSN support, that is far too often affected by security flaws.
4657 * Build $HOME programmatically
4658 - Migrated all GConf settings, including the GNOME panel configuration,
4659 to XML files that are loaded at boot time.
4660 - Configure iceweasel profile skeleton in /etc/iceweasel.
4661 A brand new profile is setup from this skeleton once iceweasel is
4663 . build sqlite files at build time from plain SQL.
4664 . FireGPG: hard-code current firegpg version at build time to prevent
4665 the extension to think it was just updated.
4666 . stop shipping binary NSS files. These were here only to
4667 install CaCert's certificate, that is actually shipped by Debian's
4671 - Updated Debian Live snapshots APT repository URL.
4672 - Purge all devel packages at the end of the chroot configuration.
4673 - Make sure the hook that fixes permissions runs last.
4674 - Remove unwanted Iceweasel search plugins at build time.
4677 - Added a progress bar for boot time file readahead.
4678 - Readahead more (~37MB) stuff in foreground at boot time.
4679 - Make the APT pinning persist in the Live image.
4680 - localepurge: keep locales for all supported languages,
4681 don't bother when installing new packages.
4682 - Removed syslinux help menu: these help pages are either buggy or
4683 not understandable by non-geeks.
4684 - Fixed Windows autorun.
4685 - Disable a few live-initramfs scripts to improve boot time.
4686 - Firewall: forbid any IPv6 communication with the outside.
4687 - Virtualization support: install open-vm-tools.
4688 - WhisperBack: updated to 1.2.1, add a random bug ID to the sent
4690 - Prompt for CD removal on shutdown, not for USB device.
4692 * live-initramfs: new package built from our Git (e2890a04ff) repository.
4693 - Merged upstream changes up to 1.177.2-1.
4694 - New noprompt=usb feature.
4695 - Fix buggy memory wiping and shutdown.
4696 - Really reboot when asked, rather than shutting down the system.
4699 - Upgraded to a new custom, patched package (0.93.0-0ubuntu4~amnesia1).
4700 - Added an entry in the Applications menu.
4703 - Install vim-nox with basic configuration
4705 - Install monkeysphere and msva-perl
4706 - Replaced randomsound with haveged as an additional source of entropy.
4709 - Build ralink rt2570 wifi modules.
4710 - Build rt2860 wifi modules from Squeeze. This supports the RT2860
4711 wireless adapter, found particularly in the ASUS EeePC model 901
4713 - Build broadcom-sta-source wifi modules.
4714 - Bugfix: cpufreq modules were not properly added to /etc/modules.
4715 - Use 800x600 mode on boot rather than 1024x768 for compatibility
4716 with smaller displays.
4718 -- amnesia <amnesia@boum.org> Fri, 30 Apr 2010 16:14:13 +0200
4720 amnesia (0.4.2) unstable; urgency=low
4722 New release, mainly aimed at fixing live-initramfs security issue
4723 (Debian bug #568750), with an additional set of small enhancements as
4726 * live-initramfs: new custom package built from our own live-initramfs
4727 Git repository (commit 8b96e5a6cf8abc)
4728 - based on new 1.173.1-1 upstream release
4729 - fixed live-media=removable behaviour so that filesystem images found
4730 on non-removable storage are really never used (Debian bug #568750)
4732 * Vidalia: bring back our UI customizations (0.2.7-1~lenny+amnesia1)
4734 * APT: consistently use the GeoIP-powered cdn.debian.net
4736 * Software: make room so that {alpha, future} Squeeze images fit on
4738 - only install OpenOffice.org's calc, draw, impress, math and writer
4740 - removed OpenOffice.org's English hyphenation and thesaurus
4741 - removed hunspell, wonder why it was ever added
4744 - explicitly disable persistence, better safe than sorry
4745 - removed compulsory 15s timeout, live-initramfs knows how to wait for
4746 the Live media to be ready
4748 * Build system: don't cache rootfs anymore
4750 -- amnesia <amnesia@boum.org> Sun, 07 Feb 2010 18:28:16 +0100
4752 amnesia (0.4.1) unstable; urgency=low
4754 * Brown paper bag bugfix release: have amnesia-security-check use
4755 entries publication time, rather than update time... else tagging
4756 a security issue as fixed, after releasing a new version, make this
4757 issue be announced to every user of this new, fixed version.
4759 -- amnesia <amnesia@boum.org> Sat, 06 Feb 2010 03:58:41 +0100
4761 amnesia (0.4) unstable; urgency=low
4763 * We now only build and ship "Hybrid" ISO images, which can be either
4764 burnt on CD-ROM or dd'd to a USB stick or hard disk.
4766 * l10n: we now build and ship multilingual images; initially supported
4767 (or rather wanna-be-supported) languages are: ar, zh, de, en, fr, it,
4769 - install Iceweasel's and OpenOffice.org's l10n packages for every
4771 - stop installing localized help for OpenOffice.org, we can't afford it
4772 for enough languages
4773 - when possible, Iceweasel's homepage and default search engine are localized
4774 - added Iceweasel's "any language" Scroogle SSL search engine
4775 - when the documentation icon is clicked, display the local wiki in
4776 currently used language, if available
4777 - the Nautilus wipe script is now translatable
4778 - added gnome-keyboard-applet to the Gnome panel
4781 - replaced Icedove with claws mail, in a bit rough way; see
4782 https://amnesia.boum.org/todo/replace_icedove_with_claws/ for best
4783 practices and configuration advices
4784 - virtual keyboard: install onBoard instead of kvkbd
4785 - Tor controller: install Vidalia instead of TorK
4786 - install only chosen parts of Gnome, rather than gnome-desktop-environment
4787 - do not install xdialog, which is unused and not in Squeeze
4788 - stop installing grub as it breaks Squeeze builds (see Debian bug #467620)
4789 - install live-helper from snapshots repository into the Live image
4792 - do not install the NoScript extension anymore: it is not strictly
4793 necessary but bloodily annoying
4795 * Provide WhisperBack 1.2 for anonymous, GnuPG-encrypted bug reporting.
4796 - added dependency on python-gnutls
4797 - install the SMTP hidden relay's certificate
4799 * amnesia-security-check: new program that tells users that the amnesia
4800 version they are running is affected by security flaws, and which ones
4801 they are; this program is run at Gnome session startup, after sleeping
4802 2 minutes to let Tor a chance to initialize.
4805 - uses the Desktop Notifications framework
4806 - fetches the security atom feed from the wiki
4807 - verifies the server certificate against its known CA
4808 - tries fetching the localized feed; if it fails, fetch the default
4811 * live-initramfs: new custom package built from our own live-initramfs
4812 Git repository (commit 40e957c4b89099e06421)
4813 - at shutdown time, ask the user to unplug the CD / USB stick, then run
4814 smem, wait for it to finish, then attempt to immediately halt
4817 - bumped dependency on live-helper to >= 2.0a6 and adapted our config
4818 - generate hybrid ISO images by default, when installed syslinux is
4820 - stop trying to support building several images in a row, it is still
4821 broken and less needed now that we ship hybrid ISO images
4822 - scripts/config: specify distribution when initializing defaults
4823 - updated Debian Live APT repository's signing key
4826 - disable virtualbox packages installing and module building on !i386
4827 && !amd64, as PowerPC is not a supported guest architecture
4828 - built and imported tor_0.2.1.20-1~~lenny+1_powerpc.deb
4831 - rough beginnings of a scratch Squeeze branch, currently unsupported
4832 - install gobby-infinote
4835 - updated GnuPG key with up-to-date signatures
4836 - more improvements on boot time from CD
4837 - enhanced the wipe in Nautilus UI (now asks for confirmation and
4838 reports success or failure)
4839 - removed the "restart Tor" launcher from the Gnome panel
4841 -- amnesia <amnesia@boum.org> Fri, 05 Feb 2010 22:28:04 +0100
4843 amnesia (0.3) unstable; urgency=low
4845 * software: removed openvpn, added
4851 - lvm2 (with disabled initscript as it slows-down too much the boot in certain
4853 - NetworkManager 0.7 (from backports.org) to support non-DHCP networking
4855 - randomsound to enhance the kernel's random pool
4857 - install the latest stable release from deb.torproject.org
4858 - ifupdown script now uses SIGHUP signal rather than a whole tor
4859 restart, so that in the middle of it vidalia won't start it's own
4861 - configure Gnome proxy to use Tor
4863 - adblockplus: upgraded to 1.0.2
4864 - adblockplus: subscribe to US and DE EasyList extensions, updated patterns
4865 - firegpg is now installed from Debian Squeeze rather than manually; current
4866 version is then 0.7.10
4867 - firegpg: use better keyserver ... namely pool.sks-keyservers.net
4868 - added bookmark to Amnesia's own website
4869 - use a custom "amnesiabranding" extension to localize the default search
4870 engine and homepage depending on the current locale
4871 - updated noscript whitelist
4872 - disable overriden homepage redirect on iceweasel upgrade
4874 - nicer default configuration with verified irc.indymedia.org's SSL cert
4875 - do not parse incoming messages for formatting
4876 - hide formatting toolbar
4877 * hardware compatibility
4879 - beginning of support for the ppc architecture
4880 - load acpi-cpufreq, cpufreq_ondemand and cpufreq_powersave kernel
4882 * live-initramfs: custom, updated package based on upstream's 1.157.4-1, built
4883 from commit b0a4265f9f30bad945da of amnesia's custom live-initramfs Git
4885 - securely erases RAM on shutdown using smem
4886 - fixes the noprompt bug when running from USB
4887 - disables local swap partitions usage, wrongly enabled by upstream
4888 * fully support for running as a guest system in VirtualBox
4889 - install guest utils and X11 drivers
4890 - build virtualbox-ose kernel modules at image build time
4892 - new (translatable) wiki, using ikiwiki, with integrated bugs and todo
4893 tracking system a static version of the wiki is included in generated
4894 images and linked from the Desktop
4896 - adapt for live-helper 2.0, and depend on it
4897 - get amnesia version from debian/changelog
4898 - include the full version in ISO volume name
4899 - save .list, .packages and .buildlog
4900 - scripts/clean: cleanup any created dir in binary_local-includes
4901 - updated Debian Live snapshot packages repository URL and signing key
4902 - remove duplicated apt/preferences file, the live-helper bug has been
4904 * l10n: beginning of support for --language=en
4906 - improved boot time on CD by ordering files in the squashfs in the order they
4907 are used during boot
4908 - added a amnesia-version script to built images, that outputs the current
4910 - added a amnesia-debug script that prepares a tarball with information that
4911 could be useful for developpers
4912 - updated Amnesia GnuPG key to a new 4096R one
4913 - set time with NTP when a network interface is brought up
4914 - import amnesia's GnuPG pubkey into the live session user's keyring
4915 - do not ask DHCP for a specific hostname
4916 - install localepurge, only keep en, fr, de and es locales, which reduces the
4917 generated images' size by 100MB
4918 - added a hook to replace /sbin/swapon with a script that only runs
4920 - moved networking hooks responsibility from ifupdown to NetworkManager
4922 -- amnesia <amnesia@boum.org> Thu, 26 Nov 2009 11:17:08 +0100
4924 amnesia (0.2) unstable; urgency=low
4926 * imported /home/amnesia, then:
4927 - more user-friendly shell, umask 077
4928 - updated panel, added launcher to restart Tor
4929 - mv $HOME/bin/* /usr/local/bin/
4930 - removed metacity sessions
4931 - removed gstreamer's registry, better keep this dynamically updated
4932 - rm .qt/qt_plugins_3.3rc, better keep this dynamically updated
4933 - removed .gnome/gnome-vfs/.trash_entry_cache
4934 - removed kconf_update log
4935 - removed and excluded Epiphany configuration (not installed)
4938 - enable caching in RAM
4939 - explicitly disable ssl v2, and enable ssl v3 + tls
4940 - removed prefs for the non-installed webdeveloper
4941 - removed the SSL Blacklist extension (not so useful, licensing issues)
4942 - deep profile directory cleanup
4943 - extensions cleanup: prefer Debian-packaged ones, cleanly reinstalled
4944 AddBlock Plus and CS Lite to allow upgrading them
4945 - updated pluginreg.dat and localstore.rdf
4946 - moved some settings to user.js
4947 - made cookie/JavaScript whitelists more consistent
4948 - force httpS on whitelisted sites
4949 - NoScript: marked google and gmail as untrusted
4950 - some user interface tweaks, mainly for NoScript
4951 - FireGPG: disable the buggy auto-detection feature, the link to firegpg's
4952 homepage in generated pgp messages and the GMail interface (which won't
4953 work without JavaScript anyway)
4954 - updated blocklist.xml
4955 - removed and excluded a bunch of files in the profile directory
4956 * icedove: clean the profile directory up just like we did for iceweasel
4957 * software: install msmtp and mutt
4959 - use rsync rather than tar
4962 - reviewed pidgin-otr security (see TODO)
4964 - stop calling home-refresh in lh_build
4965 - include home-refresh in generated images
4967 - fix permissions on local includes at build time
4968 - updated scripts/{build,clean} wrt. new $HOME handling
4969 - scripts/{build,config}: stop guessing BASEDIR, we must be run from
4970 the root of the source directory anyway
4971 - stop storing /etc/amnesia/version in Git, delete it at clean time
4973 - converted Changelog to the Debian format and location, updated
4974 build scripts accordingly
4975 - added a README symlink at the root of the source directory
4976 - basic debian/ directory (not working for building packages yet,
4977 but at least we can now use git-dch)
4978 - added debian/gbp.conf with our custom options for git-dch
4979 - config/amnesia: introduce new $AMNESIA_DEV_* variables to be used
4980 by developpers' scripts
4981 - added ./release script: a wrapper around git-dch, git-commit and git-tag
4983 -- amnesia <amnesia@boum.org> Tue, 23 Jun 2009 14:42:03 +0200
4985 amnesia (0.1) UNRELEASED; urgency=low
4987 * Forked Privatix 9.03.15, by Markus Mandalka:
4988 http://mandalka.name/privatix/index.html.en
4989 Everything has since been rewritten or so heavily changed that nothing
4990 remains from the original code... apart of a bunch of Gnome settings.
4992 - install a bunch of non-free wifi firmwares
4993 - install xsane and add the live user to the scanner group
4994 - install aircrack-ng
4995 - install xserver-xorg-video-geode on i386 (eCafe support)
4996 - install xserver-xorg-video-all
4997 - install firmware-linux from backports.org
4998 - install system-config-printer
4999 - added instructions in README.eCAFE to support the Hercules eCAFE EC-800
5002 - configure pinning to support installing chosen packages from
5003 squeeze; the APT source for testing is hardcoded in chroot_sources/,
5004 since there is no way to use $LH_CHROOT_MIRROR in chroot_local-hooks
5005 - give backports.org priority 200, so that we track upgrades of packages
5006 installed from there
5007 * release: include the Changelog and TODO in the generated images,
5008 in the /usr/share/doc/amnesia/ directory
5009 * software: install gnomebaker when building Gnome-based live OS, to
5010 easily clone myself when running from CD
5012 - build i386 images when the build host is amd64
5013 - added a version file: /etc/amnesia/version
5014 - use snapshot live-* packages inside the images
5015 - setup timezone depending on the chosen build locale
5016 - rely on standard live-initramfs adduser to do our user setup
5017 (including sudo vs. Gnome/KDE, etc.)
5018 - stop "supporting" KDE
5019 - allow building several images at once
5020 - migrated most of lh_config invocations to scripts/config
5021 - append "noprompt" so that halting/rebooting work with splashy
5022 - moved our own variables to config/amnesia, using the namespace
5025 - default search engine is now Scroogle SSL, configured to search pages
5026 in French language; the English one is also installed
5027 - never ask to save passwords or forms content
5028 - configured the torbutton extension to use polipo
5029 - installed the CACert root certificate
5030 - installed the SSL Blacklist extension and the blacklist data
5031 - installed the FireGPG extension
5032 - installed the CS Lite extension
5033 - installed the NoScript extension
5034 - NoScript, CS Lite: replaced the default whitelists with a list of
5035 trusted, non-commercial Internet Service Providers
5036 - configure extensions (add to prefs.js):
5037 user_pref("extensions.torbutton.startup", true);
5038 user_pref("extensions.torbutton.startup_state", 1);
5039 user_pref("extensions.torbutton.tor_enabled", true);
5040 user_pref("noscript.notify.hide", true);
5041 user_pref("capability.policy.maonoscript.sites", "about:
5042 about:blank about:certerror about:config about:credits
5043 about:neterror about:plugins about:privatebrowsing
5044 about:sessionrestore chrome: resource:");
5045 user_pref("extensions.firegpg.no_updates", true);
5046 - install the NoScript plugin from Debian squeeze
5047 - delete urlclassifier3.sqlite on $HOME refresh: as we disabled
5048 "safebrowsing", this huge file is of no use
5049 - torbutton: install newer version from Squeeze
5050 * linux: removed non-686 kernel flavours when building i386 images
5051 * compatibility: append "live-media=removable live-media-timeout=15", to
5052 prevent blindly booting another debian-live installed on the hard disk
5056 - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
5057 - kvkbd: virtual keyboard (installed from backports.org)
5058 - sshfs (and added live user to the fuse group)
5059 - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
5062 - enable the transparent proxy, the DNS resolver, and the control port
5063 - save authentication cookie to /tmp/control_auth_cookie, so that the
5064 live user can use Tork and co.
5065 - autostart Tork with Gnome
5066 - Tork: installed, disabled most notifications and startup tips
5067 - added a restart tor hook to if-up.d (used by Network Manager as well),
5068 so that Tor does work immediately even if the network cable was
5069 plugged late in/after the boot process
5071 - added a nautilus-script to wipe files and directories
5072 - bash with working completion for the live user
5073 * polipo: install and configure this HTTP proxy to forward requests
5075 * DNS: install and configure pdnsd to forward any DNS request through
5077 * firewall: force every outgoing TCP connection through the Tor
5078 transparent proxy, discard any outgoing UDP connection
5080 - set syslinux timeout to 4 seconds
5081 - use splashy for more user-friendly boot/halt sequences
5083 -- amnesia <amnesia@boum.org> Sat, 20 Jun 2009 21:09:15 +0200